Chapter 12 Flashcards

1
Q
A server that collects and stores raw data, and connects to field devices from which it receives raw data and passes data on to other SCADA systems, is known as what two terms below?
A) loop server
B) master terminal unit
C) acquistions server
D) I/O server
A

C) acquistions server

D) I/O server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
What two methods might be used by an ICS to control a physical system?
A) cyclical control system
B) actuating loop system
C) open loop system
D) closed loop system
A

C) open loop system

D) closed loop system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
A rollback is also known by what two terms below?
A) backleveling
B) backstepping
C) downleveling
D) downgrading
A

A) backleveling

D) downgrading

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
What two terms describe the process that can reveal a great deal of information, called ESI (electronically stored information)?
A) active data
B) eDiscovery
C) electronic discovery
D) ambient data
A

B) eDiscovery

C) electronic discovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
eDiscovery and computer forensics reveal what two different types of data?
A) transient data
B) active data
C) ambient data
D) encrypted data
A

B) active data

C) ambient data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
An active card, which contains an internal battery, can provide a usable range of up to what distance?
A) 100 m
B) 150 m
C) 200 m
D) 250 m
A

B) 150 m

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
What type of software is a correction, improvement, or enhancement to a piece of software?
A) patch
B) upgrade
C) rollback
D) kludge
A

A) patch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
In computer forensics, hidden data such as deleted files and file fragments are known as what term?
A) ambient data
B) transient data
C) tombstone data
D) low level data
A

A) ambient data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
Which team role is the person on call who first notices or is alerted to a problem?
A) manager
B) dispatcher
C) technical supporrt specialist
D) public relations specialist
A

B) dispatcher

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
What team member role coordinates the resources necessary to solve a problem?
A) dispatcher
B) manager
C) technical support specialist
D) public relations specialist
A

B) manager

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
What team member role focuses on only one thing: solving the problem as quickly as possible?
A) dispatcher
B) manager
C) technical support specialist
D) publlic relations specialist
A

C) technical support specialist

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
What team members role, if necessary, learns about the situation and the response and then acts as official spokesperson for the organization to the public or other interested parties?
A) dispacter
B) manager
C) technical support specialist
D) public relations specialist
A

D) public relations specialist

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following is NOT a step that should be taken as part of a response policy/
A) Secure the area and disconnected devices from the network
B) Create documentation detailing the scene
C) Attempt to access files to determine if they are compromised
D) Protect the chain of custody of evidence

A

C) Attempt to access files to determine if they are compromised

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
What should be the first step of a response policy?
A) Determine if escalation is necessary
B) Secure the area
C) Document the scene
D) Monitor evidence and data collection
A

A) Determine if escalation is necessary

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
At what type of recovery site would computers, devices, and connectivity necessary to rebuild a network exist, and all are appropriately configured, updated, and connected to match your network's current state?
A) cold site
B) warm site
C) temp site
D) hot site
A

D) hot site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
What type of recovery site is a place where computers, devices, and connectivity necessary to rebuild a network exist, with some pieces appropriately configured, updated, or connected?
A) cold site
B) warm site
C) hot site
D) temp site
A

B) warm site

17
Q
Which type of disaster recovery site is a place where the computers, devices, and connectivity necessary to rebuild a network exist, but they are not appropriately configured, updated, or connected?
A) cold site
B) temp site
C) warm site
D) hot site
A

A) cold site

18
Q
What type of physical security solution involves a device that scans an individual's unique physical characteristics?
A) proximity access
B) biorecognition access
C) AIT access
D) keypad access
A

B) biorecognition access

19
Q
The time period in which a change can be implemented is known as what option below?
A) change period
B) maintenance window
C) work order time
D) service affecting work interval
A

B) maintenance window

20
Q
When performing inventory on software packages, which of the following is not something that should be inventoried?
A) version number
B) vendor
C) licensing
D) proprietary source code
A

D) proprietary source code

21
Q
In order to provide access to a historian by personnel working on the corporate network that are not authorized to work on the ICS network, where should e the historian be placed?
A) DMZ
B) corporate network
C) internet
D) private network
A

A) DMZ

22
Q

What is a historian?
A) a centralized database of collected and analyzed and control activities
B) A server that collects and stores raw data
C) A supervisory computer or server, which can control the physical system
D) computers, including hardware and software, that people use to monitor and manage the physical systems

A

A) a centralized database of collected and analyzed and control activities

23
Q
What type of device can be used to erase contents of a hard drive using a magnetic field?
A) electromagnetic resonance chamber
B) degausser
C) target magneto-wipe
D) polarized magnet
A

B) degausser

24
Q

If a destruction program is running that might be destroying evidence, what should be done?
A) Perform an immediate full backup
B) Attempt to end the process
C) Pull the power cables
D) Record the destruction using a video capture of the screen

A

C) Pull the power cables

25
Q
Upon receipt of what type of notification is a company required to activate a defensible policy for the preservation of relevant data?
A) subpoena
B) legal hold
C) discovery request
D) chain of custody notice
A

B) legal hold