17972739
Description
Flashcards by Tyler Rock, updated more than 1 year ago
|
Created by Tyler Rock
almost 7 years ago
|
|
| Question | Answer |
| An organization’s _______________________ is a particular group of differently skilled individuals who are responsible for attending to serious security situations. a. incident response team (IRT) b. business impact analysis team (BIAT) c. disaster recovery plan team (DRPT) d. information technology subject matter experts (ITSME) | a. incident response team (IRT) |
| An occurrence that transgresses an organization’s security policies is known as an incident. Which of the following is not an example of a security incident? a. non-permitted access to any computer system b. a server crash that was accidentally caused c. duplicating customer information derived from a database d. non-permitted use of computer systems for purpose of gaming | b. a server crash that was accidentally caused |
| In order to form an IRT, an organization is required to create a charter; this document identifies the authority, mission, and goals of a committee or team, and there are a number of different types of IRT models for doing this. Which of the following models permits an IRT to have the complete authority to ensure a breach is contained? a. IRT that provides off-sight response b. IRT that acts in a support role c. IRT that provides on-site response d. IRT that acts in a coordination role | c. IRT that provides on-site response |
| In general, the IRT is comprised of a team with individuals that have different specialties; one such individual is the ___________________, who offers analytical skills and risk management. This specialist has focused forensic skills necessary for the collection and analysis of evidence. a. information security representative b. legal representative c. information technology subject matter experts d. human resources (HR) representative | a. information security representative |
| Of the different IRT roles, the _______________ is head of the team and issues the ultimate call regarding how to respond to an incident, whereas the __________________ role is to monitor and document all the activity that unfolds during an incident. a. IRT coordinator, IRT manager's b. IRT manager, IRT coordinator's c. IRT manager, IRT support d. IRT officer, IRT manager's | b. IRT manager, IRT coordinator's |
| The initial step in creating a business continuity and security response plan is a _________________, which can be used to assemble the business and security responses in order to diminish losses. a. business assessment b. component assessment c. component priority d. business impact analysis | d. business impact analysis |
| In a business impact analysis (BIA), the phase of defining the business’s components and the component priorities, has several objectives. Which of the following is not one the objectives? a. name and explain all processes and business functions b. explain each BIA component c. institute recovery time frames for the components with the highest priority only d. ascertain the service impact and the financial impact for unavailable components | c. institute recovery time frames for the components with the highest priority only |
| When reporting incidents, it is necessary to institute transparent procedures for filing incident reports. The process of the incident classification is known as triage. When triage is set in motion, the severity of the threat is assessed. For example, ___________________ occurs when there are a numbers of unauthorized scans, system probes, or vast viruses detected; the event also necessitates manual intervention. a. severity 1 b. severity 2 c. severity 3 d. severity 4 | c. severity 3 |
| When an incident occurs, there are a number of options that can be pursued. Which of the following actions is recommended when assets of a low value are being attacked? a. The breach must be stopped as soon as possible because it is in the best interest of the business. b. The breach should always be permitted to proceed so that information on the attacker can be determined; doing so always serves the goals of the business. c. The breach should be permitted to proceed until the senior leader in the information security team can be notified to make the final decision. d. The breach may be permitted to proceed so that information on the attacker can be determined, but doing so depends on the goals of the business. | d. The breach may be permitted to proceed so that information on the attacker can be determined, but doing so depends on the goals of the business. |
| There are particular tools and techniques that the IRT utilizes to gather forensic evidence, including ____________________, which articulates the manner used to document and protect evidence. a. classification log b. chain of custody c. digital data files d. data log report | b. chain of custody |
| The goal of conducting an incident analysis is to ascertain weakness. Because each incident is unique and might necessitate a distinct set of approaches, there is a range of steps that can be pursued to aid the analysis. One of these steps is to ________________, which entails mapping the network traffic according to the time of day and look for trends. a. profile your network b. understand business processes c. correlate central logs d. create a knowledge base of threats | a. profile your network |
| The IRT report that is ultimately generated for executive management must be certain to educate all stakeholders regarding exploited risks. Which of the following items is not required to be addressed in the report? a. how the incident was started b. which vulnerabilities were exploited c. how the incident was detected d. who detected the incident | d. who detected the incident |
| Which of the following departments has a significant role to play concerning the act of creating the messaging around an incident to the media and the parties impacted? a. senior management b. PR c. legal d. HR | b. PR |
| In addition to compiling the list of user access requirements, applications, and systems, the BIA also includes processes that are ____________. These processes safeguard against any risks that might occur due to key staff being unavailable or distracted. a. automated b. manual c. flexible d. rigid | a. automated |
| To measure the effectiveness of the IRT, which of the following does not need to be evaluated? a. number of incidents b. financial impact to the organization c. the tests provided to employees to ensure their response to incidents d. number of repeat incidents | c. the tests provided to employees to ensure their response to incidents |
| The ____________________ identifies the processes entailed in the business continuity plan and/or the disaster recovery plan. a. disaster declaration policy b. recovery point objectives c. recovery time objective d. business impact analysis | a. disaster declaration policy |
| It is important to conduct a nearly continuous evaluation of possible ______________ to guarantee that recovery estimates provided to customers are accurate and maintain credibility with customers. a. resources b. vulnerabilities c. downtimes d. risks | c. downtimes |
| While the amount of data known as mission-critical depends on the organization and industry, such data should only represent less than ____________ percent of the data population. a. 0 b. 15 c. 50 d. 90 | b. 15 |
| Consider this scenario: A company is notified that its servers have been compromised to be the point of departure to attack a host of other companies. The company then initiates an IRT, which is unable to locate the breach. The company then seeks the services of an outside firm that specializes in forensic analysis and intrusions. The outside firm locates the source of the breach and wants to monitor the actions of the intruder. However, the outside firm is informed by its internal legal counsel that the company does not agree with this course of action. Which of the following statements best captures the effectiveness of the company’s IRT policies? a. The IRT is completely ineffective because the firm it contracted is not cross-functional. b. The IRT is completely ineffective because the company didn’t agree with the firm’s recommendations. c. The IRT is moderately effective because a breach was found without seeking external counsel. d. The IRT is highly effective because it was activated quickly. | c. The IRT is moderately effective because a breach was found without seeking external counsel. |
| ___________________ are attacks that obtain access by means of remote services, such as vendor networks, employee remote access tools, and point-of sale (POS) devices. a. Improperly segmented network environment b. Malicious code or malware c. Insecure wireless d. Insecure remote access | d. Insecure remote access |
Want to create your own Flashcards for free with GoConqr? Learn more.