Disaster Recovery and Incident Response Flashcards

1
Q

Which plan or policy helps an organization determine how to relocate to an emergency site?

Disaster-recovery plan

Backup site plan

Privilege management policy

A

Disaster-recovery plan

The disaster-recovery plan deals with site relocation in the event of an emergency, natural disaster, or service outage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Although you’re talking to her on the phone, the sound of the administrative assistant’s screams of despair can be heard down the hallway. She has inadvertently deleted a file that the boss desperately needs. Which type of backup is used for the immediate recovery of a lost file?

Onsite storage

Working copies

Incremental backup

A

Working copies

Working copies are backups that are usually kept in the computer room for immediate use in recovering a system or lost file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You’re trying to rearrange your backup procedures to reduce the amount of time they take each evening. You want the backups to finish as quickly as possible during the week. Which backup system backs up only the files that have changed since the last backup?

Full backup

Incremental backup

Differential backup

A

Incremental backup

An incremental backup backs up files that have changed since the last full or partial backup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which backup system backs up all the files that have changed since the last full backup?

Full backup

Incremental backup

Differential backup

A

Differential backup

A differential backup backs up all of the files that have changed since the last full backup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You’re a consultant brought in to advise MTS on its backup procedures. One of the first problems you notice is that the company doesn’t use a good tape-rotation scheme. Which backup method uses a rotating schedule of backup media to ensure long-term information storage?

Grandfather, Father, Son method

Full Archival method

Backup Server method

A

Grandfather, Father, Son method

The Grandfather, Father, Son backup method is designed to provide a rotating schedule of backup processes. It allows for a minimum usage of backup media, and it still allows for long-term archiving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which site best provides limited capabilities for the restoration of services in a disaster?

Hot site

Warm site

Cold site

A

Warm site

Warm sites provide some capabilities in the event of a recovery. The organization that wants to use a warm site will need to install, configure, and reestablish operations on systems that may already exist at the warm site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You’re the head of information technology for MTS and have a brother in a similar position for ABC. The companies are approximately the same size and are located several hundred miles apart. As a benefit to both companies, you want to implement an agreement that would allow either company to use resources at the other site should a disaster make a building unusable. What type of agreement between two organizations provides mutual use of their sites in the event of an emergency?

Backup-site agreement

Warm-site agreement

Reciprocal agreement

A

Reciprocal agreement

A reciprocal agreement is between two organizations and allows one to use the other’s site in an emergency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The process of automatically switching from a malfunctioning system to another system is called what?

Fail-safe

Redundancy

Failover

A

Failover

Failover occurs when a system that is developing a malfunction automatically switches processes to another system to continue operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following types of penetration testing focuses on the system, using techniques such as port scans, traceroute information, and network mapping to find weaknesses?

Active reconnaissance

Passive reconnaissance

Operational reconnaissance

A

Active reconnaissance

Active reconnaissance is a type of penetration testing that focuses on the system, using techniques such as port scans, traceroute information, and network mapping to find weaknesses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Your company is about to invest heavily in a new server farm and have made an attractive offer for a parcel of land in another country. A consultant working on another project hears of this and suggests that you get the offer rescinded because the laws in that country are much more stringent than where you currently operate. Which of the following is the concept that data is subject to the laws of where it is stored?

Data sovereignty

Data subjugation

Data dominion

A

Data sovereignty

Data sovereignty is the concept that data is subject to the laws of where it is stored

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following would normally not be part of an incident response policy?

Outside agencies (that require status)

Outside experts (to resolve the incident)

Contingency plans

A

Contingency plans

A contingency plan wouldn’t normally be part of an incident response policy. It would be part of a disaster-recovery plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following is the process used during data acquisition for the preservation of all forms of relevant information when litigation is reasonably anticipated?

Chain of custody

Order of volatility

Legal hold

A

Legal hold

The process that is used during data acquisition for the preservation of all forms of relevant information when litigation is reasonably anticipated is known as legal hold

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following types of vulnerability scans uses actual network authentication to connect to systems and scan for vulnerabilities?

Credentialed

Validated

Endorsed

A

Credentialed

A credentialed vulnerability scan uses actual network credentials to connect to systems and scan for vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is another name for working copies?

Functional copies

Operating copies

Shadow copies

A

Shadow copies

Working copies are also known as shadow copies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following is a reversion from a change that had negative consequences?

Backup

ERD

Backout

A

Backout

A backout is a reversion from a change that had negative consequences

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Karl is conducting penetration testing on the Pranks Anonymous servers and having difficulty finding a weakness. Suddenly, he discovers that security on a different company’s server—a vendor to Pranks Anonymous—can be breached. Once he has compromised the completely different company’s server, he can access the Pranks Anonymous servers and then launch an attack. What is this weakness/exploit known as?

Fulcrum

Pivot

Swivel

A

Pivot

In the realm of penetration testing, using a weakness in another—usually trusted—entity to launch an attack against a site/server is known as a pivot

17
Q

According to CERT, which of the following would be a formalized or an ad hoc team you can call upon to respond to an incident after it arises?

CSIRT

CIRT

IRT

A

CSIRT

A CSIRT is a formalized or an ad hoc team that you can call upon to respond to an incident after it arises

18
Q

Which of the following is a concept that works on the assumption that any information created on any system is stored forever?

Warm site

Big data

Full archival

A

Full archival

Full archival is a concept that works on the assumption that any information created on any system is stored forever

19
Q

Which of the following is a newer backup type that provides continuous online backup by using optical or tape jukeboxes and can be configured to provide the closest version of an available real-time backup?

TPM

HSM

SAN

A

HSM

HSM is a newer backup type that provides continuous online backup by using optical or tape jukeboxes. It appears as an infinite disk to the system, and it can be configured to provide the closest version of an available real-time backup

20
Q

Which type of penetration-style testing involves actually trying to break into the network?

Indiscreet

Nonintrusive

Intrusive

A

Intrusive

Intrusive testing involves actually trying to break into the network. Non-intrusive testing takes more of a passive approach