Chapters 19-20 Q's
If you have a farm of five web servers and two of them break, what is the exposure factor (EF)?
40 percent
Which of the following correctly defines a Gantt chart?
A management tool for diagramming schedules, events, and activity duration
Which of the following is not a viable option when dealing with risk?
A manager can take action to increase risk.
Which calculated value determines the threshold for evaluating the cost/benefit ratio of a given countermeasure?
ALE
Which of the following is the calculated annualized loss expectancy (ALE)?
ALE = $20,000
BOOK QUESTIONS BELOW
BOOK QUESTIONS BELOW
Which of the following is a technology risk?
Business continuity management
Which strategy has the goal of defining the requirements for business continuity?
Business continuity plan (BCP)
Which management tool is used for identifying relationships between a risk and the factors that can cause it?
Cause and effect analysis
What common utility or infrastructure is important to consider when developing your recovery plans?
Communications
In which backup strategy are only those portions of the files and software that have changed since the last backup backed up.
Delta
Which backup requires a small amount of space and is considered to have a complex restoration process?
Delta
Which event is an example of a tangible impact?
Endangerment of staff or customers
When discussing qualitative risk assessment versus quantitative risk assessment, which of the following is true?
It is impossible to conduct a purely quantitative risk assessment, but it is possible to conduct a purely qualitative risk assessment.
Which term refers to the ability to distribute the processing load over two or more systems?
Load balancing
To ensure that critical systems is not lost during a failure, it is important that which of the following be true?
MTTR<RTO
Which type of alternative site generally use trailers, often rely on generators for their power but also factor in the requirement for environmental controls immediately?
Mobile backup site
Which term refers to the process of subjectively determining the impact of an event that affects a project, program, or business?
Qualitative risk assessment
Which RAID configuration is known as bit-level error-correcting code and not typically used, as it stripes data across the drives at the bit level as opposed to the block level?
RAID
Which RAID configuration, known as mirrored disks, copies the data from one disk onto two or more disks?
RAID 1
Which strategy is focused on backup frequency?
Recovery time objective (RTO)
The asset value of a small distribution warehouse is $5 million, and this warehouse serves as a backup facility. Its complete destruction by a disaster would take away about 1/5 of the capability of the business. Which of the following is the calculated single loss expectancy (SLE)?
SLE = $1 million
Which formula is used to calculate the single loss expectancy (SLE)?
SLE = asset value (AV) × exposure factor (EF)
Single loss expectancy (SLE) can best be defined by which of the following equations?
SLE = asset value * exposure factor
Which term refers to a critical operation in the organization upon which many other operations rely and which itself relies on a single item that, if lost, would halt this critical operation?
Single point of failure
Which term describes a proactive plan for personnel substitutions in the event that the primary person is not available to fulfill their assigned duties?
Succession planning
Which of the following is considered an issue with long-term storage of magnetic media, as discussed in the chapter
Tape media can be used a limited number of times before it degrades. Software and hardware evolve, and the media stored may no longer be compatible with current technology. *Both A and B
For organizations that draw a distinction between a BCP and a DRP, which of the following is true?
The BCP details the function that are most critical and outlines the order in which critical functions should be returned to service to maintain business operations.
Which of the following is a consideration in calculating the cost of a back strategy
The cost of the backup media The storage cost for thee backup media The frequency with which backups are created *All of the Above
A good backup plan will include which of the following?
The critical data needed for the organization to operate. Any software that is required to process the organization's data. Specific hardware to run the software or to process the data. All of the Above.*
Which of the following correctly defines risk?
The possibility of suffering harm or loss.
The presence of risks in a system is an absolute—they cannot be removed or eliminated.
True?
Which of the following is the name for a partially configured environment that has the peripherals and software that the normal processing facility contains and that can be operational within a few days?
Warm Site
Which formula represents the annualized loss expectancy (ALE)?
ALE = single loss expectancy (SLE) × annualized rate of occurrence (ARO)
Which term refers to the process of controlling changes to items that have been baselined?
Configuration control
Which type of alternative site is a fully configured environment that is similar to the normal operating environment and can be operational immediately or within a few hours, depending on its configuration and the needs of the organization?
Hot site
A business impact assessment (BIA) is conducted to :
Identify the most critical functions for an organization
Which of the following correctly defines annualized rate of occurrence?
On an annualized basis, the frequency with which an event is expected to occur
Which of the following correctly defines qualitative risk management?
The process of subjectively determining the impact of an event that affects a project, program, or business.
Which of the following statements about risk is true?
The risk itself doesn't really change. However, actions can be taken to reduce the impact of the risk.
Which of the following correctly defines residual risk?
The risks still remaining after an iteration of risk management
Which term refers to the path or tool used by an attacker to attack a target?
Threat vector
Why is it important that security exercises be conducted?
To provide the opportunity for all parties to practice the procedures that have been established to respond to a security incident.
