Security + Chapter 12 Part 3

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

BIA (Business Impact Analysis)

RTO (Recovery Time Objectives) is agreed during which process?

Service Level Agreement (SLA)

Which agreement is part of network availability, its an agreement between a company and a service provider (technical support provider)?

Service Level Agreement (SLA)

Which agreement should be read carefully and make sure that you are not unintentionally exposing your organization to harm?

Service Level Agreement (SLA)

Which agreement should stipulate how long the repair will take once the support process has been activated?

Code escrow

Which agreement would stipulate how source code would be made available to customers in the event of a vendors bankruptcy?

Service Level Agreement (SLA)

Which agreement is also known as maintenance contracts when referring to hardware or software?

Service Level Agreement (SLA)

Which is an agreement between you or your company and a service provider, typically a technical support provider?

Mean Time Between Failures (MTBF)

Which measurement in SLA determimes the components or systems anticipated lifetime?

Mean Time Between Failures (MTBF)

Which measurement in SLA is helpful in evaluating a systems reliability and life expectancy?

Mean Time to Restore (MTTR)

Which measurement in SLA. for example if its said it takes 24 he's to restore then it will take 24 hrs to repair when it breaks?

Tabletop exercises

-Document review -Walkthrough -Simulation -Parallel test -Cutover test These are types of exercises known as?

Service Level Agreement (SLA)

-Recovery Time Objectives -Mean Time between Failures -Mean Time to Restore These are key measures to which agreement?

Mitigation steps

1. Immediately changing passwords. 2. Notify relevant parties. 3. Make procedural changes so that the information stolen cannot be used to affect additional breaches. These are steps taken to minimize or lessen the damage after an attack has been successful, these steps are known as?

Service Level Agreement (SLA)

A document that provides a company with a performance guarantee for services outsourced to a vendor, this is known as?

Intrusion

A guest user account login in remotely into a network is an example of an?

Tabletop Exercises

A simulation of a disaster, it is also a way to check to see if your plans are ready to, this is known as?

System image

A snapshot of the current state of the computer that contains all settings and data is known as?

Worm

A user gets clicks on an email attachment even though he updated the computers programs and antivirus, he's reporting unusual behavior from the system and other users that are in his email book address are complaining, what has the user contracted?

System reboot

After a DoS attack has occurred, what process should you do next to restore services and gain control of a compromised system?

Succession planning

Associating internal employees into key roles that cannot be left unfilled, so when the time comes they can fill those positions, this is known as?

Capture system image

Capturing an image of the OS in its exploited state is known as which process in forensics?

Act in order of Volatility

Collecting data that might not exist longer than others is known as what in forensics?

Take hashes

Collecting hash values and storing them for later analysis is known as which part of forensics?

disconnect

During an intrusion as soon as it becomes apparent that data is at risk you should __________________ the user.

data

During an intrusion the security of the _____________ should be considered paramount.

Antivirus software

Every network should have a firewall, but should it also have to protected from viruses that should be enabled and up to date (current)?

Recovery Time Objective (RTO)

How quickly you need to have that application's information available after downtime has occurred, this is known as which part of SLA?

No

If a system is compromised with a worm for example, will the system still have a possibility of restoring it by doing a system reboot or a system restore?

Service Level Agreement (SLA)

If a vendor promises to provide you with a response time of four hours, this means that it will have service technician involved and dedicated to resolving any difficulties you encounter, this is true of which agreement?

SLA (Service Level Agreement)

If you buy a laptop from a computer store and decide to buy a warranty which agreement should read carefully and compare to the manufacturers and verify the length of time it will take the store to repair the laptop before you purchase their agreement, which agreement is the one that needs verifying?

Recovery Time Objective (RTO)

In SLA what is known as the maximum amount of time that a process or service is allowed to be down and the consequences still to be considered acceptable?

Mean Time Between Failures (MTBF)

In SLA what is the measure of the anticipated incidence of failure for a system or component?

Mean Time to Restore (MTTR)

In SLA which is a common measure of maintainability?

Act of in order of volatility

In forensics when you have multiple issues you should address them in order with the most volatile first, this is known as?

Capture video

In forensics which process requires to capture video any video to be analyzed later ?

routine drills

In order to ensure that your incident response plan is effective and executed properly, what should you schedule to evaluate this plan?

Step 3: Reparing the damage

In which step of incident response do you determine how to restore access to resources that have been compromised after an incident?

Step 3: Repairing the damage

In which step of incident response do you reestablish control of the system after restoring resources that have been compromised?

Step 5: Adjusting procedures

In which step of incident response would ask question such as the following?: -How dis the policies work or not work in this situation? -What did you learn about the situation that was new? -What should you do differently next time?

Step 5: Adjusting procedures

In which step of incident response would perform a process called post mortem?

Step 4: Documenting and reporting the response

In which step of incident response would you consider reporting/disclosing the incident to legal authorities and CERT so that others may be aware?

Step 5: Adjusting procedures

In which step of incident response, after an incident has been successfully managed would you revisit the procedures and policies in place?

Step 5: Adjusting procedures

In which step would you evaluate the entire incident response process and its policies to find out if the process is being managed and resolved accordingly?

Source code or code escrow

In your agreements the software developer should provide you with the ________________ code or _______________ clause to acquire the software if the company goes out of business.

Take hashes

Part of collecting data in forensics includes collecting which data that are "known traceable software through hash values"?

Post mortem

Simple questions that can help adjust the procedures of an incident response policy (equivalent to an autopsy) is known as?

Track man hours and expenses

Since an investigation is expensive, what are you required to do to justify them to superiors, court, or insurance agents?

Orphanware

Software that exists without support of any type because a software company had to close their doors is known as?

Orphanware

Software that exists without support of any type because software companies were forced to close is known as?

Investigating the incident

Step 2 of incident response is known as?

Repairing the damage

Step 3 of incident response is known as?

Documenting and reporting the response

Step 4 of incident response is known as?

Adjusting procedures

Step 5 of incident response is known as?

Act in order of volatility

The amount of time that you have yo collect certain data before a window of opportunity is gone, is known as what in forensics?

Mean Time to Restore (MTTR)

The average time from the moment of a service failure until when the service is restored is known as?

Mean Time to Restore (MTTR)

The average time needed to reestablish services to their former state is known as which part of SLA?

Mean Time Between Failures (MTBF)

The expected time between a repair and the next failure of a component, machine, process, or product, this is known as?

Recovery Time Objective (RTO)

The length of time it will take to recover the data that has been backed up is known as which part of SLA?

Mean Time to Restore (MTTR)

The measurement of how long it takes to repair a system or component once a failure occursis known as?

Mean Time Between Failures (MTBF)

The predicted amount of time between inherent failures of a system during operation is known as?

Code escrow

The storage and conditions for release of source code provided by a vendor, partner, or other party is known as?

Service Level Agreement (SLA)

Which agreement done between a company and service provider, should go past the company's legal department and your superior as part of good practices?

Code escrow clause

What clause is needed in an agreement that if a vendor ceases operations and goes out of business you will have access to the source code?

False positives

What is one reason most administrators will not put as much security on networks as they should? What is it that they don't want to deal with?

Identifying the incident

What is step 1 of incident response?

Succession planning

What is term for those internal to the organization who have the ability to step into positions when they open?

Big data analysis

What is tested in the first three tabletop exercises (document review, walkthrough, and simulation)?

Disaster recovery process

What process can most OS run after a system has been been compromised that will use distribution media or system state files to restore the system?

Big data

What refers to data that is too large to be dealt with by traditional database management means?

Code escrow

What refers to the storage and conditions of a release of source code provided by a vendor?

Record Time Offset

What should be recorded on every infected machine during investigation just in case the time is offset?

Firewall

What should every network have regardless of the size as part of security and first line of defense?

Step 1

What step of incident response is known as: - Identify the incident.

Complete disk drive format or repartition

When a system is compromised by a worm or any other virus that will make it impossible for the system to be repaired with a system restore, what should you do that will require your system to start from start over and make sure that the threat is wiped off the system?

Mitigation steps

When an intrusion has been successful and data has been stolen, what step should you take to minimize or lessen the damage?

Damage and loss control

When an intrusion is occurring what is important to do to minimize the impact of the incident?

Worm

When you completely reformat a users drive and reinstall the OS, antivirus software, and applications, its more likely because the user contracted a?

Service Level Agreement (SLA)

Which agreement between a company and a service provider defines what is possible to deliver, and they provide the contract to make sure what is delivered is what is promised?

Service Level Agreement (SLA)

Which agreement is also done in companies internally with departments?

Talk to witnesses

Which part of forensics requires talking any possible witnesses as soon as possible after the incident?

Capture Screenshots

Which part of forensics requires you to capture screenshots for later analysis?

Document network traffic logs

Which process in forensics requires you to look at traffic and logs to identify repeated attacks?

Capture system image

Which step in forensics or incident response requires you to capture an image of the OS in its exploited or infected state?

Step 4: Documenting and reporting the response

Which step in incident response requires you to document the steps you took to identify, detect, and repair the system or network during the incident?

Step 4

Which step of incident response is known as: - Documenting and reporting the response.

Step 2

Which step of incident response is known as: - Investigating the incident.

Step 3

Which step of incident response is known as: - Repairing the damage.

Step 5

Which step of incident response is known as: -Adjusting procedures.

Step 4: Documenting and reporting the response

Which step requires you to document or capture everything during incident response because it is considered valuable information that can help the next time a similar attack occurs?

Cutover test

Which tabletop exercise if not properly prepared for it and it fails, your entire system will be offline and you would have created a disaster?

Cutover test

Which tabletop exercise is a test where you shut down the main systems and has everything fail over to backup systems?

Parallel test

Which tabletop exercise is a test where you start up all backup systems but leave the main systems functioning?

Simulation

Which tabletop exercise is a walkthrough of recovery, operations, resumption plans, and procedures in a scripted "case study" or "scenario"?

Cutover test

Which tabletop exercise is very difficult to perform because of the outcome of it fails?

Service level agreements and code escrow

Which two agreements help protect you in the event that a software vendor goes out of business or if you have a dispute with a maintenance provider for your systems?

Walkthrough

Which type of tabletop exercise is a group discussion of recovery, operations, resumption plans, and procedures?

Document review

Which type of tabletop exercise is known as a review of recovery, operations, resumption plans, and procedures?

Penetration testers

Who do companies usually hire to test their systems defenses?

Simulation and Parallel tests

You should never do a cutover test if you have not already done which 2 tabletop exercises first?


संबंधित स्टडी सेट्स

240 Chapter 39: Oxygenation and Perfusion

View Set

Principles of Macro Economics - Final Exam Flash Cards

View Set

Mod 33 The Concept of Reproduction W/RATIONALs

View Set

N212-Safe Medication Administration and Dosage Test

View Set

BIBL 104-Quiz: The Old Testament Books of Prophecy

View Set