Domain 7

Question 1

NIST 800-86 Covers What?

Answer 1

Digital Forensics Process

Question 2

Steps of Digital Forensics

Answer 2

1. Collection
2. Examination
3. Analysis
4. Reporting

Question 3

What forensics is prioritized to collect

Answer 3

volatile data to most stable

Question 4

Forensics Process is Covered in which document

Answer 4

NIST SP-800-86

Question 5

3 P’s of Incident Response

Answer 5

Policy
Plan
Procedures

Question 6

Phases of Incident Response Handling

Answer 6

1. Preparation
2. Detection and Analysis
3. Containment, Eradication, Recovery
4. Post incident activity (Lessons Learned)

Question 7

Steps of Change Management

Answer 7

1. Change Request (documented)
2. Evaluate (prioritize) and test
3. Rollback Procedure
4. Change Control Board Review and approval(standard changes can be pre-authorized)
5. Change window/implemented
6. Document updated change

Question 8

MTBF

Answer 8

Medium Time Before Failure

Question 9

MTTR

Answer 9

Medium Time To Recover

Question 10

What is Software Escrow

Answer 10

Source Code is put into a third party trust that maintains it. If the developing person or company ends, the escrow can be released to company.

Question 11

Load balancing

Answer 11

Server Cluster, will fail over to another server if one fails

Question 12

Who manages a DR

Answer 12

DR Manager

Question 13

Who communicates with Media

Answer 13

No one, except for CEO or designated person per policy

Question 14

RTO

Answer 14

Recovery Time Objective

Question 15

Define RTO

Answer 15

The amount of time planned to recover in the event of a DR or outage. (i.e. 30 minutes, or 30 days)

Question 16

Steps for DRP

Answer 16

1. Policy Statement
2. BIA
3. Plan of Action
4. Test, Train, and Maintain