CIS 359 WEEK 11 FINAL EXAM
CIS 359 Week 11 Final
Exam
1. A continuously changing process presents challenges in acquisition, as
there is not a fixed state that can be collected, hashed, and so forth. This has given rise to
the concept of ____ forensics which captures a point-in-time picture of a process.
2. ____ is used both for
intrusion analysis and as part of evidence collection and analysis.
3. In evidence handling,
specifically designed ____ are helpful because they are very difficult to
remove without breaking.
4. A search is
constitutional if it does not violate a person’s reasonable or legitimate____.
5. The forensic tool ____
does extensive pre-processing of evidence items that recovers deleted
files and extracts e-mail messages.
6. Most digital forensic
teams have a prepacked field kit, also known as a(n) ____.
7. The ____ handles
computer crimes that are categorized as felonies.
8. Forensic investigators
use ____ copying when making a forensic image of a device, which reads a sector
(or block; 512 bytes on most devices) from the source drive and writes it to
the target drive; this process continues until all sectors on the suspect drive
have been copied.
9. Grounds for
challenging the results of a digital investigation can come from possible
____—that is, alleging that the relevant evidence came from somewhere else or
was somehow tainted in the collection process.
10. The U.S. Department of
Homeland Security’s Federal Emergency Management Association has developed a
support Web site at ____ that includes a suite of tools to guide the
development of disaster recovery/business continuity plans.
11. Identifying measures,
called ____, that reduce the effects of system disruptions can reduce
continuity life-cycle costs.
12. Two dominantly
recognized professional institutions certifying business continuity
professionals agree on the ____ as the basis for certification.
13. Unless an organization
has contracted for a ____ or equivalent, office equipment such as desktop
computers are not provided at BC alternate site.
14. ____ planning
represents the final response of the organization when faced with any
interruption of its critical operations.
15. A BC subteam called
the ____ is responsible for establishing the core business functions needed to
sustain critical business operations.
16. One activity that
occurs during the clearing phase of a BC implementation is scheduling a move
back to the primary site.
17. In the ____ phase of
the BC plan, the organization specifies what type of relocation services are
desired and what type of data management strategies are deployed to support
relocation.
18. ____ occur over time
and slowly deteriorate the organization’s capacity to withstand their effects.
19. Contingency strategies
for ____ should emphasize the need for absolutely reliable data backup and
recovery procedures because they have less inherent redundancy than a
distributed architecture.
20. ____ may be caused by
earthquakes, floods, storm winds, tornadoes, or mud flows.
21. ____ disasters include
acts of terrorism and acts of war.
22. Once the incident has
been contained, and all signs of the incident removed, the ____ phase begins.
23. A ____ is a
description of the disasters that may befall an organization, along with
information on their probability of occurrence, a brief description of the
organization’s actions to prepare for that disaster, and the best case, worst
case, and most likely case outcomes of the disaster.
24. ____ are highly
probable when infected machines are brought back online or when other infected
computers that may have been offline at the time of the attack are brought back
up.
25. The part of a disaster
recovery policy that identifies the organizational units and groups of
employees to which the policy applies is called the ____ section.
26. ____ is the set of
actions taken by an organization in response to an emergency situation in an
effort to minimize injury or loss of life.
27. In contrast to
emergency response that focuses on the immediate safety of those affected, ____
addresses the services needed to get the organization and its stakeholders back
to original levels of productivity or satisfaction.
28. ____ is the movement
of employees from one position to another so they can develop additional skills
and abilities.
29. A(n) ____ is the list
of officials ranging from an individual’s immediate supervisor through the top
executive of the organization.
30. A(n) ____ is created
to enable management to gain and maintain control of ongoing emergency
situations, to provide oversight and control to designated first responders,
and to marshal IR, DR, and DC plans and resources as needed.
31. Organizations
typically respond to a crisis by focusing on technical issues and economic
priorities, and overlook the steps needed to preserve the most critical assets
of the organization: its people.
32. ____ are those actions
taken in order to manage the immediate physical, health, and environmental impacts
resulting from an incident.
33. ____ refers to those
actions taken to meet the psychological and emotional needs of various
stakeholders.
34. According to the
2010/2011 Computer Crime and Security Survey, ____ is “the most commonly seen
attack, with 67.1 percent of respondents reporting it.”
35. When an alert warns of
new malicious code that targets software used by an organization, the first
response should be to research the new virus to determine whether it is ____.
36. In a “block”
containment strategy, in which the attacker’s path into the environment is
disrupted, you should use the most precise strategy possible, starting with
____.
37. If a user receives a
message whose tone and terminology seems intended to invoke a panic or sense of
urgency, it may be a(n) ____.
38. Many malware attacks
are ____ attacks, which involve more than one type of malware and/or more than
one type of transmission method.
39. A ____ is a small
quantity of data kept by a Web site as a means of recording that a system has
visited that Web site.
40. A(n) ____ attack is a
method of combining attacks with rootkits and back doors.
41. According to NIST,
which of the following is an example of a UA attack?
42. Which of the following
is the most suitable as a response strategy for malware outbreaks?
43. The ____ team is responsible
for working with suppliers and vendors to replace damaged or destroyed
equipment or services, as determined by the other teams.
44. The ____ team is
responsible for the recovery of information and the reestablishment of
operations in storage area networks or network attached storage.
45. The ____ system is an
information system with a telephony interface that can be used to automate the
alert process.
46. ____ is the inclusion
of action steps to minimize the damage associated with the disaster on the
operations of the organization.
47. The ____ team is
primarily responsible for data restoration and recovery.
48. The ____ is the phase
associated with implementing the initial reaction to a disaster; it is focused
on controlling or stabilizing the situation, if that is possible.
49. The ____ team is
responsible for recovering and reestablishing operating systems (OSs).
50. During the ____ phase,
the organization begins the recovery of the most time-critical business
functions - those necessary to reestablish business operations and prevent
further economic and image loss to the organization.
No comments:
Post a Comment