ICT Role in 21st Century Education & its Challenges.pptx
CIS 359 Inspiring Innovation/tutorialrank.com
1. CIS 359 Final Exam All 2 Set
For more course tutorials visit
www.tutorialrank.com
CIS 359 Final Exam Set 1
CIS 359 Final Exam Set 2
===============================================
CIS 359 Final Exam Set 1
For more course tutorials visit
www.tutorialrank.com
CIS 359 Final Exam Set 1
• Question 1
2. ____ are likely in the event of a hacker attack, when the attacker
retreats to a chat room and describes in specific detail to his or her
associates the method and results of his or her latest conquest.
• Question 2
Contingency strategies for ____ should emphasize the need for
absolutely reliable data backup and recovery procedures because they
have less inherent redundancy than a distributed architecture.
• Question 3
A ____ is a description of the disasters that may befall an
organization, along with information on their probability of occurrence,
a brief description of the organization’s actions to prepare for that
disaster, and the best case, worst case, and most likely case outcomes of
the disaster.
3. • Question 4
The primary vehicle for articulating the purpose of a disaster
recovery program is the ____.
• Question 5
The ____ assembles a disaster recovery team.
4. • Question 6
A ____ is a collection of nodes in which the segments are
geographically dispersed and the physical link is often a data
communications channel provided by a public carrier.
• Question 7
5. Deciding which technical contingency strategies are selected,
developed, and implemented is most often based on the type of ____
being used.
• Question 8
____ are highly probable when infected machines are brought
back online or when other infected computers that may have been offline
at the time of the attack are brought back up.
• Question 9
6. A(n) ____ occurs when a situation results in service disruptions
for weeks or months, requiring a government to declare a state of
emergency.
• Question 10
The ____ team is responsible for providing the initial
assessments of the extent of damage to equipment and systems on-site
and/or for physically recovering the equipment to be transported to a
location where the other teams can evaluate it.
• Question 11
7. During the ____ phase, the organization begins the recovery of
the most time-critical business functions - those necessary to reestablish
business operations and prevent further economic and image loss to the
organization.
• Question 12
In the context of disaster notification, the ____ is a scripted
description of the disaster and consists of just enough information so that
each response knows what port of the DR plan to implement.
8. • Question 13
The ____ team is responsible for working with the remainder of
the organization to assist in the recovery of nontechnology functions.
• Question 14
The ____ involves providing copies of the DR plan to all teams
and team members for review.
9. • Question 15
____ is the inclusion of action steps to minimize the damage
associated with the disaster on the operations of the organization.
• Question 16
The ____ team is primarily responsible for data restoration and
recovery.
10. • Question 17
In the ____ phase of the BC plan, the organization specifies what
type of relocation services are desired and what type of data
management strategies are deployed to support relocation.
• Question 18
The ____ is the amount of time that a business can tolerate losing
capabilities until alternate capabilities are available.
11. • Question 19
The ____ is the point in the past to which the recovered
applications and data at the alternate infrastructure will be restored.
• Question 20
The plan maintenance schedule in a BC policy statement should
address the ____ of reviews, along with who will be involved in each
review.
12. • Question 21
The ____ section of the business continuity policy provides an
overview of the information storage and retrieval plans of the
organization.
• Question 22
In the ____ section of the business continuity policy, the training
requirements for the various employee groups are defined and
highlighted.
13. • Question 23
____ planning represents the final response of the organization
when faced with any interruption of its critical operations.
• Question 24
What phase of the BC plan specifies under what conditions and
how the organization relocates from the primary to the alternate site?
14. • Question 25
The CM ____ is responsible for overseeing the actions of the
crisis management team and coordinating all crisis management efforts
in cooperation with disaster recovery and/or business continuity
planning, on an as-needed basis.
• Question 26
____ is the process of ensuring that every employee is trained to
perform at least part of the job of another employee.
15. • Question 27
____ is the movement of employees from one position to another
so they can develop additional skills and abilities.
• Question 28
16. In contrast to emergency response that focuses on the immediate
safety of those affected, ____ addresses the services needed to get the
organization and its stakeholders back to original levels of productivity
or satisfaction.
• Question 29
____ are those steps taken to inform stakeholders regarding the
timeline of events, the actions taken, and sometimes the reasons for
those actions.
• Question 30
17. A(n) ____ is created to enable management to gain and maintain
control of ongoing emergency situations, to provide oversight and
control to designated first responders, and to marshal IR, DR, and DC
plans and resources as needed.
• Question 31
A ____ is defined by the ICM as a disruption in the company’s
business that occurs without warning and is likely to generate news
coverage and may adversely impact employees, investors, customers,
suppliers, and other stakeholders.
18. • Question 32
Cross-training provides a mechanism to get everyone out of the
crime scene and thus prevent contamination of possible evidentiary
material.
• Question 33
The ____ handles computer crimes that are categorized as
felonies.
• Question 34
19. The forensic tool ____ does extensive pre-processing of evidence
items that recovers deleted files and extracts e-mail messages.
• Question 35
____ is used both for intrusion analysis and as part of evidence
collection and analysis.
• Question 36
20. ____ is the determination of the initial flaw or vulnerability that
allowed an incident to occur.
• Question 37
Most digital forensic teams have a prepacked field kit, also
known as a(n) ____.
• Question 38
21. Many private sector organizations require a formal statement,
called a(n) ____, which provides search authorization and furnishes
much of the same information usually found in a public sector search
warrant.
• Question 39
One way to identify a particular digital item (collection of bits) is
by means of a(n) ____.
• Question 40
22. The ____ phase of forensic analysis involves the use of forensic
tools to recover the content of files that were deleted, operating system
artifacts (such as event data and logging of user actions), and other
relevant facts.
• Question 41
Because it is possible for investigators to confuse the suspect and
destination disks when performing imaging, and to preclude any grounds
for challenging the image output, it is common practice to protect the
suspect media using a ____.
• Question 42
23. If a user receives a message whose tone and terminology seems
intended to invoke a panic or sense of urgency, it may be a(n) ____.
• Question 43
When an incident includes a breach of physical security, all
aspects of physical security should be escalated under a containment
strategy known as ____.
• Question 44
24. Clifford Stoll’s book, ____, provides an excellent story about a
real-world incident that turned into an international tale of espionage and
intrigue.
• Question 45
There are a number of professional IR agencies, such as ____,
that can provide additional resources to help prevent and detect DoS
incidents.
• Question 46
The CSIRT may not wish to “tip off” attackers that they have
been detected, especially if the organization is following a(n) ____
approach.
25. • Question 47
Which of the following is the most suitable as a response strategy
for malware outbreaks?
• Question 48
Essentially a DoS attack, a ____ is a message aimed at causing
organizational users to waste time reacting to a nonexistent malware
threat.
• Question 49
26. According to NIST, which of the following is an example of a
UA attack?
• Question 50
____ is a common indicator of a DoS attack.
===============================================
CIS 359 Final Exam Set 2
For more course tutorials visit
www.tutorialrank.com
CIS 359 Final Exam Set 2
• Question 1
27. A continuously changing process presents challenges in
acquisition, as there is not a fixed state that can be collected, hashed, and
so forth. This has given rise to the concept of ____ forensics which
captures a point-in-time picture of a process.
• Question 2
____ is used both for intrusion analysis and as part of evidence
collection and analysis.
• Question 3
In evidence handling, specifically designed ____ are helpful
because they are very difficult to remove without breaking.
• Question 4
28. A search is constitutional if it does not violate a person’s
reasonable or legitimate____.
• Question 5
The forensic tool ____ does extensive pre-processing of evidence
items that recovers deleted files and extracts e-mail messages.
• Question 6
29. Most digital forensic teams have a prepacked field kit, also
known as a(n) ____.
• Question 7
The ____ handles computer crimes that are categorized as
felonies.
• Question 8
Forensic investigators use ____ copying when making a forensic
image of a device, which reads a sector (or block; 512 bytes on most
30. devices) from the source drive and writes it to the target drive; this
process continues until all sectors on the suspect drive have been copied.
• Question 9
Grounds for challenging the results of a digital investigation can
come from possible ____—that is, alleging that the relevant evidence
came from somewhere else or was somehow tainted in the collection
process.
• Question 10
The U.S. Department of Homeland Security’s Federal
Emergency Management Association has developed a support Web site
31. at ____ that includes a suite of tools to guide the development of disaster
recovery/business continuity plans.
• Question 11
Identifying measures, called ____, that reduce the effects of
system disruptions can reduce continuity life-cycle costs.
• Question 12
Two dominantly recognized professional institutions certifying
business continuity professionals agree on the ____ as the basis for
certification.
32. • Question 13
Unless an organization has contracted for a ____ or equivalent,
office equipment such as desktop computers are not provided at BC
alternate site.
• Question 14
____ planning represents the final response of the organization
when faced with any interruption of its critical operations.
• Question 15
33. A BC subteam called the ____ is responsible for establishing the
core business functions needed to sustain critical business operations.
• Question 16
One activity that occurs during the clearing phase of a BC
implementation is scheduling a move back to the primary site.
• Question 17
34. In the ____ phase of the BC plan, the organization specifies what
type of relocation services are desired and what type of data
management strategies are deployed to support relocation.
• Question 18
____ occur over time and slowly deteriorate the organization’s
capacity to withstand their effects.
• Question 19
Contingency strategies for ____ should emphasize the need for
absolutely reliable data backup and recovery procedures because they
have less inherent redundancy than a distributed architecture.
35. • Question 20
____ may be caused by earthquakes, floods, storm winds,
tornadoes, or mud flows.
• Question 21
____ disasters include acts of terrorism and acts of war.
• Question 22
36. Once the incident has been contained, and all signs of the
incident removed, the ____ phase begins.
• Question 23
A ____ is a description of the disasters that may befall an
organization, along with information on their probability of occurrence,
a brief description of the organization’s actions to prepare for that
disaster, and the best case, worst case, and most likely case outcomes of
the disaster.
• Question 24
37. ____ are highly probable when infected machines are brought
back online or when other infected computers that may have been offline
at the time of the attack are brought back up.
• Question 25
The part of a disaster recovery policy that identifies the
organizational units and groups of employees to which the policy applies
is called the ____ section.
• Question 26
38. ____ is the set of actions taken by an organization in response to
an emergency situation in an effort to minimize injury or loss of life.
• Question 27
In contrast to emergency response that focuses on the immediate
safety of those affected, ____ addresses the services needed to get the
organization and its stakeholders back to original levels of productivity
or satisfaction.
• Question 28
39. ____ is the movement of employees from one position to another
so they can develop additional skills and abilities.
• Question 29
A(n) ____ is the list of officials ranging from an individual’s
immediate supervisor through the top executive of the organization.
• Question 30
A(n) ____ is created to enable management to gain and maintain
control of ongoing emergency situations, to provide oversight and
control to designated first responders, and to marshal IR, DR, and DC
plans and resources as needed.
40. • Question 31
Organizations typically respond to a crisis by focusing on
technical issues and economic priorities, and overlook the steps needed
to preserve the most critical assets of the organization: its people.
• Question 32
41. ____ are those actions taken in order to manage the immediate
physical, health, and environmental impacts resulting from an incident.
• Question 33
____ refers to those actions taken to meet the psychological and
emotional needs of various stakeholders.
• Question 34
42. According to the 2010/2011 Computer Crime and Security
Survey, ____ is “the most commonly seen attack, with 67.1 percent of
respondents reporting it.”
• Question 35
When an alert warns of new malicious code that targets software
used by an organization, the first response should be to research the new
virus to determine whether it is ____.
• Question 36
In a “block” containment strategy, in which the attacker’s path
into the environment is disrupted, you should use the most precise
strategy possible, starting with ____.
43. • Question 37
If a user receives a message whose tone and terminology seems
intended to invoke a panic or sense of urgency, it may be a(n) ____.
• Question 38
Many malware attacks are ____ attacks, which involve more
than one type of malware and/or more than one type of transmission
method.
44. • Question 39
A ____ is a small quantity of data kept by a Web site as a means
of recording that a system has visited that Web site.
• Question 40
A(n) ____ attack is a method of combining attacks with rootkits
and back doors.
• Question 41
45. According to NIST, which of the following is an example of a
UA attack?
• Question 42
Which of the following is the most suitable as a response strategy
for malware outbreaks?
• Question 43
46. The ____ team is responsible for working with suppliers and
vendors to replace damaged or destroyed equipment or services, as
determined by the other teams.
• Question 44
The ____ team is responsible for the recovery of information and
the reestablishment of operations in storage area networks or network
attached storage.
• Question 45
The ____ system is an information system with a telephony
interface that can be used to automate the alert process.
47. • Question 46
____ is the inclusion of action steps to minimize the damage
associated with the disaster on the operations of the organization.
• Question 47
The ____ team is primarily responsible for data restoration and
recovery.
48. • Question 48
The ____ is the phase associated with implementing the initial
reaction to a disaster; it is focused on controlling or stabilizing the
situation, if that is possible.
• Question 49
The ____ team is responsible for recovering and reestablishing
operating systems (OSs).
• Question 50
49. During the ____ phase, the organization begins the recovery of
the most time-critical business functions - those necessary to reestablish
business operations and prevent further economic and image loss to the
organization.
===============================================
CIS 359 Midterm Exam All 3 Set
For more course tutorials visit
www.tutorialrank.com
CIS 359 Midterm Exam Set 2
CIS 359 Midterm Exam Set 1
CIS 359 Midterm Exam Set 3
===============================================
CIS 359 Midterm Exam Set 1
50. For more course tutorials visit
www.tutorialrank.com
CIS 359 Midterm Exam Set 1
Question 1
A CSIRT model that is effective for large organizations and for
organizations with major computing resources at distant locations is the
____.
Question 2
The first group to communicate the CSIRT’s vision and operational plan
is the managerial team or individual serving as the ____.
Question 3
51. Those services performed in response to a request or a defined event
such as a help desk alert are called ____.
Question 4
One way to build and maintain staff skills is to develop incident-
handling ____ and have the team members discuss how they would
handle them.
Question 5
52. Giving the IR team the responsibility for ____ is generally not
recommended.
Question 6
When an organization completely outsources its IR work, typically to an
on-site contractor, it is called a(n) ____ model.
Question 7
The focus during a(n) ____ is on learning what worked, what didn’t, and
where communications and response procedures may have failed.
53. Question 8
Those services undertaken to prepare the organization or the CSIRT
constituents to protect and secure systems in anticipation of problems,
attacks, or other events are called ____.
Question 9
____ are closely monitored network decoys serving that can distract
adversaries from more valuable machines on a network; can provide
early warning about new attack and exploitation trends; and can allow
in-depth examination of adversaries during and after exploitation.
54. Question 10
Using a process known as ____, network-based IDPSs look for attack
patterns by comparing measured activity to known signatures in their
knowledge base to determine whether or not an attack has occurred or
may be under way.
Question 11
In an attack known as ____, valid protocol packets exploit poorly
configured DNS servers to inject false information to corrupt the
servers’ answers to routine DNS queries from other systems on that
network.
Question 12
55. The use of IDPS sensors and analysis systems can be quite complex.
One very common approach is to use an open source software program
called ____ running on an open source UNIX or Linux system that can
be managed and queried from a desktop computer using a client
interface.
Question 13
The ____ approach for detecting intrusions is based on the frequency
with which certain network activities take place.
Question 14
56. A(n) ____ , a type of IDPS that is similar to the NIDPS, reviews the log
files generated by servers, network devices, and even other IDPSs.
Question 15
The ____ is a federal law that creates a general prohibition on the
realtime monitoring of traffic data relating to communications.
Question 16
A(n) ____ is often included in legal documents to ensure that a vendor is
not liable for actions taken by a client.
57. Question 17
A ____ is an agency that provides physical facilities in the event of a
disaster for a fee.
Question 18
A potential disadvantage of a ____ site-resumption strategy is that more
than one organization might need the facility simultaneously.
58. Question 19
An organization aggregates all local backups to a central repository and
then backs up that repository to an online vendor, with a ____ backup
strategy.
Question 20
A(n) ____ is an extension of an organization’s intranet into cloud
computing.
Question 21
59. A ____ is a synonym for a virtualization application.
Question 22
____ uses a number of hard drives to store information across multiple
drive units.
Question 23
A resumption location known as a ____ is a fully configured computer
facility capable of establishing operations at a moment’s notice.
60. Question 24
Some recovery strategies seek to improve the ____ of a server or system
in addition to, or instead of, performing backups of data.
Question 25
The ____ is used to collect information directly from the end users and
business managers.
Question 26
61. The purpose of the ____ is to define the scope of the CP operations and
establish managerial intent with regard to timetables for response to
incidents, recovery from disasters, and reestablishment of operations for
continuity.
Question 27
To a large extent, incident response capabilities are part of a normal IT
budget. The only area in which additional budgeting is absolutely
required for incident response is the maintenance of ____.
Question 28
62. An manual alternative to the normal way of accomplishing an IT task
might be employed in the event that IT is unavailable. This is called a
____.
Question 29
What is a common approach used in the discipline of systems analysis
and design to understand the ways systems operate and to chart process
flows and interdependency studies?
Question 30
63. Which of the following collects and provides reports on failed login
attempts, probes, scans, denial-of-service attacks, and detected malware?
Question 31
The last stage of a business impact analysis is prioritizing the resources
associated with the ____, which brings a better understanding of what
must be recovered first.
Question 32
The final component to the CPMT planning process is to deal with ____.
64. Question 33
The ____ job functions and organizational roles focus on protecting the
organization’s information systems and stored information from attacks.
Question 34
A(n) ____ is a detailed examination of the events that occurred, from
first detection of an incident to final recovery.
Question 35
65. Incident analysis resources include network diagrams and lists of ____,
such as database servers.
Question 36
The U.S. National Institute of Standards and Technology recommends a
set of tools for the CSIRT including incident reporting mechanisms with
which users can report suspected incidents. At least one of these
mechanisms should permit people to report incidents ____.
Question 37
66. A(n) ____ is a CSIRT team member, other than the team leader, who is
currently performing the responsibilities of the team leader in scanning
the organization’s information infrastructure for signs of an incident.
Question 38
____ is the process of systematically examining information assets for
evidentiary material that can provide insight into how an incident
transpired.
Question 39
A favorite pastime of information security professionals is ____, which
is a simulation of attack and defense activities using realistic networks
and information systems.
67. Question 40
Should an incident begin to escalate, the CSIRT team leader continues to
add resources and skill sets as necessary to attempt to contain and
terminate the incident. The resulting team is called the ____ for this
particular incident.
Question 41
General users require training on the technical details of how to do their
jobs securely, including good security practices, ____ management,
specialized access controls, and violation reporting.
68. Question 42
The ____ illustrates the most critical characteristics of information and
has been the industry standard for computer security since the
development of the mainframe.
Question 43
____ assigns a risk rating or score to each information asset. Although
this number does not mean anything in absolute terms, it is useful in
gauging the relative risk to each vulnerable information asset and
facilitates the development of comparative ratings later in the risk
control process.
69. Question 44
A ____ deals with the preparation for and recovery from a disaster,
whether natural or man-made.
Question 45
A(n) ____ is any clearly identified attack on the organization’s
information assets that would threaten the assets’ confidentiality,
integrity, or availability.
Question 46
70. A ____ is a document that describes how, in the event of a disaster,
critical business functions continue at an alternate location while the
organization recovers its ability to function at the primary site.
Question 47
A(n) ____ is an object, person, or other entity that is a potential risk of
loss to an asset.
Question 48
71. A(n) ____ is used to anticipate, react to, and recover from events that
threaten the security of information and information assets in an
organization; it is also used to restore the organization to normal modes
of business operations;
Question 49
Information assets have ____ when they are not exposed (while being
stored, processed, or transmitted) to corruption, damage, destruction, or
other disruption of their authentic states.
Question 50
____ hack systems to conduct terrorist activities through network or
Internet pathways.
72. ===============================================
CIS 359 Midterm Exam Set 2
For more course tutorials visit
www.tutorialrank.com
One of the primary responsibilities of the IRP team is to ensure that the
____ is prepared to respond to each incident it may face.
A(n) ____ is a detailed examination of the events that occurred, from
first detection of an incident to final recovery.
____ is the process of systematically examining information assets for
evidentiary material that can provide insight into how an incident
transpired.
The Southeast Collegiate Cyber Defense Competition is unique in that it
focuses on the operational aspect of managing and protecting an existing
network infrastructure. Unlike “capture-the-flag ” exercises, this
competition is exclusively a real-world ____ competition.
Should an incident begin to escalate, the CSIRT team leader continues to
add resources and skill sets as necessary to attempt to contain and
terminate the incident. The resulting team is called the ____ for this
particular incident.
73. A(n) ____ is a CSIRT team member, other than the team leader, who is
currently performing the responsibilities of the team leader in scanning
the organization’s information infrastructure for signs of an incident.
The training delivery method with the lowest cost to the organization is
____.
The U.S. National Institute of Standards and Technology recommends a
set of tools for the CSIRT including incident reporting mechanisms with
which users can report suspected incidents. At least one of these
mechanisms should permit people to report incidents ____.
A(n) ____ is an object, person, or other entity that is a potential risk of
loss to an asset.
A(n) ____ is used to anticipate, react to, and recover from events that
threaten the security of information and information assets in an
organization; it is also used to restore the organization to normal modes
of business operations;
A ____ is a document that describes how, in the event of a disaster,
critical business functions continue at an alternate location while the
organization recovers its ability to function at the primary site.
____ hack systems to conduct terrorist activities through network or
Internet pathways.
____ is the risk control approach that attempts to reduce the impact
caused by the exploitation of vulnerability through planning and
preparation.
____ ensures that only those with the rights and privileges to access
information are able to do so.
74. ____ is a risk control approach that attempts to shift the risk to other
assets, other processes, or other organizations.
A ____ attack seeks to deny legitimate users access to services by either
tying up a server’s available resources or causing it to shut down.
Information assets have ____ when authorized users - persons or
computer systems - are able to access them in the specified format
without interference or obstruction.
The purpose of the ____ is to define the scope of the CP operations and
establish managerial intent with regard to timetables for response to
incidents, recovery from disasters, and reestablishment of operations for
continuity.
The ____ job functions and organizational roles focus on protecting the
organization’s information systems and stored information from attacks.
The ____ is the point in time by which systems and data must be
recovered after an outage as determined by the business unit.
Within an organization, a(n) ____ is a group of individuals who are
united by shared interests or values and who have a common goal of
making the organization function to meet its objectives.
The ____ is used to collect information directly from the end users and
business managers.
The final component to the CPMT planning process is to deal with ____.
The last stage of a business impact analysis is prioritizing the resources
associated with the ____, which brings a better understanding of what
must be recovered first.
The ____ is an investigation and assessment of the impact that various
events or incidents can have on the organization.
75. The ____ job functions and organizational roles focus on costs of system
creation and operation, ease of use for system users, timeliness of system
creation, and transaction response time.
A(n) ____ is an extension of an organization’s intranet into cloud
computing.
A ____ is a contractual document guaranteeing certain minimal levels of
service provided by a vendor.
A ____ is an agency that provides physical facilities in the event of a
disaster for a fee.
A(n) ____ is often included in legal documents to ensure that a vendor is
not liable for actions taken by a client.
An organization aggregates all local backups to a central repository and
then backs up that repository to an online vendor, with a ____ backup
strategy.
A ____ is commonly a single device or server that attaches to a network
and uses TCP/IP-based protocols and communications methods to
provide an online storage environment.
A potential disadvantage of a ____ site-resumption strategy is that more
than one organization might need the facility simultaneously.
Some recovery strategies seek to improve the ____ of a server or system
in addition to, or instead of, performing backups of data.
RAID 0 creates one logical volume across several available hard disk
drives and stores the data using ____, in which data segments are written
in turn to each disk drive in the array.
The determination of what systems fall under the CSIRT ’s
responsibility is called its ____.
76. Those services performed in response to a request or a defined event
such as a help desk alert are called ____.
In the absence of the assigned team manager, the ____ should assume
authority for overseeing and evaluating a provided service.
When an organization completely outsources its IR work, typically to an
on-site contractor, it is called a(n) ____ model.
The champion for the CSIRT may be the same person as the champion
for the entire IR function—typically, the ____.
A CSIRT model that is effective for large organizations and for
organizations with major computing resources at distant locations is the
____.
The announcement of an operational CSIRT should minimally include
____.
A key step in the ____ approach to incident response is to discover the
identify of the intruder while documenting his or her activity.
Using a process known as ____, network-based IDPSs look for attack
patterns by comparing measured activity to known signatures in their
knowledge base to determine whether or not an attack has occurred or
may be under way.
The ____ is a federal law that creates a general prohibition on the
realtime monitoring of traffic data relating to communications.
The ____ approach for detecting intrusions is based on the frequency
with which certain network activities take place.
A(n) ____ , a type of IDPS that is similar to the NIDPS, reviews the log
files generated by servers, network devices, and even other IDPSs.
77. ____ are closely monitored network decoys serving that can distract
adversaries from more valuable machines on a network; can provide
early warning about new attack and exploitation trends; and can allow
in-depth examination of adversaries during and after exploitation.
In an attack known as ____, valid protocol packets exploit poorly
configured DNS servers to inject false information to corrupt the
servers’ answers to routine DNS queries from other systems on that
network.
A(n) ____ is the set of rules and configuration guidelines governing the
implementation and operation of IDPSs within the organization.
===============================================
CIS 359 Midterm Exam Set 3
For more course tutorials visit
www.tutorialrank.com
CIS 359 Midterm Exam Set 3
• Question 1
78. When using virtualization, it is commonplace to use the term ____ to
refer to a virtualized environment operating in or on a host platform.
• Question 2
A(n) ____ backup only archives the files that have been modified since
the last backup.
• Question 3
A(n) ____ is an extension of an organization’s intranet into cloud
computing.
• Question 4
79. RAID 0 creates one logical volume across several available hard disk
drives and stores the data using ____, in which data segments are written
in turn to each disk drive in the array.
• Question 5
A ____ is commonly a single device or server that attaches to a network
and uses TCP/IP-based protocols and communications methods to
provide an online storage environment.
• Question 6
80. A ____ is an agency that provides physical facilities in the event of a
disaster for a fee.
• Question 7
A(n) ____ is often included in legal documents to ensure that a vendor is
not liable for actions taken by a client.
• Question 8
A resumption location known as a ____ is a fully configured computer
facility capable of establishing operations at a moment’s notice.
81. • Question 9
A ____ is a contractual document guaranteeing certain minimal levels of
service provided by a vendor.
• Question 10
The responsibility for creating an organization’s IR plan often falls to
the ____.
• Question 11
82. ____ is the process of systematically examining information assets for
evidentiary material that can provide insight into how an incident
transpired.
• Question 12
Incident analysis resources include network diagrams and lists of ____,
such as database servers.
• Question 13
83. One of the primary responsibilities of the IRP team is to ensure that the
____ is prepared to respond to each incident it may face.
• Question 14
A(n) ____ is a detailed examination of the events that occurred, from
first detection of an incident to final recovery.
• Question 15
The Southeast Collegiate Cyber Defense Competition is unique in that it
focuses on the operational aspect of managing and protecting an existing
network infrastructure. Unlike “capture-the-flag ” exercises, this
competition is exclusively a real-world ____ competition.
84. • Question 16
The U.S. National Institute of Standards and Technology recommends a
set of tools for the CSIRT including incident reporting mechanisms with
which users can report suspected incidents. At least one of these
mechanisms should permit people to report incidents ____.
• Question 17
The training delivery method with the lowest cost to the organization is
____.
85. • Question 18
A(n) ____ is the set of rules and configuration guidelines governing the
implementation and operation of IDPSs within the organization.
• Question 19
A(n) ____ is any system resource that is placed onto a functional system
but has no normal use for that system. If it attracts attention, it is from
unauthorized access and will trigger a notification or response.
• Question 20
86. The use of IDPS sensors and analysis systems can be quite complex.
One very common approach is to use an open source software program
called ____ running on an open source UNIX or Linux system that can
be managed and queried from a desktop computer using a client
interface.
• Question 21
A(n) ____ , a type of IDPS that is similar to the NIDPS, reviews the log
files generated by servers, network devices, and even other IDPSs.
• Question 22
87. New systems can respond to an incident threat autonomously, based on
preconfigured options that go beyond simple defensive actions usually
associated with IDPS and IPS systems. These systems, referred to as
____, use a combination of resources to detect an intrusion and then to
trace the intrusion back to its source.
• Question 23
The ____ is a federal law that creates a general prohibition on the
realtime monitoring of traffic data relating to communications.
• Question 24
88. In an attack known as ____, valid protocol packets exploit poorly
configured DNS servers to inject false information to corrupt the
servers’ answers to routine DNS queries from other systems on that
network.
• Question 25
The purpose of the ____ is to define the scope of the CP operations and
establish managerial intent with regard to timetables for response to
incidents, recovery from disasters, and reestablishment of operations for
continuity.
• Question 26
89. The first major business impact analysis task is to analyze and prioritize
the organization’s business processes based on their relationships to the
organization’s ____.
• Question 27
The ____ is an investigation and assessment of the impact that various
events or incidents can have on the organization.
• Question 28
One modeling technique drawn from systems analysis and design that
can provide an excellent way to illustrate how a business functions is
a(n) ____.:
90. • Question 29
The ____ is used to collect information directly from the end users and
business managers.
• Question 30
The ____ job functions and organizational roles focus on costs of system
creation and operation, ease of use for system users, timeliness of system
creation, and transaction response time.
91. • Question 31
Which of the following collects and provides reports on failed login
attempts, probes, scans, denial-of-service attacks, and detected malware?
• Question 32
Within an organization, a(n) ____ is a group of individuals who are
united by shared interests or values and who have a common goal of
making the organization function to meet its objectives.
• Question 33
92. The elements required to begin the ____ process are a planning
methodology; a policy environment to enable the planning process; an
understanding of the causes and effects of core precursor activities, and
access to financial and other resources.
• Question 34
____ is a risk control approach that attempts to shift the risk to other
assets, other processes, or other organizations.
• Question 35
93. A ____ deals with the preparation for and recovery from a disaster,
whether natural or man-made.
• Question 36
The term ____ refers to a broad category of electronic and human
activities in which an unauthorized individual gains access to the
information an organization is trying to protect.
• Question 37
____ of risk is the choice to do nothing to protect an information asset
and to accept the outcome of its potential exploitation.
94. • Question 38
A(n) ____ is an investigation and assessment of the impact that various
attacks can have on the organization.
• Question 39
A ____ attack seeks to deny legitimate users access to services by either
tying up a server’s available resources or causing it to shut down.
• Question 40
95. Information assets have ____ when authorized users - persons or
computer systems - are able to access them in the specified format
without interference or obstruction.
• Question 41
The ____ illustrates the most critical characteristics of information and
has been the industry standard for computer security since the
development of the mainframe.
• Question 42
96. ____ is the process of examining, documenting, and assessing the
security posture of an organization’s information technology and the
risks it faces.
• Question 43
A CSIRT model that is effective for large organizations and for
organizations with major computing resources at distant locations is the
____.
• Question 44
97. The CSIRT should be available for contact by anyone who discovers or
suspects that an incident involving the organization has occurred. Some
organizations prefer that employees contact a ____, which then makes
the determination as to whether to contact the CSIRT or not.
• Question 45
Those services undertaken to prepare the organization or the CSIRT
constituents to protect and secure systems in anticipation of problems,
attacks, or other events are called ____.
• Question 46
The ____ flow of information needed from the CSIRT to organizational
and IT/InfoSec management is a critical communication requirement.
98. • Question 47
The champion for the CSIRT may be the same person as the champion
for the entire IR function—typically, the ____.
• Question 48
A key step in the ____ approach to incident response is to discover the
identify of the intruder while documenting his or her activity.
99. • Question 49
In the absence of the assigned team manager, the ____ should assume
authority for overseeing and evaluating a provided service.
• Question 50
Giving the IR team the responsibility for ____ is generally not
recommended.
===============================================
CIS 359 Week 1 Discussion
100. For more course tutorials visit
www.tutorialrank.com
From the e-Activity, explain in your own words what you believe CP
attempts to provide for an organization, and describe what you believe is
the most important CP consideration for an organization. Provide a
rationale for your answer.
Consider an organization in a specific industry (e.g., healthcare,
financial, etc.), and discuss the potential shortcomings and repercussions
if an organization in this sector neglected to participate in contingency
planning efforts. Provide two real-world examples (successes and / or
failures) to justify your answer.
===============================================
CIS 359 Week 2 Assignment 1 Continuity Planning
Overview
For more course tutorials visit
www.tutorialrank.com
101. Assignment 1: Continuity Planning Overview
Due Week 2 and worth 75 points
Suppose you were recently hired for a new initiative as a business
continuity lead / manager at a medium-sized healthcare company. You
have been asked to prepare a presentation to the Board of Directors on
your main duties for the company and how your position could help
protect the business in case of a large-scale incident or disaster. You
have been alerted that since this is a new initiative and could come with
a potentially large price tag, there is skepticism from some of the Board
members.
Write a three to four (3-4) page paper in which you:
Explain the basic primary tasks, ongoing evaluations, and major policy
and procedural changes that would be needed to perform as the BC lead
/ manager.
Provide insight on how to plan the presentation to garner management
and Board buy-in for those who are skeptical.
102. Discuss the first four (4) high-level activities that would be necessary in
starting this initiative in the right direction and describe the potential
pitfalls of each.
Speculate on the most comprehensive and / or critical challenge(s) in the
infancy of this initiative and explain how to overcome that challenge(s).
Use at least three (3) quality resources in this assignment.Note:
Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size 12), with
one-inch margins on all sides; citations and references must follow APA
or school-specific format. Check with your professor for any additional
instructions.
Include a cover page containing the title of the assignment, the student’s
name, the professor’s name, the course title, and the date. The cover
page and the reference page are not included in the required assignment
page length.
The specific course learning outcomes associated with this assignment
are:
103. Compare and contrast the methods of disaster recovery and business
continuity.
Explain risk management in the context of information security.
Use technology and information resources to research issues in disaster
recovery.
Write clearly and concisely about disaster recovery topics using proper
writing mechanics and technical style conventions.
===============================================
CIS 359 Week 3 Case Study 1 Stuxnet and US Incident
Response
For more course tutorials visit
www.tutorialrank.com
Case Study 1: Stuxnet and U.S. Incident Response
Due Week 3 and worth 100 points
104. Read the article titled “When Stuxnet Hit the Homeland: Government
Response to the Rescue,” from ABC News, located at
http://abcnews.go.com/blogs/headlines/2012/06/when-stuxnet-hit-the-
homeland-government-response-to-the-rescue/ and consider this threat
in terms of incident response and recovery procedures.
Write a three to four (3-4) page paper in which you:
Explain the role of US-CERT in protecting the nation’s industrial
systems and analyze its efforts in relation to preparedness and incident
and recovery management.
Discuss the efforts of ICS-CERT specifically to the Stuxnet threat and
examine its incident response efforts to mitigate this risk against U.S.
industrial systems.
With the sophistication of the primary sites of industrial system
implementations, determine whether or not alternate sites (e.g., hot site)
are feasible for organizations that utilize ICS technologies. Provide a
rationale.
Explain the high-level planning needed for an industrial systems
organization that utilizes ICS technologies to prepare for attacks from
cyber threats such as Stuxnet.
105. Use at least four (4) quality resources in this assignment.Note:
Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size 12), with
one-inch margins on all sides; citations and references must follow APA
or school-specific format. Check with your professor for any additional
instructions.
Include a cover page containing the title of the assignment, the student’s
name, the professor’s name, the course title, and the date. The cover
page and the reference page are not included in the required assignment
page length.
The specific course learning outcomes associated with this assignment
are:
Summarize the various types of disasters, response and recovery
methods.
Describe detection and decision-making capabilities in incident
response.
106. Use technology and information resources to research issues in disaster
recovery.
Write clearly and concisely about disaster recovery topics using proper
writing mechanics and technical style conventions.
===============================================
CIS 359 Week 4 Assignment 2 Incident Response (IR)
Revamp
For more course tutorials visit
www.tutorialrank.com
Assignment 2: Incident Response (IR) Revamp
Due Week 4 and worth 75 points
Imagine you have just taken over the manager position for your
organization’s incident response team, after coming from another
division in the company. Your first realization is that proper procedures,
best practices, and sound technologies are not being utilized. You decide
to revamp the team’s efforts.
107. Write a two to three (2-3) page paper in which you:
Explicate the main efforts that would be included in the incident
response efforts, including but not limited to personnel and team
structure, tools and utilities, and proper procedures.
Discuss in detail the role that an IDS / IPS would play in the IR efforts,
and explain how these systems can assist in the event notification,
determination, and escalation processes.
Explain how the NIST SP800-61, Rev. 1 could assist the personnel in
classifying incidents so each is identified appropriately and the proper
incident-handling procedures are taken.
Explain how the use of log management systems (e.g., Splunk) could be
a legitimate and useful component of the IR efforts, and describe the
potential issues that could arise if not utilized.
Use at least three (3) quality resources in this assignment.Note:
Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
108. Be typed, double spaced, using Times New Roman font (size 12), with
one-inch margins on all sides; citations and references must follow APA
or school-specific format. Check with your professor for any additional
instructions.
Include a cover page containing the title of the assignment, the student’s
name, the professor’s name, the course title, and the date. The cover
page and the reference page are not included in the required assignment
page length.
The specific course learning outcomes associated with this assignment
are:
Summarize the various types of disasters, response and recovery
methods.
Describe detection and decision-making capabilities in incident
response.
Use technology and information resources to research issues in disaster
recovery.
Write clearly and concisely about disaster recovery topics using proper
writing mechanics and technical style conventions.
===============================================
109. CIS 359 Week 6 Assignment 3 Incident Response (IR)
Strategic Decisions
For more course tutorials visit
www.tutorialrank.com
Assignment 3: Incident Response (IR) Strategic Decisions
Due Week 6 and worth 75 points
Suppose that you have been alerted of a potential incident involving a
suspected worm spreading via buffer overflow techniques,
compromising Microsoft IIS Web servers. As the IR Team leader, it is
your responsibility to determine the next steps.
Write a two to three (2-3) page paper in which you:
110. Explain in detail the initial steps that would need to be made by you and
the IR team in order to respond to this potential incident.
Construct a process-flow diagram that illustrates the process of
determining the incident containment strategy that would be used in this
scenario, and identify which containment strategy would be appropriate
in this case, through the use of graphical tools in Visio, or an open
source alternative such as Dia. Note: The graphically depicted solution is
not included in the required page length.
Construct a process flow diagram to illustrate the process(es) for
determining if / when notification of the incident should be relayed to
upper management, and explain how those communications should be
structured and relayed through the use of graphical tools in Visio, or an
open source alternative such as Dia. Note: The graphically depicted
solution is not included in the required page length.
Detail the incident recovery processes for the resolution of this incident.
Use at least three (3) quality resources in this assignment.Note:
Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size 12), with
one-inch margins on all sides; citations and references must follow APA
or school-specific format. Check with your professor for any additional
instructions.
111. Include a cover page containing the title of the assignment, the student’s
name, the professor’s name, the course title, and the date. The cover
page and the reference page are not included in the required assignment
page length.
The specific course learning outcomes associated with this assignment
are:
Summarize the various types of disasters, response and recovery
methods.
Develop techniques for different disaster scenarios.
Use technology and information resources to research issues in disaster
recovery.
Write clearly and concisely about disaster recovery topics using proper
writing mechanics and technical style conventions.
===============================================
CIS 359 Week 7 Case Study 2 Disaster Recovery (DR)
Lessons Learned September 11th
For more course tutorials visit
112. www.tutorialrank.com
Case Study 2: Disaster Recovery (DR) Lessons Learned: September
11th
Due Week 7 and worth 100 points
Read the article titled “9/11: Top lessons learned for disaster recovery,”
from Computerworld.com, located
athttp://www.computerworld.com/s/article/9219867/9_11_Top_lessons_
learned_for_disaster_recovery, and consider the effects the attacks of
September 11, 2001, have had on technology recovery efforts.
Write a two to four (2-4) page paper in which you:
Explain how the attacks affected risk management in organizations and
have prompted an increased justification for recovery-based objectives,
initiatives, and expenditures.
113. Analyze the use of social media and other current methods of
communication for emergency notifications during an incident or
disaster situation.
Determine whether or not organizations need to consider distanced
geographic locations when preparing for backup operations / data
centers, and determine the effects that recovery point objectives (RPO)
and recovery time objectives (RTO) have on these decisions.
Evaluate the use of cloud services as tools for recovery operations within
an organization, and explain how they could increase or decrease the
effectiveness of recovery operations.
Determine whether or not cloud services are ideal recovery options for
organizations regardless of their size. Provide a rationale to support the
answer.
Use at least four (4) quality resources in this assignment.Note:
Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size 12), with
one-inch margins on all sides; citations and references must follow APA
or school-specific format. Check with your professor for any additional
instructions.
Include a cover page containing the title of the assignment, the student’s
name, the professor’s name, the course title, and the date. The cover
114. page and the reference page are not included in the required assignment
page length.
The specific course learning outcomes associated with this assignment
are:
Explain risk management in the context of information security.
Summarize the various types of disasters, response and recovery
methods.
Compare and contrast the methods of disaster recovery and business
continuity.
Explain and develop a business continuity plan to address unforeseen
incidents.
Develop techniques for different disaster scenarios.
Use technology and information resources to research issues in disaster
recovery.
Write clearly and concisely about disaster recovery topics using proper
writing mechanics and technical style conventions.
===============================================
CIS 359 Week 8 Assignment 4 Disaster Recovery (DR)
Team
115. For more course tutorials visit
www.tutorialrank.com
Assignment 4: Disaster Recovery (DR) Team
Due Week 8 and worth 75 points
Consider a scenario where the contingency planning management team
(CPMT) of your organization has designated you as the disaster
recovery team leader, and the preparation and planning of this
component of the security program is now under your purview with a
team of 11 employees including yourself.
Write a two to three (2-3) page paper in which you:
116. Detail the DR team roles, responsibilities, and sub teams that would be
implemented, and construct an organizational chart for the team through
the use of graphical tools in Visio, or an open source alternative such as
Dia. Note: The graphically depicted solution is not included in the
required page length.
Describe the proper procedures and policies that would be implemented
specific to the DR team personnel as well as special equipment that
would be required.
Draft an executive summary to the DR plan and explain the purpose of
the plan and high-level specifics for upper management.
Use at least three (3) quality resources in this assignment.Note:
Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size 12), with
one-inch margins on all sides; citations and references must follow APA
or school-specific format. Check with your professor for any additional
instructions.
Include a cover page containing the title of the assignment, the student’s
name, the professor’s name, the course title, and the date. The cover
page and the reference page are not included in the required assignment
page length.
117. Include charts or diagrams created in Visio or Dia. The completed
diagrams / charts must be imported into the Word document before the
paper is submitted.
The specific course learning outcomes associated with this assignment
are:
Develop a disaster recovery plan for an organization.
Compare and contrast the methods of disaster recovery and business
continuity.
Develop techniques for different disaster scenarios.
Use technology and information resources to research issues in disaster
recovery.
Write clearly and concisely about disaster recovery topics using proper
writing mechanics and technical style conventions.
===============================================
CIS 359 Week 10 Term Paper Contingency Planning in
Action
For more course tutorials visit
118. www.tutorialrank.com
Term Paper: Contingency Planning in Action
Due Week 10 and worth 200 points
Create a hypothetical organization with details including geographic
location(s), number of employees in each location, primary business
functions, operational and technology details, potential threats to the
business and its technology, and anything else that you believe is
relevant to the business.
Assume this organization is lacking in its contingency planning efforts
and requires assistance in ensuring these efforts are appropriately
addressed to increase its overall security and preparedness posture.
119. Write a ten to fifteen (10-15) page paper in which you:
Provide an overview of the organization and indicate why contingency
planning efforts are needed and how these efforts could benefit the
business.
Develop a full contingency plan for the organization. Include all
subordinate functions / sub plans, including BIA, IRP, DRP, and BCP
efforts.
Determine the policies and procedures that would be needed for all
contingency planning efforts. Detail the role of the policy / procedure,
and explain how each would help achieve the goals of these efforts.
Detail the processes to utilize in order to fully implement the
contingency plan and its components, and explain the efforts to consider
in maintaining the plans.
Create a hypothetical incident scenario where the contingency planning
efforts would need to be utilized and detail:
how the plan is sufficiently equipped to handle the incident.
a timeline for the incident response and recovery efforts.
Identify any ethical concerns that are specific to this organization and its
incident response personnel (especially the CP Team Leader), and
explain how to plan for these concerns.
Use at least five (5) quality resources in this assignment.Note: Wikipedia
and similar Websites do not qualify as quality resources.
120. Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size 12), with
one-inch margins on all sides; citations and references must follow APA
or school-specific format. Check with your professor for any additional
instructions.
Include a cover page containing the title of the assignment, the student’s
name, the professor’s name, the course title, and the date. The cover
page and the reference page are not included in the required assignment
page length.
The specific course learning outcomes associated with this assignment
are:
Explain risk management in the context of information security.
Develop a disaster recovery plan for an organization.
Summarize the various types of disasters, response and recovery
methods.
Compare and contrast the methods of disaster recovery and business
continuity.
Explain and develop a business continuity plan to address unforeseen
incidents.
Describe crisis management guidelines and procedures.
121. Describe detection and decision-making capabilities in incident
response.
Develop techniques for different disaster scenarios.
Evaluate the ethical concerns inherent in disaster recovery scenarios.
Use technology and information resources to research issues in disaster
recovery.
Write clearly and concisely about disaster recovery topics using proper
writing mechanics and technical style conventions.
===============================================