Chapter 12: Disaster Recovery and Incident Response

Question 1

Business Continuity

Answer 1

What a company does to minimize the impact of the failure of a key component needed for operation

Question 2

Critical Business Functions (CBF)

Answer 2

Things that must be made operational immediately when an outage occurs

Question 3

BIA

Answer 3

Business Impact Analysis

Question 4

Working Copy Backups

Answer 4

Partial or full backups that are kept at the computer center for immediate recovery

Question 5

Journaled File System (JFS)

Answer 5

Includes a log file of all changes and transactions within a set period of time

Question 6

Onsite Storage

Answer 6

A location on the site of the computer center that is used to store info locally

Question 7

Offsite Storage

Answer 7

A place away from the computer center where you store backups and stuff

Question 8

Grandfather, Father, Son Method

Answer 8

Annual backups are grandfather, monthly are Father, and weekly are son.
The last full backup of the year is retained.

Question 9

Full Archival Method

Answer 9

All backups of any type are kept forever

Question 10

Backup Server Method

Answer 10

Establishes a server with large amounts of disk space to back up data.

Question 11

Backout

Answer 11

A reversion from a change that had negative consequences

Question 12

Reciprocal Agreement

Answer 12

An agreement between two companies to provide services in the event of an emergency

Question 13

Computer Security Incident Response Team (CSIRT)

Answer 13

The team that is in charge of responding to an incident, can be formalized or ad hoc

Question 14

IRP

Answer 14

Incident Response Plan

Question 15

Post-Mortem

Answer 15

Process of reviewing the successes and failures of your incident response

Question 16

OOV

Answer 16

Order Of Volatility

Question 17

Volatility

Answer 17

In this scenario, you can think of it as the amount of time that you have to collect certain data before the window of opportunity is gone

Question 18

System Image

Answer 18

A snapshot of what exists when the system is infected

Question 19

National Software Reference Library (NSRL)

Answer 19

An organization with the purpose of col- lecting “known, traceable software applications” through their hash values and storing them in a Reference Data Set (RDS) for law enforcement.

Question 20

Tabletop Exercise

Answer 20

Simulation of a disaster

Question 21

Document Review

Answer 21

A review of recovery, operations, resumption plans, and procedures

Question 22

Walkthrough

Answer 22

A group discussion of recovery, operations, resumption plans, and procedures

Question 23

Simulation

Answer 23

A fake staging of an incident for practice

Question 24

Parallel Test

Answer 24

You start up all backup systems but leave the main systems functioning

Question 25

Cutover Test

Answer 25

Shuts down the main systems and has everything fail over to backup systems

Question 26

Big Data Analysis

Answer 26

Should only be tested with document review, walkthrough, and simulation

Question 27

Maintenance Contracts

Answer 27

SLAs when they refer to hardware or software

Question 28

Code Escrow

Answer 28

Storage and conditions of release of source code provided by a vendor

Question 29

Orphanware

Answer 29

Software without support of any type because the company went out of business

Question 30

Credentialed vs. Uncredentialed Vulnerability Scanning

Answer 30

Credentialed scanning is done with network credentials so that it is actually in the system when it does the scan, making things just all around better usually.