900 Flashcards
(97 cards)
1
Q
gives an organization the ability to continue providing service while experiencing a technical failure. A common mechanism is service or infrastructure duplication.
A
Fault tolerance
2
Q
List at least three potential reporting points in an organization. These are people to whom a security incident should be reported.
A
CISO - ISO - CSO - CEO - CIO - COO
3
Q
What is a plan that defines the procedures for responding to a security incident: A. IRP B. DCP C. BIA D. None of the above
A
A. IRP
4
Q
A BCP is used to define the process and procedures used to clean up a disaster.
A. True
B. False
A
B. False
5
Q
An incident response team should be trained to methodically collect __________ without destroying or altering if in any way.
A
Evidence
6
Q
What type of evidence gives the most solid proof of a crime? A. Corroborative B. Circumstantial C. Best D. Opinion
A
C. Best
7
Q
__________ __________ is used when best evidence cannot be acquired.
A
Secondary evidence
8
Q
Another location from which to conduct business in the event of a disaster is called a(n) __________.
A
Alternate site (cold - warm - hot)
9
Q
A technology in which a standby server exists only to take over for another server in the event of its failure.
A
Asymmetric Server Cluster
10
Q
Rolling back a disaster recovery implementation to the starting point so that different approach can be taken.
A
Backout/Contingency Option
11
Q
The ability of an organization to maintain its operations and services in the face of a disruptive event.
A
Business Continuity
12
Q
The process of identifying exposure to threats - creating preventive and recovery procedures - and then testing them to determine if they are sufficient.
A
Business Continuity Planning and Testing
13
Q
An analysis of the most important mission-critical business functions - which identifies and quantifies the impact of such loss of the functions may have on the organization in terms of its operational and financial positions.
A
Business Impact Analysis (BIA)
14
Q
A process of documentation that shows that the evidence was under strict control at all times and no unauthorized individuals were given the opportunity to corrupt the evidence.
A
Chain of Custody
15
Q
A remote site that provides office space; the customer must provide and install all the equipment needed to continue operations.
A
Cold Site
16
Q
Using technology to search for computer evidence of a crime.
A
Computer Forensics
17
Q
The process of copying information to a different medium and storing it (preferably at an off-site location) so that it can be used in the event of a disaster.
A
Data Backups
18
Q
The procedures and processes for restoring an organization’s IT operations following a disaster.
A
Disaster Recovery
19
Q
A written document that details the process for restoring IT resources following an event that causes a significant disruption in the service.
A
Disaster Recovery Plan (DRP)
20
Q
A metallic enclosure that prevents the entry or escape of an electromagnetic field.
A
Faraday Cage
21
Q
The application of science to questions that are of interest to the legal profession.
A
Forensics (Forensic Science)
22
Q
Systems that provide and regulate heating and cooling.
A
Heating - Ventilation - and Air Conditioning (HVAC)
23
Q
A system that can function for an extended period of time with little downtime.
A
High Availability
24
Q
A layout in a data center that can be used to reduce heat by managing the air flow.
A
Hot Aisle/Cold Aisle
25
A duplicate of the production site that has all the equipment needed for an organization to continue running - including office space and furniture - telephone jacks - computer equipment - and a live telecommunications link.
Hot Site
26
A statistical value that is the average time until a component fails - cannot be repaired - and must be replaced.
Mean Time Between Failures (MTBF)
27
The average time needed to reestablish services to their former state.
Mean Time to Restore (MTTR)
28
The sequence of volatile data that must be preserved in a computer forensic investigation.
Order of Volatility
29
A technology that uses multiple hard disk drives for increased reliability and performance.
RAID (Redundant Array of Independent Drives)
30
The maximum length of time that an organization can tolerate between backups.
Recovery Point Objective (RPO)
31
The length of time it will take to recover the data that has been backed up.
Recover Time Objective (RTO)
32
A combination (clustering) of two or more servers that are interconnected to appear as one.
Server Cluster
33
A component or entity in a system which - if it no longer functions - would adversely affect the entire system.
Single Point of Failure
34
Determining in advance who will be authorized to take over in the event of the incapacitation or death of key employees.
Succession Planning
35
A technology in which every server in the cluster performs useful work and if one server fails - the remaining servers continue to perform their normal work as well as that of the failed server.
Symmetric Server Cluster
36
A snapshot of the current state of the computer that contains all settings and data.
System Image
37
A remote site that contains computer equipment but does not have active Internet or telecommunication facilities - and does not have backups of data.
Warm Site
38
```
Each of the following is a category of fire suppression systems except a ____________.
A. clean agent system
B. dry chemical system
C. wet chemical system
D. water sprinkler system
```
C. wet chemical system
39
Each of the following is required for a fire to occur except __________.
A. a spark to start the process
B. a type of fuel or combustible material
C. sufficient oxygen to sustain the combustion
D. a chemical reaction that is the fire itself
A. a spark to start the process
40
```
An electrical fire like that which would be found in a computer data center is known as what type of fire?
A. Class A
B. Class B
C. Class C
D. Class D
```
C. Class C
41
```
Van Eck phreaking is __________.
A. blocked by using shielded cabling
B. picking up electromagnetic fields generated by a computer system.
C. reverse confidentiality
D. is always used with wireless networks
```
B. picking up electromagnetic fields generated by a computer system
42
Plenums are __________.
A. no longer used today
B. the air-handling space above drop ceilings
C. required in all buildings with over six stories
D. never to be used for locating equipment
B. the air-handling space above drop ceilings
43
```
RAID __________ uses disk mirroring and is considered fault-tolerant.
A. Level 1
B. Level 2
C. Level 3
D. Level 4
```
A. Level 1
44
```
A standby server that exists only to take over for another server in the event of its failure is known as a(n) __________.
A. asymmetric server cluster
B. rollover server
C. failsafe server
D. symmetric server cluster
```
A. asymmetric server cluster
45
RAID is an abbreviation of __________.
A. Redundant Array of IDE Drives
B. Resilient Architecture for Interdependent Discs
C. Redundant Array of Independent Drives
D. Resistant Architecture of Interrelated Data Storage
C. Redundant Array of Independent Drives
46
```
Which of the following is an example of a nested RAID?
A. Level 1-0
B. Level 0-1
C. Level 0+1
D. Level 0/1
```
C. Level 0+1
47
```
A(n) __________ is always running off its battery while the main power runs the battery charger.
A. offline UPS
B. backup UPS
C. online UPS
D. secure UPS
```
C. online UPS
48
```
A __________ is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running.
A. cold site
B. warm site
C. hot site
D. replicated site
```
C. hot site
49
A UPS can perform each of the following except __________.
A. prevent certain applications from launching that will consume too much power
B. disconnect users and shut down the server
C. prevent any new users form logging on
D. notify all users that they must finish their work immediately and log off.
A. prevent certain applications from launching that will consume too much power
50
Which of the following is not a characteristic of a disaster recover plan (DRP)?
A. it is updated regularly
B. it is a private document only used by top-level administrators for planning
C. it is written
D. it is detailed
B. it is a private document only used by top-level administrators for planning
51
```
Any time the contents of a file are changed - the archive bit is changed to _____ - meaning that this modified file now needs to be backed up.
A. 0
B. 1
C. 2
D. 3
```
B. 1
52
An incremental backup ___________.
A. copies selected files
B. copies all files
C. copies all files since the last full backup
D. copies all files changed since the last full or incremental backup
D. copies all files changed since the last full or incremental backup
53
Each of the following is a basic question to be asked regarding creating a data backup except: __________.
A. how long will it take to finish the backup?
B. where should the backup be stored?
C. what information should be backed up?
D. what media should be used?
A. how long will it take to finish the backup?
54
```
The chain of __________ documents that the evidence was under strict control at all times and no unauthorized person was given the opportunity to corrupt the evidence.
A. forensics
B. evidence
C. control
D. custody
```
D. custody
55
```
__________ is the maximum length of time that an organization can tolerate between data backups.
A. recovery service point (RSP)
B. recovery point objective (RPO)
C. optimal recovery time frame (ORT)
D. recover time objective (RTO)
```
B. recovery point objective (RPO)
56
```
A data backup solution that uses a magnetic disk as a temporary storage area is ___________.
A. disk to disk to tape (D2D2T)
B. disk to disk (D2D)
C. tape to disk (T2D)
D. continuous data protection (CDP)
```
A. disk to disk to tape (D2D2T)
57
```
When an unauthorized event occurs - the first duty of the computer forensics response should be to ___________.
A. log-off the server
B. secure the crime scene
C. back up the hard drive
D. reboot the system
```
B. secure the crime scene
58
BIA stands for __________.
Business Impact Analysis
59
MTTR stands for __________.
Mean Time to Restore
60
DRP stands for __________.
Disaster Recovery Plan
61
MTBF stands for __________.
Mean Time Between Failures
62
RAID level that uses a striped disk array so that data is broken down into blocks and each block is written to a separate disk drive.
RAID Level 0
63
RAID level that uses a mirrored array whose segments are RAID 0 arrays.
RAID Level 0+1
64
RAID level that writes data twice to separate drives.
RAID Level 1
65
RAID level where each entire data block is written on a data disk and parity for blocks in the same rank is generated and recorded on a separate disk.
RAID Level 5
66
Minimum number of drives needed for RAID Level 0.
2
67
Minimum number of drives needed for RAID Level 0+1.
4
68
Minimum number of drives needed for RAID Level 1.
2
69
Minimum number of drives needed for RAID Level 5.
3
70
Imaging applications are typically used for this RAID level.
RAID Level 0+1
71
Financial applications are typically used for this RAID level.
RAID Level 1
72
Databases are the typical application for this RAID level.
RAID Level 5
73
Video production and editing applications are typically used for this RAID level.
RAID Level 0
74
A simple design and easy to implement RAID - but not fault tolerant.
RAID Level 0
75
A simple RAID to implement - but can slow down a system if RAID controlling software is used instead of hardware.
RAID Level 1
76
The most versatile RAID - but it can be difficult to rebuild in the event a disk fails.
RAID Level 5
77
This RAID has high input/output rates and is expensive.
RAID Level 0+1
78
When creating a data backup - five basic questions should be asked. List the questions.
1. What information should be backed up?
2. How often should it be backed up?
3. What media should be used?
4. Where should the backup be stored?
5. What hardware or software should be used?
79
Explain how a full backup is used - what the archive bit is set to after the backup - and what files are needed for recovery.
A full backup is the starting point for all backups. After the backup the archive bit is cleared (set to 0). The full backup is needed to recover files.
80
Explain how a differential backup is used - what the archive bit is set to after the backup - and what files are needed for recovery.
A differential backup backs up any data that has changed since the last full backup. After the backup the archive bit is not cleared (set to 1). The full backup and only the last differential backup are needed to recover files.
81
Explain how a incremental backup is used - what the archive bit is set to after the backup - and what files are needed for recovery.
An incremental backup backs up any data that has changed since the last full backup or last incremental backup. After the backup the archive bit is cleared (set to 0). The full backup and all incremental backups are needed to recover files.
82
RPO stands for __________.
Recovery Point Objective
83
RTO stands for __________.
Recovery Time Objective
84
List the 3 types of CDP and the type of data that is protected.
1. Block-level CDP- the entire volume is protected.
2. File-level CDP- the individual files are protected.
3. Application-level CDP- individual application changes are protected.\
85
List the 4 basic forensic procedures:
1. Secure the crime scene
2. Preserve the evidence
3. Establish the chain of custody
4. Examine the evidence
86
What are the 6 steps in damage control?
1. Report the incident to security or the police
2. Confront any suspects (if the situation allows)
3. Neutralize the suspected perpetrator form harming others (if necessary)
4. Secure physical security features
5. Quarantine electronic equipment
6. Contact the response team
87
List the orders of volatility and the location of the data.
First- register - cache - peripheral memory
Second- random access memory (RAM)
Third- network state
Fourth- running processes
88
A mirror image is also referred to as __________.
Bitstream Backup
89
List and describe the 2 types of slack.
1. RAM Slack- pertains to the last sector of a file
| 2. Drive File Slack- can contain remnants of previously deleted files or data
90
What is an SLA?
Service Level Agreement is a service contract between a vendor and client that specifies what services will be provided - responsibilities of each party - and any guarantees of service. Most SLA's are based on percentages of uptime that are guaranteed.
91
How is MTBF calculated?
MTBF= total time measured divided by total number of failures observed
92
Name the 3 types of fire suppression systems.
1- water sprinkler
2- dry chemical
3- clean agent
93
What is ESD?
Electrostatic discharge is the sudden flow of electrical current between two objects.
94
Explain the server hot aisle/cold aisle layout.
1- rows of rack fronts are the cold aisles and face air conditioning output ducts
2- rows that are the back of the racks where the heated exhaust exits are the hot aisles and generally face the air conditioning return ducts.
95
A policy that defines the actions users may perform while accessing systems and networking equipment.
Acceptable Use Policy (AUP)
96
A methodology for making modifications to a system and keeping track of those changes.
Change Management
97
The "framework" and functions required to enable incident response and incident handling with an organization.
Incident Management
