This document contains 50 multiple choice questions related to CIS 359 at Strayer University. The questions cover topics such as virtualization, backup types, cloud computing, RAID configurations, network-attached storage, disaster recovery facilities, liability clauses, resumption locations, service level agreements, incident response planning, forensic investigation processes, network diagrams, incident response plans, incident reports, cyber defense competitions, anonymous incident reporting, training delivery methods, intrusion detection policies, honeypots, intrusion detection software, log file reviews, autonomous response systems, electronic communications privacy, DNS spoofing attacks, continuity plans, business impact analyses, risk assessments, business process models, end user surveys, cost-benefit analyses, intrusion detection systems, organizational groups,

1. STRAYER CIS 359 Midterm Exam Set 3 NEW
Check this A+ tutorial guideline at
http://www.assignmentclick.com/cis-359-strayer/cis-
359-midterm-exam-set-3-latest
For more classes visit
http://www.assignmentclick.com/
• Question 1
When using virtualization, it is commonplace to use the term
____ to refer to a virtualized environment operating in or on a
host platform.
• Question 2
A(n) ____ backup only archives the files that have been modified
since the last backup.
• Question 3
A(n) ____ is an extension of an organization’s intranet into cloud
computing.
• Question 4
RAID 0 creates one logical volume across several available hard
disk drives and stores the data using ____, in which data
segments are written in turn to each disk drive in the array.

2. • Question 5
A ____ is commonly a single device or server that attaches to a
network and uses TCP/IP-based protocols and communications
methods to provide an online storage environment.
• Question 6
A ____ is an agency that provides physical facilities in the event
of a disaster for a fee.
• Question 7
A(n) ____ is often included in legal documents to ensure that a
vendor is not liable for actions taken by a client.
• Question 8
A resumption location known as a ____ is a fully configured
computer facility capable of establishing operations at a
moment’s notice.
• Question 9
A ____ is a contractual document guaranteeing certain minimal
levels of service provided by a vendor.
• Question 10
The responsibility for creating an organization’s IR plan often
falls to the ____.
• Question 11

3. ____ is the process of systematically examining information
assets for evidentiary material that can provide insight into
how an incident transpired.
• Question 12
Incident analysis resources include network diagrams and lists
of ____, such as database servers.
• Question 13
One of the primary responsibilities of the IRP team is to ensure
that the ____ is prepared to respond to each incident it may face.
• Question 14
A(n) ____ is a detailed examination of the events that occurred,
from first detection of an incident to final recovery.
• Question 15
The Southeast Collegiate Cyber Defense Competition is unique
in that it focuses on the operational aspect of managing and
protecting an existing network infrastructure. Unlike “capture-
the-flag ” exercises, this competition is exclusively a real-world
____ competition.
• Question 16
The U.S. National Institute of Standards and Technology
recommends a set of tools for the CSIRT including incident
reporting mechanisms with which users can report suspected
incidents. At least one of these mechanisms should permit
people to report incidents ____.

4. • Question 17
The training delivery method with the lowest cost to the
organization is ____.
• Question 18
A(n) ____ is the set of rules and configuration guidelines
governing the implementation and operation of IDPSs within
the organization.
• Question 19
A(n) ____ is any system resource that is placed onto a functional
system but has no normal use for that system. If it attracts
attention, it is from unauthorized access and will trigger a
notification or response.
• Question 20
The use of IDPS sensors and analysis systems can be quite
complex. One very common approach is to use an open source
software program called ____ running on an open source UNIX
or Linux system that can be managed and queried from a
desktop computer using a client interface.
• Question 21
A(n) ____ , a type of IDPS that is similar to the NIDPS, reviews the
log files generated by servers, network devices, and even other
IDPSs.
• Question 22

5. New systems can respond to an incident threat autonomously,
based on preconfigured options that go beyond simple
defensive actions usually associated with IDPS and IPS systems.
These systems, referred to as ____, use a combination of
resources to detect an intrusion and then to trace the intrusion
back to its source.
• Question 23
The ____ is a federal law that creates a general prohibition on
the realtime monitoring of traffic data relating to
communications.
• Question 24
In an attack known as ____, valid protocol packets exploit poorly
configured DNS servers to inject false information to corrupt
the servers’ answers to routine DNS queries from other systems
on that network.
• Question 25
The purpose of the ____ is to define the scope of the CP
operations and establish managerial intent with regard to
timetables for response to incidents, recovery from disasters,
and reestablishment of operations for continuity.
• Question 26
The first major business impact analysis task is to analyze and
prioritize the organization’s business processes based on their
relationships to the organization’s ____.

6. • Question 27
The ____ is an investigation and assessment of the impact that
various events or incidents can have on the organization.
• Question 28
One modeling technique drawn from systems analysis and
design that can provide an excellent way to illustrate how a
business functions is a(n) ____.:
• Question 29
The ____ is used to collect information directly from the end
users and business managers.
• Question 30
The ____ job functions and organizational roles focus on costs of
system creation and operation, ease of use for system users,
timeliness of system creation, and transaction response time.
• Question 31
Which of the following collects and provides reports on failed
login attempts, probes, scans, denial-of-service attacks, and
detected malware?
• Question 32
Within an organization, a(n) ____ is a group of individuals who
are united by shared interests or values and who have a
common goal of making the organization function to meet its
objectives.

7. • Question 33
The elements required to begin the ____ process are a planning
methodology; a policy environment to enable the planning
process; an understanding of the causes and effects of core
precursor activities, and access to financial and other
resources.
• Question 34
____ is a risk control approach that attempts to shift the risk to
other assets, other processes, or other organizations.
• Question 35
A ____ deals with the preparation for and recovery from a
disaster, whether natural or man-made.
• Question 36
The term ____ refers to a broad category of electronic and
human activities in which an unauthorized individual gains
access to the information an organization is trying to protect.
• Question 37
____ of risk is the choice to do nothing to protect an information
asset and to accept the outcome of its potential exploitation.
• Question 38
A(n) ____ is an investigation and assessment of the impact that
various attacks can have on the organization.

8. • Question 39
A ____ attack seeks to deny legitimate users access to services by
either tying up a server’s available resources or causing it to
shut down.
• Question 40
Information assets have ____ when authorized users - persons or
computer systems - are able to access them in the specified
format without interference or obstruction.
• Question 41
The ____ illustrates the most critical characteristics of
information and has been the industry standard for computer
security since the development of the mainframe.
• Question 42
____ is the process of examining, documenting, and assessing the
security posture of an organization’s information technology
and the risks it faces.
• Question 43
A CSIRT model that is effective for large organizations and for
organizations with major computing resources at distant
locations is the ____.
• Question 44
The CSIRT should be available for contact by anyone who

9. discovers or suspects that an incident involving the
organization has occurred. Some organizations prefer that
employees contact a ____, which then makes the determination
as to whether to contact the CSIRT or not.
• Question 45
Those services undertaken to prepare the organization or the
CSIRT constituents to protect and secure systems in
anticipation of problems, attacks, or other events are called ____.
• Question 46
The ____ flow of information needed from the CSIRT to
organizational and IT/InfoSec management is a critical
communication requirement.
• Question 47
The champion for the CSIRT may be the same person as the
champion for the entire IR function—typically, the ____.
• Question 48
A key step in the ____ approach to incident response is to
discover the identify of the intruder while documenting his or
her activity.
• Question 49
In the absence of the assigned team manager, the ____ should
assume authority for overseeing and evaluating a provided
service.

10. • Question 50
Giving the IR team the responsibility for ____ is generally not
recommended.