IS4560 CH 14 Incident Response

Question 1

1. ________ used to define mechanisms to keep the business running consistently.

Answer 1

Fault tolerance

Question 2

2. List at least three potential reporting points in an organization. These are people to whom a security incident should be reported.

Answer 2

2. Chief information security officer (CISO), 
Information security officer (ISO), 
Chief security officer (CSO), 
Chief executive officer (CEO), 
Chief information officer (CIO), 
Chief operating officer (COO)

Question 3

3. \_\_\_\_\_\_\_\_ is a plan that defines the procedures for responding to a security incident.
A. IRP 
B. DCP 
C. DRP 
D. None of the above

Answer 3

IRP

Question 4

4. BCP is used to define the process and procedures used to clean up a disaster.
   A. True B. False

Answer 4

FALSE

Question 5

5. ________ must be gathered by trained professionals.

Answer 5

Evidence

Question 6

6. What type of evidence gives the most solid proof of a crime?
A. Corroborative 
B. Circumstantial 
C. Best 
D. Opinion

Answer 6

Best

Question 7

7. ________ ________ is used when best evidence cannot be acquired.

Answer 7

Secondary evidence

Question 8

8. Another location from which to conduct business in the event of a disaster is called a(n) ________

Answer 8

Alternate site