CST 151 T2

Q1. Much of the work that is involved in gathering information about an incident is done through the use of ____.

    a. manual tools

    b. automated tools

    c. monitoring

    d. system tools

 

Q2. In the case of a(n) ____ incident, the aim of incident response management is to ensure that the nature of the incident is understood in as timely a fashion as possible, and that the best possible response is deployed.

    a. expected

    b. possible

    c. unforeseen

    d. probable

 

Q3. Since the zero-knowledge test is the closest to mimicking real life, ____ testing is a particularly effective method to test the incident identification and response procedures of a target function.

    a. blind

    b. double-blind

    c. open

    d. closed

 

Q4. Incidents can range from user errors and power disruptions to malicious activity.

    a. True

    b. False

 

Q5. The goal of ____ is to distinguish the presence of a security violation, an attempt to exploit a security flaw, or even the existence of an inadvertent breakdown in security functioning.

    a. incident identification

    b. risk management

    c. threat identification

    d. vulnerability identification

 

Q6. The general incident response process encompasses a set of logical monitoring, analysis, and response activities.

    a. True

    b. False

 

Q7. Effective incident reporting relies on the presence of a well-established ____ function.

    a. recording

    b. controlling

    c. monitoring

    d. responding

 

Q8. The key to success in continuity is ____.

    a. standardization

    b. preparation

    c. planning

    d. operation

 

Q9. ____ is an operational process that is carried out to ensure the continuing effectiveness of continuity plans.

    a. Recovery analysis

    b. Threat analysis

    c. Business impact analysis

    d. Risk analysis

 

Q10. ____ is meant to ensure a disciplined recovery from a specific disaster.

    a. Emergency planning

    b. Disaster planning

    c. Continuity planning

    d. Recovery planning

 

Q11. ____ have a considerable economic advantage over other recovery approaches because they only require a hardware and software environment compatible with the live site.

    a. Warmsites

    b. Hotsites

    c. Fullsites

    d. Coldsites

 

Q12. The goal of enterprise continuity management is to develop and then oversee a process to ensure that the critical elements of the organization's information and information processing function survive in the event of a disaster or other adverse event.

    a. True

    b. False

 

Q13. The next step down from total redundancy is the ____.

    a. Data Recovery Hotsite

    b. Data Recovery Coldsite

    c. Data Recovery Warmsite

    d. Data Recovery Offsite

 

Q14. In the world of business, the most common model for access control is ____.

    a. RBAC

    b. MAC

    c. DAC

    d. TAC

 

Q15. Detecting intrusions and other violations of the integrity of the system is one of the primary operational duties of anybody managing the data security process.

    a. True

    b. False

 

Q16. In a ____ system, the subject's access permissions are assigned based on the security attributes that they possess and the rules that have been established for those attributes.

    a. mandatory access control

    b. role-based access control

    c. discretionary access control

    d. delegated access control

 

Q17. The data security management function is geared around ____ creation and enforcement.

    a. procedure

    b. policy

    c. standard

    d. resource

 

Q18. In simple terms, cryptography involves a(n) ____ algorithm.

    a. conversion

    b. diversion

    c. communication

    d. encryption

 

Q19. ____ incidents include such things as pre-attack probes, unauthorized access attempts, or structural vulnerabilities.

    a. Potential

    b. Actual

    c. Reference

    d. Auditable

 

Q20. The ____ sets a specific period of time to retain each record type, after which that particular record is erased from the system or archived in places that are difficult to access.

    a. data access policy

    b. data security policy

    c. data retention policy

    d. data loss policy

 

Q21. ____ is highly detail-oriented and requires a roadmap of policies and procedures that is designed to ensure maximum compliance with a wide range of rules and regulations.

    a. Chain of evidence

    b. Chain of ownership

    c. Chain of custody

    d. Chain of use

 

Q22. ____ consists of the protocols for the analysis of data.

    a. Forensic analysis

    b. System analysis

    c. Threat analysis

    d. Risk analysis

 

Q23. Ensuring legally correct evidence in digital forensics is a tricky proposition, because it relies on the proper use of ____.

    a. tools

    b. search warrants

    c. legal instruments

    d. authority

 

Q24. The aspect that distinguishes digital forensics from the general forensics investigative process is the ____.

    a. chain of evidence

    b. nature of the evidence

    c. due cause

    d. chain of value

 

Q25. The aim of the digital forensics process is to ensure that the procedures used to gather the facts are explicitly trustworthy.

    a. True

    b. False