Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
52 Cards in this Set
- Front
- Back
|
A continuously changing process presents challenges in acquisition, as there is not a fixed state that can be collected, hashed and so forth. This has given rise to the concept of ____ forensics which captures a point-in-time picture of a process |
Snapshot Forensics |
|
|
____ is used both for intrusion analysis and as part of evidence collection and analysis |
Forensics |
|
|
In evidence handling, specifically designed ___ are helpful because they are very difficult to remove without breaking |
Evidence Seals |
|
|
A search is constitutional if it does not violate a person's reasonable or legitimate ____. |
Expectation of Privacy |
|
|
The forensic tool ____ does extensive pre-processing of evidence items that recovers deleted files and extracts e-mail messages |
Forensic ToolKit |
|
|
Most digital forensics teams have a pre-packed field kit, also known as a(n) ____ . |
Jump bag |
|
|
The ____ handles computer crimes that are categorized as felonies. |
FBI |
|
|
Forensic investigators use ___ copying when making a forensic image of a device, which reads a sector from the source drive and writes it to the target drive; this process continues until all sectors on the suspect drive have been copied. |
Bitstream Copying |
|
|
Grounds for challenging the results of a digital investigation can come from possible ____ - that is, alleging that the relevant evidence came from somewhere else or was somehow tainted in the collection process. |
Contamination |
|
|
The U.S. Department of Homeland Security's federal emergency management association has developed a support web site at ____ that includes a suite of tools to guide the development of disaster recovery/business continuity plans. |
www.ready.gov |
|
|
Two dominantly recognized professional institutions certifying business continuity professionals agree on the ___ as the basis for certification |
Common body of knowledge |
|
|
Unless an organization has contracted for a ___ equivalent, office equipment such as desktop computers are not provided at BC alternate site |
Hot Site |
|
|
____ planning represents the final response of the organization when faced with any interruption of its critical operations. |
Business Continuity |
|
|
A BC subteam called the ___ is responsible for establishing the core business functions needed to sustain critical business operations |
Operations team |
|
|
One activity that occurs during the clearing phase of a BC implementation is scheduling a move back to the primary site. |
False |
|
|
In the ___ phase of the BC plan, the organization specifies what type of relocation services are desired and what type of data management strategies are deployed to support relocation |
Preparation for BC actions |
|
|
____ occur over time and slowly deteriorate the organization's capacity to withstand their effects. |
slow onset disasters |
|
|
Contingency strategies for ___ should emphasize the need for absolutely reliable data backup and recovery procedures because they have less inherent redundancy than a distributed architecture. |
Mainframes |
|
|
____ may be caused by earthquakes, floods, storm winds, tornadoes or mud flows. |
Rapid onset disasters |
|
|
____ disasters include acts of terrorism and acts of war |
Man-made |
|
|
Once the incident has been contained, and all signs of the incident removed the ___ phase begins. |
actions after |
|
|
A ___ is a description of the disasters that may befall an organization, along with information on their probability of occurrence, a brief description of the organization's actions to prepare for that disaster, and the best case, worst case, and most likely case outcomes of the disaster |
Disaster scenario |
|
|
____ are high probable when infected machines are brought back online or when other infected computers that may have been offline at the time of the attack are brought back up. |
follow-on incidents |
|
|
____ is the set of actions taken by an organization in response to an emergency situation in an effort to minimize injury or loss of life. |
crisis management |
|
|
In contrast to emergency response that focuses on the immediate safety of those affected, ____ addresses the services needed to get the organization and its stakeholders back to original levels of productivity or satisfaction. |
Humanitarian assistance |
|
|
____ is the movement of employees from one position to another so they can develop additional skills and abilities |
Task rotation |
|
|
A(n) ___ is the list of officials ranging from an individual's immediate supervisor through the top executive of the organization |
chain of command |
|
|
A(n) ____ is created to enable management to gain and maintain control of ongoing emergency situations, to provide oversight and control to designated first responders, and to marshall IR, DR and DC plans and resources as needed. |
Crisis management team |
|
|
Organizations typically respond to a crisis by focusing on technical issues and economic priorities, and overlook the steps needed to preserve the most critical assets of the organization; its people. |
True |
|
|
____ are those actions taken in order to manage the immediate physical, health and environmental impacts resulting form an incident. |
Emergency response |
|
|
____ refers to those actions taken to meet the psychological an emotional needs of various stakeholders. |
Humanitarian assistance |
|
|
According to the 2010/2011 computer crime and security survey, ___ is "the most commonly seen attack , with 67.1 percent of respondents reporting it." |
malware infection |
|
|
When an alert warns of new malicious code that targets software used by an organization, the first response should be to research the new virus to determine whether it is ____. |
real |
|
|
In a block containment strategy, in which the attacker's path into the environment is disrupted, you should use the most precise strategy possible, starting with ____. |
Blocking a specific IP address |
|
|
If a user receives a message whose tone and terminology seems intended to invoke a panic or sense of urgency, it may be a(n) ____. |
Hoax |
|
|
Many malware attacks are ___ attacks, which involve more than one type of malware and/or more than one type of transmission method |
Blended |
|
|
A ____ is a small quantity of data kept by a website as a means of recording that a system has visited that web site |
Cookie |
|
|
A(n) ___ attack is a method of combining attacks with rootkits and back doors. |
Hybrid |
|
|
According to NIST, which of the following is an example of a UA attack? |
Modifying web-based content without permission |
|
|
Which of the following is the most suitable as a response strategy for malware outbreaks? |
blocking known attackers |
|
|
The ___ team is responsible for working with suppliers and vendors to replace damaged or destroyed equipment or services, as determined by the other teams. |
Vendor Contact |
|
|
The ___ team is responsible for the recovery of information and the reestablishment of operations in storage area networks or network attached storage. |
storage recovery team |
|
|
The ___ system is an information system with telephony interface that can be used to automate the alert process. |
auxiliary phone alert and reporting system |
|
|
___ is the inclusion of action steps to minimize the damage associated with the disaster on the operations of the organization. |
Mitigation impact |
|
|
The ____ team is primarily responsible for data restoration and recovery. |
Data management |
|
|
The ___ is the phase associated with implementing the initial reaction to a disaster; it is focused on controlling or stabilizing the situation, if that is possible. |
response phase |
|
|
The ___ team is responsible for recovering and reestablishing operating systems (OSs). |
systems recovery team |
|
|
During the ____ phase, the organization begins the recovery of the most time-critical business functions- those necessary to reestablish business operations and prevent further economic and image loss to the organization |
recovery |
|
|
____ is a set of focused steps that deal primarily with the safety and state of the people from the organization who are involved in the disaster. |
Crisis management |
|
|
Essential BC supplies needed at an alternate site include portable computers, software media and ____. |
licenses |
|
|
Most disaster related loss occurs because of physical damage to property. |
False |
|
|
____are those steps taken to inform stakeholders regarding the timeline of events, the actions taken, and sometimes the reasons for those actions. |
crisis communications |
