are likely in the event of a hacker attack, when the attacker retreats to a chat room and describes in specific detail

CIS 359 Final Exam (Strayer)

  1. ____ are likely in the event of a hacker attack, when the attacker retreats to a chat room and describes in specific detail to his or her associates the method and results of his or her latest conquest.
  2. Contingency strategies for ____ should emphasize the need for absolutely reliable data backup and recovery procedures because they have less inherent redundancy than a distributed architecture.

  3. A ____ is a description of the disasters that may befall an organization, along with information on their probability of occurrence, a brief description of the organization’s actions to prepare for that disaster, and the best case, worst case, and most likely case outcomes of the disaster.

  4. The primary vehicle for articulating the purpose of a disaster recovery program is the ____.

  5. The ____ assembles a disaster recovery team.

  6. A ____ is a collection of nodes in which the segments are geographically dispersed and the physical link is often a data communications channel provided by a public carrier.

  7. Deciding which technical contingency strategies are selected, developed, and implemented is most often based on the type of ____ being used.

  8. ___ are highly probable when infected machines are brought back online or when other infected computers that may have been offline at the time of the attack are brought back up.

  9. A(n) ____ occurs when a situation results in service disruptions for weeks or months, requiring a government to declare a state of emergency.

  10. The ____ team is responsible for providing the initial assessments of the extent of damage to equipment and systems on-site and/or for physically recovering the equipment to be transported to a location where the other teams can evaluate it.

  11. During the ____ phase, the organization begins the recovery of the most time-critical business functions - those necessary to reestablish business operations and prevent further economic and image loss to the organization.

  12. In the context of disaster notification, the ____ is a scripted description of the disaster and consists of just enough information so that each response knows what port of the DR plan to implement.

  13. The ____ team is responsible for working with the remainder of the organization to assist in the recovery of nontechnology functions.

  14. The ____ involves providing copies of the DR plan to all teams and team members for review.

  15. ____ is the inclusion of action steps to minimize the damage associated with the disaster on the operations of the organization.

  16. The ____ team is primarily responsible for data restoration and recovery.

  17. In the ____ phase of the BC plan, the organization specifies what type of relocation services are desired and what type of data management strategies are deployed to support relocation.

  18. The ____ is the amount of time that a business can tolerate losing capabilities until alternate capabilities are available.

  19. The ____ is the point in the past to which the recovered applications and data at the alternate infrastructure will be restored.

  20. The plan maintenance schedule in a BC policy statement should address the ____ of reviews, along with who will be involved in each review.

  21. In the ____ section of the business continuity policy, the training requirements for the various employee groups are defined and highlighted.

  22. ____ planning represents the final response of the organization when faced with any interruption of its critical operations.

  23. What phase of the BC plan specifies under what conditions and how the organization relocates from the primary to the alternate site?

  24. The CM ____ is responsible for overseeing the actions of the crisis management team and coordinating all crisis management efforts in cooperation with disaster recovery and/or business continuity planning, on an as-needed basis.

  25. ___ is the process of ensuring that every employee is trained to perform at least part of the job of another employee.

  26. ____ is the movement of employees from one position to another so they can develop additional skills and abilities.

  27. In contrast to emergency response that focuses on the immediate safety of those affected, ____ addresses the services needed to get the organization and its stakeholders back to original levels of productivity or satisfaction.

  28. ___ are those steps taken to inform stakeholders regarding the timeline of events, the actions taken, and sometimes the reasons for those actions.

  29. A(n) ____ is created to enable management to gain and maintain control of ongoing emergency situations, to provide oversight and control to designated first responders, and to marshal IR, DR, and DC plans and resources as needed.

  30. A ____ is defined by the ICM as a disruption in the company’s business that occurs without warning and is likely to generate news coverage and may adversely impact employees, investors, customers, suppliers, and other stakeholders.

  31. Cross-training provides a mechanism to get everyone out of the crime scene and thus prevent contamination of possible evidentiary material.

  32. The ____ handles computer crimes that are categorized as felonies.

  33. The forensic tool ____ does extensive pre-processing of evidence items that  recovers deleted files and extracts e-mail messages.

  34. ___ is used both for intrusion analysis and as part of evidence collection and analysis

  35. ____ is the determination of the initial flaw or vulnerability that allowed an incident to occur.

  36. Most digital forensic teams have a prepacked field kit, also known as a(n) ____.

  37. Many private sector organizations require a formal statement, called a(n) ____, which provides search authorization and furnishes much of the same information usually found in a public sector search warrant.

  38. One way to identify a particular digital item (collection of bits) is by means of a(n) ____.

  39. The ____ phase of forensic analysis involves the use of forensic tools to recover the content of files that were deleted, operating system artifacts (such as event data and logging of user actions), and other relevant facts.

  40. Because it is possible for investigators to confuse the suspect and destination disks when performing imaging, and to preclude any grounds for challenging the image output, it is common practice to protect the suspect media using a ____.

  41. If a user receives a message whose tone and terminology seems intended to invoke a panic or sense of urgency, it may be a(n) ____.

  42. When an incident includes a breach of physical security, all aspects of physical security should be escalated under a containment strategy known as ____.

  43. Clifford Stoll’s book, ____, provides an excellent story about a real-world incident that turned into an international tale of espionage and intrigue.

  44. There are a number of professional IR agencies, such as ____, that can provide additional resources to help prevent and detect DoS incidents.

  45. The CSIRT may not wish to “tip off” attackers that they have been detected, especially if the organization is following a(n) ____ approach.

  46. Which of the following is the most suitable as a response strategy for malware outbreaks?

  47. Essentially a DoS attack, a ____ is a message aimed at causing organizational users to waste time reacting to a nonexistent malware threat.

  48. According to NIST, which of the following is an example of a UA attack?

  49. ___ is a common indicator of a DoS attack.