Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Guide to IT Disaster Recovery (2022) > Pre-Assessment Quiz > Flashcards

Pre-Assessment Quiz Flashcards

1
Q

The ____ illustrates the most critical characteristics of information and has been the industry standard for computer security since the development of the mainframe.

    a. disaster recovery plan	
b. strategic plan	
c. asset classification	
d. C.I.A. triad
A

d. C.I.A. triad

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The ____ is an investigation and assessment of the impact that various events or incidents can have on the organization.

a. cross-training analysis	
b. threat of attack analysis	
c. forensic analysis	
d. business impact analysis
A

d. business impact analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Check My Work
A resumption location known as a ____ is a fully configured computer facility capable of establishing operations at a moment’s notice.

a. hot site	
b. cold site	
c. mobile site	
d. service bureau
A

a. hot site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A(n) ____ is a detailed examination of the events that occurred, from first detection of an incident to final recovery.

a. after-action review	
b. reactive review	
c. audit review	
d. proactive review
A

a. after-action review

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A CSIRT model in which a single CSIRT handles incidents throughout the organization is called a(n) ____.

a. employee-based CSIRT	
b. central CSIRT	
c. coordinating team	
d. organizational CSIRT
A

b. central CSIRT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following is not a “definite indicator” of an incident?

a. change to logs	
b. presence of hacker tools	
c. use of dormant access	
d. presence of unfamiliar files
A

d. presence of unfamiliar files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The ongoing activity from alarm events that are accurate and noteworthy but not necessarily as significant as potentially successful attacks is called ____.

a. noise	
b. tuning	
c. false positive	
d. confidence
A

a. noise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The process by which the CSIRT acts to limit the scale and scope of an incident and begins to regain control over the organization’s information assets is incident _____.

a. classification	
b. control	
c. containment	
d. recovery
A

c. containment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

____ is used both for intrusion analysis and as part of evidence collection and analysis.

a. Digital forensics	
b. After-action reporting	
c. Loss analysis	
d. Configuration
A

a. Digital forensics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

After the disaster has passed and its effects no longer directly impact the organization, the ____ phase begins.

a. actions-after	
b. blue bag operation	
c. chain of custody	
d. black bag operation
A

a. actions-after

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Guide to IT Disaster Recovery (2022) (48 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions