upcoming---

an indicator is an activity in progress that may signal an incident could occur in the future

false

risk analysis is the probability that a specific vulnerability within an organization will be attacked by a threat.

false

the emergence of cloud computing technologies and practices has had little or no effect on the world of contingency planning and operations

false

the health insurance portability and accountability act (HIPAA) of 1996, which is also known as gramm-leach-bliley. attempts to protect the confidentiality and security of healthcare data by establishing and enforcing standards and by standardizing electronic data interchange.

false

the public relations (PR) department needs to be briefed on what information should be disclosed to the organization's employees if an incident occurs

false

__is the organized research and investigation of internet addresses owned or controlled by a target organization

footprinting

the incident response policy element of __ states that the policy must use concrete language that directs behavior and avoid statements that are subject to individual interpretation

functionality

which of the following laws addresses privacy and security concerns associated with the electronic transmission of PHI, in part through several provisions that strengthen HIPAA rules for civil and criminal enforcement?

health information technology for economic and clinical health (HITECH) act of 2009

the CSIRT should be available for contact by anyone who discovers or suspects that an incident involving the organization has occurred some organizations prefer that employees contact the __ which then determines whether to contact the CSIRT

help desk

A(n) _____________ is generally a fully configured computer facility, with all services, communications links, and physical plant operations, which is capable of establishing operations at a moment's notice.

hot site

what is the process of acting on risk after the organization has identified risk, assessed it, evaluated it, and then determined that the residual risk is unacceptable?

risk control

the entire program of planning for and managing risk to information assets in the organization is referred to as_.

risk management

Which of the following steps of building a CSIRT comes later in the process than the other steps listed below?

Communicate the CSIRT's vision and operational plan

Laws Germane to Contingency Planning

Computer Fraud and Abuse (CFA) Act of 1986 Electronic Communications Privacy Act (ECPA) of 1986 Health Insurance Portability and Accountability Act (HIPAA) of 1996 Federal Trade Commission Act (FTCA) Gramm-Leach-Bliley (GLB) Act of 1999 Sarbanes-Oxley (SOX) Act of 2002 American Recovery and Reinvestment Act (ARRA) of 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 (part of ARRA-2009) Disaster Recovery Reform Act of 2018

The _is an investigation and assessment of the impact that various events or incidents can have on the organization.

business impact analysis

the _is an investigation and assessment of the impact that various events or incidents can have on the organization.

business impact analysis

an__ may signal an adverse event is under way and provide a notification of an incident candidate

indicator

is the protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training, and awareness , and technology.

information security

a CPMT should include__who can oversee the security planning of the project and provide information on threats, vulnerabilities, and recovery requirements needed in the planning process.

information security managers

information assets have when they are not exposed (while being stored, processed, or transmitted) to a corruption, damage, destruction, or other disruption of their authentic states.

integrity

the __ department of an organization needs to review the procedure of the CSIRT and understand the steps the CSIRT and understand the steps the CSRT will perform to ensure it is within legal and ethical guidelines for the municipal, state, and federal jurisdictions

legal

a backup plan using WAN/VLAN replication and a recovery strategy using a warm site is most suitable for information systems that have__ priority within an organization

moderate

the general categories of unethical behavior that an organizations management seeks to eliminate include each of the following except .

opportunism

organizations with limited funding, staffing, or IR needs may have only __ IR team members

part time

the organization must first understand what skills are needed to effectively respond to an incident. if necessary, management must determine if it is willing to acquire needed __ to fill

personnel

the u.s national institute of standards and technology defines the incident response life cycle as having four main processes 1) preparation, 2) detection and analysis, 3) containment, eradication, and recovery, and 4___

post incident activity

an __may signal an incident that could occur in the future

precursor

___incident responses enables the organization to react to a detected incident quickly and effectively, without confusion or wasted time and effort

predefining

an __is an extension of an organization's intranet into cloud computing

private cloud

both data backups and archives should be based on an __ schedule that guides the frequency of replacement and the duration of the storage

retention

The transference risk treatment strategy attempts to shift risk to other assets, other processes, or other organizations.

true

an incident is an adverse event that violates the security of an organization and represents a potential risk of loss of loss of the confidentiality, integrity, or availability of its assets and outgoing operations

true

gathering information on and identifying network assets is known as fingerprinting

true

it is the responsibility of infosec personnel to deter and, where possible, prevent unethical and illegal acts.

true

risk treatment is the selection of a strategy to address residual risk in an effort to bring it into alignment with the organizations risk appetite.

true

some data is required by law to be retained and stored for years

true

the CSIRT may also be known as the IR reaction team

true

without formal management support at all levels from the top down to each supervisor any organization wide effort will fail

true

the __ flow of information needed from the CSIRT to organizational and IT/infosec management is a critical communication requirement

upward

an entry level infosec professional often responsible for the routine monitoring and operation of a particular infosec technolgy is called a __

watchstander

Whether the objective is to recover a backup of a file that has been accidentally deleted or to transfer an entire data center to an alternate facility, there are five key mechanisms that help restore critical information and the continuation of business operations:

•Delayed data protection •Real-time data protection •Server recovery •Application recovery Site recovery

Deterrence is the best method for preventing an illegal or unethical activity; however, laws, policies, and their associated penalties only deter if three conditions are present:

•Fear of penalty •Probability of being caught •Probability of penalty being administered

There are three general categories of unethical behavior that an organization's management seeks to eliminate:

•Ignorance •Accident •Malicious intent

A typical roster for the CPMT may include

•Leadership •A champion •A project manager •Team members •Representatives from other business units: •Business managers •IT managers •InfoSec managers •Representatives from subordinate planning teams (IR/DR/BC/CM) •Representatives from subordinate response teams (IR/DR/BC/CM)

What is the period of time within which systems, applications, or functions must be recovered after an outage?

. RTO (recovery time objective)

_____________ is/are responsible for the overall planning and development of the contingency planning process, including the organization of subordinate teams and oversight of subordinate plans.

. The contingency planning management team (CPMT)

A(n) _____________ is the long-term storage of a document or data file, usually for legal or regulatory purposes.

. archive

The CPMT conducts the BIA in three stages:

1.Assessing mission/business processes and recovery criticality 2.Identifying resource requirements 3.Identifying recovery priorities

What is a description of a potential attack that includes as much information as the IRPT can document on the most likely attack methods and attack points?

Attack scenario

Which of the following is not a common consideration when an organization funds a CSIRT operation?

Budgeting for team retreats and recruiting bonuses to attract CSIRT membership

Which of the following is a definite indicator of an incident?

Changes to logs

what is a targeted technique to misuse a specific vulnerability and compromise a system?

Exploit

Risk appetite is the recognition, enumeration, and documentation of risks to an organizations information assets.

False

the __of an organization defines the roles and responsibilities for incident response by the CSIRT and others who will be mobilized in the activation of the plan

IR policy

Which of the following is not a general detection strategy for incidents?

Inform law enforcement about suspicious behavior.

__uses a number of hard drives to store information across multiple drive units

RAID

a subject or objects ability to use, manipulate, modify, or affect another subject or objects known as_.

access

NIST SP 800-61 REV 1 provides a five category classification scheme for network based incidents that includes each of these except

all of these are NIST incident classifications

the duplication of systems data to external media or a secondary location to provide recovery capability in the event of data loss is a __

answer is not "data archive"

the__CSIRT model is used when the organization needs a full time, on site CSIRT but does not haveenough available qualified employees

answer not "24/7"

__is used to maintain awareness of evolving threats in general and is a resource for researching specific threats as an organization develops usable threat intelligence

answer not "deep web research"

Information assets have___when authorized users-people or computer systems=are able to access them in the specified format without interference or obstruction.

availability

a CSIRT model in which a single CSIRT handles incidents throughout the organization is called an__

central CSIRT

in a CPMT the __ should be a high level manager with influence and resources that can be used to support the project team, promote the objectives of the CP project, and endorse the results that come from the combined effort.

champion

the champion for the CSIRT may be the same person as the champion for the entire IR function typically the __

chief information officer

the incident response policy element of __ states that each person expected to comply with policy must be able to understand the policy as it is written

clarity

within an organization an__ is a group of individuals who are united by shared interests or values and who have a common goal of making the organization function to meet its objectives.

community of interest

which of the following laws is the cornerstone of many U.S computer related federal laws and enforcement efforts and formally criminalizes accessing a computer without authorization or exceeding authorized access for the systems that contain information of national interest as determined by the U.S government?

computer fraud and abuse (CFA) act of 1986

__ensures that only those with the rights and privileges to access information are able to do so.

confidentiality

the elements required to begin the __process are a planning methodology, a policy environment to enable the planning process, an understanding of the causes and effects of core precursor activities and across to financial and other resources.

contingency planning

a series of steps hat follow the stages of a cyberattack from early reconnaissance to the exfiltration of data is known as the __

cyber kill chain

the most common schedule for tape based backups is a __ backup, either incremental or differential , with a weekly off site full backup

daily on site

__is the stage in the cyber kill chain that deals with the transmission of the weaponized delivery mechanism to the intended target or targets

delivery

RAID 0 creates one logical volume across several available hard disk drives and stores the data using__ in which data segments are written in turn to each disk drive in the array

disk striping

an organization aggregates all local backups to a central repository and then backs up the repository to an online vendor with a __ backup strategy

disk to disk to cloud

a CSIRT model that is effective for large organizations and for organizations with major computing resources at distant locations is the __

distributed CSIRT

from the detailed scenarios they create the BIA planning team must estimate the cost of the best, worst, and most likely outcomes by preparing an attack scenario __

end case

__ is the stage in the cyber kill chain that includes the activation and intuition of the process whereby the crafted exploit gains a foothold and attempts to expand its influence

exploitation