midterm
TRANSCRIPT
Course Disaster Recovery Management
Test Week 5 Midterm Exam
Started 2/8/14 11:38 AM
Submitted 2/8/14 1:38 PM
Status Completed
Attempt Score
30 out of 50 points
Time Elapsed 2 hours, 0 minute out of 2 hours.
Instructions The midterm consists of 50 questions. You will have up to 2 hours to complete it. Good Luck.
Question 1
1 out of 1 points
A(n) ____ is an object, person, or other entity that is a potential risk of loss to an asset.
Answer
Selected Answer:
threat
Correct Answer:
threat
Question 2
1 out of 1 points
The term ____ refers to a broad category of electronic and human activities in which an unauthorized individual gains access to the information an organization is trying to protect.
Answer
Selected Answer:
trespass
Correct Answer:
false
trespass
Question 3
1 out of 1 points
____ of risk is the choice to do nothing to protect an information asset and to accept the outcome of its potential exploitation.
Answer
Selected Answer:
Acceptance
Correct Answer:
Acceptance
Question 4
1 out of 1 points
Information assets have ____ when they are not exposed (while being stored, processed, or transmitted) to corruption, damage, destruction, or other disruption of their authentic states.
Answer
Selected Answer:
integrity
Correct Answer:
integrity
Question 5
1 out of 1 points
____ is the risk control approach that attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation.
Answer
Selected Answer:
Mitigation
Correct Answer:
Mitigation
Question 6
1 out of 1 points
A(n) ____ is an investigation and assessment of the impact that various attacks can have on the organization.
Answer
Selected Answer:
business impact analysis (BIA)
Correct Answer:
business impact analysis (BIA)
Question 7
1 out of 1 points
A(n) ____ is any clearly identified attack on the organization’s information assets that would threaten the assets’ confidentiality, integrity, or availability.
Answer
Selected Answer:
incident
Correct Answer:
incident
Question 8
1 out of 1 points
____ is the process of examining, documenting, and assessing the security posture of an organization’s information technology and the risks it faces.
Answer
Selected Answer:
Risk identification
Correct Answer:
Risk identification
Question 9
1 out of 1 points
A ____ attack seeks to deny legitimate users access to services by either tying up a server’s available resources or causing it to shut down.
Answer
Selected Answer:
DoS
Correct Answer:
DoS
Question 10
1 out of 1 points
An organization aggregates all local backups to a central repository and then backs up that repository to an online vendor, with a ____ backup strategy.
Answer
Selected Answer:
disk-to-disk-to-cloud
Correct Answer:
disk-to-disk-to-cloud
Question 11
0 out of 1 points
A(n) ____ is often included in legal documents to ensure that a vendor is not liable for actions taken by a client.
Answer
Selected Answer:
nondisclosure agreement
Correct Answer:
statement of indemnification
Question 12
0 out of 1 points
A ____ is a synonym for a virtualization application.
Answer
Selected Answer:
virtual machine
Correct Answer:
hypervisor
Question 13
1 out of 1 points
A ____ is an agency that provides physical facilities in the event of a disaster for a fee.
Answer
Selected Answer:
service bureau
Correct Answer:
service bureau
Question 14
1 out of 1 points
A ____ is a contractual document guaranteeing certain minimal levels of service provided by a vendor.
Answer
Selected Answer:
service agreement
Correct Answer:
service agreement
Question 15
0 out of 1 points
A(n) ____ backup only archives the files that have been modified since the last backup.
Answer
Selected Answer:
differential
Correct Answer:
incremental
Question 16
0 out of 1 points
Considered to be the traditional “lock and copy” approach to database backup, _____ require the database to be inaccessible while a backup is created to a local drive.
Answer
Selected Answer:
continuous database protections
Correct Answer:
legacy backup applications
Question 17
1 out of 1 points
RAID 0 creates one logical volume across several available hard disk drives and stores the data using ____, in which data segments are written in turn to each disk drive in the array.
Answer
Selected Answer:
disk striping
Correct Answer:
disk striping
Question 18
1 out of 1 points
____ uses a number of hard drives to store information across multiple drive units.
Answer
Selected Answer:
RAID
Correct Answer:
RAID
Question 19
1 out of 1 points
The ____ job functions and organizational roles focus on costs of system creation and operation, ease of use for system users, timeliness of system creation, and transaction response time.
Answer
Selected Answer:
information technology management and professionals
Correct Answer:
information technology management and professionals
Question 20
0 out of 1 points
To a large extent, incident response capabilities are part of a normal IT budget. The only area in which additional budgeting is absolutely required for incident response is the maintenance of ____.
Answer
Selected Answer:
audit documentation
Correct Answer:
redundant equipment
Question 21
1 out of 1 points
The ____ is used to collect information directly from the end users and business managers.
Answer
Selected Answer:
facilitated data-gathering session
Correct Answer:
facilitated data-gathering session
Question 22
1 out of 1 points
What is a common approach used in the discipline of systems analysis and design to understand the ways systems operate and to chart process flows and interdependency studies?
Answer
Selected Answer:
systems diagramming
Correct Answer:
systems diagramming
Question 23
1 out of 1 points
The final component to the CPMT planning process is to deal with ____.
Answer
Selected Answer:
budgeting for contingency operations
Correct Answer:
budgeting for contingency operations
Question 24
0 out of 1 points
Which of the following collects and provides reports on failed login attempts, probes, scans, denial-of-service attacks, and detected malware?
Answer
Selected Answer:
scheduled reports
Correct Answer:
system logs
Question 25
0 out of 1 points
The ____ is the point in time by which systems and data must be recovered after an outage as determined by the business unit.
Answer
Selected Answer:
recovery time objective
Correct Answer:
recovery point objective
Question 26
1 out of 1 points
Within an organization, a(n) ____ is a group of individuals who are united by shared interests or values and who have a common goal of making the organization function to meet its objectives.
Answer
Selected Answer:
community of interest
Correct Answer:
community of interest
Question 27
1 out of 1 points
One modeling technique drawn from systems analysis and design that can provide an excellent way to illustrate how a business functions is a(n) ____.:
Answer
Selected Answer:
collaboration diagram
Correct Answer:
collaboration diagram
Question 28
0 out of 1 points
The training delivery method with the lowest cost to the organization is ____.
Answer
Selected Answer:
on-the-job training
Correct Answer:
self-study (noncomputerized)
Question 29
0 out of 1 points
Incident analysis resources include network diagrams and lists of ____, such as database servers.
Answer
Selected Answer:
protocol analyzers
Correct Answer:
critical assets
Question 30
1 out of 1 points
One of the primary responsibilities of the IRP team is to ensure that the ____ is prepared to respond to each incident it may face.
Answer
Selected Answer:
CSIRT
Correct Answer:
CSIRT
Question 31
1 out of 1 points
The U.S. National Institute of Standards and Technology recommends a set of tools for the CSIRT including incident reporting mechanisms with which users can report suspected incidents. At least one of these mechanisms should permit people to report incidents ____.
Answer
Selected Answer:
anonymously
Correct Answer:
anonymously
Question 32
0 out of 1 points
A(n) ____ is a CSIRT team member, other than the team leader, who is currently performing the responsibilities of the team leader in scanning the organization’s information infrastructure for signs of an incident.
Answer
Selected Answer:
forensic expert
Correct Answer:
IR duty officer
Question 33
1 out of 1 points
Should an incident begin to escalate, the CSIRT team leader continues to add resources and skill sets as necessary to attempt to contain and terminate the incident. The resulting team is called the ____ for this particular incident.
Answer
Selected Answer:
reaction force
Correct Answer:
reaction force
Question 34
1 out of 1 points
The responsibility for creating an organization’s IR plan often falls to the ____.
Answer
Selected Answer:
chief information security officer
Correct Answer:
chief information security officer
Question 35
1 out of 1 points
A(n) ____ is a detailed examination of the events that occurred, from first detection of an incident to final recovery.
Answer
Selected Answer:
after-action review
Correct Answer:
after-action review
Question 36
0 out of 1 points
A(n) ____ is any system resource that is placed onto a functional system but has no normal use for that system. If it attracts attention, it is from unauthorized access and will trigger a notification or response.
Answer
Selected Answer:
honeynet
Correct Answer:
honeytoken
Question 37
1 out of 1 points
Using a process known as ____, network-based IDPSs look for attack patterns by comparing measured activity to known signatures in their knowledge base to determine whether or not an attack has occurred or may be under way.
Answer
Selected Answer:
signature matching
Correct Answer:
signature matching
Question 38
1 out of 1 points
____ are closely monitored network decoys serving that can distract adversaries from more valuable machines on a network; can provide early warning about new attack and exploitation trends; and can allow in-depth examination of adversaries during and after exploitation.
Answer
Selected Answer:
Honeypots
Correct Answer:
Honeypots
Question 39
0 out of 1 points
The use of IDPS sensors and analysis systems can be quite complex. One very common approach is to use an open source software program called ____ running on an open source UNIX or Linux system that can be managed and queried from a desktop computer using a client interface.
Answer
Selected Answer:
Match
Correct Answer:
Snort
Question 40
0 out of 1 points
When the measured activity is outside the baseline parameters in a behavior-based IDPS, it is said to exceed the ____ (the level at which the IDPS triggers an alert to notify the administrator).
Answer
Selected Answer:
baseline level
Correct Answer:
clipping level
Question 41
0 out of 1 points
The ____ is a federal law that creates a general prohibition on the realtime monitoring of traffic data relating to communications.
Answer
Selected Answer:
Electronic Communication Protection Act
Correct Answer:
Pen/Trap Statute
Question 42
0 out of 1 points
A(n) ____ , a type of IDPS that is similar to the NIDPS, reviews the log files generated by servers, network devices, and even other IDPSs.
Answer
Selected Answer:
honeynet
Correct Answer:
log file monitor
Question 43
0 out of 1 points
Those services performed in response to a request or a defined event such as a help desk alert are called ____.
Answer
Selected Answer:
proactive services
Correct Answer:
reactive services
Question 44
1 out of 1 points
The first step in building a CSIRT is to ____.
Answer
Selected Answer:
obtain management support and buy-in
Correct Answer:
obtain management support and buy-in
Question 45
0 out of 1 points
Giving the IR team the responsibility for ____ is generally not recommended.
Answer
Selected Answer:
advisory distribution
Correct Answer:
patch management
Question 46
1 out of 1 points
The ____ flow of information needed from the CSIRT to organizational and IT/InfoSec management is a critical communication requirement.
Answer
Selected Answer:
upward
Correct Answer:
upward
Question 47
0 out of 1 points
When an organization completely outsources its IR work, typically to an on-site contractor, it is called a(n) ____ model.
Answer
Selected Answer:
24/7
Correct Answer:
fully outsourced
Question 48
0 out of 1 points
The announcement of an operational CSIRT should minimally include ____.
Answer
Selected Answer:
the IR policy statement
Correct Answer:
contact methods and numbers
Question 49
1 out of 1 points
The CSIRT must have a clear and concise ____ statement that, in a few sentences, unambiguously articulates what it will do.
Answer
Selected Answer:
mission
Correct Answer:
mission
Question 50
0 out of 1 points
In the absence of the assigned team manager, the ____ should assume authority for overseeing and evaluating a provided service.
Answer
Selected Answer:
CSIRT leader
Correct Answer:
deputy team manager
Saturday, February 8, 2014 1:39:15 PM EST
OK