IS3340 CHAPTER 13 Flashcards

1
Q

Documentation that provides details of every move and access of evidence is called ___?

A

CHAIN OF CUSTODY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A team of representatives from IT, management, legal, and public relations that is organized to respond to incidents is called ___?

A

COMPUTER SECURITY INCIDENT RESPONSE TEAM (CSIRT)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Any written evidence, such as printed reports or data in log files is called ___?

A

DOCUMENTARY EVIDENCE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Any observable occurrence within computer or network is called ___?

A

EVENT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An event that results in violation your security policy, or poses an imminent threat to your security policy is called ___?

A

INCIDENT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Any physical object that you can bring into court that you can touch, hold, and irately observe is called ___?

A

REAL EVIDENCE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. To ensure a secure computing environment, investigate each reported event.
    TRUE OR FALSE
A

FALSE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. Many incidents go unreported because they are never recognized.
    TRUE OR FALSE
A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. Which of the following is the best description of the CSIRT’s initial responsibility for incidents?
  2. Recognize incidents
  3. Validate that an incident has occurred
  4. Initiate the incident investigation
  5. Contain the incident damage
A

Validate that an incident has occurred

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. The ___ step of handling incidents should always occur before an incident happens.
A

Preparation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. Which incident handling step might include disconnecting a computer from the network?
  2. Identification
  3. Eradication
  4. Containment
  5. Recovery
A

Containment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. The ___ step to handling incidents is the most important step to continuously improving your incident response plan.
A

lessons learned

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. IT investigators (SMEs) are all CSIRT team members.

TRUE OR FALSE

A

FALSE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. Which incident classification would apply to a situation where you find that your user account is locked due to too many logon tries using an incorrect password?
  2. Unauthorized access of a limited account
  3. AUP violation
  4. Failed attempt to access any account
  5. Unauthorized scan of one or more systems
A

Failed attempt to access any account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. Which incident security level would be appropriate after discovering that several of your workstations are infected with worms that will launch a coordinated DoS attack against your Web servers in 12 hours?
  2. Severe
  3. High
  4. Moderate
  5. Low
A

High

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. Which incident handling step might include scanning a computer for malware?
  2. Identification
  3. Containment
  4. Eradication
  5. Recovery
A

Identification

17
Q
  1. Which incident handling step might include removing a virus from a computer?
  2. Identification
  3. Containment
  4. Eradication
  5. Recovery
A

Eradication

18
Q
  1. The contents of log files are which type of evidence?
  2. Real evidence
  3. Documentary evidence
  4. Testimonial evidence
  5. Demonstrative evidence
A

Documentary evidence

19
Q
  1. The documentation that provides details of every move and access of evidence is called the ___?
A

Chain of custody log

20
Q
  1. You should treat every incident as if it might end up in court.
    TRUE OR FALSE
A

TRUE

21
Q
  1. Any small change to evidence data may render that evidence unusable to your case.
    TRUE OR FALSE
A

TRUE