CLASS NOTES

¡Supera tus tareas y exámenes ahora con Quizwiz!

True or False? The business continuity plan (BCP) EMT is important because the EMT provides medical assistance in the event of a disaster, such as an earthquake or hurricane, that would cause a disruption.

True False

True or False? A best practice when performing a business impact analysis (BIA) is to avoid taking shortcuts.

True False

True or False? A business impact analysis (BIA) is intended to include all IT functions.

True False

True or False? A disaster recovery plan (DRP) helps prevent disasters.

True False

True or False? A warm site is a compromise between a hot site and a cold site.

True False

True or False? An acceptable use policy (AUP) can help to prevent data leakage.

True False

True or False? Calculating the impact and priority of an incident can be used to determine how critical the attack is.

True False

True or False? Criticality is usually documented in the business impact analysis (BIA) but is repeated in the business continuity plan (BCP) for the sake of clarity.

True False

True or False? Criticality of operations identifies the order of importance of each of the seven domains of the typical IT infrastructure.

True False

True or False? During a business impact analysis (BIA), the highest priorities are assigned based on the shortest maximum acceptable outages (MAOs).

True False

True or False? Electronic vaulting is a method that transfers backup data to an off-site location.

True False

True or False? Even though the business impact analysis (BIA) identifies priorities, it is common to reaffirm them in a business continuity plan (BCP).

True False

True or False? Firewalls are not an effective tool for determining whether users are violating policies

True False

True or False? Firewalls are not an effective tool for determining whether users are violating policies.

True False

True or False? For a business impact analysis (BIA), the step of "identifying the environment" means having a good understanding of the business function.

True False

True or False? Generally, the three phases of a computer forensics investigation are to acquire the evidence, authenticate the evidence, and then analyze the evidence.

True False

True or False? In regards to system recovery, RPO stands for recovery policy objective.

True False

True or False? In regards to system recovery, RTO stands for recovery time objective.

True False

True or False? In virtualization, each virtual server runs on the network just as if it were a physical server.

True False

True or False? Inappropriate usage occurs when employees or internal users violate acceptable use policies (AUPs) or other internal policies.

True False

True or False? It is dangerous to assume anything when creating a business continuity plan (BCP) because assumptions are rarely accurate.

True False

True or False? Mission-critical business functions are those that are considered vital to an organization.

True False

True or False? Mobile code is a type of malware that executes when a user visits a website or opens an email.

True False

True or False? Once you identify critical business functions (CBFs) and critical business processes, map them to a business impact analysis (BIA).

True False

True or False? One method of handling malware is to remove it from the infected system.

True False

True or False? Recovery time objectives (RTOs) identify when a system must be recovered to avoid unacceptable business consequences.

True False

True or False? Scope creep can occur if the scope of a business continuity plan (BCP) is not defined.

True False

True or False? Some recovery point objectives (RPOs) require you to recover data up to a moment of failure.

True False

True or False? Starting with clear objectives is a best practice for performing a business impact analysis (BIA).

True False

True or False? Storing backed-up data at an off-site location makes it available for restoration in case something compromises the original data.

True False

True or False? Telecommuters are not key to a business continuity plan (BCP) because they work from remote locations. Therefore, any disruptions would not affect them.

True False

True or False? The business continuity plan (BCP) should be reviewed weekly.

True False

True or False? The business continuity plan (BCP) technical recovery team needs to be very familiar with existing disaster recovery plans (DRPs) and may have even authored them.

True False

True or False? The chain of custody log should include the time, date, and name of the person who is receiving evidence.

True False

True or False? The clear intent of a DRP should be mission-critical functions first and personnel next.

True False

True or False? The difference between a denial of service (DoS) attack and a distributed denial of service (DDoS) attack is that a DoS attack is launched from multiple computers.

True False

True or False? The penalty for failing to meet a service level agreement (SLA) is an indirect cost.

True False

True or False? The scope of a business impact analysis (BIA) for any size organization must include the entire organization.

True False

True or False? The seven steps of a business impact analysis (BIA) are the same as the seven steps of contingency planning.

True False

True or False? The terms "computer incident" and "computer security incident" mean the same thing.

True False

True or False? To avoid scope creep, it is important that a disaster recovery plan (DRP) always has one clear purpose or goal.

True False

True or False? True or False? The two primary terms related to recovery requirements are RTO and RPO.

True False

True or False? Typically, as the outage time of a business disruption increases, the cost of the disruption also increases.

True False

True or False? When someone determines an event is an incident, he or she declares it to be so, which is known as escalation.

True False

Which of the following is not a best practice when performing a business impact analysis (BIA)?

Using a top-down approach Starting with clear objectives Planning interviews and meetings in advance Correct Answer Using the same data collection methods

Which of the following is not a step in the process of hardening a server?

Using social engineering techniques to collect data Reducing the attack surface Enabling an intrusion detection system (IDS) Enabling a firewall

Which type of malware is a self-replicating, stand-alone program?

Virus Worm Trojan Mobile code

In a business continuity plan (BCP), if a system houses data, the data must be protected according to:

available controls. the cost to replace it. the number of times it has been backed up. its level of classification.

How does a computer incident response team (CIRT) plan mitigate an organization's risk?

A CIRT plan helps an organization prepare for a security incident. A CIRT plan helps an organization prevent security incidents. A CIRT plan acts as a guide for implementing security controls. A CIRT plan implements an organization's business impact analysis (BIA).

Isabella is preparing to write a disaster recovery plan (DRP). What must she have before she proceeds with writing?

A clear idea of her primary concerns DRP developer certification A clear, singular goal A subject matter expert to aid in the process of writing the DRP

True or False? Regarding disaster recovery, a mobile site can be set up in an outside space close to an impacted site.

True False

What key element is necessary for a disaster recovery plan (DRP) to succeed in a time of crisis?

Adequate budget Sufficient testing prior to a real disaster Coverage of all likely disaster scenarios Management support

What is critical data?

All data that is backed up and stored Correct Answer Data that supports critical business functions (CBFs) Data that supports IT managers Data identified in the business continuity plan (BCP)

What step of a business continuity plan (BCP) comes after providing training?

Developing individual disaster recovery plans (DRPs) Testing and exercising plans Maintaining and updating plans Completing the business impact analysis (BIA)

True or False? A multiple component security incident is a single incident that includes two or more other incidents, which are related to each other but not always immediately apparent.

True False

True or False? Critical success factors (CSFs) include elements necessary to perform the mission of an organization.

True False

Which of the following can determine that a business function is critical?

Anyone in the IT department Only the IT department manager Any stakeholder Only a cost-benefit analysis (CBA)

What term refers to the process of acquiring, authenticating, and analyzing incident-related evidence?

Attack recovery Incident response Chain of custody Computer forensics

True or False? Hot sites are inexpensive to maintain.

True False

Which key planning principle guides the development of a business continuity plan (BCP)?

Budget for recovery operations Length of time expected before returning to normal operations Scope of the business impact analysis (BIA) Level of effort required to interview all stakeholders

Which factor most directly affects the scope of a business impact analysis (BIA)?

Degree of organizational automation Reliance of revenue stream on IT resources Geographical diversity of the organization Size of the organization

Which technique describes the generally accepted formal method to properly handle evidence collected as part of an investigation?

Chain of custody Due diligence Collection best practices Seizure policy

You are a stakeholder who has just designated a business function as critical. What must you do now?

Dedicate resources to protect the function. Perform a cost-benefit analysis (CBA). Evaluate vulnerabilities. Bring it up in the next meeting.

What is the difference between fault tolerance and disaster recovery?

Disaster recovery addresses naturally occurring disaster loss, and fault tolerance protect from hardware and manmade failures. Fault tolerance mitigates component failures, and disaster recovery restores operations after a major loss. The two terms refer to the same process. Fault tolerance mitigates hardware failures, and disaster recovery mitigates data loss.

What business continuity plan (BCP) team is responsible for declaring the severity of an incident?

EMT DAT TRT BCT

Which of the following is not a direct cost?

Equipment replacement costs Building replacement costs Salaries paid to staff who are idled due to a network outage Costs to regain market share

Which of the following is not included on a checklist for addressing a denial of service (DoS) attack?

Eradication Recovery Encryption Containment

___________ increases the availability of systems even when an isolated outage occurs, while ___________ provides the procedures to recover systems after a major failure.

Fault recovery, disaster tolerance A business continuity plan (BCP), a disaster recovery plan (DRP) Fault tolerance, disaster recovery A business impact analysis (BIA), a business continuity plan (BCP)

After developing a business impact analysis (BIA) for her organization, Maria was asked by her manager to update the BIA recommendations with a higher recovery time objective (RTO). What is the most likely reason management would argue for a higher RTO?

Higher RTOs expose critical business functions (CBFs) to higher risk. Lower RTOs are technically infeasible. Lower RTOs are more expensive. Higher RTOs increase customer confidence.

What is the primary purpose of identifying critical resources in the business impact analysis (BIA) process?

Identify all IT assets that support critical business functions (CBFs). Identify IT assets that support revenue generation. Prioritize IT assets by replacement cost and value. Prioritize IT assets by relative vulnerabilities.

What are the first two steps in the business impact analysis (BIA) process?

Identify the environment and identify critical resources Identify the environment and identify stakeholders Identify stakeholders and identify critical resources Identify recovery priorities and identify stakeholders

In most cases, should a computer incident response team (CIRT) plan include pursuing the attacker?

It depends on recommendations from law enforcement personnel based on each case. Yes, a decisive reaction can discourage further attacks. No, because attackers always have more resources and will escalate the attack. No, because retaliatory attacks may be illegal or result in civil litigation.

True or False? A business continuity plan (BCP) is part of a business impact analysis (BIA).

True False

Which of the following is not an indirect cost?

Loss of goodwill Cost to re-create or recover data Lost opportunities during recovery Cost to regain market share

Which term is defined as "an element necessary to perform the mission of an organization"?

MAO CBA CBF CSF

Which term is sometimes referred to as the maximum tolerable period of disruption (MTPD)?

Maximum acceptable outage (MAO) Critical business function (CBF) Recovery point objective (RPO) Recovery time objective (RTO)

Regarding business continuity, what is the first phase of activity if a disruption occurs?

Planning phase The reconstitution phase The recovery phase The notification and activation phase

Your team is developing a business impact analysis (BIA). You have identified the critical business functions (CBFs) and associated processes. What should you do next?

Prioritize IT asset recovery options. Map processes to IT systems. Identify stakeholders. Evaluate the recovery cost of each proposed option

Which of the following is the most important consideration of a disaster recovery plan (DRP)?

Protecting personnel Minimizing IT infrastructure damage Restoring operations Ensuring continuity of business operations

Devaki is a member of the computer incident response team (CIRT). Several systems in her organization are exhibiting unusual behavior, and a malware infection is suspected. As the team enters the detection and analysis phase of the incident handling process, what is an action Devaki might take?

Run virus scans. Revise the CIRT plan. Return the systems to full operation. Launch a counterattack against the source of the incident.

What term refers to computers and devices that attackers control and from which they launch attacks?

Soldiers Ninjas Zombies Nodes

Which type of attack threatens the availability of a system?

Spoofing Inappropriate usage Unauthorized access Denial of service (DoS)

Which business continuity plan (BCP) test type brings all participants together in a conference room or similar environment to walk through BCP scenarios?

Step evaluation Disaster recovery plan (DRP) test Recovery test Tabletop exercise

Which of the following is not one of the three commonly used business continuity plan (BCP) teams?

Technical recovery Emergency management Critical contractor Damage assessment

What are critical resources?

Those that are required to support maximum acceptable outages (MAOs) Those that are required to support critical business functions (CBFs) Those that are required to support cost-benefit analyses (CBAs) Those that are required to support critical success factors (CSFs)

What is the primary reason for testing a disaster recovery plan (DRP)?

To ensure it performs as expected To increase or decrease the number of personnel needed for an actual disaster To ensure it properly identifies recovery point objectives (RPOs) So management can sign off on the plan

What is the purpose of a business continuity plan (BCP)?

To ensure that mission-critical elements of an organization continue to operate during and after a disruption To ensure that mission-critical elements of an organization are properly restored after a disruption To prevent loss of mission-critical activities of organization employees in case of a disruption To identify mission-critical elements of an organization in case of a disruption

What is the purpose of a computer incident response team (CIRT) plan?

To help an organization prepare for incidents and mitigate damage To help an organization prevent cyberattacks To ensure that critical business functions (CBFs) are not affected by computer attacks To facilitate an easy recovery in the event of an attack

What is the primary purpose of a disaster recovery plan (DRP)?

To protect critical business processes from interruption To define critical business processes to a business's operation To restore critical business processes or systems to operation To specify prioritized processes necessary to maintain business continuity

What is the primary benefit of a business continuity plan (BCP)?

To reduce the cost of recovery To better prepare the organization to respond to an interruption To reduce the probability of an interruption To inform the organization as to the expected cost of annual interruptions

What technique is commonly used to handle incidents in the absence of a computer incident response team (CIRT)?

Top-down Trial-and-error Bottom-up Cause-and-effect

True or False? A security incident's criticality rating may be on a scale of minimal, medium, and critical.

True False

True or False? If a disruption occurs during work hours, the business continuity plan (BCP) program manager should be the first person on the scene.

True False

True or False? Organizations typically approve the use of anonymizer sites to help protect employees online.

True False

A disaster recovery plan (DRP) simulation:

goes through all the steps and procedures as if an actual disaster were occurring. resembles a tabletop exercise for a business continuity plan (BCP). goes through the steps and procedures in a controlled manner. involves participants talking through the steps and procedures in a conference room setting.

Having supplies on hand for continued production:

is a best practice in the creation and implementation of a business continuity plan (BCP). may be preferable to having an organization obtain parts and supplies as needed. may conflict with other organizational planning principles. is the definition of a just-in-time philosophy.

By identifying critical business functions (CBFs) first, you use a ________ approach.

trickle-down bottom-up Keynesian top-down

Lower recovery time objectives (RTOs) are __________ but __________.

unachievable, ideal elusive, maintainable Correct Answer achievable, costly risky, high-yield

Defining a computer security incident is:

unnecessary because incidents evolve frequently. handled only by the U.S. government. a best practice when implementing a computer incident response team (CIRT) plan.

A business impact analysis (BIA) identifies an impact that can result from a:

vulnerability. disruption in a business. risk to an IT infrastructure. threat to the IT infrastructure.


Conjuntos de estudio relacionados

Chapter 65: Management of Patients with Oncologic or Degenerative Neurologic Disorders

View Set

Art 312- cabinets, cut-in boxes, and meter socket enclosures

View Set

A&P The 7 Steps @ Neuromuscular Junction

View Set

Chapter 5 Macroeconomics Elasticity and Its Application

View Set

Definition of Collaborator, Perpetrator, and Bystander

View Set