IS 413 Module 6

An organization aggregates all local backups to a central repository and then backs up that repository to an online vendor with a ____ backup strategy. disk-to-disk-to-tape differential disk-to-disk-to-cloud RAID

Disk to Disk Cloud

A cold site provides many of the same services and options of a hot site, but at a lower cost. True False

False

A(n) alarming event is an event with negative consequences that could threaten the organization's information assets or operations._____ True False

False

An external event is an event with negative consequences that could threaten the organization's information assets or operations; also referred to as an incident candidate. True False

False

An incident is an adverse event that could result in a loss of information assets and threatens the viability of the entire organization. True False

False

Procedures are planned for each identified incident scenario with incident handling procedures established for before and during the incident. True False

False

Reported attacks are a definite indicator of an actual incident. _____ True False

False

Root cause analysis is the coherent application of methodical investigatory techniques to present evidence of crimes in a court or similar setting. True False

False

The computer security incident response team is composed solely of technical IT professionals who are prepared to detect, react to, and recover from an incident. True False

False

A ____ is a contractual document guaranteeing certain minimal levels of service provided by a vendor. memorandum of understanding time-share agreement mutual agreement service agreement

Service Agreement

A ____ is an agency that provides physical facilities in the event of a disaster for a fee. service bureau cold site mobile site time-share

Service Bureau

Evidentiary material is any information that could potentially support an organization's legal or policy-based case against a suspect. True False

True

Prior to the development of each of the types of contingency planning documents, the CP team should work todevelop the policy environment. True False

True

Reported attacks are a probable indicator of an actual incident. True False

True

The organization must choose one of two philosophies that will affect its approach to IR and DR as well as subsequent involvement of digital forensics and law enforcement: protect and forget or apprehend and prosecute _____ True False

True

The recovery point objective (RPO) is the point in time prior to a disruption or system outage to which mission/business process data can be recovered after an outage. _____ True False

True

The work recovery time (WRT) is the amount of effort (expressed as elapsed time) needed to make business functions work again after the technology element is recovered. True False

True

Using a service bureau is a BC strategy in which an organization contracts with a service agency to provide a facility for a fee. True False

True

A resumption location known as a ____ is a fully configured computer facility capable of establishing operations at a moment's notice. cold site hot site service bureau mobile site

hot site

The point in time before a disruption or system outage to which business process data can be recovered after an outage is ____. recovery time objective (RTO) maximum tolerable downtime (MTD) work recovery time (WRT) recovery point objective (RPO)

recovery point objective (RPO)