SlideShare a Scribd company logo

Chapter 10 planning_for_contingencies

Download as DOCX, PDF
H
husseinalshomali

test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition

Technology
1 of 8
Name: Class: Date: Chapter 10: Planning for Contingencies Copyright Cengage Learning. Powered by Cognero. Page 1 1. When an incident takes place, the disaster recovery (DR) plan is invoked before the incident response (IR) plan. a. True b. False ANSWER: False 2. In most organizations, the COO is responsible for creating the IR plan. a. True b. False ANSWER: False 3. In a warm site, all services and communications links are fully configured and the site can be fully functional within minutes. a. True b. False ANSWER: False 4. When performing simlation testing, normal operations of the business are not impacted. a. True b. False ANSWER: True 5. Training should be as specialized as possible; personnel who are responsible for one duty should not be trained on other duties to avoid confusion during a disaster. a. True b. False ANSWER: False 6. An item does not become evidence until it is formally admitted to evidence by a judge or other ruling official. a. True b. False ANSWER: True 7. Using standard digital forensics methodology, the first step is to analyze the EM data without risking modification or unauthorized access. a. True b. False ANSWER: False 8. A slow-onset disaster is a disaster that occurs over time and gradually degrade the capacity of an organization to withstand their effects. ____________ ANSWER: True 9. Disaster classification is the process of examining an adverse event or incident and determining whether it constitutes an actualdisaster. ____________ ANSWER: True
Name: Class: Date: Chapter 10: Planning for Contingencies Copyright Cengage Learning. Powered by Cognero. Page 2 10. A(n) wrap-up review is a detailed examination and discussion of the events that occurred during an incident or disaster, from first detection to final recovery. ____________ ANSWER: False - after action, after-action 11. Patch and proceed is an organizational CP philosophy that focuses on the defense of information assets and preventing reoccurrence rather than the attacker’s identification and prosecution. ____________ ANSWER: True 12. An alert digest is a description of the incident or disaster that usually contains just enough information so that each person knows what portion of the IR or DR plan to implement without slowing down the notification process. ____________ ANSWER: False - message 13. Which of the following has the main goal of restoring normal modes of operation with minimal cost and disruption to normal business activities after an adverse event? a. Risk management b. Contingency planning c. Business response d. Disaster readiness ANSWER: b 14. In the event of an incident or disaster, which planning element is used to guide off-site operations? a. Project management b. Business continuity c. Disaster recovery d. Incident response ANSWER: b 15. Which is the first step in the contingency planning process among the options listed here? a. Business continuity training b. Disaster recovery planning c. Business impact analysis d. Incident response planning ANSWER: c 16. Which of the following is a mathematical tool that can be useful in assessing relative importance while resolving the issue of what business function is the most critical? a. Weighted analysis b. BIA questionnaire c. Recovery time organizer d. MTD comparison ANSWER: a 17. What is the final stage of the business impact analysis when using the NIST SP 800-34 approach? a. Identify resource requirements b. Identify business processes c. Determine mission/business processes and recovery criticality d. Identify recovery priorities for system resources ANSWER: d 18. At what point in the incident lifecycle is the IR plan initiated? a. Before an incident takes place b. Once the DRP is activated c. When an incident is detected that affects it d. Once the BCP is activated ANSWER: c
Name: Class: Date: Chapter 10: Planning for Contingencies Copyright Cengage Learning. Powered by Cognero. Page 3 19. Which of the following is the process of examining a possible incident and determining whether it constitutes an actual incident? a. Incident classification b. Incident identification c. Incident registration d. Incident verification ANSWER: a 20. Which of the following is a possible indicator of an actualincident? a. Unusual consumption of computing resources b. Activities at unexpected times c. Presence of hacker tools d. Reported attacks ANSWER: a 21. Which of the following is a definite indicator of an actual incident? a. Unusual system crashes b. Reported attack c. Presence of new accounts d. Use of dormant accounts ANSWER: d 22. Which of the following determines the scope of the breach of confidentiality, integrity, and availability of information and information assets? a. Incident report b. Incident damage assessment c. Information loss assessment d. Damage report ANSWER: b 23. After an incident, but before returning to its normal duties, the CSIRT must do which of the following? a. Create the incident damage assessment b. Conduct an after-action review c. Restore data from backups d. Restore services and processes in use ANSWER: b 24. Which of the following is a part of the incident recovery process? a. Identifying the vulnerabilities that allowed the incident to occur and spread b. Determining the event’s impact on normal business operations and, if necessary, making a disaster declaration c. Supporting personnel and their loved ones during the crisis d. Keeping the public informed about the event and the actions being taken to ensure the recovery of personnel and the enterprise ANSWER: a 25. Which of the following is the best example of a rapid-onset disaster? a. Flood b. Pest infestation c. Famine d. Environmental degradation ANSWER: a 26. Which of the following is usually conducted via leased lines or secure Internet connections whereby the receiving server archives the data as it is received?. a. Database shadowing b. Timesharing
Name: Class: Date: Chapter 10: Planning for Contingencies Copyright Cengage Learning. Powered by Cognero. Page 4 c. Traditional backups d. Electronic vaulting ANSWER: d 27. Which of the following is the transfer of live transactions to an off-site facility? a. Remote journaling b. Electronic vaulting c. Database shadowing d. Timesharing ANSWER: a 28. When a disaster renders the current business location unusable, which plan is put into action? a. Business continuity b. Crisis management c. Incident response d. Business impact analysis ANSWER: a 29. Which of the following is true about a hot site? a. It is an empty room with standard heating, air conditioning, and electrical service. b. It includes computing equipment and peripherals with servers but not client workstations. c. It duplicates computing resources, peripherals, phone systems, applications, and workstations. d. All communications services must be installed after the site is occupied. ANSWER: c 30. In which type of site are no computer hardware or peripherals provided? a. Cold site b. Warm site c. Timeshare d. Hot site ANSWER: a 31. Which of the following is a responsibility of the crisis management team? a. Restoring the data from backups b. Evaluating monitoring capabilities c. Keeping the public informed about the event and the actions being taken d. Restoring the services and processes in use ANSWER: c 32. In which contingency plan testing strategy do individuals follow each and every IR/DR/BC procedure, including the interruption of service, restoration of data from backups, and notification of appropriate individuals? a. Desk check b. Simulation c. Structured walk-through d. Full-interruption ANSWER: d 33. In which contingency plan testing strategy do individuals participate in a role-playing exercise in which the CP team is presented with a scenario of an actualincident or disaster and expected to react as if it had occurred? a. Desk check b. Simulation c. Structured walk-through d. Parallel testing ANSWER: b 34. Which of the following allows investigators to determine what happened by examining the results of an event—
Name: Class: Date: Chapter 10: Planning for Contingencies Copyright Cengage Learning. Powered by Cognero. Page 5 criminal, natural, intentional, or accidental? a. Digital malfeasance b. E-discovery c. Forensics d. Evidentiary procedures ANSWER: c 35. Which document must be changed when evidence changes hands or is stored? a. Chain of custody b. Search warrant c. Affidavit d. Evidentiary material ANSWER: a 36. Which type of document grants formal permission for an investigation to occur? a. Affidavit b. Search warrant c. Evidentiary report d. Forensic concurrence ANSWER: b 37. Which of the following is an approach available to an organization as an overall philosophy for contingency planning reactions? a. Protect and forget b. after-action review c. Transfer to local/state/federal law enforcement d. Track, hack and prosecute ANSWER: a 38. In digital forensics, all investigations follow the same basic methodology. Which of the following should be performed first in a digital forensics investigation? a. Report the findings to the proper authority b. Acquire (seize) the evidence without alteration or damage c. Identify relevant items of evidentiary value (EM) d. Analyze the data without risking modification or unauthorized access ANSWER: c 39. The four components of contingency planning are the ____________________, the incident response plan, the disaster recovery plan, and the business continuity plan. ANSWER: BIA Business Impact Analysis 40. If operations at the primary site cannot be quickly restored, the ____________________ occurs concurrently with the DR plan, enabling the business to continue at an alternate site. ANSWER: BCP business continuity plan BC plan 41. The ____________________ plan is a detailed set of processes and procedures that anticipate, detect, and mitigate the effects of an unexpected event that might compromise information resources and assets. ANSWER: incident response IR
Name: Class: Date: Chapter 10: Planning for Contingencies Copyright Cengage Learning. Powered by Cognero. Page 6 IR plan 42. A(n) ____________________ occurs when an attack affects information resources and/or assets, causing actual damage or other disruptions. ANSWER: incident 43. A(n) ____________________ is a document containing contact information of the individuals to notify in the event of an actualincident. ANSWER: alert roster 44. When dealing with an incident, the incident response team must conduct a(n) ____________________, which entails a detailed examination of the events that occurred from first detection to final recovery. ANSWER: after action review after-action review AAR 45. ____________________ planning ensures that critical business functions can continue if a disaster occurs. ANSWER: Business continuity BC business continuity 46. A(n) ____________________ is an agency that provides, in the case of DR/BC planning, physical facilities for a fee. ANSWER: service bureau 47. The bulk batch-transfer of data to an off-site facility is known as ____________________. ANSWER: electronic vaulting 48. In ____________________ testing of contingency plans, the individuals follow each and every procedure, including the interruption of service, restoration of data from backups, and notification of appropriate individuals. ANSWER: full-interruption full interruption 49. The first component of the analysis phase of a digital forensic investigation is ___________, which allows the investigator to quickly and easily search for a specific type of file. ANSWER: indexing 50. What are the major components of contingency planning? ANSWER: Business impact analysis (BIA) Incident response plan (IR plan) Disaster recovery plan (DR plan) Business continuity plan (BC plan) 51. What teams are involved in contingency planning and contingency operations? ANSWER: contingency planning management team incident response team disaster recovery team business continuity team 52. Explain the difference between a business impact analysis and the risk management process.
Name: Class: Date: Chapter 10: Planning for Contingencies Copyright Cengage Learning. Powered by Cognero. Page 7 ANSWER: One of the fundamental differences between a BIA and the risk management processes is that risk management focuses on identifying the threats, vulnerabilities, and attacks to determine which controls can protect the information. The BIA assumes that these controls have been bypassed, have failed, or have otherwise proved ineffective, that the attack succeeded, and that the adversity that was being defended against has come to fruition. 53. When undertaking the BIA, what should the organization consider? ANSWER: Scope Plan Balance Objective Follow-up 54. List four of the eight key components of a typical IR policy. ANSWER: The key components of a typical IR policy are: - Statement of management commitment - Purpose and objectives of the policy - Scope of the policy - Definition of InfoSec incidents and related items - Organizational structure and delineation of roles, responsibilities, and levels of authorities - Prioritization of severity ratings of incidents - Performance measures - Reporting and contact forms 55. There are six key elements that the CP team must build into the DR Plan. What are three of them? ANSWER: The key elements that the CP team must build in the DRP are: - Clear delegation of roles and responsibilities - Execution of the alert roster and notification of key personnel - Clear establishment of priorities - Procedures for documentation of the disaster - Action steps to mitigate the impact of the disaster on the operations of the organization - Alternative implementations for the various systems components, should primary versions be unavailable 56. List the seven steps of the incident recovery process according to Donald Pipkin. ANSWER: The incident recovery process involves the following steps: - Identify the vulnerabilities that allowed the incident to occur and spread. Resolve them. - Address the safeguards that failed to stop or limit the incident, or were missing from the system in the first place. Install, replace, or upgrade them. - Evaluate monitoring capabilities (if present). Improve detection and reporting methods, or install new monitoring capabilities. - Restore the data from backups. - Restore the services and processes in use. - Continuously monitor the system. - Restore the confidence of the members of the organization’s communities of interest. 57. Compare and contrast a hot site, a warm site, and a cold site. ANSWER: Hot site—A hot site is a fully configured computer facility, with all services, communications links, and physical plant operations. It duplicates computing resources, peripherals, phone systems, applications, and workstations. Essentially, this duplicate facility needs only the latest data backups and the personnel to function. If the organization uses one of the data services listed in the following sections, a hot
Name: Class: Date: Chapter 10: Planning for Contingencies Copyright Cengage Learning. Powered by Cognero. Page 8 site can be fully functional within minutes. Warm site—A warm site provides many of the same services and options as the hot site, but typically software applications are not included or are not installed and configured. A warm site frequently includes computing equipment and peripherals with servers but not client workstations. Overall, it offers many of the advantages of a hot site at a lower cost. The disadvantage is that severalhours, or days, are required to make a warm site fully functional. Cold site—A cold site provides only rudimentary services and facilities. No computer hardware or peripherals are provided. All communications services must be installed after the site is occupied. A cold site is an empty room with standard heating, air conditioning, and electrical service. Everything else is an added-cost option. Despite these disadvantages, a cold site may be better than nothing. Its primary advantage is its low cost. 58. What are the three roles performed by the crisis management team? ANSWER: Supporting personnel and their loved ones during the crisis Keeping the public informed about the event and the actions being taken to ensure the recovery of personnel and the enterprise Communicating with major customers, suppliers, partners, regulatory agencies, industry organizations, the media, and other interested parties 59. Discuss three of the five strategies that can be used to test contingency strategies. ANSWER: Desk check: The CP testing strategy in which copies of the appropriate plans are distributed to all individuals who will be assigned roles during an actual incident or disaster; each individual reviews the plan and validates its components. Full-interruption testing: The CP testing strategy in which all team members follow each IR/DR/ BC procedure, including those for interruption of service, restoration of data from backups, and notification of appropriate individuals. Simulation: The CP testing strategy in which the organization conducts a role-playing exercise as if an actual incident or disaster had occurred. The CP team is presented with a scenario in which all members must specify how they would react and communicate their efforts. Structured walk-through: The CP testing strategy in which all involved individuals walk through a site and discuss the steps they would take during an actual CP event. A walk-through can also be conducted as a conference room talk-through. Talk-through: A form of structured walk-through in which individuals meet in a conference room and discuss a CP plan rather than walking around the organization. 60. Describe the methodology an organization should follow in an investigation. ANSWER: In digital forensics, all investigations follow the same basic 5 stage methodology: 1. Identify relevant items of evidentiary value (EM) 2. Acquire (seize) the evidence without alteration or damage 3. Take steps to assure that the evidence is at every step verifiably authentic at every step and is unchanged from the time it was seized 4. Analyze the data without risking modification or unauthorized access 5. Report the findings to the proper authority

Recommended

Chapter 08 security_management_models
Chapter 08 security_management_modelsChapter 08 security_management_models
Chapter 08 security_management_models
husseinalshomali
 
Chapter 09 security_management_practices
Chapter 09 security_management_practicesChapter 09 security_management_practices
Chapter 09 security_management_practices
husseinalshomali
 
Chapter 06 risk_management_identifying_and_assessing_risk
Chapter 06 risk_management_identifying_and_assessing_riskChapter 06 risk_management_identifying_and_assessing_risk
Chapter 06 risk_management_identifying_and_assessing_risk
husseinalshomali
 
Chapter 12 protection_mechanisms
Chapter 12 protection_mechanismsChapter 12 protection_mechanisms
Chapter 12 protection_mechanisms
husseinalshomali
 
Chapter 11 personnel_and_security
Chapter 11 personnel_and_securityChapter 11 personnel_and_security
Chapter 11 personnel_and_security
husseinalshomali
 
Chapter 07 risk_management_controlling_risk
Chapter 07 risk_management_controlling_riskChapter 07 risk_management_controlling_risk
Chapter 07 risk_management_controlling_risk
husseinalshomali
 
Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...
Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...
Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...
husseinalshomali
 
Chapter 05 developing_the_security_program
Chapter 05 developing_the_security_programChapter 05 developing_the_security_program
Chapter 05 developing_the_security_program
husseinalshomali
 

Recommended

Chapter 08 security_management_models
Chapter 08 security_management_modelsChapter 08 security_management_models
Chapter 08 security_management_models
husseinalshomali
 
Chapter 09 security_management_practices
Chapter 09 security_management_practicesChapter 09 security_management_practices
Chapter 09 security_management_practices
husseinalshomali
 
Chapter 06 risk_management_identifying_and_assessing_risk
Chapter 06 risk_management_identifying_and_assessing_riskChapter 06 risk_management_identifying_and_assessing_risk
Chapter 06 risk_management_identifying_and_assessing_risk
husseinalshomali
 
Chapter 12 protection_mechanisms
Chapter 12 protection_mechanismsChapter 12 protection_mechanisms
Chapter 12 protection_mechanisms
husseinalshomali
 
Chapter 11 personnel_and_security
Chapter 11 personnel_and_securityChapter 11 personnel_and_security
Chapter 11 personnel_and_security
husseinalshomali
 
Chapter 07 risk_management_controlling_risk
Chapter 07 risk_management_controlling_riskChapter 07 risk_management_controlling_risk
Chapter 07 risk_management_controlling_risk
husseinalshomali
 
Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...
Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...
Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...
husseinalshomali
 
Chapter 05 developing_the_security_program
Chapter 05 developing_the_security_programChapter 05 developing_the_security_program
Chapter 05 developing_the_security_program
husseinalshomali
 
Chapter 04 information_security_policy
Chapter 04 information_security_policyChapter 04 information_security_policy
Chapter 04 information_security_policy
husseinalshomali
 
Chapter 03 governance_and_strategic_planning_for_security
Chapter 03 governance_and_strategic_planning_for_securityChapter 03 governance_and_strategic_planning_for_security
Chapter 03 governance_and_strategic_planning_for_security
husseinalshomali
 
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Editiontest bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
husseinalshomali
 
UCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptxUCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptx
ucisa
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
Tuan Phan
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
Jonathan Sinclair
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report
Rishabh Upadhyay
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best Practices
Greenway Health
 
Business Continuity - Business Risk & Management
Business Continuity - Business Risk & ManagementBusiness Continuity - Business Risk & Management
Business Continuity - Business Risk & Management
Andrew Styles
 
Cyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measures
CBIZ, Inc.
 
Cybersecurity risk management 101
Cybersecurity risk management 101Cybersecurity risk management 101
Cybersecurity risk management 101
Srinivasan Vanamali
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
FireEye, Inc.
 
Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]
LinkedIn
 
PACE-IT, Security+2.7: Physical Security and Enviornmental Controls
PACE-IT, Security+2.7: Physical Security and Enviornmental ControlsPACE-IT, Security+2.7: Physical Security and Enviornmental Controls
PACE-IT, Security+2.7: Physical Security and Enviornmental Controls
Pace IT at Edmonds Community College
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
Automating Threat Hunting on the Dark Web and other nitty-gritty things
Automating Threat Hunting on the Dark Web and other nitty-gritty thingsAutomating Threat Hunting on the Dark Web and other nitty-gritty things
Automating Threat Hunting on the Dark Web and other nitty-gritty things
Apurv Singh Gautam
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021
Adam Shostack
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Ncell
 
SECO 406100422-ISF-Sample-Exam-en-v1-0.pdf
SECO 406100422-ISF-Sample-Exam-en-v1-0.pdfSECO 406100422-ISF-Sample-Exam-en-v1-0.pdf
SECO 406100422-ISF-Sample-Exam-en-v1-0.pdf
JohnRicos
 
Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5
madunix
 

More Related Content

What's hot

Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]
LinkedIn
 
Automating Threat Hunting on the Dark Web and other nitty-gritty things
Automating Threat Hunting on the Dark Web and other nitty-gritty thingsAutomating Threat Hunting on the Dark Web and other nitty-gritty things
Automating Threat Hunting on the Dark Web and other nitty-gritty things
Apurv Singh Gautam
 

What's hot (20)

Chapter 04 information_security_policy
Chapter 04 information_security_policyChapter 04 information_security_policy
Chapter 04 information_security_policy
 
Chapter 03 governance_and_strategic_planning_for_security
Chapter 03 governance_and_strategic_planning_for_securityChapter 03 governance_and_strategic_planning_for_security
Chapter 03 governance_and_strategic_planning_for_security
 
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Editiontest bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
 
UCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptxUCISA cyber incident response toolkit.pptx
UCISA cyber incident response toolkit.pptx
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best Practices
 
Business Continuity - Business Risk & Management
Business Continuity - Business Risk & ManagementBusiness Continuity - Business Risk & Management
Business Continuity - Business Risk & Management
 
Cyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measures
 
Cybersecurity risk management 101
Cybersecurity risk management 101Cybersecurity risk management 101
Cybersecurity risk management 101
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
 
Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]
 
PACE-IT, Security+2.7: Physical Security and Enviornmental Controls
PACE-IT, Security+2.7: Physical Security and Enviornmental ControlsPACE-IT, Security+2.7: Physical Security and Enviornmental Controls
PACE-IT, Security+2.7: Physical Security and Enviornmental Controls
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
Automating Threat Hunting on the Dark Web and other nitty-gritty things
Automating Threat Hunting on the Dark Web and other nitty-gritty thingsAutomating Threat Hunting on the Dark Web and other nitty-gritty things
Automating Threat Hunting on the Dark Web and other nitty-gritty things
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 

Similar to Chapter 10 planning_for_contingencies

SECO 406100422-ISF-Sample-Exam-en-v1-0.pdf
SECO 406100422-ISF-Sample-Exam-en-v1-0.pdfSECO 406100422-ISF-Sample-Exam-en-v1-0.pdf
SECO 406100422-ISF-Sample-Exam-en-v1-0.pdf
JohnRicos
 
Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5
madunix
 
Econ 421Subsidies Problem SetSpring 20151. Suppose low-in.docx
Econ 421Subsidies Problem SetSpring 20151. Suppose low-in.docxEcon 421Subsidies Problem SetSpring 20151. Suppose low-in.docx
Econ 421Subsidies Problem SetSpring 20151. Suppose low-in.docx
jack60216
 
1. _ incident responses enables the organization to react to a d
1. _ incident responses enables the organization to react to a d1. _ incident responses enables the organization to react to a d
1. _ incident responses enables the organization to react to a d
lauvicuna8dw
 
TCG Svcs Pres 2011
TCG Svcs Pres 2011TCG Svcs Pres 2011
TCG Svcs Pres 2011
mcourton
 
The Perfect Storm - How We Talk About Disasters
The Perfect Storm - How We Talk About DisastersThe Perfect Storm - How We Talk About Disasters
The Perfect Storm - How We Talk About Disasters
DevOps.com
 
Task 4 Computer Incident Response Team Plan – · Loss of company.docx
Task 4 Computer Incident Response Team Plan – · Loss of company.docxTask 4 Computer Incident Response Team Plan – · Loss of company.docx
Task 4 Computer Incident Response Team Plan – · Loss of company.docx
deanmtaylor1545
 
Task 4 Computer Incident Response Team Plan – · Loss of company.docx
Task 4 Computer Incident Response Team Plan – · Loss of company.docxTask 4 Computer Incident Response Team Plan – · Loss of company.docx
Task 4 Computer Incident Response Team Plan – · Loss of company.docx
bradburgess22840
 
1. Which of the following elements ensures a policy is enforceab
1. Which of the following elements ensures a policy is enforceab1. Which of the following elements ensures a policy is enforceab
1. Which of the following elements ensures a policy is enforceab
careyshaunda
 

Similar to Chapter 10 planning_for_contingencies (20)

SECO 406100422-ISF-Sample-Exam-en-v1-0.pdf
SECO 406100422-ISF-Sample-Exam-en-v1-0.pdfSECO 406100422-ISF-Sample-Exam-en-v1-0.pdf
SECO 406100422-ISF-Sample-Exam-en-v1-0.pdf
 
Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5
 
Econ 421Subsidies Problem SetSpring 20151. Suppose low-in.docx
Econ 421Subsidies Problem SetSpring 20151. Suppose low-in.docxEcon 421Subsidies Problem SetSpring 20151. Suppose low-in.docx
Econ 421Subsidies Problem SetSpring 20151. Suppose low-in.docx
 
1. _ incident responses enables the organization to react to a d
1. _ incident responses enables the organization to react to a d1. _ incident responses enables the organization to react to a d
1. _ incident responses enables the organization to react to a d
 
Risk 3 simplelearn-exam2-ans
Risk 3 simplelearn-exam2-ansRisk 3 simplelearn-exam2-ans
Risk 3 simplelearn-exam2-ans
 
TCG Svcs Pres 2011
TCG Svcs Pres 2011TCG Svcs Pres 2011
TCG Svcs Pres 2011
 
IS311 questions
IS311 questionsIS311 questions
IS311 questions
 
Sensitive Data Exposure Incident Checklist
Sensitive Data Exposure Incident ChecklistSensitive Data Exposure Incident Checklist
Sensitive Data Exposure Incident Checklist
 
Sad quiz
Sad quizSad quiz
Sad quiz
 
The Perfect Storm - How We Talk About Disasters
The Perfect Storm - How We Talk About DisastersThe Perfect Storm - How We Talk About Disasters
The Perfect Storm - How We Talk About Disasters
 
ICFAI Projects and Operations Management - Solved assignments and case study ...
ICFAI Projects and Operations Management - Solved assignments and case study ...ICFAI Projects and Operations Management - Solved assignments and case study ...
ICFAI Projects and Operations Management - Solved assignments and case study ...
 
Task 4 Computer Incident Response Team Plan – · Loss of company.docx
Task 4 Computer Incident Response Team Plan – · Loss of company.docxTask 4 Computer Incident Response Team Plan – · Loss of company.docx
Task 4 Computer Incident Response Team Plan – · Loss of company.docx
 
Task 4 Computer Incident Response Team Plan – · Loss of company.docx
Task 4 Computer Incident Response Team Plan – · Loss of company.docxTask 4 Computer Incident Response Team Plan – · Loss of company.docx
Task 4 Computer Incident Response Team Plan – · Loss of company.docx
 
Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017
 
1. Which of the following elements ensures a policy is enforceab
1. Which of the following elements ensures a policy is enforceab1. Which of the following elements ensures a policy is enforceab
1. Which of the following elements ensures a policy is enforceab
 
Planning for contingencies
Planning for contingenciesPlanning for contingencies
Planning for contingencies
 
PMI ACP Classroom Question Paper with Answers
PMI ACP Classroom Question Paper with AnswersPMI ACP Classroom Question Paper with Answers
PMI ACP Classroom Question Paper with Answers
 
17072052582
1707205258217072052582
17072052582
 
Risk 5 simplelearn-exam4-ans
Risk 5 simplelearn-exam4-ansRisk 5 simplelearn-exam4-ans
Risk 5 simplelearn-exam4-ans
 
Safety Management System Manual
Safety Management System ManualSafety Management System Manual
Safety Management System Manual
 

Recently uploaded

UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
DianaGray10
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
WSO2
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
VictorSzoltysek
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
FIDO Alliance
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Recently uploaded (20)

Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational Performance
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 

Chapter 10 planning_for_contingencies

  • 1. Name: Class: Date: Chapter 10: Planning for Contingencies Copyright Cengage Learning. Powered by Cognero. Page 1 1. When an incident takes place, the disaster recovery (DR) plan is invoked before the incident response (IR) plan. a. True b. False ANSWER: False 2. In most organizations, the COO is responsible for creating the IR plan. a. True b. False ANSWER: False 3. In a warm site, all services and communications links are fully configured and the site can be fully functional within minutes. a. True b. False ANSWER: False 4. When performing simlation testing, normal operations of the business are not impacted. a. True b. False ANSWER: True 5. Training should be as specialized as possible; personnel who are responsible for one duty should not be trained on other duties to avoid confusion during a disaster. a. True b. False ANSWER: False 6. An item does not become evidence until it is formally admitted to evidence by a judge or other ruling official. a. True b. False ANSWER: True 7. Using standard digital forensics methodology, the first step is to analyze the EM data without risking modification or unauthorized access. a. True b. False ANSWER: False 8. A slow-onset disaster is a disaster that occurs over time and gradually degrade the capacity of an organization to withstand their effects. ____________ ANSWER: True 9. Disaster classification is the process of examining an adverse event or incident and determining whether it constitutes an actualdisaster. ____________ ANSWER: True
  • 2. Name: Class: Date: Chapter 10: Planning for Contingencies Copyright Cengage Learning. Powered by Cognero. Page 2 10. A(n) wrap-up review is a detailed examination and discussion of the events that occurred during an incident or disaster, from first detection to final recovery. ____________ ANSWER: False - after action, after-action 11. Patch and proceed is an organizational CP philosophy that focuses on the defense of information assets and preventing reoccurrence rather than the attacker’s identification and prosecution. ____________ ANSWER: True 12. An alert digest is a description of the incident or disaster that usually contains just enough information so that each person knows what portion of the IR or DR plan to implement without slowing down the notification process. ____________ ANSWER: False - message 13. Which of the following has the main goal of restoring normal modes of operation with minimal cost and disruption to normal business activities after an adverse event? a. Risk management b. Contingency planning c. Business response d. Disaster readiness ANSWER: b 14. In the event of an incident or disaster, which planning element is used to guide off-site operations? a. Project management b. Business continuity c. Disaster recovery d. Incident response ANSWER: b 15. Which is the first step in the contingency planning process among the options listed here? a. Business continuity training b. Disaster recovery planning c. Business impact analysis d. Incident response planning ANSWER: c 16. Which of the following is a mathematical tool that can be useful in assessing relative importance while resolving the issue of what business function is the most critical? a. Weighted analysis b. BIA questionnaire c. Recovery time organizer d. MTD comparison ANSWER: a 17. What is the final stage of the business impact analysis when using the NIST SP 800-34 approach? a. Identify resource requirements b. Identify business processes c. Determine mission/business processes and recovery criticality d. Identify recovery priorities for system resources ANSWER: d 18. At what point in the incident lifecycle is the IR plan initiated? a. Before an incident takes place b. Once the DRP is activated c. When an incident is detected that affects it d. Once the BCP is activated ANSWER: c
  • 3. Name: Class: Date: Chapter 10: Planning for Contingencies Copyright Cengage Learning. Powered by Cognero. Page 3 19. Which of the following is the process of examining a possible incident and determining whether it constitutes an actual incident? a. Incident classification b. Incident identification c. Incident registration d. Incident verification ANSWER: a 20. Which of the following is a possible indicator of an actualincident? a. Unusual consumption of computing resources b. Activities at unexpected times c. Presence of hacker tools d. Reported attacks ANSWER: a 21. Which of the following is a definite indicator of an actual incident? a. Unusual system crashes b. Reported attack c. Presence of new accounts d. Use of dormant accounts ANSWER: d 22. Which of the following determines the scope of the breach of confidentiality, integrity, and availability of information and information assets? a. Incident report b. Incident damage assessment c. Information loss assessment d. Damage report ANSWER: b 23. After an incident, but before returning to its normal duties, the CSIRT must do which of the following? a. Create the incident damage assessment b. Conduct an after-action review c. Restore data from backups d. Restore services and processes in use ANSWER: b 24. Which of the following is a part of the incident recovery process? a. Identifying the vulnerabilities that allowed the incident to occur and spread b. Determining the event’s impact on normal business operations and, if necessary, making a disaster declaration c. Supporting personnel and their loved ones during the crisis d. Keeping the public informed about the event and the actions being taken to ensure the recovery of personnel and the enterprise ANSWER: a 25. Which of the following is the best example of a rapid-onset disaster? a. Flood b. Pest infestation c. Famine d. Environmental degradation ANSWER: a 26. Which of the following is usually conducted via leased lines or secure Internet connections whereby the receiving server archives the data as it is received?. a. Database shadowing b. Timesharing
  • 4. Name: Class: Date: Chapter 10: Planning for Contingencies Copyright Cengage Learning. Powered by Cognero. Page 4 c. Traditional backups d. Electronic vaulting ANSWER: d 27. Which of the following is the transfer of live transactions to an off-site facility? a. Remote journaling b. Electronic vaulting c. Database shadowing d. Timesharing ANSWER: a 28. When a disaster renders the current business location unusable, which plan is put into action? a. Business continuity b. Crisis management c. Incident response d. Business impact analysis ANSWER: a 29. Which of the following is true about a hot site? a. It is an empty room with standard heating, air conditioning, and electrical service. b. It includes computing equipment and peripherals with servers but not client workstations. c. It duplicates computing resources, peripherals, phone systems, applications, and workstations. d. All communications services must be installed after the site is occupied. ANSWER: c 30. In which type of site are no computer hardware or peripherals provided? a. Cold site b. Warm site c. Timeshare d. Hot site ANSWER: a 31. Which of the following is a responsibility of the crisis management team? a. Restoring the data from backups b. Evaluating monitoring capabilities c. Keeping the public informed about the event and the actions being taken d. Restoring the services and processes in use ANSWER: c 32. In which contingency plan testing strategy do individuals follow each and every IR/DR/BC procedure, including the interruption of service, restoration of data from backups, and notification of appropriate individuals? a. Desk check b. Simulation c. Structured walk-through d. Full-interruption ANSWER: d 33. In which contingency plan testing strategy do individuals participate in a role-playing exercise in which the CP team is presented with a scenario of an actualincident or disaster and expected to react as if it had occurred? a. Desk check b. Simulation c. Structured walk-through d. Parallel testing ANSWER: b 34. Which of the following allows investigators to determine what happened by examining the results of an event—
  • 5. Name: Class: Date: Chapter 10: Planning for Contingencies Copyright Cengage Learning. Powered by Cognero. Page 5 criminal, natural, intentional, or accidental? a. Digital malfeasance b. E-discovery c. Forensics d. Evidentiary procedures ANSWER: c 35. Which document must be changed when evidence changes hands or is stored? a. Chain of custody b. Search warrant c. Affidavit d. Evidentiary material ANSWER: a 36. Which type of document grants formal permission for an investigation to occur? a. Affidavit b. Search warrant c. Evidentiary report d. Forensic concurrence ANSWER: b 37. Which of the following is an approach available to an organization as an overall philosophy for contingency planning reactions? a. Protect and forget b. after-action review c. Transfer to local/state/federal law enforcement d. Track, hack and prosecute ANSWER: a 38. In digital forensics, all investigations follow the same basic methodology. Which of the following should be performed first in a digital forensics investigation? a. Report the findings to the proper authority b. Acquire (seize) the evidence without alteration or damage c. Identify relevant items of evidentiary value (EM) d. Analyze the data without risking modification or unauthorized access ANSWER: c 39. The four components of contingency planning are the ____________________, the incident response plan, the disaster recovery plan, and the business continuity plan. ANSWER: BIA Business Impact Analysis 40. If operations at the primary site cannot be quickly restored, the ____________________ occurs concurrently with the DR plan, enabling the business to continue at an alternate site. ANSWER: BCP business continuity plan BC plan 41. The ____________________ plan is a detailed set of processes and procedures that anticipate, detect, and mitigate the effects of an unexpected event that might compromise information resources and assets. ANSWER: incident response IR
  • 6. Name: Class: Date: Chapter 10: Planning for Contingencies Copyright Cengage Learning. Powered by Cognero. Page 6 IR plan 42. A(n) ____________________ occurs when an attack affects information resources and/or assets, causing actual damage or other disruptions. ANSWER: incident 43. A(n) ____________________ is a document containing contact information of the individuals to notify in the event of an actualincident. ANSWER: alert roster 44. When dealing with an incident, the incident response team must conduct a(n) ____________________, which entails a detailed examination of the events that occurred from first detection to final recovery. ANSWER: after action review after-action review AAR 45. ____________________ planning ensures that critical business functions can continue if a disaster occurs. ANSWER: Business continuity BC business continuity 46. A(n) ____________________ is an agency that provides, in the case of DR/BC planning, physical facilities for a fee. ANSWER: service bureau 47. The bulk batch-transfer of data to an off-site facility is known as ____________________. ANSWER: electronic vaulting 48. In ____________________ testing of contingency plans, the individuals follow each and every procedure, including the interruption of service, restoration of data from backups, and notification of appropriate individuals. ANSWER: full-interruption full interruption 49. The first component of the analysis phase of a digital forensic investigation is ___________, which allows the investigator to quickly and easily search for a specific type of file. ANSWER: indexing 50. What are the major components of contingency planning? ANSWER: Business impact analysis (BIA) Incident response plan (IR plan) Disaster recovery plan (DR plan) Business continuity plan (BC plan) 51. What teams are involved in contingency planning and contingency operations? ANSWER: contingency planning management team incident response team disaster recovery team business continuity team 52. Explain the difference between a business impact analysis and the risk management process.
  • 7. Name: Class: Date: Chapter 10: Planning for Contingencies Copyright Cengage Learning. Powered by Cognero. Page 7 ANSWER: One of the fundamental differences between a BIA and the risk management processes is that risk management focuses on identifying the threats, vulnerabilities, and attacks to determine which controls can protect the information. The BIA assumes that these controls have been bypassed, have failed, or have otherwise proved ineffective, that the attack succeeded, and that the adversity that was being defended against has come to fruition. 53. When undertaking the BIA, what should the organization consider? ANSWER: Scope Plan Balance Objective Follow-up 54. List four of the eight key components of a typical IR policy. ANSWER: The key components of a typical IR policy are: - Statement of management commitment - Purpose and objectives of the policy - Scope of the policy - Definition of InfoSec incidents and related items - Organizational structure and delineation of roles, responsibilities, and levels of authorities - Prioritization of severity ratings of incidents - Performance measures - Reporting and contact forms 55. There are six key elements that the CP team must build into the DR Plan. What are three of them? ANSWER: The key elements that the CP team must build in the DRP are: - Clear delegation of roles and responsibilities - Execution of the alert roster and notification of key personnel - Clear establishment of priorities - Procedures for documentation of the disaster - Action steps to mitigate the impact of the disaster on the operations of the organization - Alternative implementations for the various systems components, should primary versions be unavailable 56. List the seven steps of the incident recovery process according to Donald Pipkin. ANSWER: The incident recovery process involves the following steps: - Identify the vulnerabilities that allowed the incident to occur and spread. Resolve them. - Address the safeguards that failed to stop or limit the incident, or were missing from the system in the first place. Install, replace, or upgrade them. - Evaluate monitoring capabilities (if present). Improve detection and reporting methods, or install new monitoring capabilities. - Restore the data from backups. - Restore the services and processes in use. - Continuously monitor the system. - Restore the confidence of the members of the organization’s communities of interest. 57. Compare and contrast a hot site, a warm site, and a cold site. ANSWER: Hot site—A hot site is a fully configured computer facility, with all services, communications links, and physical plant operations. It duplicates computing resources, peripherals, phone systems, applications, and workstations. Essentially, this duplicate facility needs only the latest data backups and the personnel to function. If the organization uses one of the data services listed in the following sections, a hot
  • 8. Name: Class: Date: Chapter 10: Planning for Contingencies Copyright Cengage Learning. Powered by Cognero. Page 8 site can be fully functional within minutes. Warm site—A warm site provides many of the same services and options as the hot site, but typically software applications are not included or are not installed and configured. A warm site frequently includes computing equipment and peripherals with servers but not client workstations. Overall, it offers many of the advantages of a hot site at a lower cost. The disadvantage is that severalhours, or days, are required to make a warm site fully functional. Cold site—A cold site provides only rudimentary services and facilities. No computer hardware or peripherals are provided. All communications services must be installed after the site is occupied. A cold site is an empty room with standard heating, air conditioning, and electrical service. Everything else is an added-cost option. Despite these disadvantages, a cold site may be better than nothing. Its primary advantage is its low cost. 58. What are the three roles performed by the crisis management team? ANSWER: Supporting personnel and their loved ones during the crisis Keeping the public informed about the event and the actions being taken to ensure the recovery of personnel and the enterprise Communicating with major customers, suppliers, partners, regulatory agencies, industry organizations, the media, and other interested parties 59. Discuss three of the five strategies that can be used to test contingency strategies. ANSWER: Desk check: The CP testing strategy in which copies of the appropriate plans are distributed to all individuals who will be assigned roles during an actual incident or disaster; each individual reviews the plan and validates its components. Full-interruption testing: The CP testing strategy in which all team members follow each IR/DR/ BC procedure, including those for interruption of service, restoration of data from backups, and notification of appropriate individuals. Simulation: The CP testing strategy in which the organization conducts a role-playing exercise as if an actual incident or disaster had occurred. The CP team is presented with a scenario in which all members must specify how they would react and communicate their efforts. Structured walk-through: The CP testing strategy in which all involved individuals walk through a site and discuss the steps they would take during an actual CP event. A walk-through can also be conducted as a conference room talk-through. Talk-through: A form of structured walk-through in which individuals meet in a conference room and discuss a CP plan rather than walking around the organization. 60. Describe the methodology an organization should follow in an investigation. ANSWER: In digital forensics, all investigations follow the same basic 5 stage methodology: 1. Identify relevant items of evidentiary value (EM) 2. Acquire (seize) the evidence without alteration or damage 3. Take steps to assure that the evidence is at every step verifiably authentic at every step and is unchanged from the time it was seized 4. Analyze the data without risking modification or unauthorized access 5. Report the findings to the proper authority