CIS 359 WEEK 5 MIDTERM
CIS 359 Week 5 Midterm
The midterm consists of 50 questions.
1.
When using
virtualization, it is commonplace to use the term ____ to refer to a
virtualized environment operating in or on a host platform.
2.
A(n) ____ backup
only archives the files that have been modified since the last backup.
3.
A(n) ____ is an
extension of an organization’s intranet into cloud computing.
4.
RAID 0 creates
one logical volume across several available hard disk drives and stores the
data using ____, in which data segments are written in turn to each disk drive
in the array.
5.
A ____ is
commonly a single device or server that attaches to a network and uses
TCP/IP-based protocols and communications methods to provide an online storage
environment.
6.
A ____ is an
agency that provides physical facilities in the event of a disaster for a fee.
7.
A(n) ____ is
often included in legal documents to ensure that a vendor is not liable for
actions taken by a client.
8.
A resumption
location known as a ____ is a fully configured computer facility capable of
establishing operations at a moment’s notice.
9.
A ____ is a
contractual document guaranteeing certain minimal levels of service provided by
a vendor.
10.
The
responsibility for creating an organization’s IR plan often falls to the ____.
11.
____ is the
process of systematically examining information assets for evidentiary material
that can provide insight into how an incident transpired.
12.
Incident
analysis resources include network diagrams and lists of ____, such as database
servers.
13.
One of the
primary responsibilities of the IRP team is to ensure that the ____ is prepared
to respond to each incident it may face.
14.
A(n) ____ is a
detailed examination of the events that occurred, from first detection of an
incident to final recovery.
15.
The Southeast
Collegiate Cyber Defense Competition is unique in that it focuses on the
operational aspect of managing and protecting an existing network
infrastructure. Unlike “capture-the-flag ” exercises, this competition is
exclusively a real-world ____ competition.
16.
The U.S.
National Institute of Standards and Technology recommends a set of tools for
the CSIRT including incident reporting mechanisms with which users can report
suspected incidents. At least one of these mechanisms should permit people to
report incidents ____.
17.
The training
delivery method with the lowest cost to the organization is ____.
18.
A(n) ____ is the
set of rules and configuration guidelines governing the implementation and
operation of IDPSs within the organization.
19.
A(n) ____ is any
system resource that is placed onto a functional system but has no normal use
for that system. If it attracts attention, it is from unauthorized access and
will trigger a notification or response.
20.
The use of IDPS
sensors and analysis systems can be quite complex. One very common approach is
to use an open source software program called ____ running on an open source
UNIX or Linux system that can be managed and queried from a desktop computer
using a client interface.
21.
A(n) ____ , a
type of IDPS that is similar to the NIDPS, reviews the log files generated by
servers, network devices, and even other IDPSs.
22.
New systems can
respond to an incident threat autonomously, based on preconfigured options that
go beyond simple defensive actions usually associated with IDPS and IPS
systems. These systems, referred to as ____, use a combination of resources to
detect an intrusion and then to trace the intrusion back to its source.
23.
The ____ is a
federal law that creates a general prohibition on the realtime monitoring of
traffic data relating to communications.
24.
In an attack known
as ____, valid protocol packets exploit poorly configured DNS servers to inject
false information to corrupt the servers’ answers to routine DNS queries from
other systems on that network.
25.
The purpose of
the ____ is to define the scope of the CP operations and establish managerial
intent with regard to timetables for response to incidents, recovery from
disasters, and reestablishment of operations for continuity.
26.
The first major
business impact analysis task is to analyze and prioritize the organization’s
business processes based on their relationships to the organization’s ____.
27.
The ____ is an
investigation and assessment of the impact that various events or incidents can
have on the organization.
28.
One modeling
technique drawn from systems analysis and design that can provide an excellent
way to illustrate how a business functions is a(n) ____.:
29.
The ____ is used
to collect information directly from the end users and business managers.
30.
The ____ job
functions and organizational roles focus on costs of system creation and
operation, ease of use for system users, timeliness of system creation, and
transaction response time.
31.
Which of the
following collects and provides reports on failed login attempts, probes,
scans, denial-of-service attacks, and detected malware?
32.
Within an
organization, a(n) ____ is a group of individuals who are united by shared
interests or values and who have a common goal of making the organization
function to meet its objectives.
33.
The elements
required to begin the ____ process are a planning methodology; a policy
environment to enable the planning process; an understanding of the causes and
effects of core precursor activities, and access to financial and other
resources.
34.
____ is a risk
control approach that attempts to shift the risk to other assets, other
processes, or other organizations.
35.
A ____ deals
with the preparation for and recovery from a disaster, whether natural or
man-made.
36.
The term ____
refers to a broad category of electronic and human activities in which an
unauthorized individual gains access to the information an organization is
trying to protect.
37.
____ of risk is
the choice to do nothing to protect an information asset and to accept the
outcome of its potential exploitation.
38.
A(n) ____ is an
investigation and assessment of the impact that various attacks can have on the
organization.
39.
A ____ attack
seeks to deny legitimate users access to services by either tying up a server’s
available resources or causing it to shut down.
40.
Information
assets have ____ when authorized users - persons or computer systems - are able
to access them in the specified format without interference or obstruction.
41.
The ____
illustrates the most critical characteristics of information and has been the
industry standard for computer security since the development of the mainframe.
42.
____ is the
process of examining, documenting, and assessing the security posture of an
organization’s information technology and the risks it faces.
43.
A CSIRT model
that is effective for large organizations and for organizations with major
computing resources at distant locations is the ____.
44.
The CSIRT should
be available for contact by anyone who discovers or suspects that an incident
involving the organization has occurred. Some organizations prefer that
employees contact a ____, which then makes the determination as to whether to
contact the CSIRT or not.
45.
Those services
undertaken to prepare the organization or the CSIRT constituents to protect and
secure systems in anticipation of problems, attacks, or other events are called
____.
46.
The ____ flow of
information needed from the CSIRT to organizational and IT/InfoSec management
is a critical communication requirement.
47.
The champion for
the CSIRT may be the same person as the champion for the entire IR
function—typically, the ____.
48.
A key step in
the ____ approach to incident response is to discover the identify of the
intruder while documenting his or her activity.
49.
In the absence
of the assigned team manager, the ____ should assume authority for overseeing
and evaluating a provided service.
50.
Giving the IR
team the responsibility for ____ is generally not recommended.
No comments:
Post a Comment