





Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
A collection of quiz questions and exam review material for cist 1601, focusing on chapter 7. It covers key concepts related to disaster recovery, incident response, and digital forensics. Multiple-choice questions with answers, offering a valuable resource for students preparing for exams or quizzes.
Typology: Exams
1 / 9
This page cannot be seen from the preview
Don't miss anything!
A ____ is an agency that provides physical facilities in the event of a disaster for a fee. - ✔✔service bureau. A crime involving digital media, computer technology, or related components may best be called an act of _____. - ✔✔digital malfeasance A fundamental difference between a BIA and risk management is that risk management focuses on identifying threats, vulnerabilities, and attacks to determine which controls can protect information, while the BIA assumes _____. - ✔✔all of above A potential disadvantage of a timeshare site-resumption strategy is: - ✔✔more than one organization might need the facility. Data backup should be based on a(n) ____ policy that specifies how long log data should be maintained. - ✔✔incident response. Digital forensics involves the _____, identification, extraction, documentation, and interpretation of digital media. - ✔✔preservation
Each of the following is a role for the crisis management response team EXCEPT: - ✔✔transient symptoms Ideally, the _____, systems administrators, the chief information security officer (CISO), and key IT and business managers should be actively involved during the creation and development of all CP components - ✔✔The CEO The detailed documentation of the collection, storage, transfer, and ownership of evidentiary material from the crime scene through its presentation in court and its eventual disposition. is called a(n) _____. - ✔✔chain of evidence The maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources is ____. - ✔✔recovery time object (RTO) The most common schedule for tape-based backup is a _____ backup, either incremental or differential, with a weekly off-site full backup. - ✔✔daily on-site The point in time before a disruption or system outage to which business process data can be recovered after an outage is ____. - ✔✔recovery point object
_____ is the rapid determination of the scope of the breach in the confidentiality, integrity, and availability of information and information assets during or just following an incident. - ✔✔damaged assessment The ability to detect a target computer's __________ is very valuable to an attacker. a. peripherals b. operating system c. manufacturer d. BIOS - ✔✔operating system A(n) NIDPS functions on the host system, where encrypted traffic will have been decrypted and is available for processing.
True False - ✔✔False __________ is the process of classifying IDPS alerts so that they can be more effectively managed. a. Alarm filtering
b. Alarm attenuation c. Alarm clustering d. Alarm compaction - ✔✔Alarm filtering Which of the following is NOT a described IDPS control strategy? a. centralized b. fully distributed c. partially distributed d. decentralized - ✔✔decentralized __________ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations. a. HIDPSs b. NIDPSs c. AppIDPSs d. SIDPSs - ✔✔NIDPSs To use a packet sniffer legally, an administrator only needs permission of the organization's top computing executive.
d. stat IDPS - ✔✔LFM Which of the following ports is commonly used for the HTTP protocol? a. 20 b. 25 c. 53 d. 80 - ✔✔ 80 The integrity value, which is based upon fuzzy logic, helps an administrator determine how likely it is that an IDPS alert or alarm indicates an actual attack in progress. _________________________ True False - ✔✔False A(n) __________ IDPS is focused on protecting network information assets. a. application-based b. server-based c. network-based d. host-based - ✔✔network-based
Network behavior analysis system __________ sensors are typically intended for network perimeter use, so they are deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall. a. passive b. inline c. bypass d. offline - ✔✔inline A padded cell is a hardened honeynet. _________________________ True False - ✔✔False To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known __________ in their knowledge base. a. signatures b. vulnerabilities c. footprints