SPM401 - Chapter 10
If operations at the primary site cannot be quickly restored, the ____________________ occurs concurrently with the DR plan, enabling the business to continue at an alternate site.
BCP business continuity plan BC plan
The four components of contingency planning are the ____________________, the incident response plan, the disaster recovery plan, and the business continuity plan.
BIA Business Impact Analysis
____________________ planning ensures that critical business functions can continue if a disaster occurs.
Business continuity
In a warm site, all services and communications links are fully configured and the site can be fully functional within minutes.
False
In most organizations, the COO is responsible for creating the IR plan.
False
Training should be as specialized as possible; personnel who are responsible for one duty should not be trained on other duties to avoid confusion during a disaster.
False
When an incident takes place, the disaster recovery (DR) plan is invoked before the incident response (IR) plan.
False
When performing parallel testing, normal operations of the business are not impacted.
True
In which type of site are no computer hardware or peripherals provided? a. cold site b. warm site c. timeshare d. hot site
a cold site
Which of the following is an example of a rapid-onset disaster? a. Flood b. Pest infestation c. Famine d. Environmental degradation
a flood
In the event of an incident or disaster, which team sets up and starts off-site operations? a. project management b. business continuity c. disaster recovery d. incident response
b business continuity
When a disaster renders the current business location unusable, which plan is put into action? a. crisis management b. business continuity c. incident response d. disaster recovery
b business continuity
After an incident, but before returning to its normal duties, the CSIRT must do which of the following? a. create the incident damage assessment b. conduct an after-action review c. restore data from backups d. restore services and processes in use
b conduct an after-action review
Which of the following has the main goal of restoring normal modes of operation with minimal cost and disruption to normal business activities after an event? a. risk management b. contingency planning c. business response d. disaster readiness
b contingency planning
Which of the following determines the scope of the breach of confidentiality, integrity, and availability of information and information assets? a. incident report b. incident damage assessment c. information loss assessment d. damage report
b incident damage assessment
Which of the following is a tool that can be useful in resolving the issue of what business function is the most critical? a. BIA questionnaire b. weighted analysis tool c. recovery time organizer d. MTD comparison
b weighted analysis tool
At what point in the incident lifecycle is the IR plan initiated? a. before an incident takes place b. when an incident is detected c. once the DRP is activated d. once the BCP is activated
b when an incident is detected
Which of the following is a responsibility of the crisis management team? a. Restoring the data from backups b. Evaluating monitoring capabilities c. Activating the alert roster d. Restoring the services and processes in use
c activating the alert roster
Which of the following is true about a hot site? a. It is an empty room with standard heating, air conditioning, and electrical service. b. It includes computing equipment and peripherals with servers but not client workstations. c. It duplicates computing resources, peripherals, phone systems, applications, and workstations. d. All communications services must be installed after the site is occupied.
c it duplicates computing resources, peripherals, phone systems, applications and workstations
Which is the first step in the contingency planning process? a. business continuity training b. disaster recovery planning c. incident response planning d. business impact analysis
d business impact analysis
Which of the following is usually conducted via leased lines or secure Internet connections whereby the receiving server archives the data as it is received?. a. Database shadowing b. Timesharing c. Traditional backups d. Electronic vaulting
d electric vaulting
In which contingency plan strategy do individuals act as if an actual incident occurred, and begin performing their required tasks and executing the necessary procedures, without interfering with the normal operations of the business? a. a desk check b. a simulation c. a structured walk-through d. parallel testing
d parallel testing
What is the last stage of the business impact analysis? a. identify resource requirements b. analysis and prioritization of business processes c. collect critical information about each business unit d. prioritize resources associated with the business processes
d prioritize resources associated with the business processes
Which of the following is a definite indicator of an actual incident? a. Unusual system crashes b. Reported attack c. Presence of new accounts d. Use of dormant accounts
d use of dormant accoutns
The bulk batch-transfer of data to an off-site facility is known as ____________________.
electronic vaulting
In ____________________ testing of contingency plans, the individuals follow each and every procedure, including the interruption of service, restoration of data from backups, and notification of appropriate individuals.
full-interruption
A(n) ____________________ occurs when an attack affects information resources and/or assets, causing actual damage or other disruptions.
incident
The ____________________ plan is a detailed set of processes and procedures that anticipate, detect, and mitigate the effects of an unexpected event that might compromise information resources and assets.
incident response IR
A(n) ____________________ is an agency that provides, in the case of DR/BC planning, physical facilities for a fee.
service bureau
Which of the following is a part of the incident recovery process? a. Identifying the vulnerabilities that allowed the incident to occur and spread b. Determining the event's impact on normal business operations and, if necessary, making a disaster declaration c. Supporting personnel and their loved ones during the crisis d. Keeping the public informed about the event and the actions being taken to ensure the recovery of personnel and the enterprise
a identifying the vulnerabilites that allowed the incident to occur and spread.
Which of the following is the process of examining a possible incident and determining whether it constitutes an actual incident? a. Incident classification b. Incident identification c. Incident registration d. Incident verification
a incident classification
Which of the following is the transfer of live transactions to an off-site facility? a. Remote journaling b. Electronic vaulting c. Database shadowing d. Timesharing
a remote journaling
Which of the following is a possible indicator of an actual incident? a. Unusual consumption of computing resources b. Activities at unexpected times c. Presence of hacker tools d. Reported attacks
a unusual consumption of computing resources
When dealing with an incident, the incident response team must conduct a(n) ____________________, which entails a detailed examination of the events that occurred from first detection to final recovery.
after action review
A(n) ____________________ is a document containing contact information of the individuals to notify in the event of an actual incident.
alert roster
Which contingency plan strategy do individuals work on their own tasks and are responsible for identifying the faults in their own procedures? a. A desk check b. A simulation c. A structured walk-through d. Parallel testing
b a simulation