Conducting A Forensic Investigation

1.

Violet deploys an intrusion prevention system (IPS) on her network as a security control. What type of control has Violet deployed?

Detective

Preventive

Corrective

Deterrent

Violet has deployed a preventive control by implementing an intrusion prevention system (IPS) on her network. This control is designed to proactively identify and block potential intrusions or attacks before they can cause any harm. By continuously monitoring network traffic and analyzing patterns, the IPS can detect and prevent unauthorized access or malicious activities, helping to maintain the security and integrity of Violet's network.

Explanation

Violet has deployed a preventive control by implementing an intrusion prevention system (IPS) on her network. This control is designed to proactively identify and block potential intrusions or attacks before they can cause any harm. By continuously monitoring network traffic and analyzing patterns, the IPS can detect and prevent unauthorized access or malicious activities, helping to maintain the security and integrity of Violet's network.

2.

What term describes the longest period of time that a business can survive without a particular critical system?

Maximum tolerable downtime (MTD)

Recovery time objective (RTO)

Recovery point objective (RPO)

Emergency operations center (EOC)

The term that describes the longest period of time that a business can survive without a particular critical system is Maximum tolerable downtime (MTD). MTD refers to the maximum amount of time that a business can tolerate being without a critical system before it starts to experience significant negative impacts. It is important for businesses to determine their MTD in order to prioritize their recovery efforts and ensure that critical systems are restored within the acceptable time frame.

Explanation

The term that describes the longest period of time that a business can survive without a particular critical system is Maximum tolerable downtime (MTD). MTD refers to the maximum amount of time that a business can tolerate being without a critical system before it starts to experience significant negative impacts. It is important for businesses to determine their MTD in order to prioritize their recovery efforts and ensure that critical systems are restored within the acceptable time frame.

3. A(n) _________ is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime.

Incident

Event

Disaster

Emergency

A disaster is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime. Unlike incidents or emergencies, disasters have a more severe impact and longer-lasting consequences on the CBF. Disasters often require extensive recovery efforts and may result in significant financial losses, damage to infrastructure, or loss of life. Therefore, a disaster is the most appropriate term to describe an event that causes prolonged disruption to a critical business function.

Explanation

A disaster is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime. Unlike incidents or emergencies, disasters have a more severe impact and longer-lasting consequences on the CBF. Disasters often require extensive recovery efforts and may result in significant financial losses, damage to infrastructure, or loss of life. Therefore, a disaster is the most appropriate term to describe an event that causes prolonged disruption to a critical business function.

4.

Which control is NOT an example of a fault tolerance technique designed to avoid interruptions that would cause downtime?

Clustering

Warm site

Load balancing

Redundant array of inexpensive Disks (RAID)

A warm site is not an example of a fault tolerance technique designed to avoid interruptions that would cause downtime. A warm site refers to a backup facility that is partially equipped with the necessary hardware and infrastructure to quickly restore operations in the event of a disaster. It is not specifically designed to avoid interruptions, but rather to provide a backup location for business continuity purposes. In contrast, clustering, load balancing, and RAID are all examples of fault tolerance techniques that are specifically designed to avoid interruptions and minimize downtime by distributing workloads, balancing resources, and providing redundant storage, respectively.

Explanation

A warm site is not an example of a fault tolerance technique designed to avoid interruptions that would cause downtime. A warm site refers to a backup facility that is partially equipped with the necessary hardware and infrastructure to quickly restore operations in the event of a disaster. It is not specifically designed to avoid interruptions, but rather to provide a backup location for business continuity purposes. In contrast, clustering, load balancing, and RAID are all examples of fault tolerance techniques that are specifically designed to avoid interruptions and minimize downtime by distributing workloads, balancing resources, and providing redundant storage, respectively.

5. What term describes the risk that exists after an organization has performed all planned countermeasures and controls?

Total risk

Business risk

Transparent risk

Residual risk

Residual risk refers to the remaining risk that exists after an organization has implemented all planned countermeasures and controls. It represents the potential harm or negative impact that can still occur despite the implementation of preventive measures. Residual risk is important to consider as it helps organizations understand the level of risk that they are still exposed to and allows them to make informed decisions regarding risk management strategies.

Explanation

Residual risk refers to the remaining risk that exists after an organization has implemented all planned countermeasures and controls. It represents the potential harm or negative impact that can still occur despite the implementation of preventive measures. Residual risk is important to consider as it helps organizations understand the level of risk that they are still exposed to and allows them to make informed decisions regarding risk management strategies.

6. Nancy performs a full backup of her server every Sunday at 1 A.M. and differential backups on Mondays through Fridays at 1 A.M. Her server fails at 9 A.M. Wednesday. How many backups does Nancy need to restore?

1

2

3

4

Nancy performs a full backup on Sunday and differential backups on Monday, Tuesday, and Wednesday. Since her server fails on Wednesday at 9 A.M., she would need to restore the latest full backup (Sunday) and the latest differential backup (Tuesday) to restore her server. Therefore, Nancy needs to restore a total of 2 backups.

Explanation

Nancy performs a full backup on Sunday and differential backups on Monday, Tuesday, and Wednesday. Since her server fails on Wednesday at 9 A.M., she would need to restore the latest full backup (Sunday) and the latest differential backup (Tuesday) to restore her server. Therefore, Nancy needs to restore a total of 2 backups.

7.

Forensics and incident response are examples of __________ controls.

Preventive

Detective

Corrective

Deterrent

Forensics and incident response are examples of corrective controls because they are focused on addressing and mitigating the impact of security incidents after they have occurred. These controls are designed to identify and respond to security breaches, investigate the root cause of incidents, and implement measures to prevent future occurrences. They are an important part of an overall security strategy to minimize the impact of security incidents and ensure that proper actions are taken to remediate any vulnerabilities or weaknesses in the system.

Explanation

Forensics and incident response are examples of corrective controls because they are focused on addressing and mitigating the impact of security incidents after they have occurred. These controls are designed to identify and respond to security breaches, investigate the root cause of incidents, and implement measures to prevent future occurrences. They are an important part of an overall security strategy to minimize the impact of security incidents and ensure that proper actions are taken to remediate any vulnerabilities or weaknesses in the system.

8.


	Brian needs to design a control that prevents piggybacking, only allowing one person to enter a facility at a time. What type of control would best meet this need?

Video surveillance

Motion detectors

Mantraps

Biometrics

Mantraps would best meet the need of preventing piggybacking and allowing only one person to enter a facility at a time. Mantraps are physical security devices that consist of two interlocking doors or gates. They are designed to only allow one person to pass through at a time, preventing unauthorized access. Other options like video surveillance, motion detectors, and biometrics may provide additional security measures but may not specifically address the issue of piggybacking.

Explanation

Mantraps would best meet the need of preventing piggybacking and allowing only one person to enter a facility at a time. Mantraps are physical security devices that consist of two interlocking doors or gates. They are designed to only allow one person to pass through at a time, preventing unauthorized access. Other options like video surveillance, motion detectors, and biometrics may provide additional security measures but may not specifically address the issue of piggybacking.

9. Which recovery site option provides readiness in minutes to hours?

Warm site

Cold site

Multiple sites

Hot site

A hot site is a recovery site option that provides readiness in minutes to hours. It is a fully operational and fully equipped secondary site that is ready to take over the primary site's operations immediately in case of a disaster. It has all the necessary hardware, software, and data backups in place, allowing for a quick and seamless transition. This option ensures minimal downtime and allows for business continuity with minimal disruption to operations.

Explanation

A hot site is a recovery site option that provides readiness in minutes to hours. It is a fully operational and fully equipped secondary site that is ready to take over the primary site's operations immediately in case of a disaster. It has all the necessary hardware, software, and data backups in place, allowing for a quick and seamless transition. This option ensures minimal downtime and allows for business continuity with minimal disruption to operations.

10. Which data source comes first in the order of volatility when conducting a forensic investigation?

Logs

Data files on disk

Swap and paging files

RAM

RAM (Random Access Memory) comes first in the order of volatility when conducting a forensic investigation. RAM is a volatile memory that stores data temporarily while the computer is running. It contains information about the current state of the system, including running processes, open files, network connections, and other valuable data. Since RAM loses its contents when the computer is powered off or restarted, it is crucial to prioritize its analysis in a forensic investigation to capture any relevant evidence before it is lost.

Explanation

RAM (Random Access Memory) comes first in the order of volatility when conducting a forensic investigation. RAM is a volatile memory that stores data temporarily while the computer is running. It contains information about the current state of the system, including running processes, open files, network connections, and other valuable data. Since RAM loses its contents when the computer is powered off or restarted, it is crucial to prioritize its analysis in a forensic investigation to capture any relevant evidence before it is lost.