Conducting A Forensic Investigation

2.

Violet deploys an intrusion prevention system (IPS) on her network as a security control. What type of control has Violet deployed?

Detective
Preventive
Corrective
Deterrent

Correct Answer

A. Preventive

Explanation

Violet has deployed a preventive control by implementing an intrusion prevention system (IPS) on her network. This control is designed to proactively identify and block potential intrusions or attacks before they can cause any harm. By continuously monitoring network traffic and analyzing patterns, the IPS can detect and prevent unauthorized access or malicious activities, helping to maintain the security and integrity of Violet's network.

Rate this question:

3.

Brian needs to design a control that prevents piggybacking, only allowing one person to enter a facility at a time. What type of control would best meet this need?

Video surveillance
Motion detectors
Mantraps
Biometrics

Correct Answer

A. Mantraps

Explanation

Mantraps would best meet the need of preventing piggybacking and allowing only one person to enter a facility at a time. Mantraps are physical security devices that consist of two interlocking doors or gates. They are designed to only allow one person to pass through at a time, preventing unauthorized access. Other options like video surveillance, motion detectors, and biometrics may provide additional security measures but may not specifically address the issue of piggybacking.

Rate this question:

4.

What term describes the longest period of time that a business can survive without a particular critical system?

Maximum tolerable downtime (MTD)
Recovery time objective (RTO)
Recovery point objective (RPO)
Emergency operations center (EOC)

Correct Answer

A. Maximum tolerable downtime (MTD)

Explanation

The term that describes the longest period of time that a business can survive without a particular critical system is Maximum tolerable downtime (MTD). MTD refers to the maximum amount of time that a business can tolerate being without a critical system before it starts to experience significant negative impacts. It is important for businesses to determine their MTD in order to prioritize their recovery efforts and ensure that critical systems are restored within the acceptable time frame.

Rate this question:

5.

Which control is NOT an example of a fault tolerance technique designed to avoid interruptions that would cause downtime?

Clustering
Warm site
Load balancing
Redundant array of inexpensive Disks (RAID)

Correct Answer

A. Warm site

Explanation

A warm site is not an example of a fault tolerance technique designed to avoid interruptions that would cause downtime. A warm site refers to a backup facility that is partially equipped with the necessary hardware and infrastructure to quickly restore operations in the event of a disaster. It is not specifically designed to avoid interruptions, but rather to provide a backup location for business continuity purposes. In contrast, clustering, load balancing, and RAID are all examples of fault tolerance techniques that are specifically designed to avoid interruptions and minimize downtime by distributing workloads, balancing resources, and providing redundant storage, respectively.

Rate this question:

6.

Nancy performs a full backup of her server every Sunday at 1 A.M. and differential backups on Mondays through Fridays at 1 A.M. Her server fails at 9 A.M. Wednesday. How many backups does Nancy need to restore?

1
2
3
4

Correct Answer

A. 2

Explanation

Nancy performs a full backup on Sunday and differential backups on Monday, Tuesday, and Wednesday. Since her server fails on Wednesday at 9 A.M., she would need to restore the latest full backup (Sunday) and the latest differential backup (Tuesday) to restore her server. Therefore, Nancy needs to restore a total of 2 backups.

Rate this question:

7.

Which data source comes first in the order of volatility when conducting a forensic investigation?

Logs
Data files on disk
Swap and paging files
RAM

Correct Answer

A. RAM

Explanation

RAM (Random Access Memory) comes first in the order of volatility when conducting a forensic investigation. RAM is a volatile memory that stores data temporarily while the computer is running. It contains information about the current state of the system, including running processes, open files, network connections, and other valuable data. Since RAM loses its contents when the computer is powered off or restarted, it is crucial to prioritize its analysis in a forensic investigation to capture any relevant evidence before it is lost.

Rate this question:

8.

Which recovery site option provides readiness in minutes to hours?

Warm site
Cold site
Multiple sites
Hot site

Correct Answer

A. Hot site

Explanation

A hot site is a recovery site option that provides readiness in minutes to hours. It is a fully operational and fully equipped secondary site that is ready to take over the primary site's operations immediately in case of a disaster. It has all the necessary hardware, software, and data backups in place, allowing for a quick and seamless transition. This option ensures minimal downtime and allows for business continuity with minimal disruption to operations.

Rate this question:

9.

A(n) _________ is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime.

Incident
Event
Disaster
Emergency

Correct Answer

A. Disaster

Explanation

A disaster is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime. Unlike incidents or emergencies, disasters have a more severe impact and longer-lasting consequences on the CBF. Disasters often require extensive recovery efforts and may result in significant financial losses, damage to infrastructure, or loss of life. Therefore, a disaster is the most appropriate term to describe an event that causes prolonged disruption to a critical business function.

Rate this question:

10.

Forensics and incident response are examples of __________ controls.

Preventive
Detective
Corrective
Deterrent

Correct Answer

A. Corrective

Explanation

Forensics and incident response are examples of corrective controls because they are focused on addressing and mitigating the impact of security incidents after they have occurred. These controls are designed to identify and respond to security breaches, investigate the root cause of incidents, and implement measures to prevent future occurrences. They are an important part of an overall security strategy to minimize the impact of security incidents and ensure that proper actions are taken to remediate any vulnerabilities or weaknesses in the system.

Rate this question:

Conducting A Forensic Investigation

What term describes the risk that exists after an organization has performed all planned countermeasures and controls?

Quiz Preview

Violet deploys an intrusion prevention system (IPS) on her network as a security control. What type of control has Violet deployed?

Brian needs to design a control that prevents piggybacking, only allowing one person to enter a facility at a time. What type of control would best meet this need?

What term describes the longest period of time that a business can survive without a particular critical system?

Which control is NOT an example of a fault tolerance technique designed to avoid interruptions that would cause downtime?

Nancy performs a full backup of her server every Sunday at 1 A.M. and differential backups on Mondays through Fridays at 1 A.M. Her server fails at 9 A.M. Wednesday. How many backups does Nancy need to restore?

Which data source comes first in the order of volatility when conducting a forensic investigation?

Which recovery site option provides readiness in minutes to hours?

A(n) _________ is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime.

Forensics and incident response are examples of __________ controls.