The Ultimate Quiz On Information Assets

238 Questions

Settings
Please wait...
Information Quizzes & Trivia

.


Questions and Answers
  • 1. 
    What is a common approach used in the discipline of systems analysis and design to understand the ways systems operate and to chart process flows and interdependency studies?
    • A. 

      Systems diagramming

    • B. 

      Network diagramming

    • C. 

      Application diagramming

    • D. 

      Database diagramming

  • 2. 
    In a CPMT, a(n) ____ should be a high-level manager with influence and resources that can be used to support the project team, promote the objectives of the CP project, and endorse the results that come from the combined effort.
    • A. 

      project manager

    • B. 

      Crisis manager

    • C. 

      Incident manager

    • D. 

      Champion

  • 3. 
    The ____ is a federal law that creates a general prohibition on the realtime monitoring of traffic data relating to communications.
    • A. 

      Wiretap Act

    • B. 

      Pen/Trap Statute

    • C. 

      Fourth amendment to the U.S. Constitution

    • D. 

      Electronic Communication Protection Act

  • 4. 
    ____ are highly probable when infected machines are brought back online or when other infected computers that may have been offline at the time of the attack are brought back up. 
    • A. 

      Follow-on incidents

    • B. 

      Blue bag operations

    • C. 

      Black bag operations

    • D. 

      War games

  • 5. 
    Information assets have ____ when authorized users - persons or computer systems - are able to access them in the specified format without interference or obstruction.
    • A. 

      Availability

    • B. 

      Risk assessment

    • C. 

      Integrity

    • D. 

      Confidentiality

  • 6. 
    ____ ensures that only those with the rights and privileges to access information are able to do so.
    • A. 

      Confidentiality

    • B. 

      Risk assessment

    • C. 

      Availability

    • D. 

      Integrity

  • 7. 
    ____ is the risk control approach that attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation.
    • A. 

      Mitigation

    • B. 

      Acceptance

    • C. 

      Transference

    • D. 

      Avoidance

  • 8. 
    A(n) ____ is an investigation and assessment of the impact that various attacks can have on the organizatio.
    • A. 

      Business impact analysis (BIA)

    • B. 

      Business continuity analysis (BCA)

    • C. 

      Incident response analysis (IRA)

    • D. 

      Threat analysis

  • 9. 
    Information assets have ____ when they are not exposed (while being stored, processed, or transmitted) to corruption, damage, destruction, or other disruption of their authentic states.
    • A. 

      Integrity

    • B. 

      Availability

    • C. 

      Confidentiality

    • D. 

      Risk assessment

  • 10. 
    A(n) ____ is used to anticipate, react to, and recover from events that threaten the security of information and information assets in an organization; it is also used to restore the organization to normal modes of business operations;
    • A. 

      Contingency plan

    • B. 

      Security plan

    • C. 

      Threat plan

    • D. 

      Social plan

  • 11. 
    The ____ illustrates the most critical characteristics of information and has been the industry standard for computer security since the development of the mainframe.
    • A. 

      C.I.A. triangle

    • B. 

      Asset classification

    • C. 

      Strategic plan

    • D. 

      Disaster recovery plan

  • 12. 
    ____ of risk is the choice to do nothing to protect an information asset and to accept the outcome of its potential exploitation.
    • A. 

      Acceptance

    • B. 

      Avoidance

    • C. 

      Mitigation

    • D. 

      Inheritance

  • 13. 
    The term ____ refers to a broad category of electronic and human activities in which an unauthorized individual gains access to the information an organization is trying to protect.
    • A. 

      Trespass

    • B. 

      Polymorphism

    • C. 

      Denial-of-service

    • D. 

      Theft

  • 14. 
    A(n) ____ is an object, person, or other entity that is a potential risk of loss to an asset.
    • A. 

      Threat

    • B. 

      Intellectual property

    • C. 

      Payload

    • D. 

      Trojan horse

  • 15. 
    A(n) ____ is a plan or course of action used by an organization to convey instructions from its senior management to those who make decisions, take actions, and perform other duties on behalf of the organization.
    • A. 

      Policy

    • B. 

      Residual risk

    • C. 

      Assessment

    • D. 

      Business continuity plan

  • 16. 
    ____ (sometimes referred to as avoidance) is the risk control strategy that attempts to prevent the exploitation of a vulnerability.
    • A. 

      Defense

    • B. 

      Mitigation

    • C. 

      Transference

    • D. 

      Acceptance

  • 17. 
    ____ is the process of moving an organization toward its vision.
    • A. 

      Strategic planning

    • B. 

      Contingency planning

    • C. 

      Enterprise information planning

    • D. 

      Security planning

  • 18. 
    A(n) ____ attack&seeks$to*[email protected]\access[to>services0byXeither tying up a server's available resources or causing it to shut down.
    • A. 

      DoS

    • B. 

      Spyware

    • C. 

      Trojan horse

    • D. 

      Social engineering

  • 19. 
    A(n) ____ is any clearly identified attack on the organization's information assets that would threaten the assets' confidentiality, integrity, or availability.
    • A. 

      Incident

    • B. 

      Trespass

    • C. 

      Trojan horse

    • D. 

      Risk

  • 20. 
    A ____ deals with the preparation for and recovery from a disaster, whether natural or man-made.
    • A. 

      Risk assessment

    • B. 

      Mitigation plan

    • C. 

      Risk management

    • D. 

      Disaster recovery plan

  • 21. 
    ____ assigns a risk rating or score to each information asset. Although this number does not mean anything in absolute terms, it is useful in gauging the relative risk to each vulnerable information asset and facilitates the development of comparative ratings later in the risk control process.
    • A. 

      Avoidance

    • B. 

      BC

    • C. 

      DR

    • D. 

      Risk assessment

  • 22. 
    ____ hack systems to conduct terrorist activities through network or Internet pathways.
    • A. 

      Programmers

    • B. 

      Social engineers

    • C. 

      Script kiddies

    • D. 

      Cyberterrorists

  • 23. 
    A ____ is a document that describes how, in the event of a disaster, critical business functions continue at an alternate location while the organization recovers its ability to function at the primary site.
    • A. 

      Disaster recovery plan

    • B. 

      Risk assessment plan

    • C. 

      Business continuity plan

    • D. 

      Incident response plan

  • 24. 
    ____ is a risk control approach that attempts to shift the risk to other assets, other processes, or other organizations.
    • A. 

      Transference

    • B. 

      Avoidance

    • C. 

      Acceptance

    • D. 

      Mitigation

  • 25. 
    The ____ job functions and organizational roles focus on protecting the organization's information systems and stored information from attacks.
    • A. 

      Organizational management and professionals

    • B. 

      Information security management and professionals

    • C. 

      Information technology management and professionals

    • D. 

      Human resource management and professional

  • 26. 
    The last stage of a business impact analysis is prioritizing the resources associated with the ____, which brings a better understanding of what must be recovered first.
    • A. 

      Mission/business processes

    • B. 

      Information assets

    • C. 

      Contingency planning

    • D. 

      Insurance costs

  • 27. 
    The ____ is used to collect information directly from the end users and business managers.
    • A. 

      Data management session

    • B. 

      Forensic analysis

    • C. 

      Facilitated data-gathering session

    • D. 

      System log session

  • 28. 
    A manual alternative to the normal way of accomplishing an IT task might be employed in the event that IT is unavailable. This is called a ____.
    • A. 

      Workload shift

    • B. 

      Business disruption experience

    • C. 

      Work-around procedure

    • D. 

      Work outflow

  • 29. 
    The first major business impact analysis task is to analyze and prioritize the organization's business processes based on their relationships to the organization's ____.
    • A. 

      Downtime metrics

    • B. 

      Mission

    • C. 

      Information assets

    • D. 

      Budget

  • 30. 
    Which of the following collects and provides reports on failed login attempts, probes, scans, denial-of-service attacks, and detected malware?
    • A. 

      Departmental reports

    • B. 

      System logs

    • C. 

      Scheduled reports

    • D. 

      Financial reports

  • 31. 
    The elements required to begin the ____ process are a planning methodology; a policy environment to enable the planning process; an understanding of the causes and effects of core precursor activities, and access to financial and other resources.
    • A. 

      Human resource planning

    • B. 

      Information security planning

    • C. 

      Contingency planning

    • D. 

      Relocation planning

  • 32. 
    In a CPMT, a(n) ____ leads the project to make sure a sound project planning process is used, a complete and useful project plan is developed, and project resources are prudently managed.
    • A. 

      Champion

    • B. 

      Crisis manager

    • C. 

      Project manager

    • D. 

      Incident manager

  • 33. 
    The ____ job functions and organizational roles focus on costs of system creation and operation, ease of use for system users, timeliness of system creation, and transaction response time.
    • A. 

      Human resource management and professional

    • B. 

      Information security management and professionals

    • C. 

      Organizational management and professionals

    • D. 

      Information technology management and professionals

  • 34. 
    Within an organization, a(n) ____ is a group of individuals who are united by shared interests or values and who have a common goal of making the organization function to meet its objectives.
    • A. 

      Community of interest

    • B. 

      Incident response community

    • C. 

      Network community

    • D. 

      Database community

  • 35. 
    Companies may want to consider budgeting for contributions to employee loss expenses (such as funerals) as well as for counseling services for employees and loved ones as part of ____
    • A. 

      Recovery criticality budgeting

    • B. 

      Crisis management budgeting

    • C. 

      Incident response budgeting

    • D. 

      Risk assessment budgeting

  • 36. 
    The purpose of the ____ is to define the scope of the CP operations and establish managerial intent with regard to timetables for response to incidents, recovery from disasters, and  reestablishment of operations for continuity.
    • A. 

      Contingency planning policy

    • B. 

      Incident response policy

    • C. 

      Disaster recovery policy

    • D. 

      Cross-training policy

  • 37. 
    The ____ is an investigation and assessment of the impact that various events or incidents can have on the organization.
    • A. 

      Forensic analysis

    • B. 

      Threat of attack analysis

    • C. 

      Cross-training analysis

    • D. 

      Business impact analysis

  • 38. 
    The ____ is the point in time, determined by the business unit, from which systems and data can be recovered after an outage.
    • A. 

      Dependency objective

    • B. 

      Training objective

    • C. 

      Recovery time objective

    • D. 

      Recovery point objective

  • 39. 
    The final component to the CPMT planning process is to deal with ____.
    • A. 

      Prioritizing mission/business processes

    • B. 

      Identifying recovery priorities

    • C. 

      Budgeting for contingency operations

    • D. 

      BIA data collection

  • 40. 
    A CPMT should include _____ who can oversee the security planning of the project and provide information on threats, vulnerabilities, and recovery requirements needed in the planning process.
    • A. 

      Human resource managers

    • B. 

      Information security managers

    • C. 

      Business managers

    • D. 

      Physical plant managers

  • 41. 
    To a large extent, incident response capabilities are part of a normal IT budget. The only area in which additional budgeting is absolutely required for incident response is the maintenance of  ____.
    • A. 

      Redundant equipment

    • B. 

      Local area networks

    • C. 

      Audit documentation

    • D. 

      BIA questionnaires

  • 42. 
    The ____ is the period of time within which systems, applications, or functions must be recovered after an outage.
    • A. 

      Dependency objective

    • B. 

      Recovery point objective

    • C. 

      Recovery time objective

    • D. 

      Training objective

  • 43. 
    One modeling technique drawn from systems analysis and design that can provide an excellent way to illustrate how a business functions is a(n) ____.
    • A. 

      Production schedule

    • B. 

      Collaboration diagram

    • C. 

      Focus group

    • D. 

      IT application log

  • 44. 
    ____ are used for recovery from disasters that threaten on-site backups.
    • A. 

      Cloud storage sites

    • B. 

      Electronic vaulting sites

    • C. 

      Data archives

    • D. 

      Data backups

  • 45. 
    Considered to be the traditional "lock and copy" approach to database backup, _____ require the database to be inaccessible while a backup is created to a local drive.
    • A. 

      Continuous database protections

    • B. 

      RAID Level 1+0 applications

    • C. 

      Online backup applications

    • D. 

      Legacy backup applications

  • 46. 
    A ____ is a synonym for a virtualization application.
    • A. 

      Virtual machine

    • B. 

      Host platform

    • C. 

      Hypervisor

    • D. 

      Virtual hardware

  • 47. 
    ____ uses a number of hard drives to store information across multiple drive units.
    • A. 

      Continuous database protection

    • B. 

      Legacy backup

    • C. 

      RAID

    • D. 

      Virtualization

  • 48. 
    An organization aggregates all local backups to a central repository and then backs up that repository to an online vendor, with a ____ backup strategy.
    • A. 

      Differential

    • B. 

      RAID

    • C. 

      Disk-to-disk-to-cloud

    • D. 

      Disk-to-disk-to-tape

  • 49. 
    A(n) ____ is an agreement in which the client agrees not to use the vendor's services to compete directly with the vendor, and for the client not to use vendor information to gain a better deal with another vendor.
    • A. 

      Nondisclosure agreement

    • B. 

      Covenant not to compete

    • C. 

      Intellectual property assurance

    • D. 

      Statement of indemnification

  • 50. 
    A(n) ____ is often included in legal documents to ensure that a vendor is not liable for actions taken by a client.
    • A. 

      Covenant not to compete

    • B. 

      Intellectual property assurance

    • C. 

      Statement of indemnification

    • D. 

      Nondisclosure agreement

  • 51. 
    Advances in cloud computing have opened a new field in application redundancy and backup. Because organizations that lease ____ are in effect using a preconfigured set of applications on someone else's systems, it is reasonable to ask that the service agreement include contingencies for recovery.
    • A. 

      SaaS

    • B. 

      Servers

    • C. 

      PaaS

    • D. 

      IaaS

  • 52. 
    A(n) ____ is an extension of an organization's intranet into cloud computing.
    • A. 

      Private cloud

    • B. 

      Application cloud

    • C. 

      Public cloud

    • D. 

      Community cloud

  • 53. 
    Some recovery strategies seek to improve the ____ of a server or system in addition to, or instead of, performing backups of data.
    • A. 

      Speed

    • B. 

      Accuracy

    • C. 

      Cost-effectiveness

    • D. 

      Robustness

  • 54. 
    Both data backups and archives should be based on a(n) ____ schedule that guides the frequency of replacement and the duration of storage.
    • A. 

      Replication

    • B. 

      Business resumption

    • C. 

      Retention

    • D. 

      Incident response

  • 55. 
    A resumption location known as a ____  or a _______ is a fully configured computer facility capable of establishing operations at a moment's notice.
    • A. 

      Mobile site

    • B. 

      Service bureau

    • C. 

      Hot site

    • D. 

      Mirrored site

  • 56. 
    A ____ is commonly a single device or server that attaches to a network and uses TCP/IP-based protocols and communications methods to provide an online storage environment.
    • A. 

      Remote journal

    • B. 

      Virtual machine monitor

    • C. 

      Network-attached storage

    • D. 

      Storage area network

  • 57. 
    A(n) ____ backup only archives the files that have been modified since the last backup.
    • A. 

      Differential

    • B. 

      Copy

    • C. 

      Daily

    • D. 

      Incremental

  • 58. 
    A backup plan using WAN/VLAN replication and a recovery strategy using a warm site is most suitable for information systems that have ____ priority within an organization.
    • A. 

      Moderate

    • B. 

      Critical

    • C. 

      Low

    • D. 

      High

  • 59. 
    When using virtualization, it is commonplace to use the term ____ to refer to a virtualized environment operating in or on a host platform.
    • A. 

      VMware

    • B. 

      Host machine

    • C. 

      Virtual machine

    • D. 

      Hypervisor

  • 60. 
    RAID 0 creates one logical volume across several available hard disk drives and stores the data using ____, in which data segments are written in turn to each disk drive in the array.
    • A. 

      Disk coding

    • B. 

      Disk duplexing

    • C. 

      Disk striping

    • D. 

      Disk mirroring

  • 61. 
    A potential disadvantage of a ____ site-resumption strategy is that more than one organization might need the facility simultaneously.
    • A. 

      Cold site

    • B. 

      Mobile site

    • C. 

      Time-share

    • D. 

      Service bureau

  • 62. 
    A ____ is an agency that provides physical facilities in the event of a disaster for a fee.
    • A. 

      Service bureau

    • B. 

      Mobile site

    • C. 

      Time-share

    • D. 

      Cold site

  • 63. 
    A ____ is a contractual document guaranteeing certain minimal levels of service provided by a vendor.
    • A. 

      Time-share agreement

    • B. 

      Memorandum of understanding

    • C. 

      Mutual agreement

    • D. 

      Service agreement

  • 64. 
    A(n) ____ covers the confidentiality of information from everyone unless disclosure is mandated by the courts.
    • A. 

      Intellectual property assurance

    • B. 

      Nondisclosure agreement

    • C. 

      Statement of indemnification

    • D. 

      Covenant not to compete

  • 65. 
    A favorite pastime of information security professionals is ____, which is a simulation of attack and defense activities using realistic networks and information systems.
    • A. 

      Simulation

    • B. 

      Parallel testing

    • C. 

      Structured walk-through

    • D. 

      War gaming

  • 66. 
    The Southeast Collegiate Cyber Defense Competition is unique in that it focuses on the operational aspect of managing and protecting an existing network infrastructure. Unlike "capture-the-flag " exercises, this competition is exclusively a real-world ____ competition.
    • A. 

      End-user training

    • B. 

      Offensive

    • C. 

      Defensive

    • D. 

      Hacking

  • 67. 
    A recommended practice for the implementation of the physical IR plan document is to organize the contents so that the first page contains the ____ actions.
    • A. 

      Testing

    • B. 

      "during attack"

    • C. 

      "before attack"

    • D. 

      Training

  • 68. 
    The training delivery method with the lowest cost to the organization is ____.
    • A. 

      User support group

    • B. 

      On-the-job training

    • C. 

      One-on-one

    • D. 

      Self-study (noncomputerized)

  • 69. 
    The committees of the CPMT follow a set of general stages to develop their subordinate plans. In the case of incident planning, the first stage is to ____.
    • A. 

      Form the IR planning committee

    • B. 

      Integrate the BIA

    • C. 

      Identify preventive controls

    • D. 

      Develop the IR planning policy

  • 70. 
    The ____ Department of an organization needs to review the procedures of the CSIRT and understand the steps the CSIRT will perform to ensure it is within legal and ethical guidelines for the municipal, state, and federal jurisdictions.
    • A. 

      Legal

    • B. 

      Labor

    • C. 

      Auditing

    • D. 

      Public Relations

  • 71. 
    The IR plan is usually ____ when an incident causes minimal damage with little or no disruption to business operations.
    • A. 

      Placed on standby

    • B. 

      Placed on alert

    • C. 

      Not activated

    • D. 

      Activated

  • 72. 
    A recommended practice for the implementation of the physical IR plan is to select a ____ binder.
    • A. 

      Green

    • B. 

      Black

    • C. 

      Blue

    • D. 

      Red

  • 73. 
    A(n) ____ is a CSIRT team member, other than the team leader, who is currently performing the responsibilities of the team leader in scanning the organization's information infrastructure for signs of an incident.
    • A. 

      IR duty officer

    • B. 

      Project manager

    • C. 

      Software engineer

    • D. 

      Forensic expert

  • 74. 
    ____ is the process of systematically examining information assets for evidentiary material that can provide insight into how an incident transpired.
    • A. 

      War gaming

    • B. 

      Disaster recovery

    • C. 

      Forensics analysis

    • D. 

      Incident response

  • 75. 
    ____ incident responses enables the organization to react to a detected incident quickly and effectively, without confusion or wasted time and effort.
    • A. 

      Publishing

    • B. 

      Recording

    • C. 

      Discussing

    • D. 

      Predefining

  • 76. 
    Should an incident begin to escalate, the CSIRT team leader continues to add resources and skill sets as necessary to attempt to contain and terminate the incident. The resulting team is called the ____ for this particular incident.
    • A. 

      Reaction force

    • B. 

      IR unit

    • C. 

      Forensic team

    • D. 

      Response unit

  • 77. 
    Incident analysis resources include network diagrams and lists of ____, such as database servers.
    • A. 

      Desk checks

    • B. 

      Protocol analyzers

    • C. 

      Critical assets

    • D. 

      Simulation software

  • 78. 
    General users require training on the technical details of how to do their jobs securely, including good security practices, ____ management, specialized access controls, and violation reporting.
    • A. 

      War gaming

    • B. 

      Organization

    • C. 

      Password

    • D. 

      "before action"

  • 79. 
    The ____ of an organization defines the roles and responsibilities for incident response for the CSIRT and others who will be mobilized in the activation of the plan.
    • A. 

      IR procedures

    • B. 

      CSIRT policy

    • C. 

      IR policy

    • D. 

      IR plan

  • 80. 
    In contingency planning, an adverse event that threatens the security of an organization's information is called a(n) ____.
    • A. 

      Notification

    • B. 

      Incident

    • C. 

      Emergency

    • D. 

      Warning

  • 81. 
    The responsibility for creating an organization's IR plan often falls to the ____.
    • A. 

      Chief information security officer

    • B. 

      Project manager

    • C. 

      Forensic expert

    • D. 

      Database administrator

  • 82. 
    The U.S. National Institute of Standards and Technology defines the incident response life cycle as having four main processes: 1) preparation; 2) detection and analysis; 3) containment, eradication, and recovery; and 4) ____.
    • A. 

      Post-incident activity

    • B. 

      Incident report

    • C. 

      Resolution

    • D. 

      Triage

  • 83. 
    One of the primary responsibilities of the IRP team is to ensure that the ____ is prepared to respond to each incident it may face.
    • A. 

      Catalyst

    • B. 

      Semtex

    • C. 

      CSIRT

    • D. 

      IR plan

  • 84. 
    The ____ approach for detecting intrusions is based on the frequency with which certain network activities take place.
    • A. 

      Knowledge-based IDPS

    • B. 

      Host-based IDPS

    • C. 

      Signature-based IDPS

    • D. 

      Anomaly-based IDPS

  • 85. 
    In an attack known as ____, valid protocol packets exploit poorly configured DNS servers to inject false information to corrupt the servers' answers to routine DNS queries from other systems on that network.
    • A. 

      DNS cache poisoning

    • B. 

      Denial-of-service (DoS)

    • C. 

      Port mirroring

    • D. 

      Evasion

  • 86. 
    The task of monitoring file systems for unauthorized change is best performed by using a(n) ____.
    • A. 

      HIDPS

    • B. 

      Knowledge-based IDPS

    • C. 

      NIDPS

    • D. 

      AppIDPS

  • 87. 
    The process of evaluating the circumstances around organizational events includes determining which adverse events are possible incidents, or ____.
    • A. 

      Critical violations

    • B. 

      Incident candidates

    • C. 

      Service alarms

    • D. 

      Hacker intrusions

  • 88. 
    A(n) ____ is the set of rules and configuration guidelines governing the implementation and operation of IDPSs within the organization.
    • A. 

      Attack stimulus

    • B. 

      Confidence

    • C. 

      Site policy

    • D. 

      IR policy

  • 89. 
    The ____ of a hub, switch or other networking device is a specially configured connection that is capable of viewing all the traffic that moves through the entire device.
    • A. 

      Monitoring port

    • B. 

      IDPS console

    • C. 

      External router

    • D. 

      TCP/IP sensor

  • 90. 
    A(n) ____ is a sign that an activity now occurring may signal an incident that could occur in the future.
    • A. 

      Inactive system

    • B. 

      Precursor

    • C. 

      Signal

    • D. 

      Indication

  • 91. 
    A(n) ____ , a type of IDPS that is similar to the NIDPS, reviews the log files generated by servers, network devices, and even other IDPSs.
    • A. 

      Packet exchanger

    • B. 

      Honeynet

    • C. 

      Trap and trace system

    • D. 

      Log file monitor

  • 92. 
    A ____ rootkit is one that becomes a part of the system bootstrap process and is loaded every time the system boots.
    • A. 

      User-mode

    • B. 

      Kernel-mode

    • C. 

      Memory-based

    • D. 

      Persistent

  • 93. 
    A(n) ____ is a sign that an adverse event is underway and has a probability of becoming an incident.
    • A. 

      Precursor

    • B. 

      Signal

    • C. 

      Inactive system

    • D. 

      Indication

  • 94. 
    Using a process known as ____, network-based IDPSs look for attack patterns by comparing measured activity to known signatures in their knowledge base to determine whether or not an attack has occurred or may be under way.
    • A. 

      Port monitoring

    • B. 

      Signature matching

    • C. 

      Packet sniffing

    • D. 

      Traffic measurement

  • 95. 
    In the event that a definite indicator is recognized, the corresponding ____ must be activated immediately.
    • A. 

      Rootkit

    • B. 

      IR plan

    • C. 

      Alarm

    • D. 

      IDPS

  • 96. 
    New systems can respond to an incident threat autonomously, based on preconfigured options that go beyond simple defensive actions usually associated with IDPS and IPS systems. These systems, referred to as ____, use a combination of resources to detect an intrusion and then to trace the intrusion back to its source.
    • A. 

      Log file monitors

    • B. 

      Packet exchangers

    • C. 

      Trap and trace

    • D. 

      Honeynets

  • 97. 
    If an intruder can ____ a device, then no electronic protection can deter the loss of information.
    • A. 

      Physically access

    • B. 

      Log and monitor

    • C. 

      Packet sniff

    • D. 

      Trap and trace

  • 98. 
    A(n) ____ is any system resource that is placed onto a functional system but has no normal use for that system. If it attracts attention, it is from unauthorized access and will trigger a notification or response.
    • A. 

      Honeypot

    • B. 

      Honeynet

    • C. 

      Honeytoken

    • D. 

      Wasp trap

  • 99. 
    ____ are closely monitored network decoys serving that can distract adversaries from more valuable machines on a network; can provide early warning about new attack and exploitation trends; and can allow in-depth examination of adversaries during and after exploitation.
    • A. 

      Honeypots

    • B. 

      Log file monitors

    • C. 

      Packet exchangers

    • D. 

      Trap and trace systems

  • 100. 
    The use of IDPS sensors and analysis systems can be quite complex. One very common approach is to use an open source software program called ____ running on an open source UNIX or Linux system that can be managed and queried from a desktop computer using a client interface.
    • A. 

      Snort

    • B. 

      Detector

    • C. 

      Sniff

    • D. 

      Match

  • 101. 
    The ongoing activity from alarm events that are accurate and noteworthy but not necessarily significant as potentially successful attacks is called ____.
    • A. 

      Noise

    • B. 

      False positive

    • C. 

      Confidence

    • D. 

      Tuning

  • 102. 
    Most organizations will find themselves awash in incident candidates at one time or another, and the vast majority will be ____.
    • A. 

      Unusual system crashes

    • B. 

      Reported attacks

    • C. 

      Definite indicators

    • D. 

      False positives

  • 103. 
    When the measured activity is outside the baseline parameters in a behavior-based IDPS, it is said to exceed the ____ (the level at which the IDPS triggers an alert to notify the administrator).
    • A. 

      Footprint level

    • B. 

      Root level

    • C. 

      Baseline level

    • D. 

      Clipping level

  • 104. 
    When implementing a BC plan, an organization reaches a predetermined state, known as a(n) ____, at which time the responsible executive indicates that the organization is to relocate to a pre-selected alternate site.
    • A. 

      Moving point

    • B. 

      Critical point

    • C. 

      Contingency point

    • D. 

      Trigger point

  • 105. 
    The ____ is the group responsible for initiating the occupation of the alternate facility.
    • A. 

      Forensic team

    • B. 

      Disaster recovery team

    • C. 

      Advance party

    • D. 

      Applications development team

  • 106. 
    The ____ is the amount of time that a business can tolerate losing capabilities until alternate capabilities are available.
    • A. 

      Reaction time objective

    • B. 

      Incidence response time

    • C. 

      Disaster recovery time

    • D. 

      Recovery time objective

  • 107. 
    In the ____ phase of the BC plan, the organization specifies what type of relocation services are desired and what type of data management strategies are deployed to support relocation.
    • A. 

      Preparation for BC actions

    • B. 

      Roles and responsibilities

    • C. 

      Special considerations

    • D. 

      Training requirements

  • 108. 
    Unless an organization has contracted for a ____ or equivalent, office equipment such as desktop computers are not provided at BC alternate site.
    • A. 

      Warm site

    • B. 

      Fully provisioned site

    • C. 

      Hot site

    • D. 

      Cold site

  • 109. 
    The plan maintenance schedule in a BC policy statement should address the ____ of reviews, along with who will be involved in each review.
    • A. 

      Maintenance

    • B. 

      Frequency

    • C. 

      Style

    • D. 

      Location

  • 110. 
    Two dominantly recognized professional institutions certifying business continuity professionals agree on the ____ as the basis for certification.
    • A. 

      BC Certification Exam

    • B. 

      BC Professional Handbook

    • C. 

      BC Discipline Review

    • D. 

      Common Body of Knowledge

  • 111. 
    Essential BC supplies needed at an alternate site include portable computers, software media, and ____.
    • A. 

      Fax capabilities

    • B. 

      Copiers

    • C. 

      Training documents

    • D. 

      Licenses

  • 112. 
    A BC subteam called the ____ is responsible for establishing the core business functions needed to sustain critical business operations.
    • A. 

      Systems recovery team

    • B. 

      Operations team

    • C. 

      Applications recovery team

    • D. 

      Logistics team

  • 113. 
    The Business Continuity Institute offers an uncertified category of membership called a(n) ____ that is accepted by application and does not require assessment or a review process.
    • A. 

      Associate

    • B. 

      Affiliate

    • C. 

      Specialist

    • D. 

      Fellow

  • 114. 
    ____ planning represents the final response of the organization when faced with any interruption of its critical operations.
    • A. 

      Relocation

    • B. 

      Business continuity

    • C. 

      Event

    • D. 

      Technology watch

  • 115. 
    Once BC activities have come to a close and the organization has reoccupied its primary facility or new permanent facility, the team should meet for a(n) ____.
    • A. 

      After-action review

    • B. 

      Wrap-up review

    • C. 

      Clearing review

    • D. 

      Closing review

  • 116. 
    The U.S. Department of Homeland Security's Federal Emergency Management Association has developed a support Web site at ____ that includes a suite of tools to guide the development of disaster recovery/business continuity plans.
    • A. 

      Www.prepare.gov

    • B. 

      Www.ready.gov

    • C. 

      Www.disaster.gov

    • D. 

      Www.dr-bc.gov

  • 117. 
    What phase of the BC plan specifies under what conditions and how the organization relocates from the primary to the alternate site?
    • A. 

      Special considerations

    • B. 

      Relocation to the alternate site

    • C. 

      Preparation for BC actions

    • D. 

      Training requirements

  • 118. 
    The ____ section of the business continuity policy identifies the organizational units and groups of employees to which the policy applies.
    • A. 

      Scope

    • B. 

      Training requirements

    • C. 

      Special considerations

    • D. 

      Roles and responsibilities

  • 119. 
    The ____ section of the business continuity policy provides an overview of the information storage and retrieval plans of the organization.
    • A. 

      Special considerations

    • B. 

      Training requirements

    • C. 

      Scope

    • D. 

      Roles and responsibilities

  • 120. 
    A certification offered by the Business Continuity Institute is called ____.
    • A. 

      BCI Certification Fellowship

    • B. 

      Certified Business Continuity Professional

    • C. 

      Master Business Continuity Professional

    • D. 

      BCI Professional Recognition Program

  • 121. 
    Identifying measures, called ____, that reduce the effects of system disruptions can reduce continuity life-cycle costs.
    • A. 

      Preventive controls

    • B. 

      Predictive controls

    • C. 

      BC exercises

    • D. 

      BC requirements

  • 122. 
    In the ____ section of the business continuity policy, the training requirements for the various employee groups are defined and highlighted.
    • A. 

      Training requirements

    • B. 

      Scope

    • C. 

      Roles and responsibilities

    • D. 

      Special considerations

  • 123. 
    The ____ is the point in the past to which the recovered applications and data at the alternate infrastructure will be restored.
    • A. 

      Recovery point objective

    • B. 

      Simulation point objective

    • C. 

      Warm site objective

    • D. 

      Relocation point objective

  • 124. 
    The ____ section of the business continuity policy identifies the roles and responsibilities of the key players in the business continuity operation.
    • A. 

      Education requirements

    • B. 

      Training requirements

    • C. 

      Scope

    • D. 

      Roles and responsibilities

  • 125. 
    The first group to communicate the CSIRT's vision and operational plan is the managerial team or individual serving as the ____.
    • A. 

      IT staff leader

    • B. 

      Educational liaison

    • C. 

      Champion

    • D. 

      Technical lead

  • 126. 
    The CSIRT should be available for contact by anyone who discovers or suspects that an incident involving the organization has occurred. Some organizations prefer that employees contact a ____, which then makes the determination as to whether to contact the CSIRT or not.
    • A. 

      Computer Emergency Response Team

    • B. 

      Help desk

    • C. 

      Contingency Planning Team

    • D. 

      System administration

  • 127. 
    ____ is a valuable resource for additional information on building and staffing CSIRTs.
    • A. 

      IRP

    • B. 

      CSIRT Performance Measures

    • C. 

      AAR

    • D. 

      NIST

  • 128. 
    A CSIRT model that is effective for large organizations and for organizations with major computing resources at distant locations is the ____.
    • A. 

      Coordinating team

    • B. 

      Organizational CSIRT

    • C. 

      Distributed CSIRT

    • D. 

      Central CSIRT

  • 129. 
    A feedback mechanism that can be used to measure the effectiveness of a CSIRT is the
    • A. 

      IR plan test

    • B. 

      After action review

    • C. 

      Definition of empirical measures

    • D. 

      Help desk report log

  • 130. 
    In the absence of the assigned team manager, the ____ should assume authority for overseeing and evaluating a provided service.
    • A. 

      IRP team leader

    • B. 

      Technical lead

    • C. 

      Deputy team manager

    • D. 

      CSIRT leader

  • 131. 
    The first step in building a CSIRT is to ____.
    • A. 

      Determine the CSIRT strategic plan

    • B. 

      Design the CSIRT vision

    • C. 

      Gather relevant information

    • D. 

      Obtain management support and buy-in

  • 132. 
    The organization must first understand what skills are needed to effectively respond to an incident. If necessary, management must determine if it is willing to acquire needed ____ to fill in the gaps.
    • A. 

      Personnel

    • B. 

      Administration

    • C. 

      Equipment

    • D. 

      Policies

  • 133. 
    When an organization completely outsources its IR work, typically to an on-site contractor, it is called a(n) ____ model.
    • A. 

      Partially outsourced

    • B. 

      Employees

    • C. 

      24/7

    • D. 

      Fully outsourced

  • 134. 
    The ____ flow of information needed from the CSIRT to organizational and IT/InfoSec management is a critical communication requirement.
    • A. 

      Upward

    • B. 

      Identifying

    • C. 

      Geographic

    • D. 

      Operations

  • 135. 
    The focus during a(n) ____ is on learning what worked, what didn't, and where communications and response procedures may have failed.
    • A. 

      After action review

    • B. 

      Advisory distribution

    • C. 

      Incident response

    • D. 

      CSIRT resource meeting

  • 136. 
    A CSIRT model in which a single CSIRT handles incidents throughout the organization is called a(n) ____.
    • A. 

      Employee-based CSIRT

    • B. 

      Coordinating team

    • C. 

      Central CSIRT

    • D. 

      Organizational CSIRT

  • 137. 
    One way to build and maintain staff skills is to develop incident-handling ____ and have the team members discuss how they would handle them.
    • A. 

      Scenarios

    • B. 

      Technologies

    • C. 

      IR teams

    • D. 

      Plans

  • 138. 
    The CSIRT must have a clear and concise ____ statement that, in a few sentences, unambiguously articulates what it will do.
    • A. 

      Requirements

    • B. 

      Mission

    • C. 

      Objectives

    • D. 

      Philosophy

  • 139. 
    A key step in the ____ approach to incident response is to discover the identify of the intruder while documenting his or her activity.
    • A. 

      Proactive security awareness

    • B. 

      Security quality management

    • C. 

      Protect and forget

    • D. 

      Apprehend and prosecute

  • 140. 
    Those services undertaken to prepare the organization or the CSIRT constituents to protect and secure systems in anticipation of problems, attacks, or other events are called ____.
    • A. 

      Vulnerability assessment services

    • B. 

      Reactive services

    • C. 

      Security quality management services

    • D. 

      Proactive services

  • 141. 
    Those services performed in response to a request or a defined event such as a help desk alert are called ____.
    • A. 

      Vulnerability assessment services

    • B. 

      Reactive services

    • C. 

      Proactive services

    • D. 

      Security quality management services

  • 142. 
    The champion for the CSIRT may be the same person as the champion for the entire IR function-typically, the ____.
    • A. 

      IT manager

    • B. 

      Operations manager

    • C. 

      Chief executive officer

    • D. 

      Chief information officer

  • 143. 
    The announcement of an operational CSIRT should minimally include ____.
    • A. 

      The IR policy statement

    • B. 

      A list of all IDPS equipment

    • C. 

      Statistical baselines for systems

    • D. 

      Contact methods and numbers

  • 144. 
    The determination of what systems fall under the CSIRT 's responsibility is called its ____.
    • A. 

      Mission

    • B. 

      Scope of operations

    • C. 

      Policy

    • D. 

      Constituency

  • 145. 
    According to the 2010/2011 Computer Crime and Security Survey, ____ is "the most commonly seen attack, with 67.1 percent of respondents reporting it."
    • A. 

      Unauthorized access

    • B. 

      Inappropriate use

    • C. 

      Malware infection

    • D. 

      Denial-of-service

  • 146. 
    When an alert warns of new malicious code that targets software used by an organization, the first response should be to research the new virus to determine whether it is ____.
    • A. 

      Authorized

    • B. 

      Real

    • C. 

      Intrusive

    • D. 

      Aggressive

  • 147. 
    A ____ attack is much more substantial than a DoS attack because of the use of multiple systems to simultaneously attack a single target.
    • A. 

      Heartbeat attack

    • B. 

      Distributed denial-of-service

    • C. 

      Networked denial-of-service

    • D. 

      Targeted denial-of-service

  • 148. 
    When a second attack, using the means and methods of the first attack is undertaken while the first attack is still underway, this is considered a(n) ____ recurrence.
    • A. 

      Simultaneous

    • B. 

      Concurrent

    • C. 

      Intrusive

    • D. 

      Ongoing

  • 149. 
    According to NIST, which of the following is an example of a UA attack?
    • A. 

      Modifying Web-based content without permission

    • B. 

      Asking for large numbers of resources

    • C. 

      Knowingly sending a virus-infected message

    • D. 

      Downloading unauthorized software

  • 150. 
    Essentially a DoS attack, a ____ is a message aimed at causing organizational users to waste time reacting to a nonexistent malware threat.
    • A. 

      Worm infection

    • B. 

      Trojan horse

    • C. 

      Tracking cookie

    • D. 

      Malware hoax

  • 151. 
    A ____ attack is much more substantial than a DoS attack because of the use of multiple systems to simultaneously attack a single target.
    • A. 

      Heartbeat attack

    • B. 

      Distributed denial-of-service

    • C. 

      Networked denial-of-service

    • D. 

      Targeted denial-of-service

  • 152. 
    Known as ____, procedures for regaining control of systems and restoring operations to normalcy are the heart of the IR plan and the CSIRT's operations.
    • A. 

      CSIRT policies

    • B. 

      IR reaction strategies

    • C. 

      Disaster recovery strategies

    • D. 

      Detection and recovery

  • 153. 
    A(n) ____ attack is a method of combining attacks with rootkits and back doors.
    • A. 

      Lockdown

    • B. 

      Hijack

    • C. 

      Hybrid

    • D. 

      Unauthorized

  • 154. 
    If a user receives a message whose tone and terminology seems intended to invoke a panic or sense of urgency, it may be a(n) ____.
    • A. 

      Trojan horse

    • B. 

      Hoax

    • C. 

      Virus

    • D. 

      Indicator

  • 155. 
    When an incident includes a breach of physical security, all aspects of physical security should be escalated under a containment strategy known as ____.
    • A. 

      Block

    • B. 

      Lockdown

    • C. 

      Isolation

    • D. 

      Disablement

  • 156. 
    Clifford Stoll's book, ____, provides an excellent story about a real-world incident that turned into an international tale of espionage and intrigue.
    • A. 

      Under Attack

    • B. 

      The Cuckoo's Egg

    • C. 

      The Hacker

    • D. 

      Stalking the Wily Hacker

  • 157. 
    The number-one IU preparation-and-prevention strategy is ____.
    • A. 

      Configuring network devices

    • B. 

      Minimize file sharing

    • C. 

      Periodic audit of logs

    • D. 

      Organizational policy

  • 158. 
    Many malware attacks are ____ attacks, which involve more than one type of malware and/or more than one type of transmission method.
    • A. 

      Rootkit

    • B. 

      Malicious software

    • C. 

      Blended

    • D. 

      Unauthorized access

  • 159. 
    In a "block" containment strategy, in which the attacker's path into the environment is disrupted, you should use the most precise strategy possible, starting with ____.
    • A. 

      Blocking incoming connections

    • B. 

      Blocking a specific IP address

    • C. 

      Blocking a port

    • D. 

      Blocking a class of service

  • 160. 
    ____ incidents are predominantly characterized as a violation of policy rather than an effort to abuse existing systems.
    • A. 

      Malicious code

    • B. 

      Unauthorized access

    • C. 

      Inappropriate use

    • D. 

      Denial of service

  • 161. 
    ____ is a tactic that deliberately permits an attack to continue while the entire event is observed and additional evidence is collected.
    • A. 

      Stealthy waiting

    • B. 

      Watchful waiting

    • C. 

      Delayed protection

    • D. 

      Manage and wait

  • 162. 
    ____ is a common indicator of a DoS attack.
    • A. 

      Unknown processes running

    • B. 

      User reports of system unavailability

    • C. 

      Unusually light network traffic

    • D. 

      Detection of a new virus

  • 163. 
    Which of the following is the most suitable as a response strategy for malware outbreaks?
    • A. 

      Escalating physical security

    • B. 

      Blocking known attackers

    • C. 

      Creating a strong password policy

    • D. 

      Verifying the IP address of the attacker

  • 164. 
    The CSIRT may not wish to "tip off" attackers that they have been detected, especially if the organization is following a(n) ____ approach.
    • A. 

      Acceptable loss

    • B. 

      Detect and recover

    • C. 

      Contain and eradicate

    • D. 

      Apprehend and prosecute

  • 165. 
    There are a number of professional IR agencies, such as ____, that can provide additional resources to help prevent and detect DoS incidents.
    • A. 

      Egghead Software

    • B. 

      US-CERT

    • C. 

      US-DoS

    • D. 

      IDPS.com

  • 166. 
    A ____ is a small quantity of data kept by a Web site as a means of recording that a system has visited that Web site.
    • A. 

      Cookie

    • B. 

      Phish

    • C. 

      Worm

    • D. 

      Virus

  • 167. 
    ____ involves an attempt made by those who may become subject to digital forensic techniques to obfuscate or hide items of evidentiary value.
    • A. 

      Digital obstruction

    • B. 

      Anti-discovery

    • C. 

      Digital masking

    • D. 

      Anti-forensics

  • 168. 
    ____ is defined as the search for, collection, and review of items stored in electronic (or, more precisely, digital) format that are of potential evidentiary value based on criteria specified by a legal team.
    • A. 

      Anti-forensics discovery

    • B. 

      Forensics discover

    • C. 

      EDiscovery

    • D. 

      Digital discovery

  • 169. 
    ____ is used both for intrusion analysis and as part of evidence collection and analysis.
    • A. 

      Loss analysis

    • B. 

      Configuration

    • C. 

      Forensics

    • D. 

      Rehearsal

  • 170. 
    The legal decision that establishes the start point for "warrantless" workplace searches is the Supreme Court's complex ruling in ____.
    • A. 

      O'Connor v. Ortega

    • B. 

      Bachmann v. Simons

    • C. 

      Johnson v. Lilly

    • D. 

      Katz v. United States

  • 171. 
    The ____ handles computer crimes that are categorized as felonies.
    • A. 

      Department of Defense

    • B. 

      U.S. Treasury Department

    • C. 

      FBI

    • D. 

      U.S. Secret Service

  • 172. 
    The stability of information over time is called its ____.
    • A. 

      Sensitivity

    • B. 

      Evidentiary value

    • C. 

      Volatility

    • D. 

      Presentation

  • 173. 
    Many private sector organizations require a formal statement, called a(n) ____, which provides search authorization and furnishes much of the same information usually found in a public sector search warrant.
    • A. 

      Private warrant

    • B. 

      Affidavit

    • C. 

      Field log

    • D. 

      Incident report

  • 174. 
    A forensics team typically uses two methods to document a scene as it exists at the time of arrival: photography and ____.
    • A. 

      Interviewing

    • B. 

      Authentication

    • C. 

      Field activity log forms

    • D. 

      Field notes

  • 175. 
    In evidence handling, specifically designed ____ are helpful because they are very difficult to remove without breaking.
    • A. 

      Forensic locks

    • B. 

      Break kits

    • C. 

      Package guards

    • D. 

      Evidence seals

  • 176. 
    The ____ phase of forensic analysis involves the use of forensic tools to recover the content of files that were deleted, operating system artifacts (such as event data and logging of user actions), and other relevant facts.
    • A. 

      Discovery

    • B. 

      Analysis

    • C. 

      Field

    • D. 

      Examination

  • 177. 
    The functional part of forensics called ____ is about assessing the "scene," identifying the sources of relevant digital information, and preserving it for later analysis using sound processes.
    • A. 

      First response

    • B. 

      Investigation

    • C. 

      Data sensitivity

    • D. 

      Analysis and presentation

  • 178. 
    Forensic investigators use ____ copying when making a forensic image of a device, which reads a sector (or block; 512 bytes on most devices) from the source drive and writes it to the target drive; this process continues until all sectors on the suspect drive have been copied.
    • A. 

      One-to-one

    • B. 

      Script

    • C. 

      Block-level

    • D. 

      Bitstream

  • 179. 
    A continuously changing process presents challenges in acquisition, as there is not a fixed state that can be collected, hashed, and so forth. This has given rise to the concept of ____ forensics which captures a point-in-time picture of a process.
    • A. 

      Point

    • B. 

      Camera

    • C. 

      Live

    • D. 

      Snapshot

  • 180. 
    The ____ is a detailed examination of the events that occurred, from first detection to final recovery.
    • A. 

      IR inspection

    • B. 

      After-action review

    • C. 

      Case training tool

    • D. 

      Rehearsal event

  • 181. 
    Grounds for challenging the results of a digital investigation can come from possible ____-that is, alleging that the relevant evidence came from somewhere else or was somehow tainted in the collection process.
    • A. 

      Volatility

    • B. 

      Sterilization

    • C. 

      Contamination

    • D. 

      Codification

  • 182. 
    ____ is the determination of the initial flaw or vulnerability that allowed an incident to occur.
    • A. 

      Forensics

    • B. 

      Evidentiary analysis

    • C. 

      Incident analysis

    • D. 

      Root cause analysis

  • 183. 
    One way to identify a particular digital item (collection of bits) is by means of a(n) ____.
    • A. 

      Digital code

    • B. 

      Learning algorithm

    • C. 

      Boot tag

    • D. 

      Cryptographic hash

  • 184. 
    Because it is possible for investigators to confuse the suspect and destination disks when performing imaging, and to preclude any grounds for challenging the image output, it is common practice to protect the suspect media using a ____.
    • A. 

      Bridge

    • B. 

      Rubber boot

    • C. 

      Faraday Cage

    • D. 

      Write blocker

  • 185. 
    The forensic tool ____ does extensive pre-processing of evidence items that  recovers deleted files and extracts e-mail messages.
    • A. 

      Guidance

    • B. 

      EnCase

    • C. 

      AccessData

    • D. 

      Forensic Toolkit (FTK)

  • 186. 
    Most digital forensic teams have a prepacked field kit, also known as a(n) ____.
    • A. 

      Forensic bag

    • B. 

      Portal set

    • C. 

      Evidence kit

    • D. 

      Jump bag

  • 187. 
    A search is constitutional if it does not violate a person's reasonable or legitimate____.
    • A. 

      Right to policy

    • B. 

      Probable cause

    • C. 

      Right to consent

    • D. 

      Expectation of privacy

  • 188. 
    A ____ is a description of the disasters that may befall an organization, along with information on their probability of occurrence, a brief description of the organization's actions to prepare for that disaster, and the best case, worst case, and most likely case outcomes of the disaster.
    • A. 

      Disaster policy

    • B. 

      Disaster scenario

    • C. 

      Disaster follow-up

    • D. 

      Disaster outline

  • 189. 
    The ____ assembles a disaster recovery team.
    • A. 

      Information Security Department

    • B. 

      IR team

    • C. 

      CPMT

    • D. 

      Senior management

  • 190. 
    An ____ may escalate into a disaster when it grows in scope and intensity.
    • A. 

      Incident

    • B. 

      Event

    • C. 

      Action

    • D. 

      Activity

  • 191. 
    ____ disasters include acts of terrorism and acts of war.
    • A. 

      Data

    • B. 

      Rapid-onset

    • C. 

      Man-made

    • D. 

      Natural

  • 192. 
    Which of the following is not usually an insurable loss?
    • A. 

      Fire

    • B. 

      Lightening

    • C. 

      Electrostatic discharge

    • D. 

      Severe windstorm

  • 193. 
    A DR plan addendum should include the trigger, the ____ method, and the response time associated with each disaster situation.
    • A. 

      Notification

    • B. 

      Training

    • C. 

      Enlistment

    • D. 

      Contingency

  • 194. 
    A ____ is a collection of nodes in which the segments are geographically dispersed and the physical link is often a data communications channel provided by a public carrier.
    • A. 

      WAN

    • B. 

      Server

    • C. 

      LAN

    • D. 

      Web site

  • 195. 
    ____ occur over time and slowly deteriorate the organization's capacity to withstand their effects.
    • A. 

      Communication disasters

    • B. 

      Data disasters

    • C. 

      Rapid onset disasters

    • D. 

      Slow onset disasters

  • 196. 
    ____ may be caused by earthquakes, floods, storm winds, tornadoes, or mud flows.
    • A. 

      Rapid onset disasters

    • B. 

      Communication disasters

    • C. 

      Data disasters

    • D. 

      Slow onset disasters

  • 197. 
    The part of a disaster recovery policy that identifies the organizational units and groups of employees to which the policy applies is called the ____ section.
    • A. 

      Responsibilities

    • B. 

      Scope

    • C. 

      Purpose

    • D. 

      Resources

  • 198. 
    According to NIST, the first item of business for a disaster recovery team is to develop the ____.
    • A. 

      Disaster recovery plan

    • B. 

      Disaster recovery training

    • C. 

      Business impact analysis

    • D. 

      Disaster recovery policy

  • 199. 
    A ____ is used for an office or small campus, with segment distances measured in tens of meters. It may have only a few hosts, or it may have hundreds of clients with multiple servers.
    • A. 

      WAN

    • B. 

      LAN

    • C. 

      Cache

    • D. 

      Filter

  • 200. 
    Deciding which technical contingency strategies are selected, developed, and implemented is most often based on the type of ____ being used.
    • A. 

      Service provider

    • B. 

      Information system

    • C. 

      Training

    • D. 

      Recovery plan

  • 201. 
    Once the incident has been contained, and all signs of the incident removed, the ____ phase begins.
    • A. 

      Actions after

    • B. 

      Black bag operation

    • C. 

      Chain of custody

    • D. 

      Blue bag operation

  • 202. 
    ____ are those that occur suddenly, with little warning, taking the lives of people and destroying the means of production.
    • A. 

      Rapid onset disasters

    • B. 

      Data disasters

    • C. 

      Slow onset disasters

    • D. 

      Communication disasters

  • 203. 
    In disaster recovery, the ____ is the point at which a management decision to react is made in reaction to a notice or other datum such as a weather report or an activity report from IT indicating the escalation of an incident.
    • A. 

      Mirrored site

    • B. 

      Cold site

    • C. 

      Hot site

    • D. 

      Trigger

  • 204. 
    Contingency strategies for ____ should emphasize the need for absolutely reliable data backup and recovery procedures because they have less inherent redundancy than a distributed architecture.
    • A. 

      Data communications systems

    • B. 

      Mainframes

    • C. 

      Client/server deployments

    • D. 

      Mobile deployments

  • 205. 
    Useful resources in the DR planning process are the ____ provided by the Federal Agency Security Practices (FASP) section of NIST's Computer Security Resource Center (CSRC).  
    • A. 

      IT blueprints

    • B. 

      Description documents

    • C. 

      Contingency plan templates

    • D. 

      Standards documents

  • 206. 
    ____ are likely in the event of a hacker attack, when the attacker retreats to a chat room and describes in specific detail to his or her associates the method and results of his or her latest conquest. 
    • A. 

      Blue bag operations

    • B. 

      Black bag operations

    • C. 

      Follow-on incidents

    • D. 

      War games

  • 207. 
    The primary vehicle for articulating the purpose of a disaster recovery program is the ____. 
    • A. 

      Disaster recovery plan

    • B. 

      Disaster recovery team

    • C. 

      Disaster recovery contingency plan

    • D. 

      Disaster recovery policy

  • 208. 
    The ____ team is responsible for the recovery of information and the reestablishment of operations in storage area networks or network attached storage.
    • A. 

      System recovery

    • B. 

      Storage recovery

    • C. 

      Network recovery

    • D. 

      Applications recove

  • 209. 
    The ____ team is responsible for recovering and reestablishing operating systems (OSs).
    • A. 

      Vendor recovery

    • B. 

      Systems recovery

    • C. 

      Database recovery

    • D. 

      Applications recovery

  • 210. 
    The ____ team is responsible for working with suppliers and vendors to replace damaged or destroyed equipment or services, as determined by the other teams.
    • A. 

      Data management

    • B. 

      Applications recovery

    • C. 

      Vendor contact

    • D. 

      Storage recovery

  • 211. 
    The ____ team is responsible for providing any needed supplies, space, materials, food, services, or facilities needed at the primary site other than vendor-acquired technology and other material obtained by the vendor team.
    • A. 

      Logistics

    • B. 

      Data management

    • C. 

      Business interface

    • D. 

      Damage assessment

  • 212. 
    In the context of disaster notification, the ____ is a scripted description of the disaster and consists of just enough information so that each response knows what port of the DR plan to implement.
    • A. 

      Desk check

    • B. 

      Alert message

    • C. 

      Trigger message

    • D. 

      Stand-down

  • 213. 
    The ____ team is responsible for reestablishing connectivity between systems and to the Internet.
    • A. 

      System recovery

    • B. 

      Storage recovery

    • C. 

      Applications recovery

    • D. 

      Network recovery

  • 214. 
    During the ____ phase, the organization begins the recovery of the most time-critical business functions - those necessary to reestablish business operations and prevent further economic and image loss to the organization.
    • A. 

      Audit review

    • B. 

      Risk analysis

    • C. 

      Recovery

    • D. 

      Parallel testing

  • 215. 
    The ____ team is primarily responsible for data restoration and recovery.
    • A. 

      Data management

    • B. 

      Vendor contact

    • C. 

      Applications recovery

    • D. 

      Storage recovery

  • 216. 
    The ____ team is responsible for working with the remainder of the organization to assist in the recovery of nontechnology functions.
    • A. 

      Logistics

    • B. 

      Data management

    • C. 

      Damage assessment

    • D. 

      Business interface

  • 217. 
    ____ is the deactivation of the disaster recovery teams, releasing individuals back to their normal duties.
    • A. 

      Standing down

    • B. 

      Incidence response

    • C. 

      A structured walk-through

    • D. 

      War gaming

  • 218. 
    ____ is a set of focused steps that deal primarily with the safety and state of the people from the organization who are involved in the disaster.
    • A. 

      War gaming

    • B. 

      Business continuity

    • C. 

      Application recovery

    • D. 

      Crisis management

  • 219. 
    The ____ system is an information system with a telephony interface that can be used to automate the alert process.
    • A. 

      Damage assessment report

    • B. 

      DR plan desk system

    • C. 

      DR plan simulation

    • D. 

      Auxiliary phone alert and reporting system

  • 220. 
    The purpose of the ____ is to provide a way for management to obtain input and feedback from representatives of each team.
    • A. 

      DR simulation

    • B. 

      Business interface

    • C. 

      After-action review

    • D. 

      Proactive review

  • 221. 
    A(n) ____ occurs when a situation results in service disruptions for weeks or months, requiring a government to declare a state of emergency.
    • A. 

      Trigger

    • B. 

      Notification

    • C. 

      After-action review

    • D. 

      Worst-case scenario

  • 222. 
    The ____ is the phase associated with implementing the initial reaction to a disaster; it is focused on controlling or stabilizing the situation, if that is possible.
    • A. 

      Response phase

    • B. 

      Audit review

    • C. 

      Risk analysis phase

    • D. 

      Reactive review

  • 223. 
    ____ requires effective backup strategies and flexible hardware configurations.
    • A. 

      System response

    • B. 

      War gaming

    • C. 

      Data recovery

    • D. 

      DR plan simulation

  • 224. 
    The ____ involves providing copies of the DR plan to all teams and team members for review.
    • A. 

      DR plan desk check

    • B. 

      DR plan parallel testing

    • C. 

      DR plan simulation

    • D. 

      DR plan structured walk-through

  • 225. 
    The ____ team is responsible for recovering and reestablishing operations of critical business applications.
    • A. 

      Network recovery

    • B. 

      Applications recovery

    • C. 

      System recovery

    • D. 

      Vendor contact

  • 226. 
    The ____ team is responsible for providing the initial assessments of the extent of damage to equipment and systems on-site and/or for physically recovering the equipment to be transported to a location where the other teams can evaluate it.
    • A. 

      Data management

    • B. 

      Business interface

    • C. 

      Logistics

    • D. 

      Damage assessment

  • 227. 
    ____ is the inclusion of action steps to minimize the damage associated with the disaster on the operations of the organization.
    • A. 

      Crisis management

    • B. 

      Mitigation of impact

    • C. 

      Preparation

    • D. 

      War gaming

  • 228. 
    ____ means making an organization ready for possible contingencies that can escalate to become disasters.
    • A. 

      Mitigation of impact

    • B. 

      War gaming

    • C. 

      Preparation

    • D. 

      Crisis management