Question 1

Using standard digital forensics methodology,the first step is to analyze the EM data without risking modification or unauthorized access.

Accepted Answer

The first step in standard digital forensics methodology is to identify and preserve the evidence, ensuring that it is not altered or tampered with. Analyzing the data comes after preservation.

Question 2

Training should be as specialized as possible; personnel who are responsible for one duty should not be trained on other duties to avoid confusion during a disaster.

Accepted Answer

Cross-training personnel can enhance flexibility and adaptability, allowing them to perform multiple roles during a disaster, which can be crucial when resources are limited.

Question 3

Which of the following is a possible indicator of an actual incident?&#10;A) Unusual consumption of computing resources&#10;B) Activities at unexpected times&#10;C) Presence of hacker tools&#10;D) Reported attacks

Accepted Answer

Unusual consumption of computing resources can indicate an actual incident as it may suggest unauthorized activities or processes consuming resources.

Question 4

Analert digest is a description of the incident or disaster that usually contains just enoughinformation so that each person knows what portion of the IR or DR plan to implement withoutslowing down the notification process.____________

Accepted Answer

message

Question 5

A(n)wrap-up review is a detailedexamination and discussion of the events that occurred duringan incident or disaster,from first detection to final recovery.____________

Accepted Answer

after action,after-action

Question 6

Which is the first step in the contingency planning process among the options listed here?&#10;A) Business continuity training&#10;B) Disaster recovery planning&#10;C) Business impact analysis&#10;D) Incident response planning

Accepted Answer

The first step in the contingency planning process is to conduct a business impact analysis, which assesses the potential consequences of a disruption to critical business functions and identifies the resources necessary to maintain those functions. This analysis informs the development of strategies for disaster recovery, incident response planning, and business continuity training.

Question 7

Aslow-onset disaster is a disaster that occurs over time and gradually degrade the capacity of anorganization to withstand their effects.____________

Accepted Answer

A slow-onset disaster is a disaster that occurs gradually over time and can slowly deteriorate an organization's ability to cope with its effects. Examples of slow-onset disasters include droughts, famine, and environmental degradation.

Question 8

Which of the following has the main goal of restoring normal modes of operation with minimal cost and disruption to normal business activities after an adverse event?&#10;A) Risk management&#10;B) Contingency planning&#10;C) Business response&#10;D) Disaster readiness

Accepted Answer

Contingency planning involves preparing for and responding to adverse events in order to restore normal operations with minimal disruption and cost. This includes developing strategies for response, recovery, and continuity of operations. Risk management is broader and involves identifying, assessing, and prioritizing risks to business operations, while disaster readiness and business response are more focused on preparedness and immediate response to disaster events.

Question 9

Disaster classification is the process of examining an adverse event or incident and determiningwhether it constitutes an actual disaster.____________

Accepted Answer

Disaster classification involves evaluating an event to determine if it meets the criteria to be classified as a disaster.

Question 10

An item does not become evidence until it is formally admitted to evidence by a judge or other ruling official.

Accepted Answer

This is correct. Even if an item is seized or collected as potential evidence, it does not have evidentiary value until it is officially admitted as evidence by a judge or other authorized official, such as an arbitrator or administrative hearing officer. The rules and procedures for admitting evidence can vary depending on the jurisdiction and type of case, but generally require some form of authentication, relevance, and reliability.

Question 11

In a warm site,all services and communications links are fully configured and the site can be fully functional within minutes.

Accepted Answer

The answer of In a warm site,all services and communications...

Question 12

Which of the following is a mathematical tool that can be useful in assessing relative importance while resolving the issue of what business function is the most critical?&#10;A) Weighted analysis&#10;B) BIA questionnaire&#10;C) Recovery time organizer&#10;D) MTD comparison

Accepted Answer

The answer of Which of the following is a mathematical...

Question 13

Which of the following is the process of examining a possible incident and determining whether it constitutes an actual incident?&#10;A) Incident classification&#10;B) Incident identification&#10;C) Incident registration&#10;D) Incident verification

Accepted Answer

The answer of Which of the following is the process...

Question 14

When performing simlation testing,normal operations of the business are not impacted.

Accepted Answer

The answer of When performing simlation testing,normal operations of the...

Question 15

Patch and proceed is anorganizational CP philosophy that focuses on the defense ofinformation assets and preventing reoccurrence rather than the attacker's identification andprosecution.____________

Accepted Answer

The answer of Patch and proceed is anorganizational CP philosophy...

Question 16

In the event of an incident or disaster,which planning element is used to guide off-site operations?&#10;A) Project management&#10;B) Business continuity&#10;C) Disaster recovery&#10;D) Incident response

Accepted Answer

The answer of In the event of an incident or...

Question 17

In most organizations,the COO is responsible for creating the IR plan.

Accepted Answer

The answer of In most organizations,the COO is responsible for...

Question 18

What is the final stage of the business impact analysis when using the NIST SP 800-34 approach?&#10;A) Identify resource requirements&#10;B) Identify business processes&#10;C) Determine mission/business processes and recovery criticality&#10;D) Identify recovery priorities for system resources

Accepted Answer

The answer of What is the final stage of the...

Question 19

At what point in the incident lifecycle is the IR plan initiated?&#10;A) Before an incident takes place&#10;B) Once the DRP is activated&#10;C) When an incident is detectedthataffects it&#10;D) Once the BCP is activated

Accepted Answer

The answer of At what point in the incident lifecycle...

Question 20

When an incident takes place,the disaster recovery (DR)planis invoked before the incident response (IR)plan.

Accepted Answer

The answer of When an incident takes place,the disaster recovery...

Question 21

In which contingency plan testing strategy do individuals participate in a role-playing exercise inwhich the CP team is presented with a scenario of an actual incident or disaster and expected to react as if it had occurred?

A) Desk check
B) Simulation
C) Structured walk-through
D) Parallel testing

Accepted Answer

The answer of In which contingency plan testing strategy do...

Question 22

Which of the following is the transfer of live transactions to an off-site facility?&#10;A) Remote journaling&#10;B) Electronic vaulting&#10;C) Database shadowing&#10;D) Timesharing

Accepted Answer

The answer of Which of the following is the transfer...

Question 23

In digital forensics,all investigations follow the same basic methodology.Which of the following should be performed first in a digital forensics investigation?&#10;A) Report the findings to the proper authority&#10;B) Acquire (seize) the evidence without alteration or damage&#10;C) Identify relevant items of evidentiary value (EM)&#10;D) Analyze the data without risking modification or unauthorized access

Accepted Answer

The answer of In digital forensics,all investigations follow the same...

Question 24

Which of the following is an approachavailable to an organization as an overall philosophy for contingency planning reactions?&#10;A) Protect and forget&#10;B) after-action review&#10;C) Transfer to local/state/federal law enforcement&#10;D) Track, hack and prosecute

Accepted Answer

The answer of Which of the following is an approachavailable...

Question 25

The four components of contingency planning are the ____________________,the incident response plan,the disaster recovery plan,and the business continuity plan.

Accepted Answer

The answer of The four components of contingency planning are...

Question 26

In which contingency plan testing strategy do individuals participate in a role-playing exercise inwhich the CP team is presented with a scenario of an actual incident or disaster and expected to react as if it had occurred?

A) Desk check
B) Simulation
C) Structured walk-through
D) Parallel testing

Accepted Answer

The answer of In which contingency plan testing strategy do...

Question 27

Which of the following is a responsibility of the crisis management team?&#10;A) Restoring the data from backups&#10;B) Evaluating monitoring capabilities&#10;C) Keeping the public informed about the event and the actions being taken&#10;D) Restoring the services and processes in use

Accepted Answer

The answer of Which of the following is a responsibility...

Question 28

When a disaster renders the current business location unusable,which plan is put into action?&#10;A) Business continuity&#10;B) Crisis management&#10;C) Incident response&#10;D) Business impact analysis

Accepted Answer

The answer of When a disaster renders the current business...

Question 29

Which of the following is true about a hot site?&#10;A) It is an empty room with standard heating, air conditioning, and electrical service.&#10;B) It includes computing equipment and peripherals with servers but not client workstations.&#10;C) It duplicates computing resources, peripherals, phone systems, applications, and workstations.&#10;D) All communications services must be installed after the site is occupied.

Accepted Answer

The answer of Which of the following is true about...

Question 30

After an incident,but before returning to its normal duties,the CSIRT must do which of the following?&#10;A) Create the incident damage assessment&#10;B) Conduct an after-action review&#10;C) Restore data from backups&#10;D) Restore services and processes in use

Accepted Answer

The answer of After an incident,but before returning to its...

Question 31

If operations at the primary site cannot be quickly restored,the ____________________ occurs concurrently with the DR plan,enabling the business to continue at an alternate site.

Accepted Answer

The answer of If operations at the primary site cannot...

Question 32

Which of the following determines the scope of the breach of confidentiality,integrity,and availability of information and information assets?&#10;A) Incident report&#10;B) Incident damage assessment&#10;C) Information loss assessment&#10;D) Damage report

Accepted Answer

The answer of Which of the following determines the scope...

Question 33

In which type of site are no computer hardware or peripherals provided?&#10;A) Cold site&#10;B) Warm site&#10;C) Timeshare&#10;D) Hot site

Accepted Answer

The answer of In which type of site are no...

Question 34

Which of the following is a part of the incident recovery process?&#10;A) Identifying the vulnerabilities that allowed the incident to occur and spread&#10;B) Determining the event's impact on normal business operations and, if necessary, making a disaster declaration&#10;C) Supporting personnel and their loved ones during the crisis&#10;D) Keeping the public informed about the event and the actions being taken to ensure the recovery of personnel and the enterprise

Accepted Answer

The answer of Which of the following is a part...

Question 35

Which type of document grants formal permission for an investigation to occur?&#10;A) Affidavit&#10;B) Search warrant&#10;C) Evidentiary report&#10;D) Forensic concurrence

Accepted Answer

The answer of Which type of document grants formal permission...

Question 36

Which of the following is a definite indicator of an actual incident?&#10;A) Unusual system crashes&#10;B) Reported attack&#10;C) Presence of new accounts&#10;D) Use of dormant accounts

Accepted Answer

The answer of Which of the following is a definite...

Question 37

Which of the following allows investigators to determine what happened by examining the results of an event-criminal,natural,intentional,or accidental?&#10;A) Digital malfeasance&#10;B) E-discovery&#10;C) Forensics&#10;D) Evidentiary procedures

Accepted Answer

The answer of Which of the following allows investigators to...

Question 38

Which document must be changed when evidence changes hands or is stored?&#10;A) Chain of custody&#10;B) Search warrant&#10;C) Affidavit&#10;D) Evidentiary material

Accepted Answer

The answer of Which document must be changed when evidence...

Question 39

Which of the following is usually conducted via leased lines or secure Internet connections whereby the receiving server archives the data as it is received?.&#10;A) Database shadowing&#10;B) Timesharing&#10;C) Traditional backups&#10;D) Electronic vaulting

Accepted Answer

The answer of Which of the following is usually conducted...

Question 40

Which of the following is the best example of a rapid-onset disaster?&#10;A) Flood&#10;B) Pest infestation&#10;C) Famine&#10;D) Environmental degradation

Accepted Answer

The answer of Which of the following is the best...

Question 41

When undertaking the BIA,whatshouldthe organization consider?

Accepted Answer

The answer of When undertaking the BIA,whatshouldthe organization consider?...

Question 42

The ____________________ plan is a detailed set of processes and procedures that anticipate,detect,and mitigate the effects of an unexpected event that might compromise information resources and assets.

Accepted Answer

The answer of The ____________________ plan is a detailed set...

Question 43

A(n)____________________ occurs when an attack affects information resources and/or assets,causing actual damage or other disruptions.

Accepted Answer

The answer of A(n)____________________ occurs when an attack affects information...

Question 44

What teams are involved in contingency planning and contingency operations?

Accepted Answer

The answer of What teams are involved in contingency planning...

Question 45

List four of the eight key components of a typical IR policy.

Accepted Answer

The answer of List four of the eight key components...

Question 46

Describe the methodology an organization should follow in an investigation.

Accepted Answer

The answer of Describe the methodology an organization should follow...

Question 47

Compare and contrast a hot site,a warm site,and a cold site.

Accepted Answer

The answer of Compare and contrast a hot site,a warm...

Question 48

In ____________________ testing of contingency plans,the individuals follow each and every procedure,including the interruption of service,restoration of data from backups,and notification of appropriate individuals.

Accepted Answer

The answer of In ____________________ testing of contingency plans,the individuals...

Question 49

When dealing with an incident,the incident response team must conduct a(n)____________________,which entails a detailed examination of the events that occurred from first detection to final recovery.

Accepted Answer

The answer of When dealing with an incident,the incident response...

Question 50

Discuss three of the five strategies that can be used to test contingency strategies.

Accepted Answer

The answer of Discuss three of the five strategies that...

Question 51

The bulk batch-transfer of data to an off-site facility is known as ____________________.

Accepted Answer

The answer of The bulk batch-transfer of data to an...

Question 52

List the seven steps of the incident recovery process according to Donald Pipkin.

Accepted Answer

The answer of List the seven steps of the incident...

Question 53

There are six key elements that the CP team must build into the DR Plan.What are three of them?

Accepted Answer

The answer of There are six key elements that the...

Question 54

What are the major components of contingency planning?

Accepted Answer

The answer of What are the major components of contingency...

Question 55

The first component of the analysis phase of a digital forensic investigation is ___________,which allows the investigator to quickly and easily search for a specific type of file.

Accepted Answer

The answer of The first component of the analysis phase...

Question 56

A(n)____________________ is an agency that provides,in the case of DR/BC planning,physical facilities for a fee.

Accepted Answer

The answer of A(n)____________________ is an agency that provides,in the...

Question 57

____________________ planning ensures that critical business functions can continue if a disaster occurs.

Accepted Answer

The answer of ____________________ planning ensures that critical business functions...

Question 58

What are the three roles performed by the crisis management team?

Accepted Answer

The answer of What are the three roles performed by...

Question 59

Explain the difference between a business impact analysis and the risk management process.

Accepted Answer

The answer of Explain the difference between a business impact...

Question 60

A(n)____________________ is a document containing contact information of the individuals to notify in the event of an actual incident.

Accepted Answer

The answer of A(n)____________________ is a document containing contact information...

Deck 10: Planning for Contingencies