900

Question 1

gives an organization the ability to continue providing service while experiencing a technical failure. A common mechanism is service or infrastructure duplication.

Answer 1

Fault tolerance

Question 2

List at least three potential reporting points in an organization. These are people to whom a security incident should be reported.

Answer 2

CISO - ISO - CSO - CEO - CIO - COO

Question 3

What is a plan that defines the procedures for responding to a security incident:
A. IRP
B. DCP
C. BIA
D. None of the above

Answer 3

A. IRP

Question 4

A BCP is used to define the process and procedures used to clean up a disaster.
A. True
B. False

Answer 4

B. False

Question 5

An incident response team should be trained to methodically collect __________ without destroying or altering if in any way.

Answer 5

Evidence

Question 6

What type of evidence gives the most solid proof of a crime?  
A. Corroborative
B. Circumstantial
C. Best
D. Opinion

Answer 6

C. Best

Question 7

__________ __________ is used when best evidence cannot be acquired.

Answer 7

Secondary evidence

Question 8

Another location from which to conduct business in the event of a disaster is called a(n) __________.

Answer 8

Alternate site (cold - warm - hot)

Question 9

A technology in which a standby server exists only to take over for another server in the event of its failure.

Answer 9

Asymmetric Server Cluster

Question 10

Rolling back a disaster recovery implementation to the starting point so that different approach can be taken.

Answer 10

Backout/Contingency Option

Question 11

The ability of an organization to maintain its operations and services in the face of a disruptive event.

Answer 11

Business Continuity

Question 12

The process of identifying exposure to threats - creating preventive and recovery procedures - and then testing them to determine if they are sufficient.

Answer 12

Business Continuity Planning and Testing

Question 13

An analysis of the most important mission-critical business functions - which identifies and quantifies the impact of such loss of the functions may have on the organization in terms of its operational and financial positions.

Answer 13

Business Impact Analysis (BIA)

Question 14

A process of documentation that shows that the evidence was under strict control at all times and no unauthorized individuals were given the opportunity to corrupt the evidence.

Answer 14

Chain of Custody

Question 15

A remote site that provides office space; the customer must provide and install all the equipment needed to continue operations.

Answer 15

Cold Site

Question 16

Using technology to search for computer evidence of a crime.

Answer 16

Computer Forensics

Question 17

The process of copying information to a different medium and storing it (preferably at an off-site location) so that it can be used in the event of a disaster.

Answer 17

Data Backups

Question 18

The procedures and processes for restoring an organization’s IT operations following a disaster.

Answer 18

Disaster Recovery

Question 19

A written document that details the process for restoring IT resources following an event that causes a significant disruption in the service.

Answer 19

Disaster Recovery Plan (DRP)

Question 20

A metallic enclosure that prevents the entry or escape of an electromagnetic field.

Answer 20

Faraday Cage

Question 21

The application of science to questions that are of interest to the legal profession.

Answer 21

Forensics (Forensic Science)

Question 22

Systems that provide and regulate heating and cooling.

Answer 22

Heating - Ventilation - and Air Conditioning (HVAC)

Question 23

A system that can function for an extended period of time with little downtime.

Answer 23

High Availability

Question 24

A layout in a data center that can be used to reduce heat by managing the air flow.

Answer 24

Hot Aisle/Cold Aisle

Question 25

A duplicate of the production site that has all the equipment needed for an organization to continue running - including office space and furniture - telephone jacks - computer equipment - and a live telecommunications link.

Answer 25

Hot Site

Question 26

A statistical value that is the average time until a component fails - cannot be repaired - and must be replaced.

Answer 26

Mean Time Between Failures (MTBF)

Question 27

The average time needed to reestablish services to their former state.

Answer 27

Mean Time to Restore (MTTR)

Question 28

The sequence of volatile data that must be preserved in a computer forensic investigation.

Answer 28

Order of Volatility

Question 29

A technology that uses multiple hard disk drives for increased reliability and performance.

Answer 29

RAID (Redundant Array of Independent Drives)

Question 30

The maximum length of time that an organization can tolerate between backups.

Answer 30

Recovery Point Objective (RPO)

Question 31

The length of time it will take to recover the data that has been backed up.

Answer 31

Recover Time Objective (RTO)

Question 32

A combination (clustering) of two or more servers that are interconnected to appear as one.

Answer 32

Server Cluster

Question 33

A component or entity in a system which - if it no longer functions - would adversely affect the entire system.

Answer 33

Single Point of Failure

Question 34

Determining in advance who will be authorized to take over in the event of the incapacitation or death of key employees.

Answer 34

Succession Planning

Question 35

A technology in which every server in the cluster performs useful work and if one server fails - the remaining servers continue to perform their normal work as well as that of the failed server.

Answer 35

Symmetric Server Cluster

Question 36

A snapshot of the current state of the computer that contains all settings and data.

Answer 36

System Image

Question 37

A remote site that contains computer equipment but does not have active Internet or telecommunication facilities - and does not have backups of data.

Answer 37

Warm Site

Question 38

Each of the following is a category of fire suppression systems except a \_\_\_\_\_\_\_\_\_\_\_\_.  
A. clean agent system
B. dry chemical system
C. wet chemical system
D. water sprinkler system

Answer 38

C. wet chemical system

Question 39

Each of the following is required for a fire to occur except __________.
A. a spark to start the process
B. a type of fuel or combustible material
C. sufficient oxygen to sustain the combustion
D. a chemical reaction that is the fire itself

Answer 39

A. a spark to start the process

Question 40

An electrical fire like that which would be found in a computer data center is known as what type of fire?
A. Class A
B. Class B
C. Class C
D. Class D

Answer 40

C. Class C

Question 41

Van Eck phreaking is \_\_\_\_\_\_\_\_\_\_.
A. blocked by using shielded cabling
B. picking up electromagnetic fields generated by a computer system.
C. reverse confidentiality
D. is always used with wireless networks

Answer 41

B. picking up electromagnetic fields generated by a computer system

Question 42

Plenums are __________.
A. no longer used today
B. the air-handling space above drop ceilings
C. required in all buildings with over six stories
D. never to be used for locating equipment

Answer 42

B. the air-handling space above drop ceilings

Question 43

RAID \_\_\_\_\_\_\_\_\_\_ uses disk mirroring and is considered fault-tolerant.
A. Level 1
B. Level 2
C. Level 3
D. Level 4

Answer 43

A. Level 1

Question 44

A standby server that exists only to take over for another server in the event of its failure is known as a(n) \_\_\_\_\_\_\_\_\_\_.
A. asymmetric server cluster
B. rollover server
C. failsafe server
D. symmetric server cluster

Answer 44

A. asymmetric server cluster

Question 45

RAID is an abbreviation of __________.
A. Redundant Array of IDE Drives
B. Resilient Architecture for Interdependent Discs
C. Redundant Array of Independent Drives
D. Resistant Architecture of Interrelated Data Storage

Answer 45

C. Redundant Array of Independent Drives

Question 46

Which of the following is an example of a nested RAID?
A. Level 1-0
B. Level 0-1
C. Level 0+1
D. Level 0/1

Answer 46

C. Level 0+1

Question 47

A(n) \_\_\_\_\_\_\_\_\_\_ is always running off its battery while the main power runs the battery charger.
A. offline UPS
B. backup UPS
C. online UPS
D. secure UPS

Answer 47

C. online UPS

Question 48

A \_\_\_\_\_\_\_\_\_\_ is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running. 
A. cold site
B. warm site
C. hot site
D. replicated site

Answer 48

C. hot site

Question 49

A UPS can perform each of the following except __________.
A. prevent certain applications from launching that will consume too much power
B. disconnect users and shut down the server
C. prevent any new users form logging on
D. notify all users that they must finish their work immediately and log off.

Answer 49

A. prevent certain applications from launching that will consume too much power

Question 50

Which of the following is not a characteristic of a disaster recover plan (DRP)?
A. it is updated regularly
B. it is a private document only used by top-level administrators for planning
C. it is written
D. it is detailed

Answer 50

B. it is a private document only used by top-level administrators for planning

Question 51

Any time the contents of a file are changed -  the archive bit is changed to \_\_\_\_\_ -  meaning that this modified file now needs to be backed up. 
A. 0
B. 1
C. 2
D. 3

Answer 51

B. 1

Question 52

An incremental backup ___________.
A. copies selected files
B. copies all files
C. copies all files since the last full backup
D. copies all files changed since the last full or incremental backup

Answer 52

D. copies all files changed since the last full or incremental backup

Question 53

Each of the following is a basic question to be asked regarding creating a data backup except: __________.
A. how long will it take to finish the backup?
B. where should the backup be stored?
C. what information should be backed up?
D. what media should be used?

Answer 53

A. how long will it take to finish the backup?

Question 54

The chain of \_\_\_\_\_\_\_\_\_\_ documents that the evidence was under strict control at all times and no unauthorized person was given the opportunity to corrupt the evidence. 
A. forensics
B. evidence
C. control
D. custody

Answer 54

D. custody

Question 55

\_\_\_\_\_\_\_\_\_\_ is the maximum length of time that an organization can tolerate between data backups. 
A. recovery service point (RSP)
B. recovery point objective (RPO)
C. optimal recovery time frame (ORT)
D. recover time objective (RTO)

Answer 55

B. recovery point objective (RPO)

Question 56

A data backup solution that uses a magnetic disk as a temporary storage area is \_\_\_\_\_\_\_\_\_\_\_. 
A. disk to disk to tape (D2D2T)
B. disk to disk (D2D)
C. tape to disk (T2D)
D. continuous data protection (CDP)

Answer 56

A. disk to disk to tape (D2D2T)

Question 57

When an unauthorized event occurs -  the first duty of the computer forensics response should be to \_\_\_\_\_\_\_\_\_\_\_. 
A. log-off the server
B. secure the crime scene
C. back up the hard drive
D. reboot the system

Answer 57

B. secure the crime scene

Question 58

BIA stands for __________.

Answer 58

Business Impact Analysis

Question 59

MTTR stands for __________.

Answer 59

Mean Time to Restore

Question 60

DRP stands for __________.

Answer 60

Disaster Recovery Plan

Question 61

MTBF stands for __________.

Answer 61

Mean Time Between Failures

Question 62

RAID level that uses a striped disk array so that data is broken down into blocks and each block is written to a separate disk drive.

Answer 62

RAID Level 0

Question 63

RAID level that uses a mirrored array whose segments are RAID 0 arrays.

Answer 63

RAID Level 0+1

Question 64

RAID level that writes data twice to separate drives.

Answer 64

RAID Level 1

Question 65

RAID level where each entire data block is written on a data disk and parity for blocks in the same rank is generated and recorded on a separate disk.

Answer 65

RAID Level 5

Question 66

Minimum number of drives needed for RAID Level 0.

Answer 66

2

Question 67

Minimum number of drives needed for RAID Level 0+1.

Answer 67

4

Question 68

Minimum number of drives needed for RAID Level 1.

Answer 68

2

Question 69

Minimum number of drives needed for RAID Level 5.

Answer 69

3

Question 70

Imaging applications are typically used for this RAID level.

Answer 70

RAID Level 0+1

Question 71

Financial applications are typically used for this RAID level.

Answer 71

RAID Level 1

Question 72

Databases are the typical application for this RAID level.

Answer 72

RAID Level 5

Question 73

Video production and editing applications are typically used for this RAID level.

Answer 73

RAID Level 0

Question 74

A simple design and easy to implement RAID - but not fault tolerant.

Answer 74

RAID Level 0

Question 75

A simple RAID to implement - but can slow down a system if RAID controlling software is used instead of hardware.

Answer 75

RAID Level 1

Question 76

The most versatile RAID - but it can be difficult to rebuild in the event a disk fails.

Answer 76

RAID Level 5

Question 77

This RAID has high input/output rates and is expensive.

Answer 77

RAID Level 0+1

Question 78

When creating a data backup - five basic questions should be asked. List the questions.

Answer 78

1. What information should be backed up?
2. How often should it be backed up?
3. What media should be used?
4. Where should the backup be stored?
5. What hardware or software should be used?

Question 79

Explain how a full backup is used - what the archive bit is set to after the backup - and what files are needed for recovery.

Answer 79

A full backup is the starting point for all backups. After the backup the archive bit is cleared (set to 0). The full backup is needed to recover files.

Question 80

Explain how a differential backup is used - what the archive bit is set to after the backup - and what files are needed for recovery.

Answer 80

A differential backup backs up any data that has changed since the last full backup. After the backup the archive bit is not cleared (set to 1). The full backup and only the last differential backup are needed to recover files.

Question 81

Explain how a incremental backup is used - what the archive bit is set to after the backup - and what files are needed for recovery.

Answer 81

An incremental backup backs up any data that has changed since the last full backup or last incremental backup. After the backup the archive bit is cleared (set to 0). The full backup and all incremental backups are needed to recover files.

Question 82

RPO stands for __________.

Answer 82

Recovery Point Objective

Question 83

RTO stands for __________.

Answer 83

Recovery Time Objective

Question 84

List the 3 types of CDP and the type of data that is protected.

Answer 84

1. Block-level CDP- the entire volume is protected.
2. File-level CDP- the individual files are protected.
3. Application-level CDP- individual application changes are protected.\

Question 85

List the 4 basic forensic procedures:

Answer 85

1. Secure the crime scene
2. Preserve the evidence
3. Establish the chain of custody
4. Examine the evidence

Question 86

What are the 6 steps in damage control?

Answer 86

1. Report the incident to security or the police
2. Confront any suspects (if the situation allows)
3. Neutralize the suspected perpetrator form harming others (if necessary)
4. Secure physical security features
5. Quarantine electronic equipment
6. Contact the response team

Question 87

List the orders of volatility and the location of the data.

Answer 87

First- register - cache - peripheral memory
Second- random access memory (RAM)
Third- network state
Fourth- running processes

Question 88

A mirror image is also referred to as __________.

Answer 88

Bitstream Backup

Question 89

List and describe the 2 types of slack.

Answer 89

1. RAM Slack- pertains to the last sector of a file

2. Drive File Slack- can contain remnants of previously deleted files or data

Question 90

What is an SLA?

Answer 90

Service Level Agreement is a service contract between a vendor and client that specifies what services will be provided - responsibilities of each party - and any guarantees of service. Most SLA’s are based on percentages of uptime that are guaranteed.

Question 91

How is MTBF calculated?

Answer 91

MTBF= total time measured divided by total number of failures observed

Question 92

Name the 3 types of fire suppression systems.

Answer 92

1- water sprinkler
2- dry chemical
3- clean agent

Question 93

What is ESD?

Answer 93

Electrostatic discharge is the sudden flow of electrical current between two objects.

Question 94

Explain the server hot aisle/cold aisle layout.

Answer 94

1- rows of rack fronts are the cold aisles and face air conditioning output ducts
2- rows that are the back of the racks where the heated exhaust exits are the hot aisles and generally face the air conditioning return ducts.

Question 95

A policy that defines the actions users may perform while accessing systems and networking equipment.

Answer 95

Acceptable Use Policy (AUP)

Question 96

A methodology for making modifications to a system and keeping track of those changes.

Answer 96

Change Management

Question 97

The “framework” and functions required to enable incident response and incident handling with an organization.

Answer 97

Incident Management