Quiz: Module 13 Incident Preparation and Investigation

Mary Alice has been asked to help develop an outline of procedures to follow in the event of a major IT incident or an incident that directly impacts IT. What type of planning is this?

a. business impact analysis planning

b. IT contingency planning

c. disaster recovery planning

d. risk IT planning

c. disaster recovery planning

Which of the following is NOT an element that should be part of a BCP?

a. high availability

b. simplicity

c. diversity

d. scalability

b. simplicity

Mary Alice has been asked to help develop an outline of procedures to follow in the event of a major IT incident or an incident that directly impacts IT. What type of planning is this?

a. business impact analysis planning

b. IT contingency planning

c. disaster recovery planning

d. risk IT planning

c. disaster recovery planning

Which of the following is NOT an element that should be part of a BCP?

a. high availability

b. simplicity

c. diversity

d. scalability

b. simplicity

Which of the following is a federal initiative that is designed to encourage organizations to address how critical operations will continue under a broad range of negative circumstances?

a. COOP

b. BAIA

c. MFTF

d. PRPR

a. COOP

Bracha is completing a request for proposal (RFP) to be sent to different vendors. The RFP mandates that the annual downtime be the lowest possible. What name will Bracha include on her RFP?

a. Zero Nines

b. Nine Nines

c. Six Nines

d. Ninety-Nine Nines

c. Six Nines

Eden is creating an incident response plan. Which process involves completing incident documentation, performing detailed analysis to increase security, and improving future response efforts?

a. mission-essential functions

b. recovery objectives

c. lessons learned

d. tactical summary

c. lessons learned

Which of the following is NOT an item that should be included in an incident response plan?

a. definitions

b. incident response team composition

c. reporting requirements

d. alternative business practices

d. alternative business practices

Hannah is planning incident response testing exercises for the next year. This exercise will be a monthly 30-minute discussion of a scenario conducted in an informal and stress-free environment. What is the name of this exercise?

a. simulation

b. tabletop

c. walkthrough

d. relaxed scenario event (RSE)

b. tabletop

Chaya is helping an intern understand RAID. Which of the following is NOT something that Chaya will say about RAID?

a. It can be implemented in hardware or software.

b. Nested levels can combine other RAID levels.

c. It is designed primarily to backup data.

d. The most common levels of RAID are Levels 0, 1, 5, 6, and 10.

c. It is designed primarily to backup data.

Which of the following frameworks is used for examining network intrusion events?

a. Attack Network Vector (ANV)

b. MITRE ATT&CK

c. Cyber Kill Chain

d. The Diamond Model of Intrusion Analysis

d. The Diamond Model of Intrusion Analysis

Which of the following is used to provide server redundancy?

a. load balancing

b. server resource sharing (SRS)

c. clustering

d. server conflagration

c. clustering

What device is always running off its battery while the main power runs the battery charger?

a. remote UPS

b. backup UPS

c. off-line UPS

d. on-line UPS

d. on-line UPS

Which type of site is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running?

a. cold site

b. warm site

c. hot site

d. mixed site

c. hot site

Emma is reading the documentation for the new UPS that just arrived. Which of the following will the new UPS NOT perform?

a. Prevent certain applications from launching that will consume too much power.

b. Disconnect users and shut down the server.

c. Prevent any new users from logging on.

d. Notify all users that they must finish their work immediately and log off.

a. Prevent certain applications from launching that will consume too much power.

What is the definition of RPO?

a. The maximum length of time that can be tolerated between backups.

b. Length of time it will take to recover data that has been backed up.

c. The frequency that data should be backed up.

d. How a backup utility reads an archive bit.

a. The maximum length of time that can be tolerated between backups.

Shai is designing the specifications for a new file server. Which of the following configurations will be the most effective?

a. Boot from HDD, store data on SSD

b. Boot from SSD, store data on HDD

c. Boot from either HDD or SSD, store data on SSD

d. Boot from either HDD or SSD, store data on HDD

b. Boot from SSD, store data on HDD

Noa is writing an email to her team leader about her concerns that all of the organization's cloud resources are isolated on a single cloud provider. Noa believes that the company's cloud resources need to be spread across more than one cloud provider. What system is Noa advocating?

a. spread-cloud system

b. multicloud system

c. dispersed-cloud system

d. spectrum-cloud system

b. multicloud system

Which type of data copy makes a copy whenever a change to the data occurs?

a. disk copy

b. backup

c. snapshot

d. journaling

d. journaling

Which of the following is the process of discovering the origin (root) cause of a security event?

a. TBS

b. XRX

c. BGP

d. RCA

d. RCA

Which of the following logs contains data that describes information about other data?

a. application log

b. network log

c. metadata log

d. endpoint log

c. metadata log

Which of the following is NOT true about digital forensics?

a. Digital forensics is a subset of forensics, which is the application of science to questions that are of interest to the legal profession.

b. Digital forensics involves the retrieval of difficult-to-obtain data, which is usually hidden, altered, or even deleted by the perpetrator.

c. Digital forensics is often confused with e-discovery, although they are not the same.

d. Digital forensics has evolved so that virtually anyone can perform it.

d. Digital forensics has evolved so that virtually anyone can perform it.