Ch.13

Question 1

the ability of an organization to maintain its operations and services in the face of a disruptive event

Answer 1

business continuity

Question 2

the process of identifying exposure to threats, creating preventive and recovery procedures, and then testing them to determine if they are sufficient

Answer 2

business continuity planning and testing

Question 3

an analysis that identifies mission-critical business functions and quantifies the impact a loss of such functions may have on the organization in terms of its operational and financial position

Answer 3

business impact analysis (BIA)

Question 4

a process of documentation that shows that the evidence was under strict control at all times and no unauthorized individuals were given the opportunity to corrupt the evidence

Answer 4

chain of custody

Question 5

combining two or more servers to appear as one single unit

Answer 5

clustering

Question 6

a remote site that provides office space; the customer must provide and install all the equipment needed to continue operations

Answer 6

cold site

Question 7

using technology to search for computer evidence of a crime

Answer 7

computer forensics

Question 8

the ability of a business to continue to function in the event of a disaster

Answer 8

continuity of operations

Question 9

the process of copying information to a different medium and storing it (preferably at an offsite location) so that it can be used in the event of a disaster

Answer 9

data backup

Question 10

a written document that details the process for restoring IT resources following an event that causes a significant disruption in service

Answer 10

disaster recovery plan (DRP)

Question 11

a metallic enclosure that prevents the entry or escape of an electromagnetic field

Answer 11

Faraday cage

Question 12

the application of science to questions that are of interest to the legal profession

Answer 12

forensics (forensic science)

Question 13

systems that provide and regulate heating and cooling

Answer 13

heating, ventilation, and air conditioning (HVAC)

Question 14

a system that can function for an extended period of time with little downtime

Answer 14

high availability

Question 15

a layout in a data center that can be used to reduce heat by managing air flow

Answer 15

hot aisle/cold aisle

Question 16

a duplicate of the production site that has all the equipment needed for an organization to continue running, including office space and furniture, telephone jacks, computer equipment, and a live telecommunications link

Answer 16

hot site

Question 17

the process of developing an outline of procedures to be followed in the event of a major IT incident or an incident that directly impacts IT

Answer 17

IT contingency planning

Question 18

a statistical value that is the average time until a component fails, cannot be repaired, and must be replaced

Answer 18

mean time between failures (MTBF)

Question 19

the average time for a device to recover from a failure that is not a terminal failure

Answer 19

mean time to recovery (MTTR)

Question 20

the sequence of volatile data that must be preserved in a computer forensic investigation

Answer 20

order of volatility

Question 21

a technology that uses multiple hard disk drives for increased reliability and performance

Answer 21

RAID (Redundant Array of Independent Drives)

Question 22

the maximum length of time that an organization can tolerate between backups

Answer 22

recovery point objective (RPO)

Question 23

the length of time it will take to recover data that has been backed up

Answer 23

recovery time objective (RTO)

Question 24

the process of identifying threats

Answer 24

risk assessment

Question 25

a component or entity in a system which , if it no longer functions, would adversely affect the entire system

Answer 25

single point of failure

Question 26

determining in advance who will be authorized to take over in the event of the incapacitation or death of key employees

Answer 26

succession planning

Question 27

a snapshot of the current sate of the computer that contains all settings and data

Answer 27

system image

Question 28

exercises that simulate an emergency situation but in an informal and stress-free environment

Answer 28

tabletop execises

Question 29

a remote site that contains computer equipment but does not have active Internet or telecommunication facilities and does not have backups of data

Answer 29

warm site

Question 30

_____ is the process of developing an outline of procedures to be followed in the event of a major IT incident or an incident that directly impacts IT.

a. Disaster recovery planning
b. IT contingency planning
c. Business impact analysis planning
d. Risk IT planning

Answer 30

b

Question 31

Who should be involved in a table top exercise?

a. all employees
b. individuals on a decision-making level
c. full-time employees
d. only IT managers

Answer 31

b

Question 32

The average amount of time that it will take a device to recover from a failure that is not a terminal failure is called the _____.

a. MTTR
b. MTBR
c. MTBF
d. MTTI

Answer 32

a (mean time to recovery)

Question 33

Each of these is a category of fire suppression systems EXCEPT a _____.

a. water sprinkler system
b. wet chemical system
c. clean agent system
d. dry chemical system

Answer 33

b

Question 34

Which of these is NOT required for a fire to occur?

a. a chemical reaction that is the fire itself
b. a type of fuel or combustible material
c. a spark to start the process
d. sufficient oxygen to sustain the combustion

Answer 34

c

Question 35

An electrical fire like that which would be found in a computer data center is known as what type of fire?

a. Class A
b. Class B
c. Class C
d. Class D

Answer 35

c

Question 36

Which level of RAID uses disk mirroring and is considered fault-tolerant?

a. Level 1
b. Level 2
c. Level 3
d. Level 4

Answer 36

a

Question 37

A standby server that exists only to take over for another server in the event of its failure is known as a(n)_____.

a. rollover server
b. asymmetric server cluster
b. symmetric server cluster
d. failsafe server

Answer 37

b

Question 38

What does the abbreviation RAID represent?

a. Redundant Array of IDE Drives
b. Resilient Architecture for Interdependent Discs
c. Redundant Array of Independent Drives
d. Resistant Architecture of Inter-Related Data Storage

Answer 38

c

Question 39

Which of these is an example of a nested RAID?

a. Level 1-0
b. Level 0-1
c. Level 0+1
d. Level 0/1

Answer 39

c

Question 40

A(n) _____ is always running off its battery while the main power runs the battery charger.

a. secure UPS
b. backup UPS
c. off-line UPS
d. on-line UPS

Answer 40

d

Question 41

Which type of site is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running?

a. cold site
b. warm site
c. hot site
d. replicated site

Answer 41

c

Question 42

A UPS can perform each of the following EXCEPT _____.

a. prevent certain applications from launching that will consume too much power
b. disconnect users and shut down the server
c. prevent any new users from logging on
d. notify all users that they must finish their work immediately and log off

Answer 42

a

Question 43

Which of these is NOT characteristic of a disaster recovery plan (DRP)?

a. It is updated regularly
b. It is a private document used only by top-level administrators for planning
c. It is written
d. It is detailed.

Answer 43

b

Question 44

What does an incremental backup do?

a. copies all files changed since the last full or incremental backup
b. copies selected files
c. copies all files
d. copies all files since the last full backup

Answer 44

d

Question 45

Which question is NOT a basic question to be asked regarding creating a data backup?

a. What media should be used?
b. How long will it take to finish the backup?
c. Where should the back be stored?
d. What information should be backed up

Answer 45

b

Question 46

The chain of _____ documents that the evidence was under strict control at all times and no unauthorized person was given the opportunity to corrupt the evidence.

a. forensics
b. evidence
c. custody
d. conrol

Answer 46

c

Question 47

What is the maximum length of time that an organization can tolerate between data backups?

a. recovery time objective (RTO)
b. recovery service point (RSP)
c. recovery point objective (RPO)
d. optimal recovery timeframe (ORT)

Answer 47

c

Question 48

What data backup solution uses the magnetic disk as a temporary storage area?

a. continuous data protection (CDP)
b. disk to disk to tape (D2D2T)
c. disk to disk (D2D)
d. tape to disk (T2D)

Answer 48

b

Question 49

When an unauthorized event occurs, what is the first duty of the computer forensics response team?

a. to log off from the server
b. to secure the crime scene
c. to back up the hard drive
d. to reboot the sytem

Answer 49

b