Chapter 12 Review Questions
According to CERT, which of the following would be a formalized or an ad hoc team you can call upon to respond to an incident after it arises? A. CSIRT B. CIRT C. IRT D. RT
A. A CSIRT is a formalized or an ad hoc team that you can call upon to respond to an incident after it arises.
Which of the following types of penetration testing focuses on the system, using techniques such as port scans, traceroute information, and network mapping to find weaknesses? A. Active reconnaissance B. Passive reconnaissance C. Operational reconnaissance D. Constricted reconnaissance
A. Active reconnaissance is a type of penetration testing that focuses on the system, using techniques such as port scans, traceroute information, and network mapping to find weaknesses.
Your company is about to invest heavily in a new server farm and have made an attractive offer for a parcel of land in another country. A consultant working on another project hears of this and suggests that you get the offer rescinded because the laws in that country are much more stringent than where you currently operate. Which of the following is the concept that data is subject to the laws of where it is stored? A. Data sovereignty B. Data subjugation C. Data dominion D. Data protectorate
A. Data sovereignty is the concept that data is subject to the laws of where it is stored.
You're a consultant brought in to advise MTS on its backup procedures. One of the first problems you notice is that the company doesn't use a good tape-rotation scheme. Which backup method uses a rotating schedule of backup media to ensure long-term information storage? A. Grandfather, Father, Son method B. Full Archival method C. Backup Server method D. Differential Backup method
A. The Grandfather, Father, Son backup method is designed to provide a rotating schedule of backup processes. It allows for a minimum usage of backup media, and it still allows for long-term archiving.
Which plan or policy helps an organization determine how to relocate to an emergency site? A. Disaster-recovery plan B. Backup site plan C. Privilege management policy D. Privacy plan
A. The disaster-recovery plan deals with site relocation in the event of an emergency, natural disaster, or service outage.
You're trying to rearrange your backup procedures to reduce the amount of time they take each evening. You want the backups to finish as quickly as possible during the week. Which backup system backs up only the files that have changed since the last backup? A. Full backup B. Incremental backup C. Differential backup D. Backup server
B. An incremental backup backs up files that have changed since the last full or partial backup.
Which of the following is a newer backup type that provides continuous online backup by using optical or tape jukeboxes and can be configured to provide the closest version of an available real-time backup? A. TPM B. HSM C. SAN D. NAS
B. HSM is a newer backup type that provides continuous online backup by using optical or tape jukeboxes. It appears as an infinite disk to the system, and it can be configured to provide the closest version of an available real-time backup.
Karl is conducting penetration testing on the Pranks Anonymous servers and having difficulty finding a weakness. Suddenly, he discovers that security on a different company's server—a vendor to Pranks Anonymous—can be breached. Once he has compromised the completely different company's server, he can access the Pranks Anonymous servers and then launch an attack. What is this weakness/exploit known as? A. Fulcrum B. Pivot C. Swivel D. Twirl
B. In the realm of penetration testing, using a weakness in another—usually trusted— entity to launch an attack against a site/server is known as a pivot.
Which site best provides limited capabilities for the restoration of services in a disaster? A. Hot site B. Warm site C. Cold site D. Backup site
B. Warm sites provide some capabilities in the event of a recovery. The organization that wants to use a warm site will need to install, configure, and reestablish operations on systems that may already exist at the warm site.
Although you're talking to her on the phone, the sound of the administrative assistant's screams of despair can be heard down the hallway. She has inadvertently deleted a file that the boss desperately needs. Which type of backup is used for the immediate recovery of a lost file? A. Onsite storage B. Working copies C. Incremental backup D. Differential backup
B. Working copies are backups that are usually kept in the computer room for immediate use in recovering a system or lost file.
Which of the following would normally not be part of an incident response policy? A. Outside agencies (that require status) B. Outside experts (to resolve the incident) C. Contingency plans D. Evidence collection procedures
C. A contingency plan wouldn't normally be part of an incident response policy. It would be part of a disaster-recovery plan.
Which backup system backs up all the files that have changed since the last full backup? A. Full backup B. Incremental backup C. Differential backup D. Archival backup
C. A differential backup backs up all of the files that have changed since the last full backup.
The process of automatically switching from a malfunctioning system to another system is called what? A. Fail-safe B. Redundancy C. Failover D. Hot site
C. Failover occurs when a system that is developing a malfunction automatically switches processes to another system to continue operations.
Which of the following is the process used during data acquisition for the preservation of all forms of relevant information when litigation is reasonably anticipated? A. Chain of custody B. Order of volatility C. Legal hold D. Strategic intelligence gathering
C. The process that is used during data acquisition for the preservation of all forms of relevant information when litigation is reasonably anticipated is known as legal hold.
Which of the following types of vulnerability scans uses actual network authentication to connect to systems and scan for vulnerabilities? A. Credentialed B. Validated C. Endorsed D. Confirmed
C. The process that is used during data acquisition for the preservation of all forms of relevant information when litigation is reasonably anticipated is known as legal hold.
Which of the following is a reversion from a change that had negative consequences? A. Backup B. ERD C. Backout D. DIS
C. A backout is a reversion from a change that had negative consequences.
Which type of penetration-style testing involves actually trying to break into the network? A. Discreet B. Indiscreet C. Nonintrusive D. Intrusive
D. Intrusive testing involves actually trying to break into the network. Non-intrusive testing takes more of a passive approach.
You're the head of information technology for MTS and have a brother in a similar position for ABC. The companies are approximately the same size and are located several hundred miles apart. As a benefit to both companies, you want to implement an agreement that would allow either company to use resources at the other site should a disaster make a building unusable. What type of agreement between two organizations provides mutual use of their sites in the event of an emergency? A. Backup-site agreement B. Warm-site agreement C. Hot-site agreement D. Reciprocal agreement
D. A reciprocal agreement is between two organizations and allows one to use the other's site in an emergency.
Which of the following is a concept that works on the assumption that any information created on any system is stored forever? A. Cloud computing B. Warm site C. Big data D. Full archival
D. Full archival is a concept that works on the assumption that any information created on any system is stored forever.
What is another name for working copies? A. Functional copies B. Running copies C. Operating copies D. Shadow copies
D. Working copies are also known as shadow copies.