Domain 2: Business Continuity, Disaster Recovery, and Incident Response

Question 1

What is the priority of any incident response?

Answer 1

To protect life, health, and safety.

Question 2

What is the primary goal of incident management?

Answer 2

To be prepared

Question 3

What is the other term for incident management?

Answer 3

Crisis Management

Question 4

Every organization must have a _____ that will help preserve business viability and survival.

Answer 4

Incident Response Plan

Question 5

The loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or any similar occurrence where: a person other than an authorized user accesses or potentially accesses personally identifiable information; or an authorized user accesses personally identifiable information for other than an authorized purpose.

Answer 5

Breach

Question 6

Any measurable occurence

Answer 6

Event

Question 8

An event that actually or potentially jeopardizes the confidentiality, integrity or availability of an information system or the information the system processes, stores or transmits.

Answer 8

Incident

Question 9

A security event, or combination of events, that constitutes a deliberate security incident in which an intruder gains, or attempts to gain, access to a system or system resource without authorization

Answer 9

Intrusion

Question 10

Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image or reputation), organizational assets, individuals, other organizations or the nation through an information system via unauthorized access, destruction, disclosure, modification of information and/or denial of service.

Answer 10

Threat

Question 11

Weakness in an information system, system security procedures, internal controls or implementation that could be exploited by a threat

Answer 11

Vulnerability

Question 12

An unknown vulnerability because it doesn’t fit previously recognizable patterns or method, therefore it doesn’t have risk of detection

Answer 12

Zero Day

Question 13

What shapes the incident response process?

Answer 13

The vision, mission and strategy of the organization

Question 14

What are the components of the incident response plan?

Answer 14

1. Preparation
2. Detection and Analysis
3. Containment, Eradication, and Recovery
4. Post-Incident Activity

Question 15

What is the first response in the preparation component?

Answer 15

Identification of Incident

Question 16

What should we look out for in the preparation component with regards to data and systems?

Answer 16

Single points of failure

Question 17

What must be taken into account when choosing the communication between stakeholders?

Answer 17

That the primary method of communication may not always be available

Question 18

In the detection and analysis component, documentation must be?

Answer 18

Standardized

Question 19

What is the primary goal of the third component of an incident response plan?

Answer 19

Identify and Isolate the attacker.

Question 20

In the post-incident activity, lessons learned must be documented, especially in what cases?

Answer 20

When the information compromised is under the protection of the law.

Question 21

Along with the organizational need to establish a _______is the need to create a suitable ______

Answer 21

Security Operations Center (SOC);incident response team

Question 22

Many organizations now have a dedicated team responsible for investigating any computer security incidents that take place. They are called?

Answer 22

Computer Incident Response Teams or Computer Security Incident Respons Teams

Question 23

When an incident occurs, the response team has four primary responsibilities?

Answer 23

1. Amount and Scope of Damage
2. Confidential information compromised?
3. Recovery and Restore Security
4. Supervises implementation of additional security measures

Question 24

What do you call the list of persons to contact in case of disruption of operations?

Answer 24

Phone tree

Question 25

Organizational Support must be given by?

Answer 25

Executive Management or Sponsor

Question 26

is the proactive development of procedures to restore business operations after a disaster or other significant disruption to the organization

Answer 26

Business Continuity Planning

Question 27

What do you call the hard copy document of the business continuity plan?

Answer 27

The Red Book

Question 28

How often should an organization test its business continuity plan

Answer 28

Routinely

Question 29

What is the goal of Business Continuity?

Answer 29

Maintaining Critical Business functions of the Organization

Question 30

When an organization’s critical business functions cannot be performed at an acceptable level within a predetermined time frame

Answer 30

Disaster

Question 31

What are the main things that Disaster recovery focuses on restoring?

Answer 31

IT and Communication Services

Question 32

True or False: Organizations follow one disaster recovery plan to maintain consistent procedures in case of disasters.

Answer 32

False. Depending on the size of the organization and the number of people involved in the DRP effort, organizations often maintain multiple types of plan documents, intended for different audiences

Question 33

What are the documents worth considering in the Disaster Recovery Plan?

Answer 33

1. Executive Summary
2. Department-specific Plans
3. IT technical guidelines
4. Full copies of the plan for critical members
5. Checklists for certain individuals

Question 34

A centralized organizational function fulfilled by an information security team that monitors, detects and analyzes events on the network or system to prevent and resolve issues before they result in business disruptions.

Answer 34

Security Operations Center

Question 35

What are the common components of a Business Continuity Plan?

Answer 35

1. BCP Members and contact methods
2. Checklists
3. Call Tree and Notification Systems
4. Guidance for Management
5. How and when to enact the plan
6. Contacts for Critical Members of the Supply Chain