Test Bank Principles of Incident Response and Disaster Recovery 1st Edition Whitman

Full file at http://testbank360.
eu/test-bank-principles-of-incident-response-and-disaster-recovery-1st-edition-whitman
Chapter 2: Planning for Organizational Readiness
TRUE/FALSE
1. Team leaders from the subordinate teams, including the IR, DR, and BC teams, should not be included
in the CPMT.
ANS: F PTS: 1 REF: 48
2. Effective contingency planning begins with effective policy.
ANS: T PTS: 1 REF: 51
3. Attacks with a remote chance of occurrence receive more attention than those that occur frequently.
ANS: F PTS: 1 REF: 59
4. The organization’s level of preparedness directly influences the probability of a successful attack.
5. A weighted analysis table can be useful in resolving the issue of what business function is the most
critical.
MULTIPLE CHOICE
1. A(n) ____ should be a high-level manager with influence and resources that can be used to support the
project team, promote the objectives of the CP project, and endorse the results that come from the
combined effort.
a. incident manager c. crisis manager
b. champion d. project manager
ANS: B PTS: 1 REF: 47
2. A(n) ____ provides the strategic vision and the linkage to the power structure of the organization, but
someone has to manage the project.
3. A(n) ____ must lead the project and make sure a sound project planning process is used, a complete
and useful project plan is developed, and project resources are prudently managed to reach the goals of
the project.
ANS: D PTS: 1 REF: 48
Full file at http://testbank360.eu/test-bank-principles-of-incident-response-and-disaster-recovery-1st-edition-whitman
4. A(n) ____ is generally thought of as a group of individuals united by shared interests or values within
an organization and who share a common goal of making the organization function to meet its
objectives.
a. database community c. community of interest
b. network community d. incident response community
ANS: C PTS: 1 REF: 49
5. The ____ job functions and organizational roles focus on protecting the organization’s information
systems and stored information from attacks.
a. information technology management and professionals
b. organizational management and professionals
c. information security management and professionals
d. human resource management and professional
6. The ____ job functions focus more on costs of system creation and operation, ease of use for system
users, and timeliness of system creation, as well as transaction response time.
a. information technology management and professionals
b. organizational management and professionals
c. information security management and professionals
d. human resource management and professional
ANS: A PTS: 1 REF: 50
7. The elements required to begin the ____ process are a planning methodology; a policy environment to
enable the planning process; an understanding of the cause and effects of core precursor activities,
known as the business impact analysis; and access to financial and other resources, as articulated and
outlined by the planning budget.
a. human resource planning c. relocation planning
b. information security planning d. contingency planning
8. The reason for the ____ is to define the scope of the CP operations and establish managerial intent
with regard to timetables for response to incidents, recovery from disasters, and reestablishment of
operations for continuity.
a. incident response policy c. disaster recovery policy
b. contingency planning policy d. cross-training policy
9. The ____ is an investigation and assessment of the impact that various attacks can have on the
organization.
a. business impact analysis c. forensic analysis
b. threat of attack analysis d. cross-training analysis
10. ____ should include scenarios depicting a typical attack, including its methodology, indicators of an
attack, and broad consequences.
a. Cross-training c. Attack scenarios
b. Attack triggers d. Incident profiles
11. The ____ details the estimate the cost of the best, worst, and most likely outcomes.
a. attack profile c. trigger profile
b. attack scenario end case d. incident profile
12. The ____ is the point in time by which systems and data must be recovered after an outage as
determined by the business unit.
a. recovery point objective c. recovery time objective
b. dependency objective d. training objective
13. The ____ is the period of time within which systems, applications, or functions must be recovered
after an outage.
a. recovery point objective c. recovery time objective
b. dependency objective d. training objective
14. The ____ can be used to collect information directly from the end users and business managers.
a. facilitated data gathering session c. system log session
b. data management session d. forensic analysis
15. ____ is a common approach used in the discipline of systems analysis and design.
a. Database diagramming c. Application diagramming
b. Network diagramming d. Systems diagramming
16. ____ collect and provide reports on failed login attempts, probes, scans, denial-of-service attacks, and
viruses detected, to name a few.
a. Departmental reports c. Scheduled reports
b. Financial reports d. System logs
17. The accidental deletion of user desktop data or files by a member of the organization is an example of
a(n) ____.
a. compromise to intellectual property c. deliberate act of trespass
b. act of human error d. deliberate act of information distortion
18. The violation of fair use of copyrighted material is an example of a(n) ____.
19. The unauthorized logical access to organizational information or systems is an example of a(n) ____.
20. The physical damage or destruction of organizational assets is an example of a(n) ____.
a. deliberate act of sabotage c. deliberate act of trespass
21. The blackmail of an organization for information assets is an example of a(n) ____.
a. deliberate act of sabotage c. deliberate act of trespass
COMPLETION
1. The _________________________ adds insight into what the organization must do to respond to an
attack, minimize the damage from the attack, recover from the effects, and return to normal operations.
ANS:
business impact analysis
business impact analysis (BIA)
BIA
PTS: 1 REF: 55
2. The focus of the _________________________ in developing the BIA should also include non-
information security threats such as work stoppages, serious illnesses (pandemics), and other critical
threats.
ANS:
CPMT
contingency planning management team
contingency planning management team (CPMT)
PTS: 1 REF: 56
3. _________________________ are often used as the basis for the development of recovery strategies
and as a determinant as to whether or not to implement the recovery strategies during a disaster
situation.
ANS:
Recovery time objectives
Recovery time objectives (RTOs)
RTOs
PTS: 1 REF: 71
4. The use of antiquated or outdated technologies is an example of ____________________

obsolescence.
ANS: technological
PTS: 1 REF: 59
5. The illegal “taking” of organizational assets is an example of a deliberate act of

____________________.
ANS: theft
PTS: 1 REF: 58
MATCHING
Match each item with a statement below.

a. BIA f. System log
b. Attack scenarios g. Insurance
c. Online questionnaire h. Act of human error
d. Recovery time objective i. Compromises to intellectual property
e. Use case diagram
1. Also called attack profiles.
2. Maximum allowable downtime.
3. Can provide a much more accurate description of the attack environment the organization faces.
4. Facilitates data collection and analysis.
5. Unauthorized installation of software in violation of its licensing.
6. Installation of unauthorized software.
7. Specifically designed to understand the interactions between entities and business functions.
8. Helps to identify and prioritize critical IT systems and components.
9. The number-one budgetary expense for disaster recovery.
1. ANS: B PTS: 1 REF: 62

2. ANS: D PTS: 1 REF: 71
3. ANS: F PTS: 1 REF: 82
4. ANS: C PTS: 1 REF: 70
5. ANS: I PTS: 1 REF: 57
6. ANS: H PTS: 1 REF: 57
7. ANS: E PTS: 1 REF: 78
8. ANS: A PTS: 1 REF: 51
9. ANS: G PTS: 1 REF: 84
SHORT ANSWER
1. What are the functions of the contingency planning management team?
ANS:
Obtaining commitment and support from senior management
Writing the contingency plan document
Conducting the business impact analysis (BIA), which includes:
Assisting in identifying and prioritizing threats and attacks
Assisting in identifying and prioritizing business functions
Organizing the subordinate teams, such as:
Incident response
Disaster recovery
Business continuity
Crisis management
PTS: 1 REF: 47
2. What is the 7-step contingency process that an organization may apply to develop and maintain a
viable contingency planning program for their IT systems?
ANS:
1. Develop the contingency planning policy statement: A formal department or agency policy provides
the authority and guidance necessary to develop an effective contingency plan.
2. Conduct the BIA: The BIA helps to identify and prioritize critical IT systems and components. A
template for developing the BIA is also provided to assist the user.
3. Identify preventive controls: Measures taken to reduce the effects of system disruptions can increase
system availability and reduce contingency life cycle costs.
4. Develop recovery strategies: Thorough recovery strategies ensure that the system may be recovered
quickly and effectively following a disruption.
5. Develop an IT contingency plan: The contingency plan should contain detailed guidance and
procedures for restoring a damaged system.
6. Plan testing, training, and exercises: Testing the plan identifies planning gaps, whereas training
prepares recovery personnel for plan activation; both activities improve plan effectiveness and overall
agency preparedness.
7. Plan maintenance: The plan should be a living document that is updated regularly to remain current
with system enhancements.”1
PTS: 1 REF: 51
3. List five deliberate software attacks.
ANS:
1. E-mail viruses and worms
2. E-mail-based social engineering
3. Web-based malicious scripts
4. Denial-of-service attacks on servers
5. Spyware and malicious adware
PTS: 1 REF: 57
4. To effectively perform the BIA, a large quantity of information specific to various business areas and
functions is needed. What are the methods used to collect this information?
ANS:
1. Online questionnaires
2. Facilitated data-gathering sessions
3. Process flows and interdependency studies
4. Risk assessment research
5. IT application or system logs
6. Financial reports and departmental budgets
7. BCP/DRP audit documentation
8. Production schedules
PTS: 1 REF: 70
5. What are the stages used by the CPMT when conducting a business impact analysis?
ANS:
1. Threat attack identification and prioritization
2. Business unit analysis
3. Attack success scenario development
4. Potential damage assessment
5. Subordinate plan classification
PTS: 1 REF: 55
6. List five elements that contribute to a successful business impact analysis.
ANS:
1. “Scope the BIA appropriately, and take into account all categories of risk to the organization, as well
as all categories of impact.
2. Develop a data-gathering plan that addresses the analytic needs of executive management.
Collecting the right information is critical.
3. Use objective data to draw conclusions whenever possible, but recognize that subjective data from
knowledgeable and experienced personnel can be equally important.
4. Seek executive management’s requirements in advance of the study, and deliver the risk assessment
and BIA results in a manner that meets those requirements.
5. Obtain validation from business process owners and executives to ensure commitment.”
PTS: 1 REF: 55
7. What is the difference between the recovery point objective and the recovery time objective?
ANS:
Recovery point objective (RPO): “The point in time by which systems and data must be recovered
after an outage as determined by the business unit” or in other words, ‘how much data can I afford to
lose’.
Recovery time objective (RTO): The period of time within which systems, applications, or functions
must be recovered after an outage (for example, one business day). RTOs are often used as the basis
for the development of recovery strategies and as a determinant as to whether or not to implement the
recovery strategies during a disaster situation.
PTS: 1 REF: 71
8. What is business impact analysis and why is it important?
ANS:
The business impact analysis (BIA) is an investigation and assessment of the impact that various
attacks can have on the organization. The BIA is a crucial component of the initial planning stages,
because it provides detailed scenarios of the effects that each potential attack could have on the
organization.
PTS: 1 REF: 55
9. What is the difference between a champion and a project manager?
ANS:
A champion provides the strategic vision and the linkage to the power structure of the organization, but
someone has to manage the project. A project manager, possibly a midlevel manager or even the CISO,
must lead the project and make sure a sound project planning process is used, a complete and useful
project plan is developed, and project resources are prudently managed to reach the goals of the
project.
PTS: 1 REF: 48
10. There are three identified communities of interest that have roles and responsibilities in information
security. What are the roles fulfilled by each community of interest?
ANS:
The roles that are fulfilled by each community of interest are as follows:
1. Managers and practitioners in the field of information security

2. Managers and practitioners in the field of information technology
3. Managers and professionals from the general management of the organizations
PTS: 1 REF: 49

Test Bank Principles of Incident Response and Disaster Recovery 1st Edition Whitman

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Test Bank Principles of Incident Response and Disaster Recovery 1st Edition Whitman

Uploaded by

Copyright:

Available Formats

Full file at http://testbank360.

ANS: F PTS: 1 REF: 48

2. Effective contingency planning begins with effective policy.

ANS: T PTS: 1 REF: 51

ANS: F PTS: 1 REF: 59

ANS: T PTS: 1 REF: 59

ANS: T PTS: 1 REF: 61

4. The use of antiquated or outdated technologies is an example of ____________________

5. The illegal “taking” of organizational assets is an example of a deliberate act of

Match each item with a statement below.

1. ANS: B PTS: 1 REF: 62

1. What are the functions of the contingency planning management team?

3. List five deliberate software attacks.

6. List five elements that contribute to a successful business impact analysis.

8. What is business impact analysis and why is it important?

9. What is the difference between a champion and a project manager?

1. Managers and practitioners in the field of information security

You might also like