Risk Management, Forensics and Backup Flashcards

1
Q

Data Owner

A

Data owners are in charge of data ownership.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

System administrator

A

System administrators are administrative users who are responsible for maintaining a system within its defined requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

System owner

A

System owners are in charge of data ownership.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

User

A

Users refer to normal users who have limited access and privileges, based on their job role and tasks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Privileged user

A

Privileged users have more permissions than normal users. An example is a database administrator.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Executive user

A

Executive user is a special subset of user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

MTBF

A

MTBF is reliability of a system. It’s mean time between failures. It’s the sum of (start of downtime – start of uptime), divided by the total number of failures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

RTO/RPO

A

RTO is the recovery time objective. This is the target time for the resumption of operations after an incident.

Recovery point objective, RPO, is the time period representing the maximum period of acceptable data loss. The data loss part is the differentiator. This relates to backup frequency.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

MTTR

A

Mean time to repair (MTTR) is a measure of how long it takes to repair a failure. This is total downtime divided by total breakdowns.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Mission-essential functions

A

Mission-essential functions are those that MUST occur.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Single point of failure

A

If a single component can cause the failure of the entire system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Annual Loss Expectancy (ALE)

A

SLE multiplied by ARO.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Single Loss Expectancy (SLE)

A

It’s the value of a loss expected from a single event. It’s calculated by asset value (how much it will take to replace an asset) multiplied by the exposure factor (i.e. 50% loss of functionality -> factor of 0.5).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Annualized Rate of Occurrence (ARO)

A

Annualized rate of occurrence (ARO) is how many times per year you think something will happen. This is usually based off of historical data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Order of volatility (Forensics)

A

If you want to figure out what happened on a system, you need a copy of the data. What do you collect first? The digital information that is most volatile. This ensures that you don’t lose important information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Chain of custody (Forensics)

A

This shows who obtained the evidence, when and where it was obtained, where it was stored, and who had control of the evidence during the process.

12
Q

Legal hold (Forensics)

A

This is a term that means once an organization is aware that it needs to preserve evidence for a court case.

13
Q

Data acquisition (Forensics)

A

Evidence is a set of documents, verbal statements, and material objects that are considered admissible in a court of law.

14
Q

Network traffic and logs (Forensics)

A

Network activity of a given device can be useful data.

14
Q

Capture system image (Forensics)

A

Imaging or dumping the physical memory of a computer can help identify evidence not available on the hard drive. This is especially useful for identifying rootkits.

15
Q

Record time offset (Forensics)

A

Make sure that you are aware of, and record any time offsets. The computers in question might not be synced up to “real” time, so calculating the offset is important to establish timelines.

16
Q

Recovery (Forensics)

A

In the realm of digital forensics, this is determining the relevant information and then recovering it.

17
Q

Preservation (Forensics)

A

Evidence needs to be properly acquired, identified, protected from tampering, transported and stored.

18
Q

Active logging (Forensics)

A

If you know what events to log for, you can minimize logging scope by setting up a system that actively logs relevant info when it happens.

19
Q

Hot Site (Backup)

A

Hot sites are fully configured environments that are ready almost immediately. Has backups that are ready or nearly ready to use.

20
Q

Warm Site (Backup)

A

Warm sites are partially configured. Might take a few days to get up and running. Likely have older backups.

21
Q

Cold Site (Backup)

A

Cold sites have the basics, but not much more. You likely won’t have any backups, or most of the equipment you need.

22
Q

Differential (Backup)

A

Save only files that have changed since the last full backup.

23
Q

Incremental (Backup)

A

Save files that have changed since the last full backup, or the last incremental backup.

24
Q

Snapshots (Backup)

A

A copy of a VM.

25
Q

Full (Backup)

A

A complete copy of a machine’s data.