Disaster Recovery and Incident Response (Ch. 12)

Question 1

A physical site that can be used if the main site is inaccessible (destroyed) but that lacks all of the resources necessary to enable an organization to use it immediately.

Answer 1

cold site

Question 2

A type of backup that includes only new files or files that have changed since the last full backup, but does not clear the archive bit

Answer 2

differential backup

Question 3

The act of recovering data following a disaster in which it has been destroyed.

Answer 3

disaster recovery

Question 4

A plan outlining the procedure by which data is recovered after a disaster.

Answer 4

disaster-recovery plan

Question 5

The process of reconstructing a system or switching over to other systems when a failure is detected.

Answer 5

failover

Question 6

A flagged event that isn’t really a notable incident and has been falsely triggered.

Answer 6

false positive

Question 7

In terms of security, the act of looking at all the data at your disposal to try to figure out who gained unauthorized access and the extent of that access.

Answer 7

forensics

Question 8

A backup that copies all data to the archive medium.

Answer 8

full backup

Question 9

A location that can provide operations within hours of a failure of the main site.

Answer 9

hot site

Question 10

A type of backup that includes only new files or files that have changed since the last full backup and then clears the archive bit upon completion.

Answer 10

incremental backup

Question 11

The act of entering a system without authorization to do so.

Answer 11

intrusion

Question 12

Any set of tools that can identify an attack using defined rules or logic.

Answer 12

intrusion detection system (IDS)

Question 13

Any set of tools that identify and then actively respond to attacks based on defined rules, and can be network or host based.

Answer 13

intrusion prevention system (IPS)

Question 14

Penetration and other testing that involves trying to break into the network.

Answer 14

intrusive tests

Question 15

Penetration/vulnerability testing that takes a passive approach rather than actually trying to break into the network.

Answer 15

nonintrusive tests

Question 16

Storing data off the premises, usually in a secure location.

Answer 16

offsite storage

Question 17

Storing backup data at the same site as the servers on which the original data resides.

Answer 17

onsite storage

Question 18

Image of a virtual machine at a moment in time.

Answer 18

snapshot

Question 19

A snapshot of what exists.

Answer 19

system image

Question 20

An exercise that involves individuals sitting around a table with a facilitator discussing situations that could arise and how best to respond to them.

Answer 20

tabletop exercise

Question 21

Identifying specific vulnerabilities in your network.

Answer 21

vulnerability scanning

Question 22

A site that provides some capabilities in the event of a disaster. The organization will need to install, configure, and reestablish operations on systems that might already exist at the backup site.

Answer 22

warm site

Question 23

The copy of the data currently in use on a network.

Answer 23

working copy backup