CIS 359 Midterm Exam

Strayer CIS 359 Disaster Recovery Management, Midterm Exam, Graded A, 17 pages
Question 1

A ____ is a synonym for a virtualization application.

Question 2

When using virtualization, it is commonplace to use the term ____ to refer to a virtualized environment operating in or on a host platform.

Question 3

A backup plan using WAN/VLAN replication and a recovery strategy using a warm site is most suitable for information systems that have ____ priority within an organization.

Download Now
(sent via email)

Question 4

A ____ is commonly a single device or server that attaches to a network and uses TCP/IP-based protocols and communications methods to provide an online storage environment.

Question 5

A potential disadvantage of a ____ site-resumption strategy is that more than one organization might need the facility simultaneously.

Question 6

Considered to be the traditional “lock and copy” approach to database backup, _____ require the database to be inaccessible while a backup is created to a local drive.

Question 7

A resumption location known as a ____ is a fully configured computer facility capable of establishing operations at a moment’s notice.

Question 8

Some recovery strategies seek to improve the ____ of a server or system in addition to, or instead of, performing backups of data.

Question 9

A(n) ____ backup only archives the files that have been modified since the last backup.

Question 10

The Southeast Collegiate Cyber Defense Competition is unique in that it focuses on the operational aspect of managing and protecting an existing network infrastructure. Unlike “capture-the-flag ” exercises, this competition is exclusively a real-world ____ competition.

Question 11

A(n) ____ is a CSIRT team member, other than the team leader, who is currently performing the responsibilities of the team leader in scanning the organization’s information infrastructure for signs of an incident.

Question 12

The U.S. National Institute of Standards and Technology recommends a set of tools for the CSIRT including incident reporting mechanisms with which users can report suspected incidents. At least one of these mechanisms should permit people to report incidents ____.

Question 13

A favorite pastime of information security professionals is ____, which is a simulation of attack and defense activities using realistic networks and information systems.

Question 14

Should an incident begin to escalate, the CSIRT team leader continues to add resources and skill sets as necessary to attempt to contain and terminate the incident. The resulting team is called the ____ for this particular incident.

Question 15

A(n) ____ is a detailed examination of the events that occurred, from first detection of an incident to final recovery.

Question 16

One of the primary responsibilities of the IRP team is to ensure that the ____ is prepared to respond to each incident it may face.

Question 17

The training delivery method with the lowest cost to the organization is ____.

Question 18

A key step in the ____ approach to incident response is to discover the identify of the intruder while documenting his or her activity.

Question 19

The determination of what systems fall under the CSIRT ’s responsibility is called its ____.

Question 20

The first step in building a CSIRT is to ____.

Question 21

The first group to communicate the CSIRT’s vision and operational plan is the managerial team or individual serving as the ____.

Question 22

The announcement of an operational CSIRT should minimally include ____.

Question 23

When an organization completely outsources its IR work, typically to an on-site contractor, it is called a(n) ____ model.

Question 24

The focus during a(n) ____ is on learning what worked, what didn’t, and where communications and response procedures may have failed.

Question 25

The organization must first understand what skills are needed to effectively respond to an incident. If necessary, management must determine if it is willing to acquire needed ____ to fill in the gaps.

Question 26

The use of IDPS sensors and analysis systems can be quite complex. One very common approach is to use an open source software program called ____ running on an open source UNIX or Linux system that can be managed and queried from a desktop computer using a client interface.

Question 27

Using a process known as ____, network-based IDPSs look for attack patterns by comparing measured activity to known signatures in their knowledge base to determine whether or not an attack has occurred or may be under way.

Question 28

____ are closely monitored network decoys serving that can distract adversaries from more valuable machines on a network; can provide early warning about new attack and exploitation trends; and can allow in-depth examination of adversaries during and after exploitation.

Question 29

A(n) ____ , a type of IDPS that is similar to the NIDPS, reviews the log files generated by servers, network devices, and even other IDPSs.

Question 30

The ____ is a federal law that creates a general prohibition on the realtime monitoring of traffic data relating to communications.

Question 31

New systems can respond to an incident threat autonomously, based on preconfigured options that go beyond simple defensive actions usually associated with IDPS and IPS systems. These systems, referred to as ____, use a combination of resources to detect an intrusion and then to trace the intrusion back to its source.

Question 32

The ____ approach for detecting intrusions is based on the frequency with which certain network activities take place.

Question 33

A ____ attack seeks to deny legitimate users access to services by either tying up a server’s available resources or causing it to shut down.

Question 34

A ____ is a document that describes how, in the event of a disaster, critical business functions continue at an alternate location while the organization recovers its ability to function at the primary site.

Question 35

____ of risk is the choice to do nothing to protect an information asset and to accept the outcome of its potential exploitation.

Question 36

A(n) ____ is an investigation and assessment of the impact that various attacks can have on the organization.

Question 37

The ____ illustrates the most critical characteristics of information and has been the industry standard for computer security since the development of the mainframe.

Question 38

____ (sometimes referred to as avoidance) is the risk control strategy that attempts to prevent the exploitation of a vulnerability.

Question 39

The term ____ refers to a broad category of electronic and human activities in which an unauthorized individual gains access to the information an organization is trying to protect.

Question 40

____ assigns a risk rating or score to each information asset. Although this number does not mean anything in absolute terms, it is useful in gauging the relative risk to each vulnerable information asset and facilitates the development of comparative ratings later in the risk control process.

Question 41

A(n) ____ is any clearly identified attack on the organization’s information assets that would threaten the assets’ confidentiality, integrity, or availability.

Question 42

The ____ job functions and organizational roles focus on protecting the organization’s information systems and stored information from attacks.

Question 43

What is a common approach used in the discipline of systems analysis and design to understand the ways systems operate and to chart process flows and interdependency studies?

Question 44

The ____ job functions and organizational roles focus on costs of system creation and operation, ease of use for system users, timeliness of system creation, and transaction response time.

Question 45

Within an organization, a(n) ____ is a group of individuals who are united by shared interests or values and who have a common goal of making the organization function to meet its objectives.

Question 46

The last stage of a business impact analysis is prioritizing the resources associated with the ____, which brings a better understanding of what must be recovered first.

Question 47

Which of the following collects and provides reports on failed login attempts, probes, scans, denial-of-service attacks, and detected malware?

Question 48

The ____ is the point in time by which systems and data must be recovered after an outage as determined by the business unit.

Question 49

The purpose of the ____ is to define the scope of the CP operations and establish managerial intent with regard to timetables for response to incidents, recovery from disasters, and reestablishment of operations for continuity.

Question 50

An manual alternative to the normal way of accomplishing an IT task might be employed in the event that IT is unavailable. This is called a ____.