CIS 359 Final Exam Set 1 NEW

____ are likely in the event of a hacker attack, when the attacker retreats to a chat room and describes in specific detail to his or her associates the method and results of his or her latest conquest.

• Question 2

Contingency strategies for ____ should emphasize the need for absolutely reliable data backup and recovery procedures because they have less inherent redundancy than a distributed architecture.

• Question 3

A ____ is a description of the disasters that may befall an organization, along with information on their probability of occurrence, a brief description of the organization’s actions to prepare for that disaster, and the best case, worst case, and most likely case outcomes of the disaster.

• Question 4

The primary vehicle for articulating the purpose of a disaster recovery program is the ____.

• Question 5

The ____ assembles a disaster recovery team.

• Question 6

A ____ is a collection of nodes in which the segments are geographically dispersed and the physical link is often a data communications channel provided by a public carrier.

• Question 7

Deciding which technical contingency strategies are selected, developed, and implemented is most often based on the type of ____ being used.

• Question 8

____ are highly probable when infected machines are brought back online or when other infected computers that may have been offline at the time of the attack are brought back up.

• Question 9
A(n) ____ occurs when a situation results in service disruptions for weeks or months, requiring a government to declare a state of emergency.

• Question 10

The ____ team is responsible for providing the initial assessments of the extent of damage to equipment and systems on-site and/or for physically recovering the equipment to be transported to a location where the other teams can evaluate it.

• Question 11

During the ____ phase, the organization begins the recovery of the most time-critical business functions – those necessary to reestablish business operations and prevent further economic and image loss to the organization.

• Question 12

In the context of disaster notification, the ____ is a scripted description of the disaster and consists of just enough information so that each response knows what port of the DR plan to implement.

• Question 13
The ____ team is responsible for working with the remainder of the organization to assist in the recovery of nontechnology functions.

• Question 14

The ____ involves providing copies of the DR plan to all teams and team members for review.

• Question 15

____ is the inclusion of action steps to minimize the damage associated with the disaster on the operations of the organization.

• Question 16

The ____ team is primarily responsible for data restoration and recovery.

• Question 17

In the ____ phase of the BC plan, the organization specifies what type of relocation services are desired and what type of data management strategies are deployed to support relocation.

• Question 18

The ____ is the amount of time that a business can tolerate losing capabilities until alternate capabilities are available.

• Question 19

The ____ is the point in the past to which the recovered applications and data at the alternate infrastructure will be restored.

• Question 20

The plan maintenance schedule in a BC policy statement should address the ____ of reviews, along with who will be involved in each review.

• Question 21

The ____ section of the business continuity policy provides an overview of the information storage and retrieval plans of the organization.

• Question 22

In the ____ section of the business continuity policy, the training requirements for the various employee groups are defined and highlighted.

• Question 23

____ planning represents the final response of the organization when faced with any interruption of its critical operations.

• Question 24

What phase of the BC plan specifies under what conditions and how the organization relocates from the primary to the alternate site?

• Question 25

The CM ____ is responsible for overseeing the actions of the crisis management team and coordinating all crisis management efforts in cooperation with disaster recovery and/or business continuity planning, on an as-needed basis.

• Question 26

____ is the process of ensuring that every employee is trained to perform at least part of the job of another employee.

• Question 27

____ is the movement of employees from one position to another so they can develop additional skills and abilities.

• Question 28

In contrast to emergency response that focuses on the immediate safety of those affected, ____ addresses the services needed to get the organization and its stakeholders back to original levels of productivity or satisfaction.

• Question 29

____ are those steps taken to inform stakeholders regarding the timeline of events, the actions taken, and sometimes the reasons for those actions.

• Question 30

A(n) ____ is created to enable management to gain and maintain control of ongoing emergency situations, to provide oversight and control to designated first responders, and to marshal IR, DR, and DC plans and resources as needed.

• Question 31

A ____ is defined by the ICM as a disruption in the company’s business that occurs without warning and is likely to generate news coverage and may adversely impact employees, investors, customers, suppliers, and other stakeholders.

• Question 32

Cross-training provides a mechanism to get everyone out of the crime scene and thus prevent contamination of possible evidentiary material.

• Question 33

The ____ handles computer crimes that are categorized as felonies.

• Question 34

The forensic tool ____ does extensive pre-processing of evidence items that  recovers deleted files and extracts e-mail messages.

• Question 35

____ is used both for intrusion analysis and as part of evidence collection and analysis.

• Question 36

____ is the determination of the initial flaw or vulnerability that allowed an incident to occur.

• Question 37

Most digital forensic teams have a prepacked field kit, also known as a(n) ____.

• Question 38

Many private sector organizations require a formal statement, called a(n) ____, which provides search authorization and furnishes much of the same information usually found in a public sector search warrant.

• Question 39

One way to identify a particular digital item (collection of bits) is by means of a(n) ____.

• Question 40

The ____ phase of forensic analysis involves the use of forensic tools to recover the content of files that were deleted, operating system artifacts (such as event data and logging of user actions), and other relevant facts.

• Question 41

Because it is possible for investigators to confuse the suspect and destination disks when performing imaging, and to preclude any grounds for challenging the image output, it is common practice to protect the suspect media using a ____.

• Question 42

If a user receives a message whose tone and terminology seems intended to invoke a panic or sense of urgency, it may be a(n) ____.

• Question 43

When an incident includes a breach of physical security, all aspects of physical security should be escalated under a containment strategy known as ____.

• Question 44

Clifford Stoll’s book, ____, provides an excellent story about a real-world incident that turned into an international tale of espionage and intrigue.

• Question 45

There are a number of professional IR agencies, such as ____, that can provide additional resources to help prevent and detect DoS incidents.

• Question 46

The CSIRT may not wish to “tip off” attackers that they have been detected, especially if the organization is following a(n) ____ approach.

• Question 47

Which of the following is the most suitable as a response strategy for malware outbreaks?

• Question 48
Essentially a DoS attack, a ____ is a message aimed at causing organizational users to waste time reacting to a nonexistent malware threat.

• Question 49
According to NIST, which of the following is an example of a UA attack?