ch 10 CIS 3361

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

What is the final stage of the business impact analysis

Identify recovery priorities for system resources.

List the seven steps of the incident recovery process, according to Donald Pipkin.

Identify the vulnerabilities. Address the safeguards. Evaluate monitoring capabilities. Improve detection and reporting . Restore the data from backups. Restore the services and processes in use. Continuously monitor the system. Restore the confidence.

A hot site is a fully configured computing facility that includes all services, communications links, and physical plant operations.

True

In which type of site are no computer hardware or peripherals provided?

cold site

The group of senior managers and project members organized to conduct and lead all CP efforts is known as the __________.

crisis management planning team (CMPT)

In __________ testing of contingency plans, the individuals follow each and every procedure, including interruption of service, restoration of data from backups, and notification of appropriate individuals.

full-interruption

Which of the following determines the scope of the breach of confidentiality, integrity, and availability of information and information assets?

incident damage assessment

The __________ plan is a detailed set of processes and procedures that anticipate, detect, and mitigate the effects of an unexpected event that might compromise information resources and assets.

incident response ,IR

Which of the following is a responsibility of the crisis management team?

keeping the public informed about the event and the actions being taken

The Hartford insurance company estimates that, on average, __________ businesses that don't have a disaster plan go out of business after a major loss like a fire, a break-in, or a storm.

over 40 percent of

The __________ is the point in time before a disruption or system outage to which business process data can be recovered after the outage, given the most recent backup copy of the data.

recovery point objective (RPO)

The maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources and supported business processes is known as __________.

recovery time objective (RTO)

In which contingency plan testing strategy do individuals participate in a role-playing exercise in which the CP team is presented with a scenario of an actual incident or disaster and expected to react as if it had occurred?

simulation

Which of the following is NOT a major component of contingency planning?

threat assessment

Which of the following is a "possible" indicator of an actual incident, according to Donald Pipkin?

unusual consumption of computing resources

Which of the following is a definite indicator of an actual incident, according to Donald Pipkin?

use of dormant accounts

A useful tool for resolving the issue of what business function is the most critical, based on criteria selected by the organization, is the __________.

weighted table analysis or weighted factor analysis

The amount of effort (expressed as elapsed time) needed to make business functions work again after the technology element is recovered is known as __________.

work recovery time (WRT)

A(n) wrap-up review is a detailed examination and discussion of the events that occurred during an incident or disaster, from first detection to final recovery. __________

False

An alert digest is a description of the incident or disaster that usually contains just enough information so that each person knows what portion of the IR or DR plan to implement without slowing down the notification process. __________

False

In most organizations, the COO is responsible for creating the IR plan.

False

Training should be as specialized as possible; personnel who are responsible for one duty should not be trained on other duties to avoid confusion during a disaster.

False

Which of the following is true about a hot site?

It duplicates computing resources, peripherals, phone systems, applications, and workstations.

Explain the difference between a business impact analysis and the risk management process.

One of the differences between a BIA and the RM process is that RM focuses on identifying threats, vulnerabilities, and attacks to determine which controls can protect the info. The BIA assumes that these controls, have failed, that the attack succeeded, and that has come to fruition.

Which of the following NIST Cybersecurity Framework (CSF) stages relates to implementation of effective security controls (policy, education, training and awareness, and technology)?

Protect

Which of the following is NOT a stage in the NIST Cybersecurity Framework (CSF)?

React

When undertaking the BIA, what should the organization consider?

ScopePlan , Balance, Objective, Follow-up,

A slow-onset disaster occurs over time and gradually degrades the capacity of an organization to withstand its effects. __________

True

Disaster classification is the process of examining an adverse event or incident and determining whether it constitutes an actual disaster. __________

True

In a cold site there are only rudimentary services, with no computer hardware or peripherals.

True

Patch and proceed is an organizational CP philosophy that focuses on the defense of information assets and preventing reoccurrence rather than the attacker's identification and prosecution. __________

True

The simplest kind of validation, the desk check, involves distributing copies of the appropriate plans to all individuals who will be assigned roles during an actual incident or disaster.

True

A(n) __________ is an event with negative consequences that could threaten the organization's information assets or operations.

adverse event and incident candidate

When dealing with an incident, the incident response team must conduct a(n) __________, which entails a detailed examination of the events that occurred from first detection to final recovery.

after action review (AAR)

A(n) _________ is a description of the incident or disaster that usually contains just enough information so that each person knows what portion of the IR or DR plan to implement without slowing down the notification process.

alert message

According to NIST's SP 800-34, Rev. 1, which of the following is NOT one of the stages of the business impact assessment?

asset valuation and combine with the likelihood of attacks in a TVA worksheet.

A(n) __________ process is a task performed by an organization or one of its units in support of the organization's overall mission.

business

In the event of an incident or disaster, which planning element is used to guide off-site operations?

business continuity

When a disaster renders the current business location unusable, which plan is put into action?

business continuity

The process of examining an adverse event or incident candidate and determining whether it constitutes an actual incident is known as incident __________.

classification

The team responsible for designing and managing the IR plan by specifying the organization's preparation, reaction, and recovery from incidents is known as the __________.

computer security incident response team (CSIRT)

The actions taken by senior management to specify the organization's efforts and actions if an adverse event becomes an incident or disaster are known as __________.

contingency planning

There are six key elements that the CP team must build into the DR plan. What are three of them?

delegation responsibilities, Execution of the alert roster . Clear establishment of priorities. documentation of the disaster mitigate the impact of the disaster on the operations of the organization Alternative implementations , should primary versions be unavailable

Which of the following is a backup method that uses bulk batch transfer of data to an off-site facility and is usually conducted via leased lines or secure Internet connections?

electronic vaulting

Which of the following is the best example of a rapid-onset disaster?

flood

The total amount of time the system owner or authorizing official is willing to accept for a business process outage or disruption, including all impact considerations, is known as __________.

maximum tolerable downtime (MTD)

Contingency planning is primarily focused on developing __________.

plans for unexpected adverse events

Effective contingency planning begins with effective __________.

policy

Which of the following is an organizational CP philosophy for overall approach to contingency planning reactions?

protect and forget

Which of the following refers to the backup of data to an off-site facility in close to real time based on transactions as they occur?

remote journaling

A(n) __________ is an agency that provides physical facilities for a fee, in the case of DR/BC planning.

service bureau

The steps in IR are designed to:

stop the incident, mitigate incident effects, provide information for recovery from the incident

After an incident, but before returning to its normal duties, the CSIRT must do which of the following? .

Conduct an after-action review.

Which of the following is the first major task in the BIA, according to NIST SP 800-34, Rev. 1?

Determine mission/business processes and recovery criticality.

When an incident takes place, the disaster recovery (DR) plan is invoked before the incident response (IR) plan.

False

When performing full-interruption testing, normal operations of the business are not impacted.

False

Which of the following NIST Cybersecurity Framework (CSF) stages relates to reacting to an incident?

Respond

A(n) __________ is a document containing contact information of the individuals to notify in the event of an actual incident.

alert roster

Which of the following is the first component in the contingency planning process?

business impact analysis

The bulk batch transfer of data to an off-site facility is known as __________.

electronic vaulting

In which contingency plan testing strategy do individuals follow each and every IR/DR/BC procedure, including the disruption of service, restoration of data from backups, and notification of appropriate individuals?

full-interruption

Which of the following is a part of the incident recovery process?

identifying the vulnerabilities that allowed the incident to occur and spread

A(n) __________ occurs when an attack affects information resources and/or assets, causing actual damage or other disruptions.

incident

Which of the following is the process of examining a possible incident and determining whether it constitutes an actual incident?

incident classification

Which of the following is a mathematical tool that is useful in assessing the relative importance of business functions based on criteria selected by the organization?

weighted table analysis

At what point in the incident life cycle is the IR plan initiated

when an incident is detected that affects the organization

If operations at the primary site cannot be quickly restored, the __________ occurs concurrently with the DR plan, enabling the business to continue at an alternate site.

BCP , business continuity plan ,BC plan

The four components of contingency planning are the __________, the incident response plan, the disaster recovery plan, and the business continuity plan.

BIA , business impact analysis

__________ planning ensures that critical business functions can continue if a disaster occurs.

Business continuity (BC)

What are the major components of contingency planning?

Business impact analysis (BIA) ,Incident response plan (IR plan), Disaster recovery plan (DR plan), Business continuity plan (BC plan),

What teams are involved in contingency planning and contingency operations?

Contingency planning management team ,Incident response team, Disaster recovery team, Business continuity team,

__________ is a backup technique that stores duplicate online transaction data along with duplicate databases at the remote site on a redundant server.

Database shadowing

List four of the eight key components of a typical IR policy.

- Statement of management commitment - Scope of the policy - Performance measures - Reporting and contact forms


Kaugnay na mga set ng pag-aaral

Chapter 13 Race and Ethnicity - Sociology

View Set

Inference 6th Grade Vocabulary Terms

View Set

Financial Institutions Management Midterm

View Set

Final- Chapter 6: Option for The Poor and Vulnerable Test Review

View Set

Chapter 1: Bonding and Isomerism

View Set

Sociology - Chapter 3, Lessons 1, 2, and 3

View Set

Exercise Science Exam 1 (Strength training-stretching)

View Set

Week 4: Chapter 4 The Foreign Exchange Market

View Set

Life Insurance - Learn as you go exam

View Set