Ch10 Dealing with Incidents

Question 1

the 7 steps of the Incident Response Process are: Preparation, ___, ___, Containment, ___, ___, Documentation

Answer 1

Reporting; Identification; Eradication; Recovery

Question 2

the group of people whose job it is to respond to a cyber security incident is the ___

Answer 2

Cyber Incident Response Team (CIRT)

Question 3

the plan for who to report an incident to depending on its severity is the ___

Answer 3

chain of escalation

Question 4

the chain of custody process includes: ___, collection method, date/time collected, person collecting it, ___, and all locations of the evidence

Answer 4

defining the data; function/qualification of the person collecting the data

Question 5

when retrieving system data as evidence, always use ___ software to demonstrate that you have not altered it

Answer 5

write block enabled

Question 6

as you collect evidence, remember to ___ so you can be paid from the right people

Answer 6

track your hours

Question 7

a __ recovery site might take a few days to bring online, it might have the equipment your need, but not the data

Answer 7

warm

Question 8

the first item in the order of restoration after an incident is to verify ___

Answer 8

power is working on all outlets

Question 9

a ___ is practicing the actual activities required to recover from an incident

Answer 9

failover

Question 10

the Last Modified date/time of a file is known as its ___ for backup purposes

Answer 10

archive attribute

Question 11

a ___ is a backup of all changes since the last Full backup

Answer 11

differential backup

Question 12

an ___ is a backup of all changes since the last backup of any kind

Answer 12

Incremental