Dealing with Incidents

Question 1

You are recommending personnel for incident response team lead positions. You have several candidates from which to choose and are recommending personnel based upon key characteristics. On which of the following characteristics should you base your recommendations? (Choose two.)

Certifications

Seniority

Training

Experience

Answer 1

Training

Experience

Training and experience are key characteristics to consider when recommending personnel for incident response team lead positions

Question 2

Which of the following are considered part of executing an incident response? (Choose two.)

Detection and analysis

Preparation

Containment and eradication

Reporting

Answer 2

Detection and analysis

Containment and eradication

Detection, analysis, containment, and eradication are all steps performed when executing an incident response

Question 3

When you are collecting evidence at the scene of the crime, you should store electronic components in which type of containers?

Paper bags

Metal containers

Anti-static bags

Answer 3

Anti-static bags

When collecting evidence at the scene of the crime, you should store electronic components in anti-static bags to prevent damage to them

Question 4

Which two United States evidence guidelines provide standards of submitting evidence into criminal and civil court cases? (Choose two.)

Federal Rules of Evidence

4th Amendment of the U.S. Constitution

Federal Rules of Civil Procedure

Electronic Communications Privacy Act

Answer 4

Federal Rules of Evidence

Federal Rules of Civil Procedure

The Federal Rules of Evidence (FRE) and the Federal Rules of Civil Procedure (FRCP) are two standards that dictate how evidence should be introduced into criminal and civil courts, respectively

Question 5

You are the first responder in a company to a potential computer incident involving an employee’s workstation. What is the first step you should take when you arrive at the scene?

Unplug the workstation.

Secure the scene.

Capture the contents of RAM.

Answer 5

Secure the scene.

Securing the scene is the first step a first responder should take in investigating a potential computer-related incident

Question 6

Which of the following should be immediately established when collecting electronic components as evidence?

Authority over the investigation

Guilt of the suspect

Chain-of-custody

Answer 6

Chain-of-custody

A chain-of-custody should be established immediately when collecting evidence from the scene of a crime

Question 7

Which two potential recovery and continuity issues are solved through succession planning? (Choose two.)

Alternate business processes

Lack of disaster recovery training

Alternate leadership positions

Critical disaster team member alternate positions

Answer 7

Alternate leadership positions

Critical disaster team member alternate positions

Alternate leadership positions and critical disaster team member alternate positions are personnel issues that are resolved through effective succession planning as part of BCP

Question 8

Which of the following clustering configurations involves a group of servers configured to service a request instantly and automatically if one of the members of the cluster fails?

Passive-passive

Active-passive

Active-active

Answer 8

Active-active

An active-active cluster configuration will instantly and automatically service a request if one of the members of a server cluster fails

Question 9

Your business needs to be able to resume processing within 12 hours after a disaster. You are looking at recovery site options and decide that the site must have all utilities, redundant equipment, and daily data backups restored to the site. What type of recovery site have you decided to implement?

Cold site

Warm site

Hot site

Answer 9

Hot site

Given the desired timeframe to recover the business operations, and the level of equipment and support at the site the business needs, this would be a hot site

Question 10

You are evaluating several possible solutions for alternate processing sites for your business. You decide that you can afford the expense of a warm site and balance it against the time it will take to set up and recover the business operations to the site. Which of the following are characteristics of a warm site? (Choose two.)

Fully redundant equipment located at the site, loaded with the most current daily backups

Some equipment located at the site to begin limited operations

Heat, water, electricity, and communications in a standby mode

No utilities

Answer 10

Some equipment located at the site to begin limited operations

Heat, water, electricity, and communications in a standby mode

A warm site is characterized by having heat, water, electricity, and communications, often in a standby mode, as well as having some equipment located at the site to begin limited operations during a recovery