IS4550 CHAPTER 12 Flashcards

1
Q

An individual who understands the organization’s capability to restore the system, application, network, or data. Also has access to call lists to contact anyone in the organization during off hours is called ___.

A

BUSINESS CONTINUITY REPRESENTATIVE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A legal term referring to how evidence is documented and protected. Evidence must be documented and protected from the time it’s obtained to the time it’s presented in court is called ___.

A

CHAIN OF CUSTODY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A legal term that refers to effort made to avoid harm to another party. It essentially refers to the care that a person would reasonably be expected to see under particular circumstances is called ___.

A

DUE CARE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An individual who is an expert on HR policies and disciplinary proceedings or employee counseling is called ___.

A

HUMAN RESOURCES REPRESENTATIVE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An event that violate an organizations security policies is called ___.

A

INCIDENT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A specialized group of people whose purpose is to respond to major incidents is called ___.

A

INCIDENT RESPONSE TEAM (IRT)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In the context of an IRT team, this position provides risk management and analytical skills. They may also have specialized forensic skills for collecting and analyzing evidence and is called ___.

A

INFORMATION SECURITY REPRESENTATIVE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

An individual who has intimate knowledge of the systems and configurations of an organization. This individual is typically a developer, system administrator or network administrator. They have the needed technical skills to make critical recommendations on how to top an attack and is called ___.

A

INFORMATION TECHNOLOGY SUBJECT MATTER EXPERTS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The person who keeps track of all the activity of the IRT during an incident. They act ad the official scribe of the team.. All activity flows through this person and they record who is doing what. This person is called ___.

A

IRT COORDINATOR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

This person is the IRT leader. This individual makes all the final calls on how to respond to and incident. They are the interface with management and is called ___.

A

IRT MANAGER

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An individual who has an understanding of laws and regulatory compliance is called ___.

A

LEGAL REPRESENTATIVE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An attack using viruses, worms,Trojan horses, and scripts and is called ___.

A

MALICIOUS CODE ATTACK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A software tools that runs a series of network commands to determine security weakness is called ___.

A

NETWORK RECONNAISSANCE PROBE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In the context of the IRT team, this individual can advise on how to communicate to the public and customers that mights be impacted by the incident. This person is valuable in ensuring that accurate information gets out and damaging misconceptions are prevented and is called ___.

A

PUBLIC RELATIONS REPRESENTATIVE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. All incidents regardless of how small should be handled by an incident response team.
    TRUE OR FALSE
A

FALSE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. Which of the following should not be in an information response team charter?
  2. Mission
  3. Organization structure
  4. Detailed line budget
  5. Roles and responsibilities
A

Detailed line budget

17
Q
  1. Which of the following IRT members should be consulted before communication to the public about an incident?
  2. Management
  3. Public relations
  4. IRT manager
  5. All the above
A

Management
Public relations
IRT manager

18
Q
  1. As defined by this chapter, what is NOT a step in responding to an incident?
  2. Discovering an incident
  3. Reporting an incident
  4. Containing an incident
  5. Creating a budget to compare options
  6. Analyzing an incident response
A

Creating a budget to compare options

19
Q
  1. A method outlined in this chapter to determine if an incident is major or minor is to classify an incident with a ___ rating.
A

SEVERITY

20
Q
  1. When containing an incident, you should always apply a long-term preventive solution.
    TRUE OR FALSE
A

FALSE

21
Q
  1. The IRT starts recording events once an ___.
A

Incident is declared

22
Q
  1. During the containment step, you should also gather as much evidence as reasonably possible about the incident.
    TRUE OR FALSE
A

TRUE

23
Q
  1. During the containment step, you should also gather as much evidence as reasonably possible about the incident.
    TRUE OR FALSE
A

FALSE

24
Q
  1. What value does a forensic tool bring?
  2. Gathers evidence
  3. Helps evidence to be accepted by the court
  4. Can take a bit image of a machine
  5. All the above
A

Gathers evidence
Helps evidence to be accepted by the court
Can take a bit image of a machine

25
Q
  1. How important is it to identify the attacker before issuing a final IRT report?
  2. Critically important: do not issue the report without it
  3. Moderately important: nice to have but issue the report if not available
  4. Not important: focus on the incident and do not include identity of attacker even if you have it
  5. Important: but allow law enforcement to brief management about attacker’s identity
A

Moderately important: nice to have but issue the report if not available

26
Q
  1. When analyzing an incident, you must try to determine which of the following?
  2. The tool used to attack
  3. The vulnerability that was exploited
  4. The result of the attack
  5. All the above
A

The tool used to attack
The vulnerability that was exploited
The result of the attack

27
Q
  1. Which IRT member is responsible for handling the media?
A

Public relations

28
Q
  1. It is best practice to test the IRT capability at least once a year.
    TRUE OR FALSE
A

TRUE

29
Q
  1. A federal agency is not required by law to report a security incident.
    TRUE OR FALSE
A

FALSE