Final review CP

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

In a CPMT, the _________ should be a high-level manager with influence and resources that can be used to support the project team, promote the objectives of the CP project, and endorse the results that come from the combined effort .

champion

Companies may want to consider budgeting for contributions to employee loss expenses (such as funerals) as well as for counseling services for employees and loved ones as part of

crisis management budgeting

An organization aggregates all local backups to a central repository and then backs up that repository to an online vendor with a _________ backup strategy.

disk-to-disk-to-cloud

From the detailed scenarios they create, the BIA planning team must estimate the cost of the best, worst, and most likely outcomes by preparing an attack scenario __________.

end case

A CP project should have a ramrod, an executive or a high-level manager with influence and resources that can be used to support the project team, promote the objectives of the CP project, and endorse the results that come from the effort. true or false

false

A blue pill is a software program or module of code that enables ongoing privileged access to a computer while actively hiding its presence from the system kernel as well as human administrators. true or false

false

A denial of service is a malware payload that provides access to a system by bypassing normal access controls. true or false

false

A disaster recovery plan (DR plan) deals with identifying, classifying, responding to, and recovering from an incident. true or false

false

A hacker is an information security professional with authorization to attempt to gain system access in an effort to identify and recommend resolutions for vulnerabilities in those systems. true or false

false

A simulation is the CP testing strategy in which copies of the appropriate plans are distributed to all individuals who will be assigned roles during an actual incident or disaster; each individual reviews the plan and validates its components true or false

false

A system stability verifier is an application that reviews monitored files to detect unauthorized creation, modification, and deletion. true or false

false

A worm is a type of malware that is attached to other executable programs. true or false

false

An active sensor is a software or hardware monitor that is placed in the flow of network traffic in order to review the traffic and report back to a management application. true or false

false

An event is an adverse event that violates the security of an organization and represents a potential risk of loss of the confidentiality, integrity, or availability of its assets and ongoing operations. true or false

false

Disk mirroring is a RAID implementation in which one logical volume is created by storing data across several available hard drives in segments.true or false

false

Establishing the scope and responsibilities of the CSIRT is one of the last tasks the IRPT performs when forming the CSIRT. true or false

false

For recovery from an incident (as opposed to a disaster), archives are used as the most common solution. true or false

false

In computer-based training, trainees attend a seminar presentation at their computers. true or false

false

In many situations, businesses can recover from a disaster by using the cloud and automation tools to automate the forensics process. true or false

false

Incident footprinting is the process of evaluating the circumstances around organizational events, determining which events are possible incidents, and determining whether a particular event constitutes an actual incident. true or false

false

Individuals with the authorization and privileges to manage information within the organization have the lowest opportunity to cause harm or damage by accident. true or false

false

Like any major project or process within an organization, the CP process will fail without the clear and formal commitment of junior executive management. true or false

false

Platform as a Service is a service model in which entire computer systems, including OS and application resources, are made available for whatever the organization wants to implement. true or false

false

Pretexting is when an attacker provides what appears to be a legitimate communication (usually e-mail), but it contains hidden or embedded code that redirects the reply to a third-party site in an effort to extract personal or confidential information. true or false

false

RAID is an acronym for Redundant Array of Incident-Recovery Drives. true or false

false

Regardless of which IR model an organization chooses, multiple employees should be in charge of incident response. true or false

false

Risk analysis is the probability that a specific vulnerability within an organization will be attacked by a threat. true or false

false

Scoring utilities are tools used to identify which computers are active on a network as well as which ports and services are active on the computers, what function or role the machines may be fulfilling, and so on. true or false

false

The emergence of cloud computing technologies and practices has had little or no effect on the world of contingency planning and operations. true or false

false

The failure of an IDPS to react to an actual attack event is called residual response. true or false

false

The final step in the development of the CSIRT involves obtaining management support and buy-in. true or false

false

The phrase "right-of-bang" refers to events and actions before the incident is contained. true or false

false

The primary budgetary expense for DR is hardware. true or false

false

To help make the detection of actual incidents more reliable, there are three broad categories of incident indicators that have been identified: possible, unlikely, and definite. true or false

false

Tweaking is the process of adjusting an IDPS to maximize its efficiency in detecting true positives while minimizing both false positives and false negatives. true or false

false

An understanding of the potential consequences of a successful attack on an information asset by a threat is known in the risk analysis process as __________.

impact

The _________ is the total amount of time the system owner or authorizing official is willing to accept for a business process outage or disruption.

maximum tolerable downtime

While a security operations center is designed to __________, a CSIRT focuses on __________.

monitor all security operations; responding to incidents

Which of the following terms refers to an information security professional with authorization to attempt to gain system access in an effort to identify and recommend resolutions for vulnerabilities in those systems?

penetration tester

Which of the following is not a "probable indicator" of an incident?

presence or execution of unknown programs or processes

The entire program of planning for and managing risk to information assets in the organization is referred to as __________.

risk management

A(n) _________ is often included in legal documents to ensure that a vendor is not liable for actions taken by a client.

statement of indemnification

A daily backup backs up only files that were modified on that day—a date-specific incremental backup. true or false

true

A rainbow table is a list of hash values and their corresponding plaintext values that can be used to look up password values if an attacker is able to steal a system's encrypted password file. true or false

true

An intrusion detection and prevention system is like a network burglar alarm. true or false

true

Apprehend and prosecute is an organizational CP philosophy for incident response and digital forensics that focuses on the collection and preservation of potential evidence when responding to and recovering from an incident, with the expectation of possibly finding and prosecuting the attacker. true or false

true

Effective contingency planning begins with effective policy. true or false

true

Event correlation involves examining logs from multiple systems and identifying trends or indicators of attacks across those multiple systems. true or false

true

In contingency planning, an adverse event that actually threatens the security of the organization's information assets is called an incident. true or false

true

Integrity is an attribute of information that describes how data is protected from disclosure or exposure to unauthorized individuals or systems. true or false

true

Intellectual property (IP) includes trade secrets, copyrights, trademarks, and patents. true or false

true

It is the responsibility of InfoSec personnel to deter and, where possible, prevent unethical and illegal acts. true or false

true

Noise is the ongoing activity from alarm events that are accurate and noteworthy but not necessarily as significant as potentially successful attacks. true or false

true

Policies are living documents that must be nurtured, given that they are constantly changing and growing. true or false

true

Some experts argue that the two components of business resumption planning—disaster recovery planning and business continuity planning (BCP)—are so closely linked that they are indistinguishable true or false

true

The C.I.A. triad is the industry standard for computer security since the development of the mainframe and is based on three characteristics that describe the utility of information. true or false

true

The combination of the IP address and the port is usually called a socket. true or false

true

The first stage of a tape-based backup and recovery process is the scheduling of the backups, coupled with arranging the storage of the media. true or false

true

The transference risk treatment strategy attempts to shift risk to other assets, other processes, or other organizations. true or false

true

When the IR process cannot contain and resolve an incident, the company turns to the disaster recovery and business continuity plans to help restore normal operations quickly. true or false

true

While the SOC is designed to monitor all security operations, the CSIRT focuses on responding to incidents. true or false

true

The process of adjusting a technical control to maximize its efficiency in detecting true positives while minimizing false positives and false negatives is called _________.

tuning

Electronic vaulting

Bulk transfer of data in batches to an off-site facility

One of the primary responsibilities of the IRP team is to ensure that the _________ is prepared to respond to each incident it may face.

CSIRT

After-action review

Can serve as a training case for future staff

Bare metal recovery

Allows you to reboot a system from a CD-ROM device

Indicator

An activity that may signal an adverse event is underway

Precursor

An activity that may signal an incident could occur in the future

Incident candidate

An adverse event that is a possible incident

False positive

An alert or alarm that occurs in the absence of an actual attack

Attack scenario end case

An estimate of the likelihood and impact of the best, worst, and most likely outcomes of an attack

Noise

An event that does not rise to the level of an incident

Software as a Service (SaaS)

Applications that are made available to users over the Internet

IR policy

Defines roles and responsibilities for information security

Platform as a Service (PaaS)

Development platforms that are made available to developers over the Internet

A _________ attack seeks to deny legitimate users access to services by either tying up a server's available resources or causing it to shut down.

DoS

'protect and forget'

Focuses is on the defense of the data and the systems that house, use, and transmit it

_________ incident responses enables the organization to react to a detected incident quickly and effectively, without confusion or wasted time and effort.

Predefining

_________ uses a number of hard drives to store information across multiple drive units.

RAID

CSIRT measures used to compare current versus past performance might include all of the following EXCEPT:

Text of comments from users

Simulation

The organization conducts a role-playing exercise as if an actual incident or disaster had occurred

Footprinting

The organized research and investigation of Internet addresses owned or controlled by a target organization

Incident classification

The process of evaluating the circumstances of a reported event

Fingerprinting

The process of gathering information about the organization and its network activities

A key step in the _________ approach to incident response is to discover the identity of the intruder while documenting their activity.

apprehend and prosecute

The final component to the CPMT planning process is to deal with _________.

budgeting for contingency operations

Storage as a service

A cloud computing capability for data backup and archiving

Data as a service

A cloud computing capability for data sets and databases

Trigger

A review of an unusual pattern of entries in a system log

Cyber kill

A series of steps that document the stages of a cyberattack

Formal class

A single trainer works with multiple trainees in a formal setting

Organization charts

A source of information for developing IR policy

The __________ resides on a particular computer or server, known as the host, and monitors activity only on that system.

HIDPS

Public cloud

Implementation in which a service provider makes computing resources available over the Internet

community cloud

Implementation in which several organizations share computing resources

Disk mirroring

Implementation of RAID level 1

Full-interruption testing

Too risky for most businesses

Distance learning

Trainees receive a seminar presentation at their computers

Storage area network

Uses fiber-channel direct connections between systems and storage devices

IR plan

Usually activated when an incident is first detected


Set pelajaran terkait

AP Government and Politics - "The Executive Branch: Article II"

View Set

restrictive covenants - passing the burden & positive covenant

View Set

Writing Quality Profiles (1.5 hrs)

View Set