Security + Chapter 12 Part 3
BIA (Business Impact Analysis)
RTO (Recovery Time Objectives) is agreed during which process?
Service Level Agreement (SLA)
Which agreement is part of network availability, its an agreement between a company and a service provider (technical support provider)?
Service Level Agreement (SLA)
Which agreement should be read carefully and make sure that you are not unintentionally exposing your organization to harm?
Service Level Agreement (SLA)
Which agreement should stipulate how long the repair will take once the support process has been activated?
Code escrow
Which agreement would stipulate how source code would be made available to customers in the event of a vendors bankruptcy?
Service Level Agreement (SLA)
Which agreement is also known as maintenance contracts when referring to hardware or software?
Service Level Agreement (SLA)
Which is an agreement between you or your company and a service provider, typically a technical support provider?
Mean Time Between Failures (MTBF)
Which measurement in SLA determimes the components or systems anticipated lifetime?
Mean Time Between Failures (MTBF)
Which measurement in SLA is helpful in evaluating a systems reliability and life expectancy?
Mean Time to Restore (MTTR)
Which measurement in SLA. for example if its said it takes 24 he's to restore then it will take 24 hrs to repair when it breaks?
Tabletop exercises
-Document review -Walkthrough -Simulation -Parallel test -Cutover test These are types of exercises known as?
Service Level Agreement (SLA)
-Recovery Time Objectives -Mean Time between Failures -Mean Time to Restore These are key measures to which agreement?
Mitigation steps
1. Immediately changing passwords. 2. Notify relevant parties. 3. Make procedural changes so that the information stolen cannot be used to affect additional breaches. These are steps taken to minimize or lessen the damage after an attack has been successful, these steps are known as?
Service Level Agreement (SLA)
A document that provides a company with a performance guarantee for services outsourced to a vendor, this is known as?
Intrusion
A guest user account login in remotely into a network is an example of an?
Tabletop Exercises
A simulation of a disaster, it is also a way to check to see if your plans are ready to, this is known as?
System image
A snapshot of the current state of the computer that contains all settings and data is known as?
Worm
A user gets clicks on an email attachment even though he updated the computers programs and antivirus, he's reporting unusual behavior from the system and other users that are in his email book address are complaining, what has the user contracted?
System reboot
After a DoS attack has occurred, what process should you do next to restore services and gain control of a compromised system?
Succession planning
Associating internal employees into key roles that cannot be left unfilled, so when the time comes they can fill those positions, this is known as?
Capture system image
Capturing an image of the OS in its exploited state is known as which process in forensics?
Act in order of Volatility
Collecting data that might not exist longer than others is known as what in forensics?
Take hashes
Collecting hash values and storing them for later analysis is known as which part of forensics?
disconnect
During an intrusion as soon as it becomes apparent that data is at risk you should __________________ the user.
data
During an intrusion the security of the _____________ should be considered paramount.
Antivirus software
Every network should have a firewall, but should it also have to protected from viruses that should be enabled and up to date (current)?
Recovery Time Objective (RTO)
How quickly you need to have that application's information available after downtime has occurred, this is known as which part of SLA?
No
If a system is compromised with a worm for example, will the system still have a possibility of restoring it by doing a system reboot or a system restore?
Service Level Agreement (SLA)
If a vendor promises to provide you with a response time of four hours, this means that it will have service technician involved and dedicated to resolving any difficulties you encounter, this is true of which agreement?
SLA (Service Level Agreement)
If you buy a laptop from a computer store and decide to buy a warranty which agreement should read carefully and compare to the manufacturers and verify the length of time it will take the store to repair the laptop before you purchase their agreement, which agreement is the one that needs verifying?
Recovery Time Objective (RTO)
In SLA what is known as the maximum amount of time that a process or service is allowed to be down and the consequences still to be considered acceptable?
Mean Time Between Failures (MTBF)
In SLA what is the measure of the anticipated incidence of failure for a system or component?
Mean Time to Restore (MTTR)
In SLA which is a common measure of maintainability?
Act of in order of volatility
In forensics when you have multiple issues you should address them in order with the most volatile first, this is known as?
Capture video
In forensics which process requires to capture video any video to be analyzed later ?
routine drills
In order to ensure that your incident response plan is effective and executed properly, what should you schedule to evaluate this plan?
Step 3: Reparing the damage
In which step of incident response do you determine how to restore access to resources that have been compromised after an incident?
Step 3: Repairing the damage
In which step of incident response do you reestablish control of the system after restoring resources that have been compromised?
Step 5: Adjusting procedures
In which step of incident response would ask question such as the following?: -How dis the policies work or not work in this situation? -What did you learn about the situation that was new? -What should you do differently next time?
Step 5: Adjusting procedures
In which step of incident response would perform a process called post mortem?
Step 4: Documenting and reporting the response
In which step of incident response would you consider reporting/disclosing the incident to legal authorities and CERT so that others may be aware?
Step 5: Adjusting procedures
In which step of incident response, after an incident has been successfully managed would you revisit the procedures and policies in place?
Step 5: Adjusting procedures
In which step would you evaluate the entire incident response process and its policies to find out if the process is being managed and resolved accordingly?
Source code or code escrow
In your agreements the software developer should provide you with the ________________ code or _______________ clause to acquire the software if the company goes out of business.
Take hashes
Part of collecting data in forensics includes collecting which data that are "known traceable software through hash values"?
Post mortem
Simple questions that can help adjust the procedures of an incident response policy (equivalent to an autopsy) is known as?
Track man hours and expenses
Since an investigation is expensive, what are you required to do to justify them to superiors, court, or insurance agents?
Orphanware
Software that exists without support of any type because a software company had to close their doors is known as?
Orphanware
Software that exists without support of any type because software companies were forced to close is known as?
Investigating the incident
Step 2 of incident response is known as?
Repairing the damage
Step 3 of incident response is known as?
Documenting and reporting the response
Step 4 of incident response is known as?
Adjusting procedures
Step 5 of incident response is known as?
Act in order of volatility
The amount of time that you have yo collect certain data before a window of opportunity is gone, is known as what in forensics?
Mean Time to Restore (MTTR)
The average time from the moment of a service failure until when the service is restored is known as?
Mean Time to Restore (MTTR)
The average time needed to reestablish services to their former state is known as which part of SLA?
Mean Time Between Failures (MTBF)
The expected time between a repair and the next failure of a component, machine, process, or product, this is known as?
Recovery Time Objective (RTO)
The length of time it will take to recover the data that has been backed up is known as which part of SLA?
Mean Time to Restore (MTTR)
The measurement of how long it takes to repair a system or component once a failure occursis known as?
Mean Time Between Failures (MTBF)
The predicted amount of time between inherent failures of a system during operation is known as?
Code escrow
The storage and conditions for release of source code provided by a vendor, partner, or other party is known as?
Service Level Agreement (SLA)
Which agreement done between a company and service provider, should go past the company's legal department and your superior as part of good practices?
Code escrow clause
What clause is needed in an agreement that if a vendor ceases operations and goes out of business you will have access to the source code?
False positives
What is one reason most administrators will not put as much security on networks as they should? What is it that they don't want to deal with?
Identifying the incident
What is step 1 of incident response?
Succession planning
What is term for those internal to the organization who have the ability to step into positions when they open?
Big data analysis
What is tested in the first three tabletop exercises (document review, walkthrough, and simulation)?
Disaster recovery process
What process can most OS run after a system has been been compromised that will use distribution media or system state files to restore the system?
Big data
What refers to data that is too large to be dealt with by traditional database management means?
Code escrow
What refers to the storage and conditions of a release of source code provided by a vendor?
Record Time Offset
What should be recorded on every infected machine during investigation just in case the time is offset?
Firewall
What should every network have regardless of the size as part of security and first line of defense?
Step 1
What step of incident response is known as: - Identify the incident.
Complete disk drive format or repartition
When a system is compromised by a worm or any other virus that will make it impossible for the system to be repaired with a system restore, what should you do that will require your system to start from start over and make sure that the threat is wiped off the system?
Mitigation steps
When an intrusion has been successful and data has been stolen, what step should you take to minimize or lessen the damage?
Damage and loss control
When an intrusion is occurring what is important to do to minimize the impact of the incident?
Worm
When you completely reformat a users drive and reinstall the OS, antivirus software, and applications, its more likely because the user contracted a?
Service Level Agreement (SLA)
Which agreement between a company and a service provider defines what is possible to deliver, and they provide the contract to make sure what is delivered is what is promised?
Service Level Agreement (SLA)
Which agreement is also done in companies internally with departments?
Talk to witnesses
Which part of forensics requires talking any possible witnesses as soon as possible after the incident?
Capture Screenshots
Which part of forensics requires you to capture screenshots for later analysis?
Document network traffic logs
Which process in forensics requires you to look at traffic and logs to identify repeated attacks?
Capture system image
Which step in forensics or incident response requires you to capture an image of the OS in its exploited or infected state?
Step 4: Documenting and reporting the response
Which step in incident response requires you to document the steps you took to identify, detect, and repair the system or network during the incident?
Step 4
Which step of incident response is known as: - Documenting and reporting the response.
Step 2
Which step of incident response is known as: - Investigating the incident.
Step 3
Which step of incident response is known as: - Repairing the damage.
Step 5
Which step of incident response is known as: -Adjusting procedures.
Step 4: Documenting and reporting the response
Which step requires you to document or capture everything during incident response because it is considered valuable information that can help the next time a similar attack occurs?
Cutover test
Which tabletop exercise if not properly prepared for it and it fails, your entire system will be offline and you would have created a disaster?
Cutover test
Which tabletop exercise is a test where you shut down the main systems and has everything fail over to backup systems?
Parallel test
Which tabletop exercise is a test where you start up all backup systems but leave the main systems functioning?
Simulation
Which tabletop exercise is a walkthrough of recovery, operations, resumption plans, and procedures in a scripted "case study" or "scenario"?
Cutover test
Which tabletop exercise is very difficult to perform because of the outcome of it fails?
Service level agreements and code escrow
Which two agreements help protect you in the event that a software vendor goes out of business or if you have a dispute with a maintenance provider for your systems?
Walkthrough
Which type of tabletop exercise is a group discussion of recovery, operations, resumption plans, and procedures?
Document review
Which type of tabletop exercise is known as a review of recovery, operations, resumption plans, and procedures?
Penetration testers
Who do companies usually hire to test their systems defenses?
Simulation and Parallel tests
You should never do a cutover test if you have not already done which 2 tabletop exercises first?
