Chapter 12 - Disaster Recovery & Incident Response

Question 1

what is BCP?

12 - 431

Answer 1

business continuity planning

implementing policies and controls to counteract the effects of losses, outages, or failures

Question 2

what are CBFs?

12 - 431

Answer 2

critical business functions

these are the systems that must be made operational immediately when an outage occurs

Question 3

tell me the 2 key components of the BCP

12 - 431

Answer 3

business impact analysis - evaluate the process

risk assessment - evaluate the risk, the likelihood of a loss

Question 4

what are working copies?

12 - 432

Answer 4

shadow copies, they are partial or full backups that are kept for immediate recovery purposes

Question 5

what is onsite storage?

12 - 432

Answer 5

a location on the site of the computer center that is used to store information locally

Question 6

you have a disaster-recovery plan. what is the primary emphasis of that plan?

12 - 433

Answer 6

reestablishing services and minimizing losses

Question 7

Describe to me the database transaction auditing process from the image provided in the book.

12 - 435

Answer 7

clients talk to database server

database server saves its databases files separate from its transaction/audit files

Question 8

we’ve talked about full backups, incremental backup, and differential backups. there is a new type. tell me about it.

12 - 437

Answer 8

HSM, hierarchical storage management, provides continuous online backup by using optical or tape jukeboxes

Question 9

explain the grandfather, father, son backup plan

12 - 438

Answer 9

grandfather - annual backups
father - monthly backups
son - weekly

Question 10

explain the backup server backup plan

12 - 440

Answer 10

multiple types of servers all save to a backup server which houses the backup files

Question 11

what is a hot site?

12 - 443

Answer 11

also known as an active backup model, it is a location that can provide operations within hours of a failure

Question 12

tell me another name for a warm site/reciprocal site

12 - 444

Answer 12

active/active model

Question 13

what is a cold site?

12 - 444

Answer 13

a facility that isn’t immediately ready to use

Question 14

what is an incident?

12 - 445

Answer 14

any attempt to violate a security policy, a successful penetration, a compromise of a system, or any unauthorized access to information. system failures and service disruptions are included.

Question 15

there are certain items that an incident response policy establishes. there are 6 of them. tell me what they are.

12 - 446

Answer 15

notify outside agencies 
resources used to deal with an incident
procedures to gather an secure evidence
list of info that should be collected 
outside experts who can be used to address issues
policies and guidelines

Question 16

explain to me the five steps of the incident response cycle

12 - 447

Answer 16

you have an incident in the center.

around that, identifying leads to investigation, leads to repairing, leads to adjusting procedures, leads back to identifying

Question 17

if data gets stolen, what are the 3 steps you take to mitigate the damage?

12 - 451

Answer 17

immediately change all passwords
notify the relevant parties
make procedural changes so tha tthe info stolen cannot be used to affect additional breaches

Question 18

you have a response plan and are going to run the drill. you are watching and evaluating people’s responses. what 5 things are you looking for?

12 - 452

Answer 18

was the evidence gathered and the chain of custody maintained?
did the escalation procedures follow the correct path?
given the results of the investigation, would you be able to find and prosecute the culprit?
what was done that should not have been done?
what could have been done better?

Question 19

when you are adjusting procedures, what 3 questions should you ask?

12 - 453

Answer 19

how did the policies work or not work in this situation?
what did you learn about the situation that was new?
what should you do differently next time?

Question 20

what is succession planning?

12 - 454

Answer 20

outlines those internal to the organization who have the ability to step into positions when they open

Question 21

when you are doing big data analysis, what three levels of testing will you apply?

12 - 454

Answer 21

document review, walkthrough, simulation

Question 22

SLAs are also known as what?

12 - 456

Answer 22

maintenance contracts

Question 23

what is code escrow?

12 - 457

Answer 23

refers to the storage and condition of a release of source code provided by a vendor

Question 24

3 types of testing for security controls

12 - 459

Answer 24

black box
white box
gray box

Question 25

credentialed scanning has several benefits. name them

12 - 460

Answer 25

not disrupting operations or consuming too many resources
definitive list of missing patches
client side software vulnerabilities are uncovered