CyberSecurity Quiz 5
The sword testimony that certain facts are in the possession of an investigating officer and that they warrant the examination of specific items located at a specific place is called a(n) ______.
Affidavit
A(n) ______ is a detailed examination of the events that occurred during an incident or disaster, from first detection to final recovery.
After-Action Review
Incident ____________________ is the process of examining a potential incident, or incident candidate, and determining whether the candidate constitutes an actual incident.
Classification
Compare electronic vaulting and remote journaling.
Electronic vaulting makes copies of files as they are modified and periodically transmit them to an offsite backup. Remote journaling is one type of transaction redundancy solution. Remote Journaling is also a method of transmitting data offsite.
A recovery time objective (RTO) is the total amount of time the system owner or authorizing official is willing to accept for a business process outage or disruption. (T/F)
False
A(n) disaster recovery plan includes the steps necessary to ensure the continuation of the organization when a disaster's scope or scale exceeds the ability of the organization to restore operations, usually through relocation of critical business functions to an alternate location. _____ (T/F)
False
A(n) sequential roster is activated as the first person calls a few people on the roster, who in turn call a few other people. ______ (T/F)
False
Reported attacks are a definite indicator of an actual incident. (T/F)
False
Two ways to activate an alert roster are simultaneously and in parallel. (T/F)
False
Use od dormant accounts is a probable indicator of an actual incident. (T/F)
False
Digital forensics involves the ______, identification, extraction, documentation, and interpretation of digital media.
Preservation
The point in time before a disruption or system outage to which business process data can be recovered after an outage is ____.
Recovery Point Objective (RPO)
The transfer of live transactions in real time to an off-site facility is called ______.
Remote Journaling
The transfer of transaction data in real time to an off-site facility is called ______.
Remote Journaling
Incident ___________ is the set of activities taken to plan for, detect, and correct the impact of an incident on information assets.
Response
A _____ is a contractual document guaranteeing certain minimal levels of service provided by a vendor.
Service Agreement
Which if these is the primary reason contingency response teams should not have overlapping membership with one person on multiple teams?
So individuals don't find themselves with different responsibilities in different locations at the same time.
An affidavit is sworn testimony that certain facts are in the possession of an investigating officer and that they warrant the examination of specific items located at a specific place. (T/F)
True
Reported attacks are a probable indicator of an actual incident. (T/F)
True
The chain of evidence is the detailed documentation of the collection, storage, transfer, and ownership of evidentiary material from the crime scene through its presentation in court and its eventual disposition. (T/F)
True
