Chapter 12

Question 1

BCP

Answer 1

Business Continuity Plan

the process of implementing policies, controls, and procedures to counteract the effects of losses, outages, or failures of critical business processes
432

Question 2

CBFs

Answer 2

Critical Business Functions

processes of systems that must be made operational immediately when an outage occurs
432

Question 3

Two key components of BCP

Answer 3

BIA (business impact analysis)
Risk Assessment
432

Question 4

Working Copies

Answer 4

AKA Shadow copies

Partial or full backups that are kept at the computer center for immediate recovery purposes
432

Question 5

Onsite Storage

Answer 5

usually refers to a location on the site of the computer center that is used to store information locally. Can be used to store computer cartridges and tapes or backup media
432

Question 6

According to security plus what is the ideal medium for a backup?

Answer 6

TAPE!

433

Question 7

What should you make sure to do with your onsite storage?

Answer 7

Keep it in fireproof containers should be guaranteed to withstand damage regardless of the type of fire.
Prevent moisture from messing with it
Pressure resistant container
433

Question 8

Offsite Storage

Answer 8

Where paper copies and backup media are kept. Can range from a copy of backup media at a remote office to nuclearhardened high security storage facility
433

Question 9

Disaster Recovery Plan

Answer 9

helps an organization respond effectively when a disaster occurs. Includes System failurem network failure, infrastructure failure, and natural disaster
433

Question 10

Database Systems

Answer 10

Most modern database systems provide the ability to back up to data or certain sections of the database globally without difficulty. Larger-scale database system also provide transaction auditing and data-recovery capabilities
434

Question 11

HSM

Answer 11

Hierarchical Storage Media

A newer backup type. Provides continuous online backup by using optical or tape jukeboxes. It appears as an infinite disk to the system, and can be configured to provide the closest version of the real time backup
437

Question 12

Grandfather, Father, Son Method

Answer 12

Backup plan based on the philosophy that a full backup should occur at regular intervals such as monthly or weekly.

Most recent backup is the son. The newer backups are made the son becomes a father and then a grandfather. At the end of the month a full backup is done and it starts all over.
438

Question 13

Full Archival Method

Answer 13

Works under the assumption that any information created on any system is stored forever and ever and ever.
439

Question 14

Backup Server Method

Answer 14

Where a large server with large amounts of data storage is dedicated to backing shit up
440

Question 15

Backout

Answer 15

reversion from a change that has negative consequences

443

Question 16

Hot Site

Answer 16

A location that can provide operations within hours of a failure
443

Question 17

Alternate Site

Answer 17

A facility that is available on short notice for the purpose of restoring network or systems operations
443

Question 18

Reciprocal Agreement

Answer 18

An agreement between two companies to provide services in the event of an emergency. Usually made on a best effort basis
444

Question 19

Incident response policies

Answer 19

defines how an organization will respond to an incident.

445

Question 20

Forensics

Answer 20

Process of identifying what has occurred on a system by examining the data trail. It involves gathering evidence found in computer’s digital storage
446

Question 21

IRP

Answer 21

Incident Response Plan

Outlines what steps are needed and who is responsible for deciding how to handle a situation.
447

Question 22

Incidence Response Cycle

Answer 22

Identify
Investigate
Repair
Adjust Procedures

Repeat
447

Question 23

Succession Planning

Answer 23

Outlines those internal to the organization who have the ability to step into positions when they are open. Who will fill the role
454

Question 24

Code Escrow

Answer 24

Storage and conditions of a release of source code provided by a vendor. If the vendor goes bankrupt, how will you get ahold of the source code of their products
457

Question 25

Penetration Testing

Answer 25

Using hacking techniques to try to break into a a system for the purposes of hardening.
458

Question 26

Three Types of Security Control Tests

Answer 26

Black Box - The tester has no knowledge of the system and is functioning in the same manner as an outside attacker
White Box - The tester has significant knowledge of a system. Simulates a rogue employee
Gray Box - Has some knowledge of a system
459

Question 27

Nonintrusive tests

Answer 27

Passively testing security controls using techniques such as vulnerability scans, probing for weaknesses, but not exploiting them
459

Question 28

Vulnerability Scanning

Answer 28

Identify specific vulnerabilities in your network and common misconfigurations
459

Question 29

Credential Scanning benefits

Answer 29

Not disrupting operations or consuming too many resources
Definitive list of missing patchs
Client-side software vulnerabilities are uncovered
Other vulnerabilities such as password policies and antivirus software configurations
460

Question 30

False Positive

Answer 30

When the scan mistakenly identifies something as a vulnerability when it is not
460