CLASS NOTES
True or False? The business continuity plan (BCP) EMT is important because the EMT provides medical assistance in the event of a disaster, such as an earthquake or hurricane, that would cause a disruption.
True False
True or False? A best practice when performing a business impact analysis (BIA) is to avoid taking shortcuts.
True False
True or False? A business impact analysis (BIA) is intended to include all IT functions.
True False
True or False? A disaster recovery plan (DRP) helps prevent disasters.
True False
True or False? A warm site is a compromise between a hot site and a cold site.
True False
True or False? An acceptable use policy (AUP) can help to prevent data leakage.
True False
True or False? Calculating the impact and priority of an incident can be used to determine how critical the attack is.
True False
True or False? Criticality is usually documented in the business impact analysis (BIA) but is repeated in the business continuity plan (BCP) for the sake of clarity.
True False
True or False? Criticality of operations identifies the order of importance of each of the seven domains of the typical IT infrastructure.
True False
True or False? During a business impact analysis (BIA), the highest priorities are assigned based on the shortest maximum acceptable outages (MAOs).
True False
True or False? Electronic vaulting is a method that transfers backup data to an off-site location.
True False
True or False? Even though the business impact analysis (BIA) identifies priorities, it is common to reaffirm them in a business continuity plan (BCP).
True False
True or False? Firewalls are not an effective tool for determining whether users are violating policies
True False
True or False? Firewalls are not an effective tool for determining whether users are violating policies.
True False
True or False? For a business impact analysis (BIA), the step of "identifying the environment" means having a good understanding of the business function.
True False
True or False? Generally, the three phases of a computer forensics investigation are to acquire the evidence, authenticate the evidence, and then analyze the evidence.
True False
True or False? In regards to system recovery, RPO stands for recovery policy objective.
True False
True or False? In regards to system recovery, RTO stands for recovery time objective.
True False
True or False? In virtualization, each virtual server runs on the network just as if it were a physical server.
True False
True or False? Inappropriate usage occurs when employees or internal users violate acceptable use policies (AUPs) or other internal policies.
True False
True or False? It is dangerous to assume anything when creating a business continuity plan (BCP) because assumptions are rarely accurate.
True False
True or False? Mission-critical business functions are those that are considered vital to an organization.
True False
True or False? Mobile code is a type of malware that executes when a user visits a website or opens an email.
True False
True or False? Once you identify critical business functions (CBFs) and critical business processes, map them to a business impact analysis (BIA).
True False
True or False? One method of handling malware is to remove it from the infected system.
True False
True or False? Recovery time objectives (RTOs) identify when a system must be recovered to avoid unacceptable business consequences.
True False
True or False? Scope creep can occur if the scope of a business continuity plan (BCP) is not defined.
True False
True or False? Some recovery point objectives (RPOs) require you to recover data up to a moment of failure.
True False
True or False? Starting with clear objectives is a best practice for performing a business impact analysis (BIA).
True False
True or False? Storing backed-up data at an off-site location makes it available for restoration in case something compromises the original data.
True False
True or False? Telecommuters are not key to a business continuity plan (BCP) because they work from remote locations. Therefore, any disruptions would not affect them.
True False
True or False? The business continuity plan (BCP) should be reviewed weekly.
True False
True or False? The business continuity plan (BCP) technical recovery team needs to be very familiar with existing disaster recovery plans (DRPs) and may have even authored them.
True False
True or False? The chain of custody log should include the time, date, and name of the person who is receiving evidence.
True False
True or False? The clear intent of a DRP should be mission-critical functions first and personnel next.
True False
True or False? The difference between a denial of service (DoS) attack and a distributed denial of service (DDoS) attack is that a DoS attack is launched from multiple computers.
True False
True or False? The penalty for failing to meet a service level agreement (SLA) is an indirect cost.
True False
True or False? The scope of a business impact analysis (BIA) for any size organization must include the entire organization.
True False
True or False? The seven steps of a business impact analysis (BIA) are the same as the seven steps of contingency planning.
True False
True or False? The terms "computer incident" and "computer security incident" mean the same thing.
True False
True or False? To avoid scope creep, it is important that a disaster recovery plan (DRP) always has one clear purpose or goal.
True False
True or False? True or False? The two primary terms related to recovery requirements are RTO and RPO.
True False
True or False? Typically, as the outage time of a business disruption increases, the cost of the disruption also increases.
True False
True or False? When someone determines an event is an incident, he or she declares it to be so, which is known as escalation.
True False
Which of the following is not a best practice when performing a business impact analysis (BIA)?
Using a top-down approach Starting with clear objectives Planning interviews and meetings in advance Correct Answer Using the same data collection methods
Which of the following is not a step in the process of hardening a server?
Using social engineering techniques to collect data Reducing the attack surface Enabling an intrusion detection system (IDS) Enabling a firewall
Which type of malware is a self-replicating, stand-alone program?
Virus Worm Trojan Mobile code
In a business continuity plan (BCP), if a system houses data, the data must be protected according to:
available controls. the cost to replace it. the number of times it has been backed up. its level of classification.
How does a computer incident response team (CIRT) plan mitigate an organization's risk?
A CIRT plan helps an organization prepare for a security incident. A CIRT plan helps an organization prevent security incidents. A CIRT plan acts as a guide for implementing security controls. A CIRT plan implements an organization's business impact analysis (BIA).
Isabella is preparing to write a disaster recovery plan (DRP). What must she have before she proceeds with writing?
A clear idea of her primary concerns DRP developer certification A clear, singular goal A subject matter expert to aid in the process of writing the DRP
True or False? Regarding disaster recovery, a mobile site can be set up in an outside space close to an impacted site.
True False
What key element is necessary for a disaster recovery plan (DRP) to succeed in a time of crisis?
Adequate budget Sufficient testing prior to a real disaster Coverage of all likely disaster scenarios Management support
What is critical data?
All data that is backed up and stored Correct Answer Data that supports critical business functions (CBFs) Data that supports IT managers Data identified in the business continuity plan (BCP)
What step of a business continuity plan (BCP) comes after providing training?
Developing individual disaster recovery plans (DRPs) Testing and exercising plans Maintaining and updating plans Completing the business impact analysis (BIA)
True or False? A multiple component security incident is a single incident that includes two or more other incidents, which are related to each other but not always immediately apparent.
True False
True or False? Critical success factors (CSFs) include elements necessary to perform the mission of an organization.
True False
Which of the following can determine that a business function is critical?
Anyone in the IT department Only the IT department manager Any stakeholder Only a cost-benefit analysis (CBA)
What term refers to the process of acquiring, authenticating, and analyzing incident-related evidence?
Attack recovery Incident response Chain of custody Computer forensics
True or False? Hot sites are inexpensive to maintain.
True False
Which key planning principle guides the development of a business continuity plan (BCP)?
Budget for recovery operations Length of time expected before returning to normal operations Scope of the business impact analysis (BIA) Level of effort required to interview all stakeholders
Which factor most directly affects the scope of a business impact analysis (BIA)?
Degree of organizational automation Reliance of revenue stream on IT resources Geographical diversity of the organization Size of the organization
Which technique describes the generally accepted formal method to properly handle evidence collected as part of an investigation?
Chain of custody Due diligence Collection best practices Seizure policy
You are a stakeholder who has just designated a business function as critical. What must you do now?
Dedicate resources to protect the function. Perform a cost-benefit analysis (CBA). Evaluate vulnerabilities. Bring it up in the next meeting.
What is the difference between fault tolerance and disaster recovery?
Disaster recovery addresses naturally occurring disaster loss, and fault tolerance protect from hardware and manmade failures. Fault tolerance mitigates component failures, and disaster recovery restores operations after a major loss. The two terms refer to the same process. Fault tolerance mitigates hardware failures, and disaster recovery mitigates data loss.
What business continuity plan (BCP) team is responsible for declaring the severity of an incident?
EMT DAT TRT BCT
Which of the following is not a direct cost?
Equipment replacement costs Building replacement costs Salaries paid to staff who are idled due to a network outage Costs to regain market share
Which of the following is not included on a checklist for addressing a denial of service (DoS) attack?
Eradication Recovery Encryption Containment
___________ increases the availability of systems even when an isolated outage occurs, while ___________ provides the procedures to recover systems after a major failure.
Fault recovery, disaster tolerance A business continuity plan (BCP), a disaster recovery plan (DRP) Fault tolerance, disaster recovery A business impact analysis (BIA), a business continuity plan (BCP)
After developing a business impact analysis (BIA) for her organization, Maria was asked by her manager to update the BIA recommendations with a higher recovery time objective (RTO). What is the most likely reason management would argue for a higher RTO?
Higher RTOs expose critical business functions (CBFs) to higher risk. Lower RTOs are technically infeasible. Lower RTOs are more expensive. Higher RTOs increase customer confidence.
What is the primary purpose of identifying critical resources in the business impact analysis (BIA) process?
Identify all IT assets that support critical business functions (CBFs). Identify IT assets that support revenue generation. Prioritize IT assets by replacement cost and value. Prioritize IT assets by relative vulnerabilities.
What are the first two steps in the business impact analysis (BIA) process?
Identify the environment and identify critical resources Identify the environment and identify stakeholders Identify stakeholders and identify critical resources Identify recovery priorities and identify stakeholders
In most cases, should a computer incident response team (CIRT) plan include pursuing the attacker?
It depends on recommendations from law enforcement personnel based on each case. Yes, a decisive reaction can discourage further attacks. No, because attackers always have more resources and will escalate the attack. No, because retaliatory attacks may be illegal or result in civil litigation.
True or False? A business continuity plan (BCP) is part of a business impact analysis (BIA).
True False
Which of the following is not an indirect cost?
Loss of goodwill Cost to re-create or recover data Lost opportunities during recovery Cost to regain market share
Which term is defined as "an element necessary to perform the mission of an organization"?
MAO CBA CBF CSF
Which term is sometimes referred to as the maximum tolerable period of disruption (MTPD)?
Maximum acceptable outage (MAO) Critical business function (CBF) Recovery point objective (RPO) Recovery time objective (RTO)
Regarding business continuity, what is the first phase of activity if a disruption occurs?
Planning phase The reconstitution phase The recovery phase The notification and activation phase
Your team is developing a business impact analysis (BIA). You have identified the critical business functions (CBFs) and associated processes. What should you do next?
Prioritize IT asset recovery options. Map processes to IT systems. Identify stakeholders. Evaluate the recovery cost of each proposed option
Which of the following is the most important consideration of a disaster recovery plan (DRP)?
Protecting personnel Minimizing IT infrastructure damage Restoring operations Ensuring continuity of business operations
Devaki is a member of the computer incident response team (CIRT). Several systems in her organization are exhibiting unusual behavior, and a malware infection is suspected. As the team enters the detection and analysis phase of the incident handling process, what is an action Devaki might take?
Run virus scans. Revise the CIRT plan. Return the systems to full operation. Launch a counterattack against the source of the incident.
What term refers to computers and devices that attackers control and from which they launch attacks?
Soldiers Ninjas Zombies Nodes
Which type of attack threatens the availability of a system?
Spoofing Inappropriate usage Unauthorized access Denial of service (DoS)
Which business continuity plan (BCP) test type brings all participants together in a conference room or similar environment to walk through BCP scenarios?
Step evaluation Disaster recovery plan (DRP) test Recovery test Tabletop exercise
Which of the following is not one of the three commonly used business continuity plan (BCP) teams?
Technical recovery Emergency management Critical contractor Damage assessment
What are critical resources?
Those that are required to support maximum acceptable outages (MAOs) Those that are required to support critical business functions (CBFs) Those that are required to support cost-benefit analyses (CBAs) Those that are required to support critical success factors (CSFs)
What is the primary reason for testing a disaster recovery plan (DRP)?
To ensure it performs as expected To increase or decrease the number of personnel needed for an actual disaster To ensure it properly identifies recovery point objectives (RPOs) So management can sign off on the plan
What is the purpose of a business continuity plan (BCP)?
To ensure that mission-critical elements of an organization continue to operate during and after a disruption To ensure that mission-critical elements of an organization are properly restored after a disruption To prevent loss of mission-critical activities of organization employees in case of a disruption To identify mission-critical elements of an organization in case of a disruption
What is the purpose of a computer incident response team (CIRT) plan?
To help an organization prepare for incidents and mitigate damage To help an organization prevent cyberattacks To ensure that critical business functions (CBFs) are not affected by computer attacks To facilitate an easy recovery in the event of an attack
What is the primary purpose of a disaster recovery plan (DRP)?
To protect critical business processes from interruption To define critical business processes to a business's operation To restore critical business processes or systems to operation To specify prioritized processes necessary to maintain business continuity
What is the primary benefit of a business continuity plan (BCP)?
To reduce the cost of recovery To better prepare the organization to respond to an interruption To reduce the probability of an interruption To inform the organization as to the expected cost of annual interruptions
What technique is commonly used to handle incidents in the absence of a computer incident response team (CIRT)?
Top-down Trial-and-error Bottom-up Cause-and-effect
True or False? A security incident's criticality rating may be on a scale of minimal, medium, and critical.
True False
True or False? If a disruption occurs during work hours, the business continuity plan (BCP) program manager should be the first person on the scene.
True False
True or False? Organizations typically approve the use of anonymizer sites to help protect employees online.
True False
A disaster recovery plan (DRP) simulation:
goes through all the steps and procedures as if an actual disaster were occurring. resembles a tabletop exercise for a business continuity plan (BCP). goes through the steps and procedures in a controlled manner. involves participants talking through the steps and procedures in a conference room setting.
Having supplies on hand for continued production:
is a best practice in the creation and implementation of a business continuity plan (BCP). may be preferable to having an organization obtain parts and supplies as needed. may conflict with other organizational planning principles. is the definition of a just-in-time philosophy.
By identifying critical business functions (CBFs) first, you use a ________ approach.
trickle-down bottom-up Keynesian top-down
Lower recovery time objectives (RTOs) are __________ but __________.
unachievable, ideal elusive, maintainable Correct Answer achievable, costly risky, high-yield
Defining a computer security incident is:
unnecessary because incidents evolve frequently. handled only by the U.S. government. a best practice when implementing a computer incident response team (CIRT) plan.
A business impact analysis (BIA) identifies an impact that can result from a:
vulnerability. disruption in a business. risk to an IT infrastructure. threat to the IT infrastructure.