Chapter 12 Disaster Recover and Incident Response (Review Questions & Answers)
According to CERT, which of the following would be a formalized or an ad hoc team you can call upon to respond to an incident after it arises? A. CSIRT B. CIRT C. IRT D. RT
A. A CSIRT is a formalized or an ad hoc team you can call upon to respond to an incident after it arises.
Your company is about to invest heavily in an application written by a new startup. Because it is such a sizable investment, you express your concerns about the longevity of the new company and the risk this organization is taking. You propose that the new company agree to store its source code for use by customers in the event that it ceases business. What is this model called? A. Code escrow B. SLA C. BCP D. CA
A. Code escrow allows customers to access the source code of installed systems under specific conditions, such as the bankruptcy of a vendor.
Which of the following outlines those internal to the organization who have the ability to step into positions when they open? A. Succession planning B. Progression planning C. Emergency planning D. Eventuality planning
A. Succession planning outlines those internal to the organization who have the ability to step into positions when they open.
You're a consultant brought in to advise MTS on its backup procedures. One of the first problems you notice is that the company doesn't use a good tape-rotation scheme. Which backup method uses a rotating schedule of backup media to ensure long-term information storage? A. Grandfather, Father, Son method B. Full Archival method C. Backup Server method D. Differential Backup method
A. The Grandfather, Father, Son backup method is designed to provide a rotating schedule of backup processes. It allows for a minimum usage of backup media, and it still allows for long-term archiving.
Which plan or policy helps an organization determine how to relocate to an emergency site? A. Disaster-recovery plan B. Backup site plan C. Privilege management policy D. Privacy plan
A. The disaster-recovery plan deals with site relocation in the event of an emergency, natural disaster, or service outage.
You're trying to rearrange your backup procedures to reduce the amount of time they take each evening. You want the backups to finish as quickly as possible during the week. Which backup system backs up only the files that have changed since the last backup? A. Full backup B. Incremental backup C. Differential backup D. Backup server
B. An incremental backup backs up files that have changed since the last full or partial backup.
Which of the following is data that is too large to be dealt with by traditional database management means? A. Infomatics B. Big data C. Bit stream D. Data warehouse
B. Big data is data that is too large to be dealt with by traditional database management means.
Which of the following is a newer backup type that provides continuous online backup by using optical or tape jukeboxes and can be configured to provide the closest version of an available real-time backup? A. TPM B. HSM C. SAN D. NAS
B. HSM is a newer backup type that provides continuous online backup by using optical or tape jukeboxes. It appears as an infinite disk to the system, and it can be configured to provide the closest version of an available real-time backup.
Which site best provides limited capabilities for the restoration of services in a disaster? A. Hot site B. Warm site C. Cold site D. Backup site
B. Warm sites provide some capabilities in the event of a recovery. The organization that wants to use a warm site will need to install, configure, and reestablish operations on systems that may already exist at the warm site.
Although you're talking to her on the phone, the sound of the administrative assistant's screams of despair can be heard down the hallway. She has inadvertently deleted a file that the boss desperately needs. Which type of backup is used for the immediate recovery of a lost file? A. Onsite storage B. Working copies C. Incremental backup D. Differential backup
B. Working copies are backups that are usually kept in the computer room for immediate use in recovering a system or lost file.
Which of the following is a reversion from a change that had negative consequences? A. Backup B. ERD C. Backout D. DIS
C. A backout is a reversion from a change that had negative consequences.
Which of the following would normally not be part of an incident response policy? A. Outside agencies (that require status) B. Outside experts (to resolve the incident) C. Contingency plans D. Evidence collection procedures
C. A contingency plan wouldn't normally be part of an incident response policy. It would be part of a disaster-recovery plan.
Which backup system backs up all of the files that have changed since the last full backup? A. Full backup B. Incremental backup C. Differential backup D. Archival backup
C. A differential backup backs up all of the files that have changed since the last full backup.
Which agreement outlines performance requirements for a vendor? A. MTBF B. MTTR C. SLA D. BCP
C. A service-level agreement (SLA) specifies performance requirements for a vendor. This agreement may use MTBF and MTTR as performance measures in the SLA.
The process of automatically switching from a malfunctioning system to another system is called what? A. Fail safe B. Redundancy C. Failover D. Hot site
C. Failover occurs when a system that is developing a malfunction automatically switches processes to another system to continue operations.
Which of the following is the measure of the anticipated incidence of failure for a system or component? A. CIBR B. AIFS C. MTBF D. MTTR
C. Mean time between failures (MTBF) is the measure of the anticipated incidence of failure for a system or component.
You're the head of information technology for MTS and have a brother in a similar position for ABC. The companies are approximately the same size and are located several hundred miles apart. As a benefit to both companies, you want to implement an agreement that would allow either company to use resources at the other site should a disaster make a building unusable. What type of agreement between two organizations provides mutual use of their sites in the event of an emergency? A. Backup-site agreement B. Warm-site agreement C. Hot-site agreement D. Reciprocal agreement
D. A reciprocal agreement is between two organizations and allows one to use the other's site in an emergency.
Which of the following is a concept that works on the assumption that any information created on any system is stored forever? A. Cloud computing B. Warm site C. Big data D. Full archival
D. Full archival is a concept that works on the assumption that any information created on any system is stored forever.
Which type of penetration-style testing involves actually trying to break into the network? A. Discreet B. Indiscreet C. Non-intrusive D. Intrusive
D. Intrusive testing involves actually trying to break into the network. Non-intrusive testing takes more of a passive approach .
What is another name for working copies? A. Functional copies B. Running copies C. Operating copies D. Shadow copies
D. Working copies are also known as shadow copies.