Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
55 Cards in this Set
- Front
- Back
|
Which of the following redundancy solutions contains hardware systems similar to the affected organization, but does not provide live data?
a. Hot site b. Uninterruptible Power Supply (UPS) c. Warm site d. Cold |
c. Warm site
|
|
|
Taking into account personal safety, which of the following types of fire suppression substances would BEST prevent damage to electronic equipment?
a. Foam b. CO2 c. Halon d. Water |
b. CO2
|
|
|
Which of the following is a common practice in forensic investigation?
a. Performing a Gutman sanitization of the drive b. Performing a binary copy of the systems storage media c. Performing a file level copy of the systems storage media d. Performing a sanitization of the drive |
b. Performing a binary copy of the systems storage media
|
|
|
Which of the following type of fire suppression tools would cause the MOST damage to electrical equipment?
a. Water b. Carbon Dioxide c. Halon d. Foam |
a. Water
|
|
|
Which of the following is the BEST place where the disaster recovery plan should be kept?
a. Printed out and kept in the desk of the CIO b. At multiple offsite locations c. Multiple copies printed out and kept in the server room d. On the network file server |
b. At multiple offsite locations
|
|
|
Which of the following is established immediately upon evidence seizure?
a. Start the incident respond plan b. Damage and loss control c. Chain of custody d. Forensic analysis |
c. Chain of custody
|
|
|
Which of the following is the MOST likely to generate static electricity?
a. Low humidity and high temperature b. High humidity and low temperature c. Low humidity and low temperature d. High humidity and high temperature |
a. Low humidity and high temperature
|
|
|
Which of the following is the BEST order in which crucial equipment should draw power?
a. Uninterruptible Power Supply (UPS) battery, UPS line conditioner, backup generator b. Backup generator, UPS line conditioner, UPS battery c. Backup generator, UPS battery, UPS line conditioner d. UPS line conditioner, UPS battery, and backup generator |
d. UPS line conditioner, UPS battery, and backup generator
|
|
|
An administrator is backing up all server data nightly to a local NAS device. Which of the following additional steps should the administrator take for protection from disaster in the case the primary site is permanently lost?
a. Backup all data at a preset interval to tape and store those tapes at a sister site across the street. b. Backup all data at a preset interval to tape and store those tapes at a sister site in another city. c. Backup all data at a preset interval to removable disk and store the disk in a safety deposit box at the administrators home. d. Backup all data at a preset interval to removable disk and store the disk in a fireproof safe in the buildings basement. |
b. Backup all data at a preset interval to tape and store those tapes at a sister site in another city.
|
|
|
Which of the following sites can be online the QUICKEST and does not require data restoration from backup media to ensure the production data is as current as possible?
a. Mobile site b. Hot site c. Warm site d. Mirrored site |
d. Mirrored site
|
|
|
All of the following are steps in the incident response process EXCEPT:
a. eradication. b. repudiation. c. recovery. d. containment. |
b. repudiation.
|
|
|
Which of the following is LEAST likely to help reduce single points of failure?
a. Mandatory vacations b. Cross training c. Clustered servers d. Disaster recovery exercises |
a. Mandatory vacations
|
|
|
Which of the following is the primary incident response function of a first responder?
a. To evaluate the scene and repair the problem b. To secure the scene and preserve evidence c. To evaluate the scene and determine the cause d. To gather evidence and write reports |
b. To secure the scene and preserve evidence
|
|
|
Which of the following should be included in a forensic toolkit?
a. Compressed air b. Tape recorder c. Fingerprint cards d. Digital camera |
d. Digital camera
|
|
|
Which of the following BEST describes the form used while transferring evidence?
a. Booking slip b. Affidavit c. Chain of custody d. Evidence log |
c. Chain of custody
|
|
|
Which of the following is the GREATEST problem with low humidity in a server room?
a. Static electricity b. Power surge c. Electromagnetic interference d. Brown out |
a. Static electricity
|
|
|
When should a technician perform disaster recovery testing?
a. Immediately following lessons learned sessions b. Once a month, during peak business hours c. After the network is stable and online d. In accordance with the disaster recovery plan |
d. In accordance with the disaster recovery plan
|
|
|
Which of the following disaster recovery components is a location that is completely empty, but allows the infrastructure to be built if the live site goes down?
a. Mirrored site b. Cold site c. Warm site d. Hot site |
b. Cold site
|
|
|
Which of the following should be done if an organization intends to prosecute an attacker once an attack has been completed?
a. Update antivirus definitions. b. Disconnect the entire network from the Internet. c. Apply proper forensic techniques. d. Restore missing files on the affected system. |
c. Apply proper forensic techniques.
|
|
|
Which of the following documents specifies the uptime guarantee of a web server?
a. Due process b. Due diligence c. Scope of work d. Service level agreement |
d. Service level agreement
|
|
|
Which of the following is the GREATEST problem with low humidity in a server room?
a. Static electricity b. Power surge c. Electromagnetic interference d. Brown out |
a. Static electricity
|
|
|
When should a technician perform disaster recovery testing?
a. Immediately following lessons learned sessions b. Once a month, during peak business hours c. After the network is stable and online d. In accordance with the disaster recovery plan |
d. In accordance with the disaster recovery plan
|
|
|
Which of the following disaster recovery components is a location that is completely empty, but allows the infrastructure to be built if the live site goes down?
a. Mirrored site b. Cold site c. Warm site d. Hot site |
b. Cold site
|
|
|
Which of the following should be done if an organization intends to prosecute an attacker once an attack has been completed?
a. Update antivirus definitions. b. Disconnect the entire network from the Internet. c. Apply proper forensic techniques. d. Restore missing files on the affected system. |
c. Apply proper forensic techniques.
|
|
|
Which of the following documents specifies the uptime guarantee of a web server?
a. Due process b. Due diligence c. Scope of work d. Service level agreement |
d. Service level agreement
|
|
|
Implementation of proper environmental controls should be considered by administrators when recommending facility security controls because of which of the following?
a. Proper environmental controls provide redundancy to the facility. b. Proper environmental controls help ensure availability of IT systems. c. Proper environmental controls make authentication simpler. d. Proper environmental controls provide integrity to IT systems. |
b. Proper environmental controls help ensure availability of IT systems.
|
|
|
Which of the following is a countermeasure when power must be delivered to critical systems no matter what?
a. Backup generator b. Redundant power supplies c. Uninterruptible power supplies (UPSs) d. Warm site |
a. Backup generator
|
|
|
All of the following are part of the disaster recovery plan EXCEPT:
a. obtaining management buy-in. b. identifying all assets. c. system backups. d. patch management software. |
d. patch management software.
|
|
|
Which of the following is MOST likely to make a disaster recovery exercise valuable?
a. Revising the disaster recovery plan during the exercise b. Conducting intricate, large-scale mock exercises c. Learning from the mistakes of the exercise d. Management participation |
c. Learning from the mistakes of the exercise
|
|
|
A travel reservation company conducts the majority of its transactions through a public facing website. Any downtime to this website results in substantial financial damage for the company. One web server is connected to several distributed database servers. Which of the following describes this scenario?
a. Warm site b. Proxy server c. RAID d. Single point of failure |
d. Single point of failure
|
|
|
Which of the following would BEST describe a disaster recovery plan (DRP)?
a. Addresses the recovery of an organizations business documentation b. Addresses the recovery of an organizations email c. Addresses the recovery of an organizations backup site d. Addresses the recovery of an organizations IT infrastructure |
d. Addresses the recovery of an organizations IT infrastructure
|
|
|
Which of the following is the primary objective of a business continuity plan (BCP)?
a. Addresses the recovery of an organizations business operations b. Addresses the recovery of an organizations business payroll system c. Addresses the recovery of an organizations business facilities d. Addresses the recovery of an organizations backup site |
a. Addresses the recovery of an organizations business operations
|
|
|
A company runs a backup after each shift and the main concern is how quickly the backups are completed between shifts. Recovery time should be kept to a minimum. The administrator decides that backing up all the data that has changed during the last shift is the best way to go. This would be considered a:
a. differential backup. b. incremental backup. c. shadow copy. d. full backup. |
a. differential backup.
|
|
|
A corporation has a contractual obligation to provide a certain amount of system uptime to a client. Which of the following is this contract an example of?
a. PII b. SLA c. Due diligence d. Redundancy |
b. SLA
|
|
|
Which of the following would allow for a network to remain operational after a T1 failure?
a. Uninterruptible Power Supply (UPS) b. Redundant ISP c. Redundant servers d. RAID 5 drive array |
b. Redundant ISP
|
|
|
Which of the following could physically damage a device if a long term failure occurred?
a. OVAL b. HVAC c. Battery backup system d. Shielding |
b. HVAC
|
|
|
A technician is conducting a forensics analysis on a computer system. Which of the following should be done FIRST?
a. Look for hidden files. b. Analyze temporary files. c. Get a binary copy of the system. d. Search for Trojans. |
c. Get a binary copy of the system.
|
|
|
A technician noticed a remote attack taking place on a system. Which of the following should be done FIRST?
a. Contain the attack. b. Respond to the attacker. c. Disconnect the system from the network. d. Follow the incident management procedure in place. |
d. Follow the incident management procedure in place.
|
|
|
Which of the following is a best practice disaster recovery strategy?
a. Use a reciprocal agreement. b. Spend at least 5% of the IT budget. c. Hire an independent consultant. d. Test the recovery plan. |
d. Test the recovery plan.
|
|
|
To prevent disk integrity errors due to small line-power fluctuations, a system administrator should install which of the following?
a. Voltage regulator b. Line conditioner c. Battery backup d. Redundant power supplies |
b. Line conditioner
|
|
|
Which of the following characteristics of RAID increases availability?
a. Striping without parity b. Mirroring c. Kiting d. Low cost |
b. Mirroring
|
|
|
According to a good disaster recovery plan, which of the following must happen during a power outage before an uninterruptible power supply (UPS) drains its battery?
a. The PKI CA is relocated. b. The backup generator activates. c. The single point of failure is remedied. d. Full electrical service is restored. |
b. The backup generator activates.
|
|
|
Which of the following backup techniques resets the archive bit and allows for the fastest recovery?
a. Full backup b. Shadow copies c. Differential backup d. Incremental backup |
a. Full backup
|
|
|
The company policy for availability requires full backups on Sunday and incremental backups each week night at 10 p.m. The file server crashes on Wednesday afternoon; how many tapes will the technician need to restore the data on the file server for Thursday morning?
a. One b. Two c. Three d. Four |
c. Three
|
|
|
A company is addressing backup and recovery issues. The company is looking for a compromise between speed of backup and speed of recovery. Which of the following is the BEST recommendation?
a. Full backups every day b. Daily differential backups c. Full backups weekly with differential backups daily d. Weekly differential with incremental backups daily |
c. Full backups weekly with differential backups daily
|
|
|
Which of the following sites has the means (e.g. equipment, software, and communications) to facilitate a full recovery within minutes?
a. Warm site b. Hot site c. Reciprocal site d. Cold site |
b. Hot site
|
|
|
Multiple web servers are fed from a load balancer. Which of the following is this an example of?
a. RAID b. Backup generator c. Hot site d. Redundant servers |
d. Redundant servers
|
|
|
A technician has come across content on a server that is illegal. Which of the following should the technician do?
a. Stop and immediately make a backup of the account and contact the owner of the data. b. Stop and immediately follow company approved incident response procedures. c. Stop and immediately copy the system files and contact the ISP. d. Stop and immediately perform a full system backup and contact the owner of the data. |
b. Stop and immediately follow company approved incident response procedures.
|
|
|
Which of the following is a true statement in regards to incident response?
a. The first thing a technician should perform is a file system backup. b. The first thing a technician should do is call in law enforcement. c. If a technician finds illegal content, they should follow company incident response procedures. d. If a technician finds illegal content, the first thing a technician should do is unplug the machine and back it up. |
c. If a technician finds illegal content, they should follow company incident response procedures.
|
|
|
When executing a disaster recovery plan the MOST important thing to consider is:
a. financial obligations to stockholders. b. legal and financial responsibilities. c. data backups and recovery tapes. d. safety and welfare of personnel. |
d. safety and welfare of personnel.
|
|
|
When choosing a disaster recovery site, which of the following is the MOST important consideration?
a. The amount of data that will be stored b. The cost to rebuild the existing facility c. The amount of emergency rescue personnel d. The distance and size of the facility |
d. The distance and size of the facility
|
|
|
Who should be notified FIRST before testing the disaster recovery plan?
a. Senior management b. The physical security department c. All employees and key staff d. Human |
a. Senior management
|
|
|
Which of the following BEST describes the disaster recovery plan?
a. A detailed process of recovering information or IT systems after a catastrophic event b. An emergency plan that will allow the company to recover financially c. A plan that is put in place to recover the company assets in an emergency d. A plan that is mandated by law to ensure liability issues are addressed in a catastrophic event |
a. A detailed process of recovering information or IT systems after a catastrophic event
|
|
|
Which of the following is the MOST important consideration when developing a disaster recovery plan?
a. Management buy-in b. The cost of the project c. The amount of personnel d. The planning team |
a. Management buy-in
|
|
|
When conducting an environmental security assessment, which of the following items should be included in the assessment? (Select THREE).
a. HVAC b. Card access system c. Off-site data storage d. Logical access e. Utilities f. Fire detection |
a. HVAC
e. Utilities f. Fire detection |
