Conklin-5th(Ch19-25)

**5. What is the primary objective of change management

>A. To enable beneficial changes to be made, with minimum disruption to IT services

**13. How is quarantine accomplished

>A. With the erection of firewalls that restrict communication between machines

*1. What two components are necessary for successful incident response?

>B. Knowledge of one's own systems and knowledge of the adversary

*8. How do most advanced persistent threats (APTs) begin

>B. Most APTs begin through a phishing or spear phishing attack.

**10. What is a software bomb?

>B. Software that can destroy or modify files when commands are executed on the computer

Cookie-Cutter

>C. It prevents the transfer of cookies between browsers and web servers.

*10. Which attack involves the planting of software in the victim's network, creating network backdoors and tunnels to allow stealth access to its infrastructure

>D. Remote administration Trojan (RAT) attack

** 18. Which calculated value determines the threshold for evaluating the cost/benefit ratio of a given countermeasure?

ALE

**2. Which data destruction method is considered to be one of the gold standard methods?

Burning

**8. Which law regulates unsolicited commercial e-mail

CAN-SPAM act

*5. __________ requires that sites obtain parental permission, post a privacy policy detailing specifics concerning information collected from children, and describe how the children's information will be used

COPPA

*1. Which term is directly related to managing and controlling software development, maintenance, and system operation

Change Management

*13. Which alternative site provides the basic environmental controls necessary to operate, but has few of the computing components necessary for processing?

Cold site

**4. __________ is the unauthorized entry into a computer system via any means

Computer trespass

*1. Which plan defines the data and resources necessary and the steps required to restore critical organizational processes?

DRP (Disaster Recover Plan)

**4. What are the two components comprising information criticality?

Data classification and the quantity of data involved

*1. __________ are responsible for the day-to-day caretaking of data.

Data custodians

**23. Which term implies the concept of "don't keep what you don't need"

Data minimization

**13. Which term refers to a measure of the magnitude of loss of an asset

EF (Exposure Factor)

*7. In an "old school" attack, which step is a listing of the systems and vulnerabilities to build an attack game plan.

Enumeration

*4. A school principle allows for student information to be accessed by a marketing company in exchange for goods and services for the school. The principle may have violated which law

FERPA

**3. Which law was designed to enable public access to U.S. government records

FOIA

*5. Which backup technique requires a large amount of space and is considered to have a simple restoration process

Full backup

**11. Which of the following has the least volatile data

Hard disk

*15. Which type of alternative site generally use trailers, often rely on generators for their power but also factor in the requirement for environmental controls immediately

Mobile site

*2. What DRP category would a business function fall under if an organization could last without that function for up to 30 days before the business was severely impacted?

Necessary for normal processing

**2. Which term refers to the process of subjectively determining the impact of an event that affects a project, program, or business

Qualitative risk assessement

**20. Which RAID configuration, known as striped disks, simply spreads the data that would be kept on the one disk across several disks?

RAID 0

**21. Which RAID configuration, known as mirrored disks, copies the data from one disk onto two or more disks

RAID 1

**1. Which term refers to the possibility of suffering harm or loss?

Risk

**11. Which law overhauled the financial accounting standards for publicly traded firms in the United States

Sarbanes-Oxley act

**6. Which term refers to the examination of machines to determine what operating systems, services, and vulnerabilities exist?

Scanning

**22. Which term ensures that no single individual or organization possesses too much control in a process, helping to prevent errors and fraudulent or malicious acts?

Segregation of Duties

**3. What is a foundation for change management?

Separation of Duties

**1. A law that is passed by a legislative branch of government is known as a(n) __________.

Statutory

**9. Which term refers to characteristics of resources that can be exploited by a threat to cause harm

Vulnerabilities

*11. Which alternative site is partially configured, usually having peripherals and software, but perhaps not the more expensive main processing components and is designed to be operational within a few days?

Warm site

*14. The term __________ describes a series of digits near the beginning of the file that provides information about the file format.

magic number

*19. Which term is a mechanism where traffic is directed to identical servers based on availability

Load balancing

**25. Which RAID configuration, known as block-striped with error check, is a commonly used method that stripes the data at the block level and spreads the parity data across the drives

RAID 5

*4. Which strategy is focused on backup frequency?

RPO (Recovery Point Object)

**17. Which formula represents the annualized loss expectancy (ALE)

ALE = (SLE)(ARO) (single loss expect X annualized rate occurrence)

**16. Which statistical term is a representation of the frequency of the event, measured in a standard year

ARO

**2. Laws and regulations that are created by government-sponsored agencies such as the EPA, the FAA, and the FCC are known as __________.

Administrative

*11. In which step of the general risk management model do you determine which controls to put in place to mitigate the risks

Control Design & Evaluation (Step 4)

*7. Which backup requires a small amount of space and is considered to have a complex restoration process?

Delta backup

*3. Which term describes a circumstance that increases the likelihood or probable severity of a loss

Hazard

*10. Which type of alternative site is a fully configured environment that is similar to the normal operating environment and can be operational immediately or within a few hours, depending on its configuration and the needs of the organization

Hot site

**4. All accesses and privileges to systems, software, or data should be granted based on

Least Privilege

*12. What is the mechanism for self-regulation that can be enforced through trade practice law via the FTC?

Safe Harbor

**25. Which term refers to the path or tool used by an attacker to attack a target

Threat Vector

**13. Clusters that are marked by the operating system as usable when needed are referred to as __________.

free space

*6. Which backup requires a medium amount of space and is considered to have an involved restoration process?

Incremental backup

**3. What is the primary determinant in determining the level of incident response and a key measure used to prioritize actions throughout the incident response process?

Information Criticality

*23. Which tool is most useful for depicting interdependencies between project activities, showing the sequence and duration of each activity

PERT chart

*12. What name is given to a logical storage unit that is subsequently used by an operating system?

Partition