CH 10 Quiz Ethics
With a ______ site there is no computer hardware or peripherals provided.
Cold site
______________ has the main goal of restoring normal modes of operation with minimal cost and disruption to normal business activities after an adverse event.
Contingency planning
________ is usually conducted via leased lines or secure Internet connections whereby the receiving server archives the data as it is received.
Electronic vaulting
Using standard digital forensics methodology, the first step is to analyze the EM data without risking modification or unauthorized access.
False
________ is the best example of a rapid-onset disaster.
Flood
________ is a responsibility of the crisis management team.
Keeping the public informed about the event and the actions being taken
In which contingency plan testing strategy do individuals participate in a role-playing exercise in which the CP team is presented with a scenario of an actual incident or disaster and expected to react as if it had occurred?
Simulation
In full interruption testing of contingency plans, the individuals follow each and every procedure, including the interruption of service, restoration of data from backups, and notification of appropriate individuals.
True
The first component of the analysis phase of a digital forensic investigation is indexing, which allows the investigator to quickly and easily search for a specific type of file.
True
The four components of contingency planning are the Business Impact Analysis (BIA), the Incident Response (IR) plan, the Disaster Recovery (DR) plan, and the Business Continuity (BC) plan.
True
When an incident takes place, the Incident Response (IR) plan is invoked before the Disaster Recovery (DR) plan.
True
A slow-onset disaster is a disaster that occurs over time and gradually degrade the capacity of an organization to withstand their effects.
True
Disaster classification is the process of examining an adverse event or incident and determining whether it constitutes an actual disaster.
True
________ is a definite indicator of an actual incident.
Use of dormant accounts
At what point in the incident lifecycle is the IR plan initiated?
When an incident is detected that affects it