Strayer CIS 359 Disaster Recovery Management, Midterm Exam, Graded A, 17 pages
A ____ is a synonym for a virtualization application.
When using virtualization, it is commonplace to use the term ____ to refer to a virtualized environment operating in or on a host platform.
A backup plan using WAN/VLAN replication and a recovery strategy using a warm site is most suitable for information systems that have ____ priority within an organization.
Download Now(sent via email)
A ____ is commonly a single device or server that attaches to a network and uses TCP/IP-based protocols and communications methods to provide an online storage environment.
A potential disadvantage of a ____ site-resumption strategy is that more than one organization might need the facility simultaneously.
Considered to be the traditional “lock and copy” approach to database backup, _____ require the database to be inaccessible while a backup is created to a local drive.
A resumption location known as a ____ is a fully configured computer facility capable of establishing operations at a moment’s notice.
Some recovery strategies seek to improve the ____ of a server or system in addition to, or instead of, performing backups of data.
A(n) ____ backup only archives the files that have been modified since the last backup.
The Southeast Collegiate Cyber Defense Competition is unique in that it focuses on the operational aspect of managing and protecting an existing network infrastructure. Unlike “capture-the-flag ” exercises, this competition is exclusively a real-world ____ competition.
A(n) ____ is a CSIRT team member, other than the team leader, who is currently performing the responsibilities of the team leader in scanning the organization’s information infrastructure for signs of an incident.
The U.S. National Institute of Standards and Technology recommends a set of tools for the CSIRT including incident reporting mechanisms with which users can report suspected incidents. At least one of these mechanisms should permit people to report incidents ____.
A favorite pastime of information security professionals is ____, which is a simulation of attack and defense activities using realistic networks and information systems.
Should an incident begin to escalate, the CSIRT team leader continues to add resources and skill sets as necessary to attempt to contain and terminate the incident. The resulting team is called the ____ for this particular incident.
A(n) ____ is a detailed examination of the events that occurred, from first detection of an incident to final recovery.
One of the primary responsibilities of the IRP team is to ensure that the ____ is prepared to respond to each incident it may face.
The training delivery method with the lowest cost to the organization is ____.
A key step in the ____ approach to incident response is to discover the identify of the intruder while documenting his or her activity.
The determination of what systems fall under the CSIRT ’s responsibility is called its ____.
The first step in building a CSIRT is to ____.
The first group to communicate the CSIRT’s vision and operational plan is the managerial team or individual serving as the ____.
The announcement of an operational CSIRT should minimally include ____.
When an organization completely outsources its IR work, typically to an on-site contractor, it is called a(n) ____ model.
The focus during a(n) ____ is on learning what worked, what didn’t, and where communications and response procedures may have failed.
The organization must first understand what skills are needed to effectively respond to an incident. If necessary, management must determine if it is willing to acquire needed ____ to fill in the gaps.
The use of IDPS sensors and analysis systems can be quite complex. One very common approach is to use an open source software program called ____ running on an open source UNIX or Linux system that can be managed and queried from a desktop computer using a client interface.
Using a process known as ____, network-based IDPSs look for attack patterns by comparing measured activity to known signatures in their knowledge base to determine whether or not an attack has occurred or may be under way.
____ are closely monitored network decoys serving that can distract adversaries from more valuable machines on a network; can provide early warning about new attack and exploitation trends; and can allow in-depth examination of adversaries during and after exploitation.
A(n) ____ , a type of IDPS that is similar to the NIDPS, reviews the log files generated by servers, network devices, and even other IDPSs.
The ____ is a federal law that creates a general prohibition on the realtime monitoring of traffic data relating to communications.
New systems can respond to an incident threat autonomously, based on preconfigured options that go beyond simple defensive actions usually associated with IDPS and IPS systems. These systems, referred to as ____, use a combination of resources to detect an intrusion and then to trace the intrusion back to its source.
The ____ approach for detecting intrusions is based on the frequency with which certain network activities take place.
A ____ attack seeks to deny legitimate users access to services by either tying up a server’s available resources or causing it to shut down.
A ____ is a document that describes how, in the event of a disaster, critical business functions continue at an alternate location while the organization recovers its ability to function at the primary site.
____ of risk is the choice to do nothing to protect an information asset and to accept the outcome of its potential exploitation.
A(n) ____ is an investigation and assessment of the impact that various attacks can have on the organization.
The ____ illustrates the most critical characteristics of information and has been the industry standard for computer security since the development of the mainframe.
____ (sometimes referred to as avoidance) is the risk control strategy that attempts to prevent the exploitation of a vulnerability.
The term ____ refers to a broad category of electronic and human activities in which an unauthorized individual gains access to the information an organization is trying to protect.
____ assigns a risk rating or score to each information asset. Although this number does not mean anything in absolute terms, it is useful in gauging the relative risk to each vulnerable information asset and facilitates the development of comparative ratings later in the risk control process.
A(n) ____ is any clearly identified attack on the organization’s information assets that would threaten the assets’ confidentiality, integrity, or availability.
The ____ job functions and organizational roles focus on protecting the organization’s information systems and stored information from attacks.
What is a common approach used in the discipline of systems analysis and design to understand the ways systems operate and to chart process flows and interdependency studies?
The ____ job functions and organizational roles focus on costs of system creation and operation, ease of use for system users, timeliness of system creation, and transaction response time.
Within an organization, a(n) ____ is a group of individuals who are united by shared interests or values and who have a common goal of making the organization function to meet its objectives.
The last stage of a business impact analysis is prioritizing the resources associated with the ____, which brings a better understanding of what must be recovered first.
Which of the following collects and provides reports on failed login attempts, probes, scans, denial-of-service attacks, and detected malware?
The ____ is the point in time by which systems and data must be recovered after an outage as determined by the business unit.
The purpose of the ____ is to define the scope of the CP operations and establish managerial intent with regard to timetables for response to incidents, recovery from disasters, and reestablishment of operations for continuity.
An manual alternative to the normal way of accomplishing an IT task might be employed in the event that IT is unavailable. This is called a ____.