CIS359 Midterm Exam

CIS359 Disaster Recovery Management

Midterm Exam

Question 1. A(n) ____ is an object, person, or other entity that is a potential risk of loss to an asset.

Question 2. The term ____ refers to a broad category of electronic and human activities in which an unauthorized individual gains access to the information an organization is trying to protect.

Question 3. ____ of risk is the choice to do nothing to protect an information asset and to accept the outcome of its potential exploitation.

Question 4. Information assets have ____ when they are not exposed (while being stored, processed, or transmitted) to corruption, damage, destruction, or other disruption of their authentic states.

Question 5. ____ is the risk control approach that attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation

Question 6. A(n) ____ is an investigation and assessment of the impact that various attacks can have on the organization.

Question 7. A(n) ____ is any clearly identified attack on the organization’s information assets that would threaten the assets’ confidentiality, integrity, or availability.

Question 8. ____ is the process of examining, documenting, and assessing the security posture of an organization’s information technology and the risks it faces.

Question 9. A ____ attack seeks to deny legitimate users access to services by either tying up a server’s available resources or causing it to shut down

Question 10. An organization aggregates all local backups to a central repository and then backs up that repository to an online vendor, with a ____ backup strategy.

Question 11. A(n) ____ is often included in legal documents to ensure that a vendor is not liable for actions taken by a client.

Question 12. A ____ is a synonym for a virtualization application.

Question 13. A ____ is an agency that provides physical facilities in the event of a disaster for a fee.

Question 14. A ____ is a contractual document guaranteeing certain minimal levels of service provided by a vendor.

Question 15. A(n) ____ backup only archives the files that have been modified since the last backup.

Question 16. Considered to be the traditional “lock and copy” approach to database backup, _____ require the database to be inaccessible while a backup is created to a local drive.

Question 17. RAID 0 creates one logical volume across several available hard disk drives and stores the data using ____, in which data segments are written in turn to each disk drive in the array.

Question 18. ____ uses a number of hard drives to store information across multiple drive units.

Question 19. The ____ job functions and organizational roles focus on costs of system creation and operation, ease of use for system users, timeliness of system creation, and transaction response time.

Question 20. To a large extent, incident response capabilities are part of a normal IT budget. The only area in which additional budgeting is absolutely required for incident response is the maintenance of  ____.

Question 21. The ____ is used to collect information directly from the end users and business managers.

Question 22. What is a common approach used in the discipline of systems analysis and design to understand the ways systems operate and to chart process flows and interdependency studies?

Question 23. The final component to the CPMT planning process is to deal with ____.

Question 24. Which of the following collects and provides reports on failed login attempts, probes, scans, denial-of-service attacks, and detected malware?

Question 25. The ____ is the point in time by which systems and data must be recovered after an outage as determined by the business unit.

Question 26. Within an organization, a(n) ____ is a group of individuals who are united by shared interests or values and who have a common goal of making the organization function to meet its objectives

Question 27. One modeling technique drawn from systems analysis and design that can provide an excellent way to illustrate how a business functions is a(n) ____.:

Question 28. The training delivery method with the lowest cost to the organization is ____.

Question 29. Incident analysis resources include network diagrams and lists of ____, such as database servers.

Question 30. One of the primary responsibilities of the IRP team is to ensure that the ____ is prepared to respond to each incident it may face.

Question 31. The U.S. National Institute of Standards and Technology recommends a set of tools for the CSIRT including incident reporting mechanisms with which users can report suspected incidents. At least one of these mechanisms should permit people to report incidents ____.

Question 32. A(n) ____ is a CSIRT team member, other than the team leader, who is currently performing the responsibilities of the team leader in scanning the organization’s information infrastructure for signs of an incident.

Question 33. Should an incident begin to escalate, the CSIRT team leader continues to add resources and skill sets as necessary to attempt to contain and terminate the incident. The resulting team is called the ____ for this particular incident.

Question 34. The responsibility for creating an organization’s IR plan often falls to the ____.

Question 35. A(n) ____ is a detailed examination of the events that occurred, from first detection of an incident to final recovery.

Question 36. A(n) ____ is any system resource that is placed onto a functional system but has no normal use for that system. If it attracts attention, it is from unauthorized access and will trigger a notification or response.

Question 37. Using a process known as ____, network-based IDPSs look for attack patterns by comparing measured activity to known signatures in their knowledge base to determine whether or not an attack has occurred or may be under way.

Question 38. ____ are closely monitored network decoys serving that can distract adversaries from more valuable machines on a network; can provide early warning about new attack and exploitation trends; and can allow in-depth examination of adversaries during and after exploitation.

Question 39. The use of IDPS sensors and analysis systems can be quite complex. One very common approach is to use an open source software program called ____ running on an open source UNIX or Linux system that can be managed and queried from a desktop computer using a client interface.

Question 40. When the measured activity is outside the baseline parameters in a behavior-based IDPS, it is said to exceed the ____ (the level at which the IDPS triggers an alert to notify the administrator).

Question 41. The ____ is a federal law that creates a general prohibition on the realtime monitoring of traffic data relating to communications.

Question 42. A(n) ____ , a type of IDPS that is similar to the NIDPS, reviews the log files generated by servers, network devices, and even other IDPSs.

Question 43. Those services performed in response to a request or a defined event such as a help desk alert are called ____.

Question 44. The first step in building a CSIRT is to ____.

Question 45. Giving the IR team the responsibility for ____ is generally not recommended.

Question 46. The ____ flow of information needed from the CSIRT to organizational and IT/InfoSec management is a critical communication requirement.

Question 47. When an organization completely outsources its IR work, typically to an on-site contractor, it is called a(n) ____ model.

Question 48. The announcement of an operational CSIRT should minimally include ____.

Question 49. The CSIRT must have a clear and concise ____ statement that, in a few sentences, unambiguously articulates what it will do.

Question 50. In the absence of the assigned team manager, the ____ should assume authority for overseeing and evaluating a provided service