CIS 359 Final Exam
Question no 1
____ are likely in the event of a hacker attack when the attacker retreats to a chat room and describes in specific detail to his or her associates the method and results of his or her latest conquest.
Question no 2
Contingency strategies for ____ should emphasize the need for absolutely reliable data backup and recovery procedures because they have less inherent redundancy than a distributed architecture.
Question no 3
A ____ is a description of the disasters that may befall an organization, along with information on their probability of occurrence, a brief description of the organization’s actions to prepare for that disaster, and the best case, worst case, and most likely case outcomes of the disaster.
Question no 4
The primary vehicle for articulating the purpose of a disaster recovery program is the ____.
Question no 5
The ____ assembles a disaster recovery team.
Question no 6
A ____ is a collection of nodes in which the segments are geographically dispersed and the physical link is often a data communications channel provided by a public carrier.
Question no 7
Deciding which technical contingency strategies are selected, developed, and implemented is most often based on the type of ____ being used.
Question no 8
____ are highly probable when infected machines are brought back online or when other infected computers that may have been offline at the time of the attack are brought back up.
Question no 9
A(n) ____ occurs when a situation results in service disruptions for weeks or months, requiring a government to declare a state of emergency.
Question no 10
The ____ team is responsible for providing the initial assessments of the extent of damage to equipment and systems on-site and/or for physically recovering the equipment to be transported to a location where the other teams can evaluate it.
Question no 11
During the ____ phase, the organization begins the recovery of the most time-critical business functions – those necessary to re-establish business operations and prevent further economic and image loss to the organization.
Question no 12
In the context of disaster notification, the ____ is a scripted description of the disaster and consists of just enough information so that each response knows what port of the DR plan to implement.
STATUS
Question no 13
The ____ team is responsible for working with the remainder of the organization to assist in the recovery of nontechnology functions.
Question no 14
The ____ involves providing copies of the DR plan to all teams and team members for review.
Question no 15
____ is the inclusion of action steps to minimize the damage associated with the disaster on the operations of the organization.
Question no 16
The ____ team is primarily responsible for data restoration and recovery.
Question no 17
In the ____ phase of the BC plan, the organization specifies what type of relocation services are desired and what type of data management strategies are deployed to support relocation.
Question no 18
The ____ is the amount of time that a business can tolerate losing capabilities until alternate capabilities are available.
Question no 19
The ____ is the point in the past to which the recovered applications and data at the alternate infrastructure will be restored.
Question no 20
The plan maintenance schedule in a BC policy statement should address the ____ of reviews, along with who will be involved in each review.
Question no 21
The ____ section of the business continuity policy provides an overview of the information storage and retrieval plans of the organization.
Question no 22
In the ____ section of the business continuity policy, the training requirements for the various employee groups are defined and highlighted.
Question no 23
____ planning represents the final response of the organization when faced with any interruption of its critical operations.
Question no 24
What phase of the BC plan specifies under what conditions and how the organization relocates from the primary to the alternate site?
Question no 25
The CM ____ is responsible for overseeing the actions of the crisis management team and coordinating all crisis management efforts in cooperation with disaster recovery and/or business continuity planning, on an as-needed basis.
Question no 26
____ is the process of ensuring that every employee is trained to perform at least part of the job of another employee.
Question no 27
____ is the movement of employees from one position to another so they can develop additional skills and abilities.
Question no 28
In contrast to emergency response that focuses on the immediate safety of those affected, ____ addresses the services needed to get the organization and its stakeholders back to original levels of productivity or satisfaction.
Question no 29
____ are those steps taken to inform stakeholders regarding the timeline of events, the actions taken, and sometimes the reasons for those actions.
Question no 30
A(n) ____ is created to enable management to gain and maintain control of ongoing emergency situations, to provide oversight and control to designated first responders, and to marshal IR, DR, and DC plans and resources as needed.
Question no 31
A ____ is defined by the ICM as a disruption in the company’s business that occurs without warning and is likely to generate news coverage and may adversely impact employees, investors, customers, suppliers, and other stakeholders.
Question no 32
Cross-training provides a mechanism to get everyone out of the crime scene and thus prevent contamination of possible evidentiary material.
STATUS
Question no 33
The ____ handles computer crimes that are categorized as felonies.
Question no 34
The forensic tool ____ does extensive pre-processing of evidence items that recover deleted files and extracts e-mail messages.
Question no 35
____ is used both for intrusion analysis and as part of evidence collection and analysis.
Question no 36
____ is the determination of the initial flaw or vulnerability that allowed an incident to occur.
Question no 37
Most digital forensic teams have a prepacked field kit, also known as a(n) ____.
Question no 38
Many private sector organizations require a formal statement, called a(n) ____, which provides search authorization and furnishes much of the same information usually found in a public sector search warrant.
Question no 39
One way to identify a particular digital item (collection of bits) is by means of a(n) ____.
Question no 40
The ____ phase of forensic analysis involves the use of forensic tools to recover the content of files that were deleted, operating system artifacts (such as event data and logging of user actions), and other relevant facts.
Question no 41
Because it is possible for investigators to confuse the suspect and destination disks when performing imaging, and to preclude any grounds for challenging the image output, it is common practice to protect the suspect media using a ____.
Question no 42
If a user receives a message whose tone and terminology seems intended to invoke a panic or sense of urgency, it may be a(n) ____.
STATUS
Question no 43
When an incident includes a breach of physical security, all aspects of physical security should be escalated under a containment strategy known as ____.
Question no 44
Clifford Stoll’s book, ____, provides an excellent story about a real-world incident that turned into an international tale of espionage and intrigue.
Question no 45
There are a number of professional IR agencies, such as ____, that can provide additional resources to help prevent and detect DoS incidents.
Question no 46
The CSIRT may not wish to “tip off” attackers that they have been detected, especially if the organization is following a(n) ____ approach.
Question no 47
Which of the following is the most suitable as a response strategy for malware outbreaks?
Question no 48
Essentially a DoS attack, a ____ is a message aimed at causing organizational users to waste time reacting to a nonexistent malware threat.
Question no 49
According to NIST, which of the following is an example of a UA attack?
Question no 50
____ is a common indicator of a DoS attack.
