ITN 276 chapter 13
Mean time to repair (MTTR) is the amount of time, on average, before a given device is likely to fail through normal use.
False
What is the definition of business continuity plan (BCP)?
A plan for maintaining minimal operations until the business can return to full normal operations
What is the process whereby the disaster recovery team contemplates likely disasters and what impact each would have on the organization?
Business impact analysis
Regarding incident response, what step aims to limit an incident?
Containment
At which phase of incident response does computer forensics begin?
Eradication
A business continuity plan (BCP) is a process whereby the disaster recovery team contemplates likely disasters and what impact each would have on the organization.
False
A business continuity plan (BCP) is focused on executing a full recovery to normal operations.
False
A disaster recovery plan (DRP) is focused on keeping the organization functioning as well as possible until a full recovery can be made.
False
An analysis of how specific incidents might impact business operations is the definition of business continuity plan (BCP).
False
In incident response, the phase where the IT team determines how the incident occurred and what steps should be taken to prevent the incident from reoccurring is referred to as the containment phase.
False
Typically, a business continuity plan (BCP) is needed if a disaster recovery plan (DRP) cannot get an organization back to full capacity within 24 hours or less, after a disaster.
False
Suppose a virus takes a company's main web server offline. What would NOT be part of a business continuity plan (BCP) in this case?
Having a full web server, equivalent to the failed server, back online and running at full capacity
Jennifer sends a threatening email to Rachel, a classmate, to bully her. What type of computer security incident is being described?
Inappropriate usage
Samuel provided illegal copies of software to others through a peer-to-peer (P2P) file-sharing service. The P2P software caused data leakage, resulting in private data from Sam's computer being shared on the Internet with anyone else using the same P2P software. What type of network security incident is being described?
Inappropriate usage
Malcolm uses a USB thumb drive at home to store music and videos he downloaded from the Internet. One day he inserts it into a work computer to show a co-worker a funny video. In doing so, a malicious file on the thumb drive infects the computer. What type of computer security incident is being described?
Malicious code
What is meant by maximum tolerable downtime (MTD)?
The length of time a system can be down before the business cannot recover
A computer security incident is any event that violates an organization's security policies. This includes computer security policies, acceptable use policies, or standard security practices.
True
A traditional backup plan includes backup media rotation, in which backup media is overwritten with newer backups.
True
Forensic methodology must be interwoven into an organization's incident response policy.
True
Hard drive failure can disrupt normal operations for an organization's computer systems and, therefore, constitute a disaster.
True
Hierarchical storage management (HSM) can be configured to provide near real-time backup.
True
Mean time before failure (MTBF) is the amount of time, on average, before a given device is likely to fail through normal use.
True
NIST 800-34, the Contingency Planning Guide for Information Technology Systems, contains a process for business continuity plan (BCP) and disaster recovery plan (DRP) projects.
True
NIST 800-61 provides guidance for creating an incident response plan.
True
Organizations without trained staff in-house should identify an outside party that can respond to incidents with forensically trained personnel.
True
Regarding incident response, after an external intrusion, all logs should be preserved prior to a full recovery for forensic purposes.
True
The federal standard ISO 27001 deals with requirements for information security management systems.
True
The three primary types of backups are full, incremental, and differential.
True
Unauthorized access is a type of computer security incident in which someone accesses files he or she is not specifically authorized to access.
True
A common approach for manually managed backups is the Grandfather-Father-Son scheme. Consider a server using traditional tape backup that is backed up daily. At the end of the week, a weekly backup is made. At the end of the month, there is a monthly backup made. Which of the following is NOT true of the Grandfather-Father-Son scheme?
Weekly backups are not reused, only sons and grandfathers.
As part of a disaster recovery plan, __________ captures changes since the last backup of any type.
an incremental backup
A plan for returning the business to full normal operations is the definition of ________.
disaster recovery plan (DRP)
As part of a disaster recovery plan, __________ provides continuous online backup by using optical or tape "jukeboxes."
hierarchical storage management (HSM)
The amount of time a system can be down before it is impossible for the organization to recover is addressed by __________.
maximum tolerable downtime (MTD)
A business impact analysis indicates an organization cannot operate without its web server for more than 5 days and still recover. The mean time to repair is 3 days. How many days do you have after a disaster to initiate repairs or the organization will not be able to recover?
2
After a computer incident or disaster, staff must take actions to preserve forensic information. In what situation is determining the cause of an incident irrelevant to forensics?
A drive that failed due to water damage from a sprinkler system
Company AZ hosts an e-commerce server with a large hard drive. The manufacturer claims the drive is guaranteed to perform properly for 100,000 hours. What is this measure most closely related to?
Mean time before failure (MTBF)
According to NIST 800-61, what is NOT typically included in an incident response plan?
Procedures for performing incident handling and reporting idk
Regarding incident response, what step involves restoring software and data from a backup source that has been verified to be free from the malware infection?
Recovery
Which phase of disaster recovery is about discovering if the disaster was caused by some weakness in the system?
The post recovery follow-up