Question 1

An unusual system crash is a possible indicator of an actual incident.

Accepted Answer

Unusual system crashes can sometimes indicate a cyber incident or attack, including malware or other forms of compromise. It is important to investigate such events to determine if they pose a threat to the security or availability of systems and data.

Question 2

In a warm site,all communications services must be installed after the site is occupied.

Accepted Answer

In a warm site, basic communication services such as phone lines and internet connectivity must be pre-installed before the site is occupied to have immediate access in case of a disaster.

Question 3

The presence of hacker tools in a system definitely signals that an incident is in progress or has occurred.

Accepted Answer

The presence of hacker tools suggests that someone has gained unauthorized access to the system or is attempting to do so. Therefore, it is a clear indication that an incident has occurred or is in progress.

Question 4

Attack success scenarios include alternative outcomes of an attack.

Accepted Answer

Attack success scenarios refer to the possibility of alternative outcomes resulting from an attack, hence it is true.

Question 5

In most organizations,the COO is responsible for creating the IRP.

Accepted Answer

The COO (Chief Operating Officer) is typically responsible for overseeing the day-to-day operations of an organization, but the creation of an IRP (Incident Response Plan) may involve input and collaboration from various departments and stakeholders such as IT, security, legal, and management. The responsibility for creating the IRP may fall on a specific individual or team within the organization depending on its size, structure, and policies.

Question 6

A sequential system of activating an alert roster is more accurate than a hierarchical system.

Accepted Answer

A sequential system ensures that each person on the alert roster is contacted in a specific order, which reduces the likelihood of missing someone or having a delay in contacting them. In contrast, a hierarchical system may prioritize certain individuals or groups, but it can also overlook or neglect others who fall lower on the hierarchy. Therefore, a sequential system is generally more accurate and reliable for activating an alert roster.

Question 7

An organization should start documenting an incident after the incident has been contained.

Accepted Answer

Documentation should begin as soon as an incident is detected to ensure all details are accurately captured and to aid in the response and recovery process.

Question 8

When an incident takes place,the disaster recovery plan (DRP)is invoked before the incident response plan (IRP).

Accepted Answer

The incident response plan (IRP) is invoked first to address and manage the immediate effects of an incident, while the disaster recovery plan (DRP) is used later to restore systems and operations after the incident has been contained.

Question 9

To perform parallel testing,the operations of the business must be halted.

Accepted Answer

Parallel testing can be done without halting the operations of the business. It involves running new and old systems simultaneously, to compare the outputs and ensure that the new system is functioning correctly. This way, the business can continue to operate while testing is being done.

Question 10

Incident recovery should begin after the incident has been contained.

Accepted Answer

Incident recovery should start after the incident has been contained. Containment is the first priority, and once the incident has been contained, recovery can begin.

Question 11

Continuous process improvement (CPI)suggests that each time the organization rehearses its plans,it should learn from the process,improve the process,and then rehearse again.

Accepted Answer

The answer of Continuous process improvement (CPI)suggests that each time...

Question 12

The BCP is activated and executed concurrently with the DRP when the disaster is major or long term.

Accepted Answer

The answer of The BCP is activated and executed concurrently...

Question 13

A structured walk-through is the simplest kind of validation for reviewing the perceived feasibility and effectiveness of the contingency plan.

Accepted Answer

The answer of A structured walk-through is the simplest kind...

Question 14

Computer hardware and peripherals are provided in a cold site.

Accepted Answer

The answer of Computer hardware and peripherals are provided in...

Question 15

The BCP is most properly managed by the CISO of an organization.

Accepted Answer

The answer of The BCP is most properly managed by...

Question 16

A sequential system of activating an alert roster is quicker than a hierarchical system.

Accepted Answer

The answer of A sequential system of activating an alert...

Question 17

The business continuity team detects,evaluates,and responds to disasters,and also reestablishes operations at the primary business site.

Accepted Answer

The answer of The business continuity team detects,evaluates,and responds to...

Question 18

Notification from IDS is a probable indicator of an actual incident.

Accepted Answer

The answer of Notification from IDS is a probable indicator...

Question 19

Verifying personnel status is a responsibility of the IR team.

Accepted Answer

The answer of Verifying personnel status is a responsibility of...

Question 20

Classifying an incident is the responsibility of the IR team.

Accepted Answer

The answer of Classifying an incident is the responsibility of...

Question 21

A(n)$\text {\underline{ champion} }$&#10;&#10; is an executive who supports,promotes,and endorses the findings of the CP project._________________________

Accepted Answer

The answer of A(n)$\text {\underline{ champion} }$&#10;&#10; is an executive...

Question 22

$\text {\underline{Parallel } }$&#10; testing is the most rigorous strategy for testing contingency plans._________________________

Accepted Answer

The answer of $\text {\underline{Parallel } }$&#10; testing is the...

Question 23

A(n)attack $\text {\underline{scenario } }$&#10;&#10; consists of a detailed description of the activities that usually occur during an attack._________________________

Accepted Answer

The answer of A(n)attack $\text {\underline{scenario } }$&#10;&#10; consists of...

Question 24

A(n)$\text {\underline{structured walk-through } }$&#10;&#10; is a method of testing contingency plans in which each involved person works individually to simulate the performance of each task that he or she is responsible for._________________________

Accepted Answer

The answer of A(n)$\text {\underline{structured walk-through } }$&#10;&#10; is a...

Question 25

A(n)$\text {\underline{hierarchical } }$&#10; roster requires that a contact person call each and every person on the roster._________________________

Accepted Answer

The answer of A(n)$\text {\underline{hierarchical } }$&#10; roster requires that...

Question 26

The BIA planning team estimates the cost of the best,worst,and most likely outcomes of an attack by preparing a(n)$\text {\underline{ attack scenario end case  } }$&#10;&#10;_________________________

Accepted Answer

The answer of The BIA planning team estimates the cost...

Question 27

The

\text {\underline{ disaster recovery} }

team is responsible for detecting,evaluating,and responding to disasters,and reestablishing operations at the primary business site._________________________

Accepted Answer

The answer of The $\text {\underline{  disaster recovery} }$&#10;&#10;...

Question 28

A(n)$\text {\underline{ alert message} }$&#10;&#10; is a scripted set of initial instructions used to respond to an incident._________________________

Accepted Answer

The answer of A(n)$\text {\underline{ alert message} }$&#10;&#10; is a...

Question 29

The $\text {\underline{ IR Plan } }$&#10;&#10; is the component of contingency planning that focuses on restoring operations at the primary site._________________________

Accepted Answer

The answer of The $\text {\underline{ IR Plan } }$&#10;&#10;...

Question 30

The concept that iteration results in improvement is implemented in the methodology of $\text {\underline{ continuous process improvement (CPI)} }$&#10;&#10;._________________________

Accepted Answer

The answer of The concept that iteration results in improvement...

Question 31

The $\text {\underline{CP } }$&#10;&#10; team manages and executes the incident response plan by detecting,evaluating,and responding to incidents._________________________

Accepted Answer

The answer of The $\text {\underline{CP } }$&#10;&#10; team manages...

Question 32

In contingency planning,an unexpected,negative occurrence is called a(n)$\text {\underline{event. } }$&#10;&#10;._________________________

Accepted Answer

The answer of In contingency planning,an unexpected,negative occurrence is called...

Question 33

Changes to logs are $\text {\underline{probable } }$&#10;&#10; indicators of an actual incident._________________________

Accepted Answer

The answer of Changes to logs are \(\text {\underline{probable }...

Question 34

The $\text {\underline{ business impact analysis} }$&#10;&#10;provides the CP team with information about systems and the threats they face._________________________

Accepted Answer

The answer of The $\text {\underline{ business impact analysis} }$&#10;&#10;provides...

Question 35

$\text {\underline{Rapid-onset  } }$&#10;&#10; disasters occur suddenly,and may take the lives of people and destroy the means of production._________________________

Accepted Answer

The answer of $\text {\underline{Rapid-onset  } }$&#10;&#10; disasters occur...

Question 36

Activities at unexpected times are $\text {\underline{ probable} }$&#10;&#10;indicators of an actual incident._________________________

Accepted Answer

The answer of Activities at unexpected times are \(\text {\underline{...

Question 37

$\text {\underline{Electronic vaulting  } }$&#10;&#10; involves the transfer of live transactions to an off-site facility._________________________

Accepted Answer

The answer of $\text {\underline{Electronic vaulting  } }$&#10;&#10; involves...

Question 38

The process of examining a possible incident and determining whether it constitutes an actual incident is called incident $\text {\underline{ verification} }$&#10;._________________________

Accepted Answer

The answer of The process of examining a possible incident...

Question 39

$\text {\underline{Crisis } }$&#10;&#10;management entails a set of focused steps that deal primarily with the people involved in a disaster._________________________

Accepted Answer

The answer of $\text {\underline{Crisis } }$&#10;&#10;management entails a set...

Question 40

The presence of unfamiliar files is a(n)$\text {\underline{ definite} }$&#10;&#10;indicator of an actual incident._________________________

Accepted Answer

The answer of The presence of unfamiliar files is a(n)\(\text...

Question 41

A scripted set of instructions about an incident is known as a(n)____.&#10;A) incident report&#10;B) incident summary&#10;C) alert roster&#10;D) alert message

Accepted Answer

The answer of A scripted set of instructions about an...

Question 42

The three categories of incident indicators identified by D.L.Pipkin are possible,probable,and ____.&#10;A) likely&#10;B) improbable&#10;C) definite&#10;D) unlikely

Accepted Answer

The answer of The three categories of incident indicators identified...

Question 43

Operations at the primary business site are reestablished by the ____ team.&#10;A) business continuity&#10;B) CP&#10;C) incident response&#10;D) disaster recovery

Accepted Answer

The answer of Operations at the primary business site are...

Question 44

The ____ plan enables the business to continue to function at an alternate site.&#10;A) FR&#10;B) BC&#10;C) IR&#10;D) DR

Accepted Answer

The answer of The ____ plan enables the business to...

Question 45

The IR Plan is usually activated ____.&#10;A) before an incident takes place&#10;B) when an incident is detected&#10;C) once the DRP is activated&#10;D) once the BCP is activated

Accepted Answer

The answer of The IR Plan is usually activated ____.&#10;A)...

Question 46

Which of the following is a possible indicator of an actual incident?&#10;A) Unusual consumption of computing resources&#10;B) Activities at unexpected times&#10;C) Presence of hacker tools&#10;D) Reported attacks

Accepted Answer

The answer of Which of the following is a possible...

Question 47

A document that contains contact information on the individuals to be notified in the event of an actual incident is called a(n)____.&#10;A) notification table&#10;B) alert roster&#10;C) notification list&#10;D) response list

Accepted Answer

The answer of A document that contains contact information on...

Question 48

Determining whether a possible incident is an actual incident is the responsibility of the ____ team.&#10;A) CP&#10;B) BC&#10;C) DR&#10;D) IR

Accepted Answer

The answer of Determining whether a possible incident is an...

Question 49

In a ____ activation,a single person calls all the people on the roster.&#10;A) sequential&#10;B) linear&#10;C) random&#10;D) hierarchical

Accepted Answer

The answer of In a ____ activation,a single person calls...

Question 50

____ is the process of examining a possible incident and determining whether it constitutes an actual incident.&#10;A) Incident classification&#10;B) Incident identification&#10;C) Incident registration&#10;D) Incident verification

Accepted Answer

The answer of ____ is the process of examining a...

Question 51

In CP,an unexpected event is called a(n)____.&#10;A) disaster&#10;B) occurrence&#10;C) episode&#10;D) incident

Accepted Answer

The answer of In CP,an unexpected event is called a(n)____.&#10;A)...

Question 52

The ____ plan focuses on restoring operations at the primary site.&#10;A) DR&#10;B) IR&#10;C) FR&#10;D) BC

Accepted Answer

The answer of The ____ plan focuses on restoring operations...

Question 53

In the event of an incident or disaster,the ____ team sets up and starts off-site operations.&#10;A) CP&#10;B) business continuity&#10;C) disaster recovery&#10;D) incident response

Accepted Answer

The answer of In the event of an incident or...

Question 54

The ____ plan focuses on the immediate response to an incident.&#10;A) DR&#10;B) IR&#10;C) BC&#10;D) FR

Accepted Answer

The answer of The ____ plan focuses on the immediate...

Question 55

Which of the following is a probable indicator of an actual incident?&#10;A) Presence of unfamiliar files&#10;B) Unusual system crashes&#10;C) Presence of new accounts&#10;D) Presence or execution of unknown programs

Accepted Answer

The answer of Which of the following is a probable...

Question 56

Which of the following is a definite indicator of an actual incident?&#10;A) Unusual system crashes&#10;B) Reported attack&#10;C) Presence of new accounts&#10;D) Use of dormant accounts

Accepted Answer

The answer of Which of the following is a definite...

Question 57

A ____ activation requires that the first person call designated people on the roster,who in turn call other designated people,and so on.&#10;A) hierarchical&#10;B) sequential&#10;C) serial&#10;D) random

Accepted Answer

The answer of A ____ activation requires that the first...

Question 58

The two ways to activate an alert roster are sequentially and ____.&#10;A) exponentially&#10;B) dynamically&#10;C) randomly&#10;D) hierarchically

Accepted Answer

The answer of The two ways to activate an alert...

Question 59

The responsibility for creating an organization's IR Plan usually falls to the ____.&#10;A) CIO&#10;B) network administrators&#10;C) security managers&#10;D) CISO

Accepted Answer

The answer of The responsibility for creating an organization's IR...

Question 60

The ____ team collects information about information systems and the threats they face,and creates the contingency plans for incident response,disaster recovery,and business continuity.&#10;A) incident response&#10;B) CP&#10;C) disaster recovery&#10;D) business continuity

Accepted Answer

The answer of The ____ team collects information about information...

Question 61

The BC Plan is most properly managed by the ____.&#10;A) CEO&#10;B) CIO&#10;C) CISO&#10;D) IT community of interest

Accepted Answer

The answer of The BC Plan is most properly managed...

Question 62

____ ensures that critical business functions can continue if a disaster occurs.&#10;A) Business continuity planning&#10;B) Incident response planning&#10;C) Disaster recovery planning&#10;D) Crisis management planning

Accepted Answer

The answer of ____ ensures that critical business functions can...

Question 63

A(n)____ determines the extent of the breach of confidentiality,integrity,and availability of information and information assets.&#10;A) incident report&#10;B) incident damage assessment&#10;C) information loss assessment&#10;D) damage report

Accepted Answer

The answer of A(n)____ determines the extent of the breach...

Question 64

The DRP is usually managed by the ____.&#10;A) CEO&#10;B) COO&#10;C) CISO&#10;D) IT community of interest

Accepted Answer

The answer of The DRP is usually managed by the...

Deck 3: Planning for Contingencies