Chapter 14

Question 1

What are the steps in damage control?

Answer 1

steps:

1) report the incident
2) confront any suspects
3) neutralize the suspected prepetrator from harming others
4) secure physical security features
5) quarantine electronic equipment
6) contact the cyber incident response team

Question 2

A business continuity plan will help determine the mission essential function or the activity that serves as the core purpose of the enterprise.

(T/F)

Answer 2

False

Question 3

What RAID type is based on striping, uses multiple drives, and is not fault tolerant if one of the drives fails?

a) RAID 0
b) RAID 1
c) RAID 5
d) RAID 2

Answer 3

a) RAID 0

Question 4

What is a hot site?

Answer 4

A hot site is a duplicate of the production site that has all the equipment needed for an organization to continue running.

Question 5

A business impact analysis may include succession planning or determining in advance who will be authorized to take over in the event of the incapacitation or death of key employees?

(T/F)

Answer 5

False

Question 6

A legal stop order is a notification sent from the legal team to employees instructing them not to delete electronically store information or paper documents that may be relevant to the incident.

(T/F)

Answer 6

False

Question 7

Which of the following is a system of hard drives based on redundancy and used for increased reliability and performance?

a) MTBF
b) ESD
c) RPO
d) RAID

Answer 7

d) RAID

Question 8

A metallic enclosure that prevents the entry or escape of an electromagnetic field is known as a:

a) Newton cage
b) Faraday cage
c) mantrap
d) bollard cage

Answer 8

b) Faraday cage

Question 9

When does a company need to identify mission critical business functions and quantify the impact a loss of such functions may have on the organization in terms of its operational and financial position, what should be performed?

a) business alert assessment
b) business productivity analysis
c) business impact analysis
d) business risk analysis

Answer 9

c) business impact analysis

Question 10

What term is used to describe a documentation of control over evidence, which is used to ensure that no unauthorized person was given the opportunity to corrupt the evidence?

a) chain of use
b) chain of custody
c) chain of property
d) chain of value

Answer 10

b) chain of custody

Question 11

What will be the available drive space in a RAID 5 configured system with 3 250GB hard drives?

a) 1 TB
b) 500 GB
c) 750 GB
d) 250 GB

Answer 11

b) 500 GB

Question 12

Which RAID types would use a minium of four hard drives?

a) 6
b) 51
c) 1
d) 5
e) 0
f) 10

Answer 12

a) 6
b) 51
c) 10

Question 13

What are some common symptoms of RAID array failures?

a) overheating
b) OS not found
c) failure to boot
d) drive not recognized

Answer 13

b) OS not found
c) failure to boot
d) drive not recognized

Question 14

Raul has been asked to help develop an outline of procedures to be followed in the event of a major IT incident or an incident that directly impacts IT. What type of planning is this?

a. Disaster recovery planning
b. IT contingency planning
c. Business impact analysis planning
d. Risk IT planning

Answer 14

b. IT contingency planning

Question 15

Dilma has been asked with creating a list of potential employees serve in an upcoming tabletop exercise. Which employees will be on her list?

a. All employees
b. Individuals on a decision-making level
c. Full-time employees
d. Only IT managers

Answer 15

b. Individuals on a decision-making level

Question 16

What is the average amount of time that it will take a device to recover from a failure that is not a terminal failure?

a. MTTR
b. MTBR
c. MTBF
d. MTTI

Answer 16

a. MTTR

Question 17

Which of the following is NOT a category of fire suppression systems?

a. Water sprinkler system
b. Wet chemical system
c. Clean agent system
d. Dry chemical system

Answer 17

b. Wet chemical system

Question 18

Which of these is NOT required for a fire to occur?

a. A chemical reaction that is the fire itself
b. A type of fuel or combustible material
c. A spark to start the process
d. Sufficient oxygen to sustain the combustion

Answer 18

c. A spark to start the process

Question 19

An electrical fire like that would be found in a computer data center is known as what type of fire?

a. Class A
b. Class B
c. Class C
d. Class D

Answer 19

c. Class C

Question 20

Which level of RAID uses disk mirroring and is considered fault-tolerant?

a. Level 1
b. Level 2
c. Level 3
d. Level 4

Answer 20

a. Level 1

Question 21

What is the amount of time added to or subtracted from Coordinated Universal Time to determine local time?

a. Time Offset
b. Civil time
c. Daylight savings time
d. Greenwich Mean Time (GMT)

Answer 21

a. Time Offset

Question 22

What does the abbreviation RAID represent?

a. Redundant Array of IDE Drives
b. Resilient Architecture for Interdependent Discs
c. Redundant Array of Independent Drives
d. Resistant Architecture of Inter-Related Data Storage

Answer 22

c. Redundant Array of Independent Drives

Question 23

Which of these is an example of a nested RAID?

a. Level 1-0
b. Level 0-1
c. Level 0+1
d. Level 0/1

Answer 23

c. Level 0+1

Question 24

A(n) ________ is always running off its battery while the main power runs the battery charger.

a. Secure UPS
b. Backup UPS
c. Off-line UPS
d. On-line UPS

Answer 24

d. On-line UPS

Question 25

Which type of site is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running?

a. Cold site
b. Warm site
c. Hot site
d. Replicated site

Answer 25

c. Hot site

Question 26

Which of the following can a UPS NOT perform?

a. Prevent certain applications from launching that will consume too much power
b. Disconnect users and shut down the server
c. Prevent any new users from logging on
d. Notify all users that they must finish their work immediately and log off

Answer 26

a. Prevent certain applications from launching that will consume too much power

Question 27

Which of these is NOT a characteristic of a disaster recovery plan (DRP)?

a. It is updated regularly.
b. It is a private document used only by top-level administrators for planning.
c. It is written.
d. It is detailed.

Answer 27

b. It is a private document used only by top-level administrators for planning.

Question 28

What does an incremental backup do?

a. Copies all files changed since the last full or incremental backup
b. Copies selected files
c. Copies all files
d. Copies all files since the last full backup

Answer 28

a. Copies all files changed since the last full or incremental backup

Question 29

Which question is NOT a basic question to be asked regarding creating a data backup?

a. What media should be used?
b. How long will it take to finish the backup?
c. Where should the backup be stored?
d. What information should be backed up?

Answer 29

b. How long will it take to finish the backup?

Question 30

The chain of ________ documents that the evidence was under strict control at all times and no unauthorized person was given the opportunity to corrupt the evidence.

a. Forensics
b. Evidence
c. Custody
d. Control

Answer 30

c. Custody

Question 31

What is the maximum length of time that an organization can tolerate between data backups?

a. Recovery time objective (RTO)
b. Recovery service point (RSP)
c. Recovery point objective (RPO)
d. Optimal recovery timeframe (ORT)

Answer 31

c. Recovery point objective (RPO)

Question 32

When an unauthorized event occurs, what is the first duty of the computer forensics response team?

a. To log off from the server
b. To secure the crime scene
c. To back up the hard drive
d. To reboot the system

Answer 32

b. To secure the crime scene

Question 33

Margaux has been asked to work on the report that will analyze the exercise results with the purpose of identifying strengths to be maintained and weaknesses to be addressed for improvement. What report will she be working on?

a. Identification of critical systems report
b. Containment report
c. Business continuity report
d. After-action report

Answer 33

d. After-action report