ITN 276 chapter 13

Ace your homework & exams now with Quizwiz!

Mean time to repair (MTTR) is the amount of time, on average, before a given device is likely to fail through normal use.

False

What is the definition of business continuity plan (BCP)?

A plan for maintaining minimal operations until the business can return to full normal operations

What is the process whereby the disaster recovery team contemplates likely disasters and what impact each would have on the organization?

Business impact analysis

Regarding incident response, what step aims to limit an incident?

Containment

At which phase of incident response does computer forensics begin?

Eradication

A business continuity plan (BCP) is a process whereby the disaster recovery team contemplates likely disasters and what impact each would have on the organization.

False

A business continuity plan (BCP) is focused on executing a full recovery to normal operations.

False

A disaster recovery plan (DRP) is focused on keeping the organization functioning as well as possible until a full recovery can be made.

False

An analysis of how specific incidents might impact business operations is the definition of business continuity plan (BCP).

False

In incident response, the phase where the IT team determines how the incident occurred and what steps should be taken to prevent the incident from reoccurring is referred to as the containment phase.

False

Typically, a business continuity plan (BCP) is needed if a disaster recovery plan (DRP) cannot get an organization back to full capacity within 24 hours or less, after a disaster.

False

Suppose a virus takes a company's main web server offline. What would NOT be part of a business continuity plan (BCP) in this case?

Having a full web server, equivalent to the failed server, back online and running at full capacity

Jennifer sends a threatening email to Rachel, a classmate, to bully her. What type of computer security incident is being described?

Inappropriate usage

Samuel provided illegal copies of software to others through a peer-to-peer (P2P) file-sharing service. The P2P software caused data leakage, resulting in private data from Sam's computer being shared on the Internet with anyone else using the same P2P software. What type of network security incident is being described?

Inappropriate usage

Malcolm uses a USB thumb drive at home to store music and videos he downloaded from the Internet. One day he inserts it into a work computer to show a co-worker a funny video. In doing so, a malicious file on the thumb drive infects the computer. What type of computer security incident is being described?

Malicious code

What is meant by maximum tolerable downtime (MTD)?

The length of time a system can be down before the business cannot recover

A computer security incident is any event that violates an organization's security policies. This includes computer security policies, acceptable use policies, or standard security practices.

True

A traditional backup plan includes backup media rotation, in which backup media is overwritten with newer backups.

True

Forensic methodology must be interwoven into an organization's incident response policy.

True

Hard drive failure can disrupt normal operations for an organization's computer systems and, therefore, constitute a disaster.

True

Hierarchical storage management (HSM) can be configured to provide near real-time backup.

True

Mean time before failure (MTBF) is the amount of time, on average, before a given device is likely to fail through normal use.

True

NIST 800-34, the Contingency Planning Guide for Information Technology Systems, contains a process for business continuity plan (BCP) and disaster recovery plan (DRP) projects.

True

NIST 800-61 provides guidance for creating an incident response plan.

True

Organizations without trained staff in-house should identify an outside party that can respond to incidents with forensically trained personnel.

True

Regarding incident response, after an external intrusion, all logs should be preserved prior to a full recovery for forensic purposes.

True

The federal standard ISO 27001 deals with requirements for information security management systems.

True

The three primary types of backups are full, incremental, and differential.

True

Unauthorized access is a type of computer security incident in which someone accesses files he or she is not specifically authorized to access.

True

A common approach for manually managed backups is the Grandfather-Father-Son scheme. Consider a server using traditional tape backup that is backed up daily. At the end of the week, a weekly backup is made. At the end of the month, there is a monthly backup made. Which of the following is NOT true of the Grandfather-Father-Son scheme?

Weekly backups are not reused, only sons and grandfathers.

As part of a disaster recovery plan, __________ captures changes since the last backup of any type.

an incremental backup

A plan for returning the business to full normal operations is the definition of ________.

disaster recovery plan (DRP)

As part of a disaster recovery plan, __________ provides continuous online backup by using optical or tape "jukeboxes."

hierarchical storage management (HSM)

The amount of time a system can be down before it is impossible for the organization to recover is addressed by __________.

maximum tolerable downtime (MTD)

A business impact analysis indicates an organization cannot operate without its web server for more than 5 days and still recover. The mean time to repair is 3 days. How many days do you have after a disaster to initiate repairs or the organization will not be able to recover?

2

After a computer incident or disaster, staff must take actions to preserve forensic information. In what situation is determining the cause of an incident irrelevant to forensics?

A drive that failed due to water damage from a sprinkler system

Company AZ hosts an e-commerce server with a large hard drive. The manufacturer claims the drive is guaranteed to perform properly for 100,000 hours. What is this measure most closely related to?

Mean time before failure (MTBF)

According to NIST 800-61, what is NOT typically included in an incident response plan?

Procedures for performing incident handling and reporting idk

Regarding incident response, what step involves restoring software and data from a backup source that has been verified to be free from the malware infection?

Recovery

Which phase of disaster recovery is about discovering if the disaster was caused by some weakness in the system?

The post recovery follow-up


Related study sets

Inequality Midterm Discussion Questions

View Set

Ch 4 Davis Advantage Maternal Nursing

View Set

The Fluid Mosaic Model and Movement through the Cell Membrane

View Set

Chapter 28 Assessment of Hematologic Function and Treatment Modalities

View Set

Review: Eastern Europe from 1450-1789

View Set

Lektion 2. Marked, konkurrencebegrænsning og markedsdominans

View Set