Incident Response, Disaster Recovery, and Continuity of Operations Flashcards

1
Q

What is the term used to describe the steps an organization performs after any situation determined to be abnormal in the operation of a computer system?

Computer/network penetration incident plan

Incident response plan

Backup restoration and reconfiguration

A

Incident response plan

Incident response plan is the term used to describe the steps an organization performs in response to any situation determined to be abnormal in the operation of a computer system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Two major elements play a role in determining the level of response to an incident. Information criticality is the primary determinant. What is the other?

Information sensitivity or the classification of the data

The value of any data lost in the incident

How the incident potentially affects the organization’s operations

A

How the incident potentially affects the organization’s operations

The second factor involves a business decision on how this incident plays into current business operations. A series of breaches, whether minor or not, indicates a pattern that can have public relations and regulatory issues

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The designated group of personnel who will respond to an incident is called which of the following?

Incident response red team

Cyber-emergency response group

Cyber-incident response team

A

Cyber-incident response team

The designated group of personnel who will respond to an incident is known as the cyber-incident response team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which phase of the incident response process occurs before an actual incident?

Preparation

Identification

Containment

A

Preparation

Preparation is the phase of incident response that occurs before a specific incident. Preparation includes all the tasks needed to be organized and ready to respond to an incident. The act of identification is coming to a decision that the information related to the incident is worthy of further investigation by the IR team. Containment is the set of actions taken to constrain the incident to the minimal number of machines. Prevention is not a phase of the incident response process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which phase of the incident response process involves removing the problem?

Identification

Eradication

Recovery

A

Eradication

Eradication involves removing the problem, and in today’s complex system environment, this may mean rebuilding a clean machine. The act of identification is coming to a decision that the information related to the incident is worthy of further investigation by the IR team. The recovery process includes the steps necessary to return the systems and applications to operational status. Mitigation is not a phase in the incident response process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In which phase of the incident response process are actions taken to constrain the incident to the minimal number of machines?

Identification

Containment

Recovery

A

Containment

Containment is the set of actions taken to constrain the incident to the minimal number of machines. Eradication involves removing the problem, and in today’s complex system environment, this may mean rebuilding a clean machine. The act of identification is coming to a decision that the information related to the incident is worthy of further investigation by the IR team. The recovery process includes the steps necessary to return the systems and applications to operational status

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following is a fully configured environment similar to the normal operating environment that can be operational immediately or within a few hours depending on its configuration and the needs of the organization?

Cold site

Warm site

Hot site

A

Hot site

A hot site is a fully configured environment similar to the normal operating environment that can be operational immediately or within a few hours depending on its configuration and the needs of the organization. A cold site will have the basic environmental controls necessary to operate but few of the computing components necessary for processing. A warm site is partially configured, usually having the peripherals and software but perhaps not the more expensive main processing computer. A recovery site is any location where restoration of services would take place, whether cold, warm, or hot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following is a partially configured location, usually having the peripherals and software but perhaps not a more expensive main processing computer?

Cold site

Warm site

Hot site

A

Warm site

A warm site is partially configured, usually having the peripherals and software but perhaps not the more expensive main processing computer. A cold site will have the basic environmental controls necessary to operate but few of the computing components necessary for processing. A hot site is a fully configured environment similar to the normal operating environment that can be operational immediately or within a few hours depending on its configuration and the needs of the organization. A recovery site is any location where restoration of services would take place, whether cold, warm, or hot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following are considerations for an organization’s data backup strategy? (Choose all that apply.)

How frequently backups should be conducted

How extensive backups need to be

Where the backups will be stored

How long the backups will be kept

A

How frequently backups should be conducted

How extensive backups need to be

Where the backups will be stored

How long the backups will be kept

All of these are considerations for an organization’s data backup strategy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which backup strategy includes only the files and software that have changed since the last full backup?

Incremental

Snapshot

Differential

A

Differential

In a differential backup, only the files and software that have changed since the last full backup was completed are backed up. The incremental backup is a variation on a differential backup, with the difference being that instead of copying all files that have changed since the last full backup, the incremental backup backs up only files that have changed since the last full or incremental backup occurred, thus requiring fewer files to be backed up. In a full backup, all files and software are copied onto the storage media. Snapshots refer to copies of virtual machines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which backup strategy focuses on copies of virtual machines?

Incremental

Full

Snapshot

A

Snapshot

Snapshots refer to copies of virtual machines. The incremental backup is a variation on a differential backup, with the difference being that instead of copying all files that have changed since the last full backup, the incremental backup backs up only files that have changed since the last full or incremental backup occurred, thus requiring fewer files to be backed up. In a full backup, all files and software are copied onto the storage media. In a differential backup, only the files and software that have changed since the last full backup was completed are backed up

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

When discussing location for storage of backups, which of the following is true? (Choose all that apply.)

The most recent copy should be stored off-site, as it is the one that is most current and is thus the most valuable one.

Off-site storage is generally not necessary except in cases where the possibility of a break-in at the main facility is high.

Off-site storage is a good idea so that you don’t lose your backup to the same event that caused you to lose your operational data and thus need the backup.

The most recent copy can be stored locally, as it is the most likely to be needed, while other copies can be kept at other locations.

A

Off-site storage is a good idea so that you don’t lose your backup to the same event that caused you to lose your operational data and thus need the backup.

The most recent copy can be stored locally, as it is the most likely to be needed, while other copies can be kept at other locations.

Off-site storage is a good idea so that you don’t lose your backup to the same event that caused you to lose your operational data and thus need the backup. Additionally, the most recent copy can be stored locally, as it is the most likely to be needed, while other copies can be kept at other locations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the term used to describe the requirement where some countries have enacted laws stating that certain types of data must be stored within their boundaries?

Data sovereignty

International privacy rights

National data protection rights

A

Data sovereignty

Data sovereignty is a relatively new phenomena, but in the past couple of years several countries have enacted laws stating the certain types of data must be stored within their boundaries. The other terms do not describe any actual situation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the term for the set of steps needed to develop a comprehensive plan to enact during a situation where normal operations are interrupted?

Disaster recovery

Continuity of operations planning

Incident response planning

A

Continuity of operations planning

Continuity of operations planning is the set of steps needed to develop a comprehensive plan to enact during a situation where normal operations are interrupted. Disaster recovery is the process that an organization uses to recover from events that disrupt normal operations. An incident response plan describes the steps an organization performs in response to any situation determined to be abnormal in the operation of a computer system. Restoration of business functions planning is not a standard term used in recovery planning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the name of the process for moving from a normal operational capability to the continuity-of-operations version of the business?

Disaster recovery

Alternate business practices

Failover

A

Failover

Failover is the process for moving from a normal operational capability to the continuity-of-operations version of the business. Disaster recovery is the process that an organization uses to recover from events that disrupt normal operations. Alternate business practices are developed in recognition that processes may need to be different in a continuity of operations situation since the focus is only on maintaining key systems. Continuity of business functions is not a term used in industry

How well did you know this?
1
Not at all
2
3
4
5
Perfectly