Ch.13 Flashcards
the ability of an organization to maintain its operations and services in the face of a disruptive event
business continuity
the process of identifying exposure to threats, creating preventive and recovery procedures, and then testing them to determine if they are sufficient
business continuity planning and testing
an analysis that identifies mission-critical business functions and quantifies the impact a loss of such functions may have on the organization in terms of its operational and financial position
business impact analysis (BIA)
a process of documentation that shows that the evidence was under strict control at all times and no unauthorized individuals were given the opportunity to corrupt the evidence
chain of custody
combining two or more servers to appear as one single unit
clustering
a remote site that provides office space; the customer must provide and install all the equipment needed to continue operations
cold site
using technology to search for computer evidence of a crime
computer forensics
the ability of a business to continue to function in the event of a disaster
continuity of operations
the process of copying information to a different medium and storing it (preferably at an offsite location) so that it can be used in the event of a disaster
data backup
a written document that details the process for restoring IT resources following an event that causes a significant disruption in service
disaster recovery plan (DRP)
a metallic enclosure that prevents the entry or escape of an electromagnetic field
Faraday cage
the application of science to questions that are of interest to the legal profession
forensics (forensic science)
systems that provide and regulate heating and cooling
heating, ventilation, and air conditioning (HVAC)
a system that can function for an extended period of time with little downtime
high availability
a layout in a data center that can be used to reduce heat by managing air flow
hot aisle/cold aisle
a duplicate of the production site that has all the equipment needed for an organization to continue running, including office space and furniture, telephone jacks, computer equipment, and a live telecommunications link
hot site
the process of developing an outline of procedures to be followed in the event of a major IT incident or an incident that directly impacts IT
IT contingency planning
a statistical value that is the average time until a component fails, cannot be repaired, and must be replaced
mean time between failures (MTBF)
the average time for a device to recover from a failure that is not a terminal failure
mean time to recovery (MTTR)
the sequence of volatile data that must be preserved in a computer forensic investigation
order of volatility
a technology that uses multiple hard disk drives for increased reliability and performance
RAID (Redundant Array of Independent Drives)
the maximum length of time that an organization can tolerate between backups
recovery point objective (RPO)
the length of time it will take to recover data that has been backed up
recovery time objective (RTO)
the process of identifying threats
risk assessment
a component or entity in a system which , if it no longer functions, would adversely affect the entire system
single point of failure
determining in advance who will be authorized to take over in the event of the incapacitation or death of key employees
succession planning
a snapshot of the current sate of the computer that contains all settings and data
system image
exercises that simulate an emergency situation but in an informal and stress-free environment
tabletop execises
a remote site that contains computer equipment but does not have active Internet or telecommunication facilities and does not have backups of data
warm site
_____ is the process of developing an outline of procedures to be followed in the event of a major IT incident or an incident that directly impacts IT.
a. Disaster recovery planning
b. IT contingency planning
c. Business impact analysis planning
d. Risk IT planning
b
Who should be involved in a table top exercise?
a. all employees
b. individuals on a decision-making level
c. full-time employees
d. only IT managers
b
The average amount of time that it will take a device to recover from a failure that is not a terminal failure is called the _____.
a. MTTR
b. MTBR
c. MTBF
d. MTTI
a (mean time to recovery)
Each of these is a category of fire suppression systems EXCEPT a _____.
a. water sprinkler system
b. wet chemical system
c. clean agent system
d. dry chemical system
b
Which of these is NOT required for a fire to occur?
a. a chemical reaction that is the fire itself
b. a type of fuel or combustible material
c. a spark to start the process
d. sufficient oxygen to sustain the combustion
c
An electrical fire like that which would be found in a computer data center is known as what type of fire?
a. Class A
b. Class B
c. Class C
d. Class D
c
Which level of RAID uses disk mirroring and is considered fault-tolerant?
a. Level 1
b. Level 2
c. Level 3
d. Level 4
a
A standby server that exists only to take over for another server in the event of its failure is known as a(n)_____.
a. rollover server
b. asymmetric server cluster
b. symmetric server cluster
d. failsafe server
b
What does the abbreviation RAID represent?
a. Redundant Array of IDE Drives
b. Resilient Architecture for Interdependent Discs
c. Redundant Array of Independent Drives
d. Resistant Architecture of Inter-Related Data Storage
c
Which of these is an example of a nested RAID?
a. Level 1-0
b. Level 0-1
c. Level 0+1
d. Level 0/1
c
A(n) _____ is always running off its battery while the main power runs the battery charger.
a. secure UPS
b. backup UPS
c. off-line UPS
d. on-line UPS
d
Which type of site is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running?
a. cold site
b. warm site
c. hot site
d. replicated site
c
A UPS can perform each of the following EXCEPT _____.
a. prevent certain applications from launching that will consume too much power
b. disconnect users and shut down the server
c. prevent any new users from logging on
d. notify all users that they must finish their work immediately and log off
a
Which of these is NOT characteristic of a disaster recovery plan (DRP)?
a. It is updated regularly
b. It is a private document used only by top-level administrators for planning
c. It is written
d. It is detailed.
b
What does an incremental backup do?
a. copies all files changed since the last full or incremental backup
b. copies selected files
c. copies all files
d. copies all files since the last full backup
d
Which question is NOT a basic question to be asked regarding creating a data backup?
a. What media should be used?
b. How long will it take to finish the backup?
c. Where should the back be stored?
d. What information should be backed up
b
The chain of _____ documents that the evidence was under strict control at all times and no unauthorized person was given the opportunity to corrupt the evidence.
a. forensics
b. evidence
c. custody
d. conrol
c
What is the maximum length of time that an organization can tolerate between data backups?
a. recovery time objective (RTO)
b. recovery service point (RSP)
c. recovery point objective (RPO)
d. optimal recovery timeframe (ORT)
c
What data backup solution uses the magnetic disk as a temporary storage area?
a. continuous data protection (CDP)
b. disk to disk to tape (D2D2T)
c. disk to disk (D2D)
d. tape to disk (T2D)
b
When an unauthorized event occurs, what is the first duty of the computer forensics response team?
a. to log off from the server
b. to secure the crime scene
c. to back up the hard drive
d. to reboot the sytem
b