Note: Pardon the messiness of the questions. These questions come from my podcast and will be cleaning the questions up over the coming weeks.
A critical first step in disaster recovery and contingency planning is which of the following?
CORRECT ANSWER - A. Complete a business impact analysis
The first step in disaster recovery and contingency planning is implementing a business impact analysis (BIA). The step involves identifying all possible threats and measuring the effect each can have on the company. This also includes identifying critical company functions and resources and calculating outage times.
There are different types of offsite facilities, either subscription-based or company-owned. Which type of subscription-based backup facility is used most often?
CORRECT ANSWER - B. Warm
Warm sites offer an even mix of advantages and disadvantages. These backup locations have power and network available, but only a portion of the hardware and software installed. A positive attribute of a warm site is that they are less expensive than a hot site. A downside is that testing capabilities are not available as they are with hot sites. A redundant site is not subscription-based, but owned by the company.
In disaster recovery, each level of employee should have clearly defined responsibilities. Which of the following is a responsibility of senior executives?
CORRECT ANSWER - D. Oversee budgets and the overall project
Senior executives have several key responsibilities within disaster recovery, which include: support and approve plans; sponsor all aspects of plans; verify testing phases are being carried out; and oversee budgets. Having the dedicated and consistent support of senior management is critical in the success of disaster recovery and contingency planning.
Two or more honeypots on a network:
CORRECT ANSWER - Honeynet
A centralized collection of honeypots and analysis tools:
CORRECT ANSWER - Honeyfarm
A form of software virtualization that lets programs and processes run in their own isolated virtual environment:
CORRECT ANSWER - Sandboxing
A group of technologies which aggregate information about access controls and selected system activity to store for analysis and correlation:
CORRECT ANSWER - Security information and event management (SIEM)
States that when a crime is committed, the perpetrators leave something behind and take something with them, hence the exchange:
CORRECT ANSWER - Locard's exchange principle
Essential activities to protect business information and can be established in compliance with laws, regulations, or corporate governance:
CORRECT ANSWER - Records and information management (RIM)
A technology that monitors activity like an IDS but will automatically take proactive preventative action if it detects unacceptable activity:
CORRECT ANSWER - Intrusion detection systems