Deck 10: Planning for Contingencies

A) Unusual consumption of computing resources
B) Activities at unexpected times
C) Presence of hacker tools
D) Reported attacks

A) Business continuity training
B) Disaster recovery planning
C) Business impact analysis
D) Incident response planning

A) Risk management
B) Contingency planning
C) Business response
D) Disaster readiness

A) Weighted analysis
B) BIA questionnaire
C) Recovery time organizer
D) MTD comparison

A) Incident classification
B) Incident identification
C) Incident registration
D) Incident verification

A) Project management
B) Business continuity
C) Disaster recovery
D) Incident response

A) Identify resource requirements
B) Identify business processes
C) Determine mission/business processes and recovery criticality
D) Identify recovery priorities for system resources

A) Before an incident takes place
B) Once the DRP is activated
C) When an incident is detectedthataffects it
D) Once the BCP is activated

A) Desk check
B) Simulation
C) Structured walk-through
D) Parallel testing

A) Remote journaling
B) Electronic vaulting
C) Database shadowing
D) Timesharing

A) Report the findings to the proper authority
B) Acquire (seize) the evidence without alteration or damage
C) Identify relevant items of evidentiary value (EM)
D) Analyze the data without risking modification or unauthorized access

A) Protect and forget
B) after-action review
C) Transfer to local/state/federal law enforcement
D) Track, hack and prosecute

A) Desk check
B) Simulation
C) Structured walk-through
D) Full-interruption

A) Restoring the data from backups
B) Evaluating monitoring capabilities
C) Keeping the public informed about the event and the actions being taken
D) Restoring the services and processes in use

A) Business continuity
B) Crisis management
C) Incident response
D) Business impact analysis

A) It is an empty room with standard heating, air conditioning, and electrical service.
B) It includes computing equipment and peripherals with servers but not client workstations.
C) It duplicates computing resources, peripherals, phone systems, applications, and workstations.
D) All communications services must be installed after the site is occupied.

A) Create the incident damage assessment
B) Conduct an after-action review
C) Restore data from backups
D) Restore services and processes in use

A) Incident report
B) Incident damage assessment
C) Information loss assessment
D) Damage report

A) Cold site
B) Warm site
C) Timeshare
D) Hot site

A) Identifying the vulnerabilities that allowed the incident to occur and spread
B) Determining the event's impact on normal business operations and, if necessary, making a disaster declaration
C) Supporting personnel and their loved ones during the crisis
D) Keeping the public informed about the event and the actions being taken to ensure the recovery of personnel and the enterprise

A) Affidavit
B) Search warrant
C) Evidentiary report
D) Forensic concurrence

A) Unusual system crashes
B) Reported attack
C) Presence of new accounts
D) Use of dormant accounts

A) Digital malfeasance
B) E-discovery
C) Forensics
D) Evidentiary procedures

A) Chain of custody
B) Search warrant
C) Affidavit
D) Evidentiary material

A) Database shadowing
B) Timesharing
C) Traditional backups
D) Electronic vaulting

A) Flood
B) Pest infestation
C) Famine
D) Environmental degradation