Principles of Incident Response And Disaster Recovery 2nd Edition By Michael – Test Bank
Chapter 4: Incidence Response: Planning
TRUE/FALSE
1.Organizing the incident response planning process begins with staffing the disaster recovery committee.
ANS: F PTS: 1 REF: 134
2.E-mail spoofing attacks require an immediate response, typically no more than 30 minutes to one hour.
ANS: F PTS: 1 REF: 140
3. several national training programs focus on incident response tools and techniques.
ANS: T PTS: 1 REF: 144
4.In computer-based training settings, trainees receive a seminar presentation at their computers.
ANS: F PTS: 1 REF: 151
5.A recommended practice for implementation of a physical IR plan document is to attach copies of relevant documents such as service agreements for the ISP, telephone, water, gas, etc.
ANS: T PTS: 1 REF: 153
MULTIPLE CHOICE
1.The committees of the CPMT follow a set of general stages to develop their subordinate plans. In the case of incident planning, the first stage is to ____.
|
a. |
develop the IR planning policy |
c. |
integrate the BIA |
|
b. |
form the IR planning committee |
d. |
identify preventive controls |
ANS: B PTS: 1 REF: 133
2.The U.S. National Institute of Standards and Technology defines the incident response life cycle as having four main processes: 1) preparation; 2) detection and analysis; 3) containment, eradication, and recovery; and 4) ____.
|
a. |
incident report |
c. |
post-incident activity |
|
b. |
triage |
d. |
resolution |
ANS: C PTS: 1 REF: 134
3.The ____ Department of an organization needs to review the procedures of the CSIRT and understand the steps the CSIRT will perform to ensure it is within legal and ethical guidelines for the municipal, state, and federal jurisdictions.
|
a. |
Public Relations |
c. |
Legal |
|
b. |
Labor |
d. |
Auditing |
ANS: C PTS: 1 REF: 135
4.The ____ of an organization defines the roles and responsibilities for incident response for the CSIRT and others who will be mobilized in the activation of the plan.
|
a. |
CSIRT policy |
c. |
IR procedures |
|
b. |
IR plan |
d. |
IR policy |
ANS: D PTS: 1 REF: 136
5.In contingency planning, an adverse event that threatens the security of an organization’s information is called a(n) ____.
|
a. |
warning |
c. |
notification |
|
b. |
incident |
d. |
emergency |
ANS: B PTS: 1 REF: 138
6.The IR plan is usually ____ when an incident causes minimal damage with little or no disruption to business operations.
|
a. |
placed on standby |
c. |
placed on alert |
|
b. |
not activated |
d. |
activated |
ANS: D PTS: 1 REF: 138
7.____ incident responses enables the organization to react to a detected incident quickly and effectively, without confusion or wasted time and effort.
|
a. |
Recording |
c. |
Publishing |
|
b. |
Predefining |
d. |
Discussing |
ANS: B PTS: 1 REF: 139
8.The responsibility for creating an organization’s IR plan often falls to the ____.
|
a. |
database administrator |
c. |
forensic expert |
|
b. |
project manager |
d. |
chief information security officer |
ANS: D PTS: 1 REF: 141
9.A(n) ____ is a CSIRT team member, other than the team leader, who is currently performing the responsibilities of the team leader in scanning the organization’s information infrastructure for signs of an incident.
|
a. |
forensic expert |
c. |
project manager |
|
b. |
IR duty officer |
d. |
software engineer |
ANS: B PTS: 1 REF: 141
10.Should an incident begin to escalate, the CSIRT team leader continues to add resources and skill sets as necessary to attempt to contain and terminate the incident. The resulting team is called the ____ for this particular incident.
|
a. |
IR unit |
c. |
forensic team |
|
b. |
reaction force |
d. |
response unit |
ANS: B PTS: 1 REF: 141
Reviews
There are no reviews yet.