Domain 2

Question 1

responds to unexpected changes in operating conditions to keep the business operating

Answer 1

The Incident Response plan

Question 2

The Business Continuity plan

Answer 2

enables the business to continue operating throughout the crisis

Question 3

activated to help the business return to normal operations as quickly as possible if both the Incident Response and Business Continuity plans fail

Answer 3

Disaster Recovery plan

Question 4

What term is sometimes used interchangeably with “incident management”?

Answer 4

Crisis Management

Question 5

What is the purpose of a red book in the context of business continuity?

Answer 5

To serve as a hard copy backup accessible outside the facility

Question 6

the proactive development of procedures to restore business operations after a disaster or other significant disruption to the organization

Answer 6

Business Continuity planning

Question 7

Why are notification systems and call trees important in a business continuity plan?

Answer 7

To alert personnel when the BCP is being enacted

Question 8

What is a key outcome of a Business Impact Analysis (BIA)?

Answer 8

Identification of functions and dependencies

Question 9

What is the first phase in the components of an incident response plan?

Answer 9

Preparation

Question 10

What is the next step after detection and analysis in the incident response process?

Answer 10

Finding the appropriate containment strategy

Question 11

Disaster recovery refers specifically to

Answer 11

restoring the information technology and
communications services and systems
needed by an organization, both during the
period of disruption caused by any event
and during restoration of normal services

Question 12

What is the primary distinction between business continuity planning (BCP) and disaster recovery planning (DRP)?

Answer 12

DRP is about restoring IT, while BCP focuses on business operations

Question 13

Which of the following is very likely to be used in a disaster recovery (DR) effort?

Answer 13

Data backups

Question 14

What is the purpose of the Executive Summary in a Disaster Recovery Plan?

Answer 14

To offer a high-level overview of the plan

Question 15

Breach

Answer 15

The loss of control, compromise, unauthorized disclosure, unauthorized acquisition or any similar occurrence where: a person other than an authorized user accesses or potentially accesses personally identifiable information; or an authorized user accesses personally identifiable information for other than an authorized purpose

Question 16

Business Continuity (BC)

Answer 16

Actions, processes and tools for ensuring an organization can continue critical operations during a contingency.

Question 17

Business Continuity Plan (BCP)

Answer 17

The documentation of a predetermined set of instructions or procedures that describe how an organization’s mission/business processes will be sustained during and after a significant disruption.

Question 18

Business Impact Analysis (BIA)

Answer 18

Business Impact Analysis (BIA)
An analysis of an information system’s requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption

Question 19

Disaster Recovery (DR)

Answer 19

In information systems terms, the activities necessary to restore IT and communications services to an organization during and after an outage, disruption or disturbance of any kind or scale.

Question 20

Disaster Recovery Plan (DRP)

Answer 20

The processes, policies and procedures related to preparing for recovery or continuation of an organization’s critical business functions, technology infrastructure, systems and applications after the organization experiences a disaster. A disaster is when an organization’s critical business function(s) cannot be performed at an acceptable level within a predetermined period following a disruption.

Question 21

Incident Handling or Incident Response (IR)

Answer 21

The process of detecting and analyzing incidents to limit the incident’s effect.

Question 22

Incident Response Plan (IRP)

Answer 22

The documentation of a predetermined set of instructions or procedures to detect, respond to and limit consequences of a malicious cyberattack against an organization’s information systems(s).

Question 23

Security Operations Center

Answer 23

A centralized organizational function fulfilled by an information security team that monitors, detects and analyzes events on the network or system to prevent and resolve issues before they result in business disruptions

Question 24

Vulnerability

Answer 24

Weakness in an information system, system security procedures, internal controls or implementation that could be exploited or triggered by a threat source

Question 25

Zero Day

Answer 25

A previously unknown system vulnerability with the potential of exploitation without risk of detection or prevention because it does not, in general, fit recognized patterns, signatures or methods

Question 26

Who must provide support for business continuity planning efforts?

Answer 26

Executive management or an executive sponsor

Question 27

In the United States, what type of networks can be used to maintain essential activity during a severe cyberattack that affects communications?

Answer 27

Military-grade networks

Question 28

Which of these components is very likely to be instrumental to any disaster recovery (DR) effort?

Answer 28

Backups

Question 29

Why is it necessary to consider not only the server level but also the database and dependencies on other systems in disaster recovery plans for complex systems?

Answer 29

To address the intricate dependencies of the systems

Question 30

What are the four primary responsibilities of a response team when an incident occurs?

Answer 30

Determining damage, assessing compromise, implementing recovery procedures, and supervising security measures

Question 31

What is the key responsibility of the incident response team in the plan?

Answer 31

Assessing and scoping out damage

Question 32

An external entity has tried to gain access to your organization’s IT environment without proper authorization.

This is an example of a(n) _________.

Answer 32

Intrusion

Question 33

What is the key characteristic of a Zero Day vulnerability?

Answer 33

It does not fit recognized patterns, signatures, or methods

Question 34

You are working in your organization’s security office. You receive a call from a user who has tried to log in to the network several times with the correct credentials, with no success.

After a brief investigation, you determine that the user’s account has been compromised.

This is an example of a(n)_________.

Answer 34

Incident detection