Chapter 12 - Disaster Recovery and Incident Response

Question 1

What is Business Continuity in a nut shell?

Answer 1

page 431

Having a backup plan when a key component is missing, absent, or failure, and the business continues.

Question 2

What is the process of implementing policies, controls and procedures to counteract the effects of losses, outages or failures of critical business processes?

Answer 2

page 431

Business Continuity Planning (BCP)

Question 3

What are the two key components of BCP?

Answer 3

page 431
Business Impact Analysis (BIA)
Rick Assessment

Question 4

What are some good reasons to have backups?

Answer 4

page 432
Accidental deletion Application errors
Natural disasters Physical attacks
Server failure Virus infection
Workstation failure

Question 5

What are sometimes referred to as shadows?

Answer 5

page 432

Working copies

Question 6

AT what temperature does paper catch fire?

Answer 6

page 433

451 degrees Fahrenheit

Question 7

What is an ideal medium for on-site storage?

Answer 7

page 433

tape

Question 8

What is the major component of a disaster recovery plan?

Answer 8

page 434

access and storage information

Question 9

What are the different types of Backups

Answer 9

page 436
Full backup
Differential backup
Incremental backup
Hierachical Storage Management (HSM)

Question 10

Describe the Grandfather, Father and Son Backup

Answer 10

page 438
The most recent backup after a full backup is SON
As newer backup are made, the SON becomes the FATHER, in turn becomes the GRANDFATHER
- Annual Backup is referred to as GRANDFATHER
- Monthly Backup is referred to as FATHER
- Weekly Backup is referred to as SON

Question 11

What is a backout?

Answer 11

page 443

Is a reversion from a change that had negative consequences.

Question 12

What is a Hot-Site?

Answer 12

page 443
Is a location that can provide operations within hours of failure.
Often referred to as an active Active Backup Model

Question 13

What is a Warm SIte?

Answer 13

page 444

Provides some of the capabilities of a hot site, but it requires the customer to do more work to become operational

Question 14

What is a Reciprocal Agreement?

Answer 14

page 444

An agreement between 2 companies to provide services in the event of an emergency

Question 15

What is a Cold Site?

Answer 15

page 444

Is a facility that isn’t ready for use, the organization using it must bring along its equipment and network.

Question 16

What important items should an Incident Response Policy establish?

Answer 16

page 446

• Outside agencies that should be contacted or notified in case of an incident.
• Resources used to deal with an incident.
• List of information that should be collected about an incident.
• Policies and guidelines regarding how to handle an incident.

Question 17

What can be formalized or an Ad Hoc team?

Answer 17

page 446

Computer Security Incident Response Team (CSIRT)

Question 18

What are the 5 Steps Incident Response?

Answer 18

page 448

1. Identifying the Incident
2. Investigating the Incident
3. Repairing the Damage
4. Documenting and Repairing the Response
5. Adjusting Procedures

Question 19

What is OOV?

Answer 19

page 453
Order of Volatility
The amount of time that you have to collect certain data before a window of opportunity is gone.

Question 20

What is “Capture System Image”?

Answer 20

page 453
Capturing an image of the operating system in its exploited state can be helpful in revisiting the issue after the fact to learn more about it.

Question 21

Why is Documenting Network Traffic and logs valuable in forensics?

Answer 21

page 453

This information can be useful in identifying trends associated with repeated attacks

Question 22

Why would you want to capture video in forensics?

Answer 22

page 453
Video can latter be analyzed manually in individual frames as well as run through a number of programs that can create indices of the contents.

Question 23

Why is important to record the time offset during forensics?

Answer 23

page 453

To able to follow events in the correct time sequence.

Question 24

What are the 5 levels of testing during a Tabletop exercise simulation of a disater?

Answer 24

page 454

• Document Review
• Simulation
• Parallel Text
• Cutover Test

Question 25

What is Penetration Testing?

Answer 25

page 458

Using the same techniques a hacker would use to penetrate your system.