Dealing with Incidents

Question 1

In which step of incident response would you begin to restore systems from backups or snapshots?

A) Preparation
B) Recovery
C) Eradication
D) Containment

Answer 1

B) Recovery

Recovery is correct. The other options are steps that come before the incident has been resolved.

Question 2

Which of the following does NOT fall under chain-of-custody?

A) Documenting all locations of evidence
B) Write block
C) List of all person(s) handling evidence
D) Defining what constitutes evidence

Answer 2

B) Write block

Write block is correct. The other options are all steps in the chain-of-custody process.

Question 3

Which type of recovery site has no equipment or data and is just a basic office space?

A) Hot site
B) Warm site
C) Cold site
D) Offsite

Answer 3

C) Cold site

Cold site is correct. A hot site has everything needed (including data) to get up and running within hours. A warm site has equipment, but not up-to-date data, and offsite is just a site away from your normal office location.

Question 4

Which of these backup types only backs up data that has changed since the last full backup?

A) Incremental backup
B) Snapshot
C) Full backup
D) Differential backup

Answer 4

D) Differential backup

Differential backup is correct. Incremental backups only back up the data that has changed since the last backup of ANY type. A full backup will back up everything. Snapshots are typically found in virtual machine environments and are not stored on separate media.