ASE Chapter 5 Review
warm site
A BC facility that provides many of the same services and options as a hot site, but typically without installed and configured software applications.
cold site
A BC facility that provides only rudimentary services, with no computer hardware or peripherals.
chain of evidence
The detailed documentation of the collection, storage, transfer, and ownership of evidentiary material from the crime scene through its presentation in court and its eventual disposition. is called a(n) _____.
Root cause analysis
The determination of the source or origin of an event, problem, or issue like an incident.
service bureau
A BC strategy in which an organization contracts with a service agency to provide a facility for a fee.
mutual agreement
A BC strategy in which two organizations sign a contract to assist the other in a disaster by providing BC facilities, resources, and services until the organization in need can recover from the disaster.
rolling mobile site
A BC strategy that involves contracting with an organization to provide specialized facilities configured in the payload area of a tractor-trailer.
Service bureau
A ____ is an agency that provides physical facilities in the event of a disaster for a fee.
timeshare
A continuity strategy in which an organization co-leases facilities with a business partner or sister organization, which allows the organization to have a BC option while reducing its overall costs.
digital malfeasance
A crime involving digital media, computer technology, or related components.
alert message
A description of the incident or disaster that usually contains just enough information so that each person knows what portion of the IR or DR plan to implement without slowing down the notification process.
False
A disaster recovery plan shows the organization's intended efforts to establish operations at an alternate site in the aftermath of a disaster, true or false?
False
A rapid onset disaster is one that gradually degrades the capacity of an organization to withstand their effects, true or false?
Hot site
A resumption location known as a ____ is a fully configured computer facility capable of establishing operations at a moment's notice.
after-action review
A(n) _____ is a detailed examination of the events that occurred during an incident or disaster, from first detection to final recovery.
alert roster
A(n) _____ is a document containing contact information for the people to be notified in the event of an incident.
incident
A(n) _____ is an adverse event that could result in loss of an information asset or assets, but does not currently threaten the viability of the entire organization.
Business continuity
A(n) _____ plan ensures that critical business functions continue if a catastrophic incident or disaster occurs.
False
An after-action re-assessment is an opportunity for everyone who was involved in an incident or disaster to sit down and discuss what happened, true or false?
adverse event
An event with negative consequences that could threaten the organization's information assets or operations; also referred to as an incident candidate.
disk to disk to cloud
An organization aggregates all local backups to a central repository and then backs up that repository to an online vendor with a ____ backup strategy. A. RAID B. differential C. disk-to-disk-to-tape D. disk-to-disk-to-cloud
crisis management
An organization's set of planning and preparation efforts for dealing with potential human injury, emotional trauma, or loss of life as a result of a disaster.
disaster recovery
An organization's set of planning and preparation efforts for detecting, reacting to, and recovering from a disaster.
incident response
An organization's set of planning and preparation efforts for detecting, reacting to, and recovering from an incident.
evidentiary material
Any information that could potentially support an organization's legal or policy-based case against a suspect; also known as items of potential evidentiary value.
slow onset disasters
Disasters that occur over time and gradually degrade the capacity of an organization to withstand their effects.
rapid onset disasters
Disasters that occur suddenly, with little warning, taking people's lives and destroying the means of production.
Informing local emergency services to respond to the crisis
Each of the following is a role for the crisis management response team EXCEPT: A. Keeping the public informed about the event B. Communicating with major customers and other stakeholders C. Supporting personnel and their loved ones during the crisis D. Informing local emergency services to respond to the crisis
digital forensics
Investigations that involve the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and root cause analysis, following clear, well-defined methodologies.
facilitate
The CMPT should include individuals from all functional areas of the organization in order to _____communications and cooperation.
structured walk through
The CP testing strategy in which all involved individuals walk through a site and discuss the steps they would take during an actual CP event; can also be conducted as a conference room talk-through.
full interruption testing
The CP testing strategy in which all team members follow each IR/DR/BC procedure, including those for interruption of service, restoration of data from backups, and notification of appropriate individuals.
desk check
The CP testing strategy in which copies of the appropriate plans are distributed to all individuals who will be assigned roles during an actual incident or disaster; each individual reviews the plan and validates its components.
simulation
The CP testing strategy in which the organization conducts a role-playing exercise as if an actual incident or disaster had occurred. The CP team is presented with a scenario in which all members must specify how they would react and communicate their efforts.
All of these are BIA stages
The CPMT conducts the BIA in three stages. Which of the following is NOT one of those stages? A. All of these are BIA stages B. Determine mission/business processes and recovery criticality C. Identify recovery priorities for system resources D. Identify resource requirements
disaster recovery planning team
The ____________________ (DRPT) is the team responsible for designing and managing the DR plan by specifying the organization's preparation, response, and recovery from disasters.
business resumption planning
The actions taken by senior management to develop and implement a combined DR and BC policy, plan, and set of recovery teams.
contingency planning
The actions taken by senior management to specify the organization's efforts and actions if an adverse event becomes an incident or disaster; CP typically includes incident response, disaster recovery, and business continuity efforts, as well as preparatory business impact analysis.
impact
The business _____ analysis is a preparatory activity common to both CP and risk management
True
The organization must choose one of two philosophies that will affect its approach to IR and DR as well as subsequent involvement of digital forensics and law enforcement: protect and forget or apprehend and prosecute, true or false?
disaster classification
The process of examining an adverse event or incident and determining whether it constitutes an actual disaster.
protect and forget
This approach, also known as "patch and proceed," focuses on the defense of data and the systems that house, use, and transmit it.
apprehend and prosecute
This approach, also known as "pursue and punish," focuses on the identification and apprehension of responsible individuals, with additional attention paid to the collection and preservation of potential evidentiary material that might support administrative or criminal prosecution
So individuals don't find themselves with different responsibilities in different locations at the same time
Which is the primary reason contingency response teams should not have overlapping membership with one person on multiple teams?
Root cause
__________ analysis is the coherent application of methodical investigatory techniques to present evidence of crimes in a court or similar setting.
