Cybersecurity Fundamentals - Incident Response and Recovery-#6

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

What is the term for the process of restarting/restoring data that has been lost, accidentally deleted, corrupted or made inaccessible for any reason?

Data recovery

Which NIST definition means any observable occurrence in a system or network - it is any change or interruption within an IT infrastructure? 1. Event; 2. Incident; 3. Emergency; 4. Disaster; 5. Crisis

Event

Which is the following an example of: system crash; disk error; user forgetting their password? [incident or event]

Event

What is the key difference between an incident and an event?

An incident implies a violation or imminent threat and and event does not

Which phase of response occurs after an incident has been identified and confirmed and the team conducts a detailed assessment and contacts the system owner or business manager of the affected information system. 1. Detection and analysis phase; 2. Containment; 3. Eradication; 4. Recovery; 5. Post-incident activity

Incident containment

Which phase occurs after containment measures have been deployed, it is time to determine the root cause of the incident and eradicate it-eradication can happen by restoring backups to achieve a clean slate of the system, removing the root cause, improving defenses and performing vulnerability analysis to find further potential damage from the same root cause. 1. Detection and analysis phase; 2. Containment; 3. Eradication; 4. Recovery; 5. Post-incident activity

Incident eradication

Which phase of response plan ensure that affected systems or services are restored to a condition specified in the service delivery objective (SDO) or business continuity plan (BCP). 1. Detection and analysis phase; 2. Containment; 3. Eradication; 4. Recovery; 5. Post-incident activity

Incident recovery

Which type of backup copies all files that have changed since the last backup was made, regardless of whether the last backup was a full or incremental backup; this is the fastest backup method but the slowest method for restoring data? 1. Full backups; 2. Incremental backups; 3. Differential backups

Incremental backups

Which of the following categories of cybersecurity incidents applies: unconfirmed incidents that are potentially malicious or anomalous activity. 1. Unauthorized access; 2 Denial of service (DoS); 3. Malicious code; 4. Improper Usage; 5. Scans/Probes/Attempted Access; 6. Investigation

Investigation

Which phase of incident response is where capability of identifying an adversary is required? 1. Detection and analysis phase; 2. Containment; 3. Eradication; 4. Recovery; 5. Post-incident activity

Investigation or containment

Which cybersecurity incident category does the following apply to; successful installation of malicious software-e.g. virus, worm, trojan horse, or other code-based malicious entity-that infects an operating system or application? 1. Unauthorized access; 2 Denial of service (DoS); 3. Malicious code; 4. Improper Usage; 5. Scans/Probes/Attempted Access; 6. Investigation

Malicious code

True or False: A Disaster Recovery Plan (DRP) is a set of human, physical, technical and procedural resources to recover, within a defined time and cost, and activity interrupted by an emergency or disaster?

True

True or False: A DoS or Denial of Service is an example of a security incident.

True

True or False: A business continuity plan (BCP) are the action plans you will put in effect when an incident occurs so that business operations are sustained, and the organization can recover sooner than later.

True

True or False: A business impact analysis (BIA) provides the basis for: recovery time objectives; service delivery objectives; recovery point objectives.

True

True or False: A cybersecurity incident is an adverse event that negatively impacts the confidentiality, integrity, and availability of data; they may be unintentional, such as someone forgetting to activate an access list in a router, or intentional, such as a targeted attack by a hacker.

True

True or False: A cybersecurity-related disaster may occur when a disruption in service is caused by system malfunction, accidental file deletions, untested application releases, loss of backup, network DoS attacks, intrusions or viruses.

True

True or False: All interruptions are not disasters, but a small incident not addressed in a timely or proper manner may lead to a disaster.

True

True or False: An incident meant there is a bigger problem that can occur-because incidents affect confidentiality, integrity, and availability, it is important to respond quickly to any security incident.

True

True or False: An incident response may include evacuation of a facility, initiating a disaster recovery plan (DRP), performing damage assessment, and any other measures necessary to bring an enterprise to a more stable status.

True

True or False: An organization's DRP or data recovery plan must provide the strategy for how data will be recovered and assign recovery responsibilities.

True

True or False: Assigning ownership and establishing chain of custody are part of the identification in incident response plan activity.

True

True or False: At the end of the incident response process a report should always be developed to share what occurred: 1. write incident report; 2. analyze issues encountered during incident response efforts; 3. propose improvements; 4. present report to relevant stakeholders.

True

True or False: Backup procedures are used to copy files to a second medium such as a disk, tape, or the cloud. Backup files should be kept in an offsite location.

True

True or False: Disasters are disruptions that cause critical information resources to be inoperative for a period of time, adversely impacting organizational operations; the disruptions could be a few minutes to several months depending on the extent of damage to the information resource.

True

True or False: Disasters require recovery efforts to restore operational status.

True

True or False: If an individual gains logical or physical access without permission to a network, system, application, data or other resource, the correct incident category this would fall under is unauthorized access.

True

True or False: In order for a business continuity plan (BCP) to be effective, it must be aligned with the strategy of the organization.

True

True or False: In order to prepare and identify an incident, organizations use a myriad of security tools such as vulnerability assessments, firewalls, and intrusion detection system (IDS) that collect a high volume of data.

True

True or False: Incident preparation involves the following activities: 1. establish approach to handling incidents; 2. establish policy and warning banners to deter intruders and allow information collection; 3. establish communication plan with stakeholders; 4. develop incident reporting criteria; 5. develop process to activate the incident management team; 6. establish secure location to execute the incident response plan; 7. ensure equipment needed is available.

True

True or False: Incident response is the name of a formal program that prepares an entity for an incident.

True

True or False: Log data overload can be mitigated by employing security event management (SEM).

True

True or False: Obtaining and preserving evidence, documenting action, and managing public communications are action associated with incident containment.

True

True or False: Once human safety plans are in place, the additional purpose of business continuity planning (BCP/disaster recovery planning/DRP) is to enable a business to continue offering critical services in the event of a disruption, and to survive a disastrous interruption to activities.

True

True or False: Physical incidents may include: social engineering and lost or stolen laptops or mobile devices.

True

True or False: Post incident activities typically include the following: communicating findings to key stakeholders; proposing improvements; and writing an incident report.

True

True or False: Recovery time objective (RTO) is the term for the amount of time allowed for the recovery of a business function or resource after a disaster occurs-it is usually determined based on the point where the ongoing cost of the loss is equal to the cost of recovery.

True

True or False: Security Event Management (SEM) automatically aggregates and correlates security event log data across multiple security devices allowing security analysts to focus on a manageable list of critical events.

True

True or False: Senior management is responsible for the business continuity plan because they are entrusted with safeguarding the assets and the viability of the organization.

True

True or False: Some disasters are natural calamities; earthquakes; floods; tornadoes; and fire. Humans, terrorists, hacker attacks, viruses, or human error.

True

True or False: Technical incidents include: viruses, malware, denial of service, and system failure.

True

True or False: Technical information security incidents may involve: viruses, malware, or denial of service (DoS).

True

True or False: The Information System BCP should be aligned with the strategy of the organization.

True

True or False: The Information System BCP/DRP is a major component of an organizations overall business continuity and disaster recovery strategy. If the IS plan is a separate plan, it must be consistent with and support the corporate BCP.

True

True or False: The business continuity plan (BCP) is generally followed by the business and supporting units to provide a reduced but sufficient level of functionality in the business operations immediately after encountering an interruption, while recovery is taking place.

True

True or False: The business impact analysis (BIA) should consider the following: potential vulnerabilities; efficiency and effectiveness of risk countermeasures; and probability of occurrence of threats.

True

True or False: The business impact analysis provides the basis for business continuity planning which determines recovery time objectives, recovery point objectives, maximum tolerable outages, and service delivery objectives.

True

True or False: The business impact analysis should answer what the different business processes are, the critical information resources related to an organizations critical business process, and the critical recovery time period for information resources before significant or unacceptable losses are suffered.

True

True or False: The most important objective of a business continuity plan (BCP) is: ensuring safety and security of human life.

True

True or False: When it comes to disaster recovery, the number one priority is ensuring the safety and security of human life; this includes plans for drills, evacuation plans and on-site shelters.

True

True or False; SEM or Security Event Management is an emerging solution used to address the problem that security teams have in analyzing and interpreting an overwhelming amount of data to prepare for and identify and incident-it is referred to as log data overload.

True

Which cybersecurity incident category does the following fall under: individual gains logical or physical access without permission to a network, system, application, data, or other resource? 1. Unauthorized access; 2 Denial of service (DoS); 3. Malicious code; 4. Improper Usage; 5. Scans/Probes/Attempted Access; 6. Investigation

Unauthorized access

What are the 3 types of backups?

1. Full backups; 2. Incremental backups; 3. Differential backups

What 4 activities are included as part of incident response?

1. Preparation; 2. Detection; 3. Recovery; 4. Post incident Activity

What are the 5 phases of incident response?

1. Detection and analysis phase; 2. Containment; 3. Eradication; 4. Recovery; 5. Post-incident activity

What is the hierarchy of potential damage from high to low 1-5?

1. Event; 2. Incident; 3. Emergency; 4. Disaster; 5. Crisis

What are the 5 categories of cybersecurity incidents?

1. Unauthorized access; 2 Denial of service (DoS); 3. Malicious code; 4. Improper Usage; 5. Scans/Probes/Attempted Access; 6. Investigation

How would these 9 business continuity tasks be placed in order: 1. audit the plan; 2. maintain plans; 3. prepare business impact analysis (BIA); 4. choose strategy to recover critical IS facilities; 5. develop business continuity plan; 6. train staff and test plans; 7. develop disaster recovery plan; 8. store plans for ease of access despite network failure; 9. identify and prioritize required resources.

1. prepare business impact analysis (BIA); 2. identify and prioritize required resources; 3. choose strategy to recover critical IS facilities; 4. develop disaster recovery plan; 5. develop business continuity plan; 6. train staff and test plans; 7. maintain plans; 8. store plans for ease of access despite network failure; 9. audit the plans

What is the term for any major incident which has grown out of control and increased in severity?

A crisis

What event must happen to involve fallback plans?

A disaster

Which of the following category of cybersecurity incidents does the following apply to: any activity that seeks to access or identify a computer, open ports, protocols, service or any combination of the above? 1. Unauthorized access; 2 Denial of service (DoS); 3. Malicious code; 4. Improper Usage; 5. Scans/Probes/Attempted Access; 6. Investigation

Attempted access

Which hierarchical level of potential damage is more serious and implies that a major incident is spiraling out of control and growing in severity; if this particular team decides to meet, it is a very serious situation? 1. Event; 2. Incident; 3. Emergency; 4. Disaster; 5. Crisis

Crisis

What is the term for a plan used by an enterprise to respond to disruption of critical business processes; depends on the contingency plan for restoration of critical systems?

Business Continuity Plan (BCP)

What is the term for a group of people integrated at the enterprise with clear lines of reporting and responsibilities for standby support in case of an information systems emergency; this group will act as an efficient corrective control, and should also act as a single point of contact for all incidents and issues related to information systems?

Computer Emergency Response Team (CERT)

What is the term for a team established within an enterprise to respond to computer security incidents?

Computer Security Incident Response Team (CSIRT)

Which of the following category of cybersecurity incident does the following apply to: an attack that successfully prevents or impairs normal authorized functionality of networks, systems, or applications by exhausting resources? 1. Unauthorized access; 2 Denial of service (DoS); 3. Malicious code; 4. Improper Usage; 5. Scans/Probes/Attempted Access; 6. Investigation

Denial of Service (DoS)

Which phase of incident response identifies incidents as early as possible and effectively assess the nature or the incident? 1. Detection and analysis phase; 2. Containment; 3. Eradication; 4. Recovery; 5. Post-incident activity

Detection and Analysis

Which type of backup copies only the files that have changed since the last full backup; the files grow until the next full backup is performed. 1. Full backups; 2. Incremental backups; 3. Differential backups

Differential backups

Which level of hierarchy of potential damage suggests a much larger level of impact or damage; declaring this often invokes fallback plans? 1. Event; 2. Incident; 3. Emergency; 4. Disaster; 5. Crisis

Disaster

Which level in the hierarchy of potential damage generally suggests a serious local incident, requiring management attention? 1. Event; 2. Incident; 3. Emergency; 4. Disaster; 5. Crisis

Emergency

Which of the following is not included as part of incident preparation: 1. Establish approach to handling incidents; 2. Develop incident reporting criteria; 3. Establish chain of custody; 4. Establish communication plan with stakeholders?

Establish chain of custody is not included.

Which type of backup provides a complete copy of every selected file on the system, regardless of whether it was backed up recently. It is the slowest backup method but the fastest method for restoring data. 1. Full backups; 2. Incremental backups; 3. Differential backups

Full backups

Which of the following category of cybersecurity incident applies: authenticates identity of sender and receiver to ensure privacy of message contents (including attachments): 1. Unauthorized access; 2 Denial of service (DoS); 3. Malicious code; 4. Improper Usage; 5. Scans/Probes/Attempted Access; 6. Investigation

Improper Usage

Which NIST definition means a violation or imminent threat to computer security policies, acceptable use policies, or standard security practices? 1. Event; 2. Incident; 3. Emergency; 4. Disaster; 5. Crisis

Incident

Which is the following an example of: multiple failed login attempts from an unfamiliar system; denial of service; or changes to hardware or software without owner's consent: [incident or event]?

Incident

Which incident response uses procedures to contain the incident, reduce losses, and return operations to normal? 1. Detection and analysis phase; 2. Containment; 3. Eradication; 4. Recovery; 5. Post-incident activity

Mitigation or recovery

Which incident response determines corrective action to prevent similar incidents in the future? 1. Detection and analysis phase; 2. Containment; 3. Eradication; 4. Recovery; 5. Post-incident activity

Post-incident activity

What is the term for the last known point of good data in a disaster recovery plan (DRP) and is the earliest point in time to which it is acceptable to recover data?

Recovery Point Objective

Who is responsible for business continuity planning (BCP)?

Senior management

What is the term directly related to the business needs, it is the levels of services to be reached during the alternate process mode until the normal situation is restored?

Service Delivery Objective (SDO)

True or False: A Business Continuity Plan (BCP) is a strategy used by an enterprise to respond to a disruption of critical business processes?

True


Kaugnay na mga set ng pag-aaral

Macro-Econ The federal Reserve, Monetary Policy, ECON 202: PCQ6, ILA #3 part 2 (1 of 2), ILA #3 part 2 (2 of 2), ILA #4 Part 2 (1 of 2), ILA #4 Part 2 (2 of 2), ILA #5 part 2of2, ILA #5 part 2 (1 of 2)

View Set

production operations and management

View Set

chapter 18: creating/leading change

View Set

Real Estate Taxes & Other Liens _ Chapter 11 Prin. of R.E.

View Set

Maternity Ch. 6 Women's health problem

View Set

Jim Crow Laws & Civil Rights Movement Notes

View Set

Quiz 1: Prevention & Care of Sports Injury

View Set