Question 1. Question
The ____ is the point in time by which systems and data must
be recovered after an outage as determined by the business unit.
recovery time objective
recovery point objective
Question 2. Question
The ____ contains the rules and configuration guidelines
governing the implementation and operation of IDSs within the organization.
Question 3. Question
____ services are triggered by an event or request, such as
a report of a compromised host, wide-spreading malicious code, software
vulnerability, or something that was identified by an intrusion detection or
Question 4. Question
A(n) ____ is a document containing contact information for
the individuals that need to be notified in the event of an actual incident.
Question 5. Question
____ is the control approach that attempts to shift the risk
to other assets, other processes, or other organizations.
Question 6. Question
A ____ deals with the preparation for and recovery from a
disaster, whether natural or man-made.
disaster recovery plan
Question 7. Question
Which of the following is a proactive service?
Alerts and warnings
Question 8. Question
A favorite pastime of information security professionals is
____, which is realistic, head-to-head attack and defend information, security
attacks, and incident response methods.
Question 9. Question
In an organization, unexpected activities occur
periodically; these are referred to as ____.
Question 10. Question
The ____ job functions focus more on costs of system
creation and operation, ease of use for system users, and timeliness of system
creation, as well as transaction response time.
organizational management and professionals
information technology management and
human resource management and professional
information security management and
Question 11. Question
____ is the control approach that attempts to reduce the
impact caused by the exploitation of vulnerability through planning and
Question 12. Question
____ occurs when valid packets exploit poorly configured DNS
servers to inject false information to corrupt the servers’ answers to routine
DNS queries from other systems on that network.
DNS cache poisoning
Question 13. Question
____ is a common approach used in the discipline of systems
analysis and design.
Question 14. Question
A ____ is a document that expresses how an organization
ensures that critical business functions continue at an alternate location
while the organization recovers its ability to function at the primary site if
a catastrophic incident or disaster occurs.
risk assessment plan
business continuity plan
Question 15. Question
____ are important when team members are preparing
advisories and procedures.
Question 16. Question
____ is an IDS’s ability to dynamically modify its site
policies in reaction or response to environmental activity.
True Attack Stimulus
Site policy awareness
Question 17. Question
A(n) ____ is any clearly identified attack on the
organization’s information assets that would threaten the assets’
confidentiality, integrity, or availability.
Question 18. Question
A ____ is a type of IDS that is similar to the NIDS, reviews
the log files generated by servers, network devices, and even other IDSs.
log file monitor
Question 19. Question
The ____ can be used to collect information directly from
the end users and business managers.
system log session
facilitated data gathering session
data management session
Question 20. Question
____ are tools used to identify which computers are active
on a network, as well as which ports and services are active on the computers,
what function or role the machines may be fulfilling, and so on.
Question 21. Question
A ____ is a computer server configured to resemble a
production system, containing rich information just begging to be hacked.
Question 22. Question
____ enables authorized users – persons or computer systems
– to access information without interference or obstruction, and to receive it
in the required format.
Question 23. Question
____ ensures that only those with the rights and privileges
to access information are able to do so.
Question 24. Question
____ is the process of moving the organization toward its
Question 25. Question
Using a process known as ____, Network IDSs must look for
attack patterns by comparing measured activity to known signatures in their
knowledge base to determine whether or not an attack has occurred or may be
Question 26. Question
A(n) ____ is a SIRT team member, other than the team leader,
who is currently performing the responsibilities of the team leader in scanning
the organization’s information infrastructure for signs of an incident.
IR duty officer
Question 27. Question
____ is the coherent application of methodical investigatory
techniques to solve crime cases.
Question 28. Question
____ is the process of systematically examining information
assets for evidentiary material that can provide insight into how the incident
Question 29. Question
A(n) ____ is generally thought of as a group of individuals
united by shared interests or values within an organization and who share a
common goal of making the organization function to meet its objectives.
community of interest
incident response community
Question 30. Question
The violation of fair use of copyrighted material is an
example of a(n) ____.
compromise to intellectual property
act of human error
act of information distortion
deliberate act of trespass
Question 31. Question
A(n) ____ is an event that triggers alarms and causes a
false positive when no actual attacks are in progress.
false attack stimulus
Question 32. Question
A(n) ____ is a detailed examination of the events that
occurred from first detection to final recovery.
Question 33. Question
A(n) ____ is a type of attack on information assets in which
the instigator attempts to gain unauthorized entry into a system or network or
disrupt the normal operations of a system or network.
Question 34. Question
A(n) ____ requires that a contact person call each and every
person on the roster.
Question 35. Question
The ____ is the period of time within which systems,
applications, or functions must be recovered after an outage.
recovery time objective
recovery point objective
Question 36. Question
A(n) ____ must lead the project and make sure a sound
project planning process is used, a complete and useful project plan is
developed, and project resources are prudently managed to reach the goals of
Question 37. Question
____ services augment existing and well-established services
that are independent of incident handling and traditionally performed by other
areas of an organization such as the IT, Audit, or Training departments.
Security quality management
Question 38. Question
A(n) ____ is prepared by the organization to anticipate,
react to, and recover from events that threaten the security of information and
information assets in the organization, and, subsequently, to restore the
organization to normal modes of business operations.
Question 39. Question
A ____ is an alarm or alert that indicates that an attack is
in progress or that an attack has successfully occurred when in fact there was
no such attack.
Question 40. Question
A(n) ____ is an investigation and assessment of the impact
that various attacks can have on the organization.