Chapter 12 - Disaster Recovery and Incident Response Flashcards Preview

CompTIA Security+ > Chapter 12 - Disaster Recovery and Incident Response > Flashcards

Flashcards in Chapter 12 - Disaster Recovery and Incident Response Deck (25):

What is Business Continuity in a nut shell?

page 431
Having a backup plan when a key component is missing, absent, or failure, and the business continues.


What is the process of implementing policies, controls and procedures to counteract the effects of losses, outages or failures of critical business processes?

page 431
Business Continuity Planning (BCP)


What are the two key components of BCP?

page 431
Business Impact Analysis (BIA)
Rick Assessment


What are some good reasons to have backups?

page 432
Accidental deletion Application errors
Natural disasters Physical attacks
Server failure Virus infection
Workstation failure


What are sometimes referred to as shadows?

page 432
Working copies


AT what temperature does paper catch fire?

page 433
451 degrees Fahrenheit


What is an ideal medium for on-site storage?

page 433


What is the major component of a disaster recovery plan?

page 434
access and storage information


What are the different types of Backups

page 436
Full backup
Differential backup
Incremental backup
Hierachical Storage Management (HSM)


Describe the Grandfather, Father and Son Backup

page 438
The most recent backup after a full backup is SON
As newer backup are made, the SON becomes the FATHER, in turn becomes the GRANDFATHER
- Annual Backup is referred to as GRANDFATHER
- Monthly Backup is referred to as FATHER
- Weekly Backup is referred to as SON


What is a backout?

page 443
Is a reversion from a change that had negative consequences.


What is a Hot-Site?

page 443
Is a location that can provide operations within hours of failure.
Often referred to as an active Active Backup Model


What is a Warm SIte?

page 444
Provides some of the capabilities of a hot site, but it requires the customer to do more work to become operational


What is a Reciprocal Agreement?

page 444
An agreement between 2 companies to provide services in the event of an emergency


What is a Cold Site?

page 444
Is a facility that isn't ready for use, the organization using it must bring along its equipment and network.


What important items should an Incident Response Policy establish?

page 446
- Outside agencies that should be contacted or notified in case of an incident.
- Resources used to deal with an incident.
- List of information that should be collected about an incident.
- Policies and guidelines regarding how to handle an incident.


What can be formalized or an Ad Hoc team?

page 446
Computer Security Incident Response Team (CSIRT)


What are the 5 Steps Incident Response?

page 448
1. Identifying the Incident
2. Investigating the Incident
3. Repairing the Damage
4. Documenting and Repairing the Response
5. Adjusting Procedures


What is OOV?

page 453
Order of Volatility
The amount of time that you have to collect certain data before a window of opportunity is gone.


What is "Capture System Image"?

page 453
Capturing an image of the operating system in its exploited state can be helpful in revisiting the issue after the fact to learn more about it.


Why is Documenting Network Traffic and logs valuable in forensics?

page 453
This information can be useful in identifying trends associated with repeated attacks


Why would you want to capture video in forensics?

page 453
Video can latter be analyzed manually in individual frames as well as run through a number of programs that can create indices of the contents.


Why is important to record the time offset during forensics?

page 453
To able to follow events in the correct time sequence.


What are the 5 levels of testing during a Tabletop exercise simulation of a disater?

page 454
- Document Review
- Simulation
- Parallel Text
- Cutover Test


What is Penetration Testing?

page 458
Using the same techniques a hacker would use to penetrate your system.