Dealing with Incidents Flashcards

1
Q

In which step of incident response would you begin to restore systems from backups or snapshots?

A) Preparation
B) Recovery
C) Eradication
D) Containment

A

B) Recovery

Recovery is correct. The other options are steps that come before the incident has been resolved.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following does NOT fall under chain-of-custody?

A) Documenting all locations of evidence
B) Write block
C) List of all person(s) handling evidence
D) Defining what constitutes evidence

A

B) Write block

Write block is correct. The other options are all steps in the chain-of-custody process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which type of recovery site has no equipment or data and is just a basic office space?

A) Hot site
B) Warm site
C) Cold site
D) Offsite

A

C) Cold site

Cold site is correct. A hot site has everything needed (including data) to get up and running within hours. A warm site has equipment, but not up-to-date data, and offsite is just a site away from your normal office location.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of these backup types only backs up data that has changed since the last full backup?

A) Incremental backup
B) Snapshot
C) Full backup
D) Differential backup

A

D) Differential backup

Differential backup is correct. Incremental backups only back up the data that has changed since the last backup of ANY type. A full backup will back up everything. Snapshots are typically found in virtual machine environments and are not stored on separate media.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly