Chapter 12 - Disaster Recovery & Incident Response Flashcards Preview

Security + > Chapter 12 - Disaster Recovery & Incident Response > Flashcards

Flashcards in Chapter 12 - Disaster Recovery & Incident Response Deck (25)
Loading flashcards...

what is BCP?

12 - 431

business continuity planning

implementing policies and controls to counteract the effects of losses, outages, or failures


what are CBFs?

12 - 431

critical business functions

these are the systems that must be made operational immediately when an outage occurs


tell me the 2 key components of the BCP

12 - 431

business impact analysis - evaluate the process

risk assessment - evaluate the risk, the likelihood of a loss


what are working copies?

12 - 432

shadow copies, they are partial or full backups that are kept for immediate recovery purposes


what is onsite storage?

12 - 432

a location on the site of the computer center that is used to store information locally


you have a disaster-recovery plan. what is the primary emphasis of that plan?

12 - 433

reestablishing services and minimizing losses


Describe to me the database transaction auditing process from the image provided in the book.

12 - 435

clients talk to database server

database server saves its databases files separate from its transaction/audit files


we've talked about full backups, incremental backup, and differential backups. there is a new type. tell me about it.

12 - 437

HSM, hierarchical storage management, provides continuous online backup by using optical or tape jukeboxes


explain the grandfather, father, son backup plan

12 - 438

grandfather - annual backups
father - monthly backups
son - weekly


explain the backup server backup plan

12 - 440

multiple types of servers all save to a backup server which houses the backup files


what is a hot site?

12 - 443

also known as an active backup model, it is a location that can provide operations within hours of a failure


tell me another name for a warm site/reciprocal site

12 - 444

active/active model


what is a cold site?

12 - 444

a facility that isn't immediately ready to use


what is an incident?

12 - 445

any attempt to violate a security policy, a successful penetration, a compromise of a system, or any unauthorized access to information. system failures and service disruptions are included.


there are certain items that an incident response policy establishes. there are 6 of them. tell me what they are.

12 - 446

notify outside agencies
resources used to deal with an incident
procedures to gather an secure evidence
list of info that should be collected
outside experts who can be used to address issues
policies and guidelines


explain to me the five steps of the incident response cycle

12 - 447

you have an incident in the center.

around that, identifying leads to investigation, leads to repairing, leads to adjusting procedures, leads back to identifying


if data gets stolen, what are the 3 steps you take to mitigate the damage?

12 - 451

immediately change all passwords
notify the relevant parties
make procedural changes so tha tthe info stolen cannot be used to affect additional breaches


you have a response plan and are going to run the drill. you are watching and evaluating people's responses. what 5 things are you looking for?

12 - 452

was the evidence gathered and the chain of custody maintained?
did the escalation procedures follow the correct path?
given the results of the investigation, would you be able to find and prosecute the culprit?
what was done that should not have been done?
what could have been done better?


when you are adjusting procedures, what 3 questions should you ask?

12 - 453

how did the policies work or not work in this situation?
what did you learn about the situation that was new?
what should you do differently next time?


what is succession planning?

12 - 454

outlines those internal to the organization who have the ability to step into positions when they open


when you are doing big data analysis, what three levels of testing will you apply?

12 - 454

document review, walkthrough, simulation


SLAs are also known as what?

12 - 456

maintenance contracts


what is code escrow?

12 - 457

refers to the storage and condition of a release of source code provided by a vendor


3 types of testing for security controls

12 - 459

black box
white box
gray box


credentialed scanning has several benefits. name them

12 - 460

not disrupting operations or consuming too many resources
definitive list of missing patches
client side software vulnerabilities are uncovered