Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 10: Incident and Disaster Response

Full screen (f)
exit full mode
Question
According to the Federal Bureau of Investigation, about ________ of concentrated attacks are successful.

A) 1 percent
B) 5 to 10 percent
C) 12 percent
D) 22 percent
Use Space or
up arrow
down arrow
to flip the card.
Question
Of the four category incidents, ________ are considered the least threatening.

A) minor incidents
B) false alarms
C) disasters
D) major incidents
Question
Successful attacks are commonly called ________.

A) minor incidents
B) security incidents
C) live tests
D) major incidents
Question
________ tend to waste a lot of scarce and costly security time and may dull the true security efforts of the organization.

A) Minor incidents
B) Disasters
C) False alarms
D) Major incidents
Question
A virus infection involving a dozen or so computers is an example of a ________.

A) minor incident
B) false alarm
C) disaster
D) major incident
Question
For a ________, many companies create CSIRTs.

A) minor incident
B) false alarm
C) disaster
D) major incident
Question
Which of the following is beyond the abilities of CSIRTs?

A) Minor incidents
B) False alarms
C) Disasters
D) Major incidents
Question
Which of the following is LEAST likely to be active members of a computer security incident response team?

A) IT security professionals
B) The legal department
C) Public relations
D) The accounting department
Question
________ is the maintenance of day-to-day revenue-generating operations of a company.

A) Business continuity
B) CSIRT
C) Public relations
D) Business management
Question
Which of the following about live tests is FALSE?

A) Live tests have a team actually take the actions instead of describing what they would do.
B) Live tests reveal subtle flaws that walkthroughs cannot.
C) Live tests are typically inexpensive.
D) Live tests are expensive.
Question
In almost all intrusion detection systems, a small minority of suspicious activities turn out to be false positives.
Question
Minor incidents, in regard to security, are less severe than false alarms.
Question
Major security incidents are typically too large for on-duty IT staff to handle.
Question
Business continuity plans aim at keeping a business running or getting it back in operation as quickly as possible.
Question
Despite time pressures after a security breach, businesses must realize that accuracy is as important as speed.
Question
Disconnection ________.

A) requires incidents to be raised with the CSIRT
B) harms legitimate users
C) is the most decisive way to do termination
D) allows security analysts to understand a situation before effective action can be taken
Question
Which of the following is NOT a priority at the beginning of an incident?

A) Detection
B) Analysis
C) Escalate
D) Recovery
Question
Very often, much of the intrusion analysis phase is done by ________.

A) discussing issues with all members of the CSIRT
B) reading through log files
C) discussing issues with the business continuity team
D) querying databases
Question
Once an attack is contained, the ________ stage begins.

A) analysis
B) detection
C) black holing
D) recovery
Question
Repair during continuing server operation is ________.

A) dangerous
B) rarely risky
C) reliable
D) effective
Question
________ punishments may result in jail time.

A) Criminal law
B) Civil law
C) Forensics
D) Local law
Question
________ initiate legal proceedings in civil cases.

A) Defendants
B) Prosecutors
C) Plaintiffs
D) Lawyers
Question
________ is law dealing with information technology.

A) Section 1030
B) Cyberlaw
C) Case law
D) U.S. Code Title 18
Question
In the United States, the main federal law regarding hacking is U.S. ________.

A) 18 U.S.C. § 1030
B) 18 U.S.C. § 2511
C) 18 U.S.C. § 18
D) 18 U.S.C. § 1020
Question
Which of the following is NOT prohibited by U.S. federal law 18 U.S.C. § 1030?

A) Denial-of-service attacks
B) Hacking
C) Malware
D) Spam
Question
Detection, analysis, and escalation are the three priorities at the beginning of an incident.
Question
It's important for a company to realize that a system needs to be better than before an attack so that the attacker cannot come back in.
Question
Companies should realize that prosecution for possible incidents is a public process.
Question
Forensics evidence is evidence that is acceptable for court proceedings.
Question
In most civil cases, a prosecutor initiates a case against a defendant.
Question
Mens reas usually is important in criminal trials.
Question
Which of the following is a function of IDSs?

A) Creating logs
B) Verifying logs
C) Malware detection
D) Automated analysis
Question
Which of the following is NOT one of the four major functions of an IDS?

A) Logging
B) Automated analysis
C) Administrator actions
D) Prevention
Question
Which of the following is FALSE about the logging function of an IDS?

A) It logs each activity.
B) It time stamps each activity
C) It stores activities in a sequential file sorted by time.
D) It suggests preventative measures for each activity.
Question
In ________, each event's data goes to a manager immediately.

A) a software agent
B) manager-agent communication
C) batch transfer
D) real-time transfer
Question
________ capture packets as they travel through a network.

A) NIDSs
B) Honeypots
C) Hot sites
D) Data logs
Question
________ are boxes located at various points in a network.

A) HIDSs
B) Stand-alone NIDSs
C) Router NIDSs
D) Switch NIDSs
Question
The main attraction of ________ is that they provide highly specific information about what happened on a particular host computer.

A) HIDSs
B) stand-alone NIDSs
C) router NIDSs
D) switch NIDSs
Question
The process of creating integrated log files is called ________.

A) aggregation
B) synchronization
C) correlation
D) analysis
Question
________ is the turning off of unnecessary roles and reducing the severity level in alarms generated by other rules.

A) Sensitivity
B) Synchronization
C) Tuning
D) Precision
Question
A honeypot is a type of ________.

A) HIDS
B) stand-alone NIDS
C) router NIDS
D) IDS
Question
Each monitoring device has a software agent that collects event data.
Question
Vendors cannot create new filtering rules for a company.
Question
The Network Time Protocol allows a type of synchronization.
Question
Companies do not need to update their IDS attack signatures as it is done automatically.
Question
Honeypots are used primarily by researchers studying attacker behavior by recording everything a visitor does or tries to do.
Question
Which of the following is NOT one of the three basic principles that should underlie all thinking about business continuity?

A) Reduce capacity in decision making
B) Avoid rigidity
C) Be creative
D) People first
Question
Which of the following is considered the first step in creating a business continuity plan?

A) Specifying resource needs
B) Identifying business processes
C) Prioritizing business processes
D) Specifying actions and sequences
Question
Which of the following is considered the second step in creating a business continuity plan?

A) Specifying resource needs
B) Identifying business processes
C) Prioritizing business processes
D) Specifying actions and sequences
Question
It can be assumed that in a crisis, people's cognitive ability is typically not at its best.
Question
The first job of planning and event management is to provide for the safety of people.
Question
In crises, communication within a company is usually enhanced.
Question
It is important that a company not update their continuity plans since business conditions often remain static.
Question
________ looks specifically at the technical aspects of how a company can get IT back into operation.

A) A business continuity plan
B) Business management
C) An IT disaster recovery
D) A live test
Question
Which of the following is NOT considered a backup facility?

A) A hot site
B) A cold site
C) Cloud-based hosting
D) A CSIRT
Question
A hot site ________.

A) is less expensive than a cold site
B) is a physical facility with power
C) is a physical facility with everything except power
D) is an empty room with connections to the outside world
Question
A cold site ________.

A) is less expensive than a hot site
B) is a physical facility with power
C) is a physical facility with everything except power
D) is an attractive backup facility in an emergency
Question
Which of the following is the most cost effective in case of a disaster?

A) A hot site
B) A cold site
C) Cloud-based hosting
D) A hot and cold site have approximately similar costs.
Question
As a primary start to wide-spread cloud-based hosting, Amazon launched Amazon Web Services in ________.

A) 2000
B) 2002
C) 2006
D) 2012
Question
Which of the following is NOT a factor of cloud-based hosting?

A) Lower costs
B) Better disaster recovery
C) Increased reliability
D) Lessened scalability
Question
Disaster recovery looks specifically at the technical aspects of how a company can get IT back into operation using backup facilities.
Question
A backup facility is usually on the same company premises.
Question
HVAC represents heating, ventilation, and air-conditioning.
Question
Cold sites offer electrical power and HVAC but are not connected to the outside world.
Question
Hot sites are attractive for a company but they are expensive to keep open.
Question
One important factor in pushing many organizations to cloud-based hosting is the lower cost than many other alternatives.
Question
Most companies using cloud-based hosting have their data backed up once per week.
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/67
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 10: Incident and Disaster Response
1
According to the Federal Bureau of Investigation, about ________ of concentrated attacks are successful.

A) 1 percent
B) 5 to 10 percent
C) 12 percent
D) 22 percent
1 percent
2
Of the four category incidents, ________ are considered the least threatening.

A) minor incidents
B) false alarms
C) disasters
D) major incidents
false alarms
3
Successful attacks are commonly called ________.

A) minor incidents
B) security incidents
C) live tests
D) major incidents
security incidents
4
________ tend to waste a lot of scarce and costly security time and may dull the true security efforts of the organization.

A) Minor incidents
B) Disasters
C) False alarms
D) Major incidents
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
5
A virus infection involving a dozen or so computers is an example of a ________.

A) minor incident
B) false alarm
C) disaster
D) major incident
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
6
For a ________, many companies create CSIRTs.

A) minor incident
B) false alarm
C) disaster
D) major incident
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
7
Which of the following is beyond the abilities of CSIRTs?

A) Minor incidents
B) False alarms
C) Disasters
D) Major incidents
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
8
Which of the following is LEAST likely to be active members of a computer security incident response team?

A) IT security professionals
B) The legal department
C) Public relations
D) The accounting department
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
9
________ is the maintenance of day-to-day revenue-generating operations of a company.

A) Business continuity
B) CSIRT
C) Public relations
D) Business management
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
10
Which of the following about live tests is FALSE?

A) Live tests have a team actually take the actions instead of describing what they would do.
B) Live tests reveal subtle flaws that walkthroughs cannot.
C) Live tests are typically inexpensive.
D) Live tests are expensive.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
11
In almost all intrusion detection systems, a small minority of suspicious activities turn out to be false positives.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
12
Minor incidents, in regard to security, are less severe than false alarms.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
13
Major security incidents are typically too large for on-duty IT staff to handle.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
14
Business continuity plans aim at keeping a business running or getting it back in operation as quickly as possible.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
15
Despite time pressures after a security breach, businesses must realize that accuracy is as important as speed.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
16
Disconnection ________.

A) requires incidents to be raised with the CSIRT
B) harms legitimate users
C) is the most decisive way to do termination
D) allows security analysts to understand a situation before effective action can be taken
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
17
Which of the following is NOT a priority at the beginning of an incident?

A) Detection
B) Analysis
C) Escalate
D) Recovery
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
18
Very often, much of the intrusion analysis phase is done by ________.

A) discussing issues with all members of the CSIRT
B) reading through log files
C) discussing issues with the business continuity team
D) querying databases
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
19
Once an attack is contained, the ________ stage begins.

A) analysis
B) detection
C) black holing
D) recovery
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
20
Repair during continuing server operation is ________.

A) dangerous
B) rarely risky
C) reliable
D) effective
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
21
________ punishments may result in jail time.

A) Criminal law
B) Civil law
C) Forensics
D) Local law
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
22
________ initiate legal proceedings in civil cases.

A) Defendants
B) Prosecutors
C) Plaintiffs
D) Lawyers
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
23
________ is law dealing with information technology.

A) Section 1030
B) Cyberlaw
C) Case law
D) U.S. Code Title 18
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
24
In the United States, the main federal law regarding hacking is U.S. ________.

A) 18 U.S.C. § 1030
B) 18 U.S.C. § 2511
C) 18 U.S.C. § 18
D) 18 U.S.C. § 1020
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
25
Which of the following is NOT prohibited by U.S. federal law 18 U.S.C. § 1030?

A) Denial-of-service attacks
B) Hacking
C) Malware
D) Spam
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
26
Detection, analysis, and escalation are the three priorities at the beginning of an incident.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
27
It's important for a company to realize that a system needs to be better than before an attack so that the attacker cannot come back in.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
28
Companies should realize that prosecution for possible incidents is a public process.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
29
Forensics evidence is evidence that is acceptable for court proceedings.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
30
In most civil cases, a prosecutor initiates a case against a defendant.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
31
Mens reas usually is important in criminal trials.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
32
Which of the following is a function of IDSs?

A) Creating logs
B) Verifying logs
C) Malware detection
D) Automated analysis
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
33
Which of the following is NOT one of the four major functions of an IDS?

A) Logging
B) Automated analysis
C) Administrator actions
D) Prevention
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
34
Which of the following is FALSE about the logging function of an IDS?

A) It logs each activity.
B) It time stamps each activity
C) It stores activities in a sequential file sorted by time.
D) It suggests preventative measures for each activity.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
35
In ________, each event's data goes to a manager immediately.

A) a software agent
B) manager-agent communication
C) batch transfer
D) real-time transfer
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
36
________ capture packets as they travel through a network.

A) NIDSs
B) Honeypots
C) Hot sites
D) Data logs
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
37
________ are boxes located at various points in a network.

A) HIDSs
B) Stand-alone NIDSs
C) Router NIDSs
D) Switch NIDSs
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
38
The main attraction of ________ is that they provide highly specific information about what happened on a particular host computer.

A) HIDSs
B) stand-alone NIDSs
C) router NIDSs
D) switch NIDSs
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
39
The process of creating integrated log files is called ________.

A) aggregation
B) synchronization
C) correlation
D) analysis
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
40
________ is the turning off of unnecessary roles and reducing the severity level in alarms generated by other rules.

A) Sensitivity
B) Synchronization
C) Tuning
D) Precision
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
41
A honeypot is a type of ________.

A) HIDS
B) stand-alone NIDS
C) router NIDS
D) IDS
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
42
Each monitoring device has a software agent that collects event data.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
43
Vendors cannot create new filtering rules for a company.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
44
The Network Time Protocol allows a type of synchronization.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
45
Companies do not need to update their IDS attack signatures as it is done automatically.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
46
Honeypots are used primarily by researchers studying attacker behavior by recording everything a visitor does or tries to do.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
47
Which of the following is NOT one of the three basic principles that should underlie all thinking about business continuity?

A) Reduce capacity in decision making
B) Avoid rigidity
C) Be creative
D) People first
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
48
Which of the following is considered the first step in creating a business continuity plan?

A) Specifying resource needs
B) Identifying business processes
C) Prioritizing business processes
D) Specifying actions and sequences
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
49
Which of the following is considered the second step in creating a business continuity plan?

A) Specifying resource needs
B) Identifying business processes
C) Prioritizing business processes
D) Specifying actions and sequences
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
50
It can be assumed that in a crisis, people's cognitive ability is typically not at its best.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
51
The first job of planning and event management is to provide for the safety of people.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
52
In crises, communication within a company is usually enhanced.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
53
It is important that a company not update their continuity plans since business conditions often remain static.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
54
________ looks specifically at the technical aspects of how a company can get IT back into operation.

A) A business continuity plan
B) Business management
C) An IT disaster recovery
D) A live test
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
55
Which of the following is NOT considered a backup facility?

A) A hot site
B) A cold site
C) Cloud-based hosting
D) A CSIRT
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
56
A hot site ________.

A) is less expensive than a cold site
B) is a physical facility with power
C) is a physical facility with everything except power
D) is an empty room with connections to the outside world
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
57
A cold site ________.

A) is less expensive than a hot site
B) is a physical facility with power
C) is a physical facility with everything except power
D) is an attractive backup facility in an emergency
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
58
Which of the following is the most cost effective in case of a disaster?

A) A hot site
B) A cold site
C) Cloud-based hosting
D) A hot and cold site have approximately similar costs.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
59
As a primary start to wide-spread cloud-based hosting, Amazon launched Amazon Web Services in ________.

A) 2000
B) 2002
C) 2006
D) 2012
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
60
Which of the following is NOT a factor of cloud-based hosting?

A) Lower costs
B) Better disaster recovery
C) Increased reliability
D) Lessened scalability
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
61
Disaster recovery looks specifically at the technical aspects of how a company can get IT back into operation using backup facilities.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
62
A backup facility is usually on the same company premises.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
63
HVAC represents heating, ventilation, and air-conditioning.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
64
Cold sites offer electrical power and HVAC but are not connected to the outside world.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
65
Hot sites are attractive for a company but they are expensive to keep open.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
66
One important factor in pushing many organizations to cloud-based hosting is the lower cost than many other alternatives.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
67
Most companies using cloud-based hosting have their data backed up once per week.
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 67 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree