Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CIH > Module 10: Incident Recovery > Flashcards

Module 10: Incident Recovery Flashcards

1
Q

What is Incident Recovery

A

A process of restoring and rebuilding operations that are affected due to security incidents such as malicious code attacks, hacking attacks, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does recovery of systems involve

A

Validating the systems and monitoring them for any further infection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

TRUE or FALSE: Incident recovery is part of business continuity

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

TRUE or FALSE: Incident recovery helps users to determine the root cause of an incident

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How does incident recovery help with future incidents

A

Helps in preventing or avoiding the similar incidents in future

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

After the system has recovered from the incident what is the next suggested step

A

To perform a vulnerability assessment or pen test in order to identify the possible existing vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Would it be possible to have incident recovery without the support of the higher management

A

No, they are an essential first step cause they can make it an official policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

It is important to to assess the organization on a regular basis but what are some factors that should be taken into consideration when performing this analysis

A
  • Environmental
  • Economic
  • Social
  • Political condition
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

TRUE or FALSE: Incident recovery plan enforces policies in order to achieve the vital needs of the business operation with confined rules and regulations

A

FALSE

Incident recovery plan enforces LAW and policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

TRUE or FALSE: Incident recovery planning documentation defines what only the managers responsible for declaring, responding, and recovering from an incident

A

FALSE

You also need to include the roles of internal and external departments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Who is in charge of implementation and monitoring of all the policies and procedures regarding incident recovery

A

Senior managers and incident recovery staff

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

TRUE or FALSE: Employees in the organization must be trained to identify and locate unexpected problems

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the Incident Recovery steps

A
  1. System Restoration (restore through backups)
  2. System Validation (System needs to be connected to the LAN and tested)
  3. System Operations (Updating and patching the system regularly)
  4. System Monitoring (Use alerts and tools to monitor the system and its traffic to help identify intruders and attackers)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How does a contingency plan help

A

Enables organizations to develop and maintain effective methods to handle emergencies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Why is Starting Point important in a contingency planning

A

Helps to develop and maintenance of the contingency plan in advance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Why is a impact analysis and risk assessment important in contingency planning

A

It helps to answer the questions of what incidents can occur, the probability of occurrence, and the severity

17
Q

TRUE or FALSE: For developing a contingency plan, the first step is to act upon the threat immediately

A

TRUE

18
Q

When a contingency plan is ready for testing who should test the contingency plan

A

The personnel who would take the charge of the plan in real time

19
Q

Why do personnel need training for the contingency training

A

To get familiar about the plan and perform their tasks and responsibilities effectively

20
Q

How soon must the contingency plan be updated and maintained

A

As soon as a new process is added or deleted from the organization

21
Q

What are the five major components of the IT contingency plan

A
  1. Supporting Information (Detailed concept of the plan)
  2. Notification/Activation (Section where it details when to activate the plan)
  3. Recovery (Section for recovery activities)
  4. Reconstitution (Section detailing how to restore original site, prevent incident, and terminate operations)
  5. Plan Appendices (SOMs, point of sales list, system requirements, etc.)
22
Q

What does the Supporting Information and Plan Appendices phases have in common

A

They both are important components that provide essential information of the plan

23
Q

What does the Notification/Activation, Recovery, and Reconstitution phase have in common

A

They detail the action information that is necessary for the plan

24
Q

What is a Continuity of Operations plan

A

Provides an alternative site to the organization for period of time so as to recover from the incident and perform normal organizational operations

25
Q

What is Business Continuity

A

The ability of an organization to continue to function even after a disastrous event.

26
Q

What other plans make up a business continuity plan

A
  • Incident/disaster recovery
  • Business recovery plan
  • Business resumption plan
  • Contingency plan
27
Q

What is an incident recovery plan

A

Provides procedures for recovering from a computer incident after it occurs

28
Q

What does a business recovery plan address

A

How business functions will resume after a disaster at an alternate site

29
Q

What does a business resumption plan address

A

How critical systems and key functions of a business will be maintained

30
Q

What steps are in the planning process for an incident recovery plan

A
  1. Establish a team
  2. Assess risk with a BIA
  3. Assign responsibilities in the departments and organization
  4. Develop policies and procedures
  5. Document Incident Recovery procedures
  6. Organize to handle incident
  7. Implement testing of the plan
  8. Maintain management of the plan
31
Q

What is a business impact analysis (BIA)

A

An analytical study that identifies the impact of uncontrolled and non-specific events on the business process

32
Q

After completion of the incident recover plan what three important steps need to be addressed

A

Implementation, training, testing of the plan

33
Q

TRUE or FALSE: Scenario testing establishes a mock disaster like fire to identify the reaction of the procedures they must handle in such situations

A

TRUE

34
Q

What is the main purpose of a reconstitution plan

A

To restore the original site, tests systems to prevent the incident, and terminates operations

CIH (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions