21 Veronica is considering the implementation of a database recovery mechanism recommended by a consultant. In the recommended approach, an automated process will move database backups from the primary facility to an off-site location each night. What type of database recovery technique is the consultant describing?Remote journalingRemote mirroringElectronic vaultingTransaction logging
22 Which one of the following events marks the completion of a disaster recovery process?Securing property and life safetyRestoring operations in an alternate facilityRestoring operations in the primary facilityStanding down first responders
23 During what phase of the incident response process do administrators take action to limit the effect or scope of an incident?DetectionResponseMitigationRecovery
24 Greg is redesigning his organization’s incident response process, seeking to improve its efficiency and effectiveness. Which one of the following actions is not likely to improve his incident response plan?Create a mentoring program for technical staffProvide team members with opportunities to work on other tasksKeep all members of the team on permanent assignment to the teamConduct training exercises for the team
25 Gordon suspects that a hacker has penetrated a system belonging to his company. The system does not contain any regulated information, and Gordon wants to conduct an investigation on behalf of his company. He has permission from his supervisor to conduct the investigation. Which of the following statements is true?Gordon is legally required to contact law enforcement before beginning the investigation.Gordon may not conduct his own investigation.Gordon’s investigation may include examining the contents of hard disks, network traffic, and any other systems or information belonging to the company.Gordon may ethically perform “hack back” activities after identifying the perpetrator.
26 You are performing an investigation into a potential bot infection on your network and want to perform a forensic analysis of the information that passed between different systems on your network and those on the Internet. You believe that the information was likely encrypted. You are beginning your investigation after the activity concluded. What would be the best and easiest way to obtain the source of this information?Packet capturesNetflow dataIntrusion detection system logsCentralized authentication records
27 What type of disaster recovery test activates the alternate processing facility and uses it to conduct transactions but leaves the primary site up and running?Full interruption testParallel testChecklist reviewTabletop exercise
28 During which phase of the incident response process would an analyst receive an intrusion detection system alert and verify its accuracy?ResponseMitigationDetectionReporting
29 In what virtualization model do full guest operating systems run on top of a virtualization platform?Virtual machinesSoftware-defined networkingVirtual SANApplication virtualization
30 During what phase of the incident response process would security professionals analyze the process itself to determine whether any improvements are warranted?Lessons learnedRemediationRecoveryReporting
31 Which one of the following information sources is most likely to detect a security incident involving unauthorized modification of information by an employee?Intrusion detection systemAntivirus softwareFile integrity monitoring systemFirewall logs
32 During what phase of incident response is the primary goal to limit the damage caused by an incident?DetectionContainmentEradicationRecovery
33 Darcy is a computer security specialist who is assisting with the prosecution of a hacker. The prosecutor requests that Darcy give testimony in court about whether, in her opinion, the logs and other records in a case are indicative of a hacking attempt. What type of evidence is Darcy being asked to provide?Expert opinionDirect evidenceReal evidenceDocumentary evidence
34 Jerome is conducting a forensic investigation and is reviewing database server logs to investigate query contents for evidence of SQL injection attacks. What type of analysis is he performing?Hardware analysisSoftware analysisNetwork analysisMedia analysis
35 What documentation is typically prepared after a postmortem review of an incident has been completed?A lessons learned documentA risk assessmentA remediation listA mitigation checklist
36 Ed has been tasked with identifying a service that will provide a low-latency, high- performance, and high-availability way to host content for his employer. What type of solution should he seek out to ensure that his employer’s customers around the world can access their content quickly, easily, and reliably?A hot siteA CDNRedundant serversA P2P CDN
37 Who is the ideal person to approve an organization’s business continuity plan?Chief information officerChief executive officerChief information security officerChief operating officer
38 Which one of the following actions is not normally part of the project scope and planning phase of business continuity planning?Structured analysis of the organizationReview of the legal and regulatory landscapeCreation of a BCP teamDocumentation of the plan
39 Henry’s company is being sued for breach of contract. What type of law will cover this?Civil lawAdministrative lawCriminal lawEthical standards
40 The forensic investigation that Joanna has conducted is complete, and the report has been provided to organizational leadership in preparation for a human resources action. What should Joanna do once the report has been provided?Delete all files and notes about the forensic case.Notify the subject of the forensic investigation that it is complete.Notify law enforcement that the forensic investigation is complete.Preserve the forensic materials and notes in case they are needed.
41 Which of the following is not an event that is typically prepared for in an emergency response plan?A supply chain disruptionA pandemicA natural disasterA man-made disaster
42 Miguel is preparing a crisis management process for his organization. What step will typically come after “Respond” in the following cycle?AnalyzeRecoverEvaluateIdentify
43 Emma’s organization is planning for natural disasters and wants to have a backup site available to move operations to. What important factor in backup site selection will help Emma avoid a single disaster disrupting operations for her organization?Network bandwidthAvailability of backup powerGeographic locationRisk of natural disasters for the locations
Конец ознакомительного фрагмента.
Текст предоставлен ООО «ЛитРес».
Прочитайте эту книгу целиком, купив полную легальную версию на ЛитРес.
Безопасно оплатить книгу можно банковской картой Visa, MasterCard, Maestro, со счета мобильного телефона, с платежного терминала, в салоне МТС или Связной, через PayPal, WebMoney, Яндекс.Деньги, QIWI Кошелек, бонусными картами или другим удобным Вам способом.