Q1. Much of the work that is involved in gathering information about an incident is done through the use of ____.
a. manual tools
b. automated tools
c. monitoring
d. system tools
Q2. In the case of a(n) ____ incident, the aim of incident response management is to ensure that the nature of the incident is understood in as timely a fashion as possible, and that the best possible response is deployed.
a. expected
b. possible
c. unforeseen
d. probable
Q3. Since the zero-knowledge test is the closest to mimicking real life, ____ testing is a particularly effective method to test the incident identification and response procedures of a target function.
a. blind
b. double-blind
c. open
d. closed
Q4. Incidents can range from user errors and power disruptions to malicious activity.
a. True
b. False
Q5. The goal of ____ is to distinguish the presence of a security violation, an attempt to exploit a security flaw, or even the existence of an inadvertent breakdown in security functioning.
a. incident identification
b. risk management
c. threat identification
d. vulnerability identification
Q6. The general incident response process encompasses a set of logical monitoring, analysis, and response activities.
a. True
b. False
Q7. Effective incident reporting relies on the presence of a well-established ____ function.
a. recording
b. controlling
c. monitoring
d. responding
Q8. The key to success in continuity is ____.
a. standardization
b. preparation
c. planning
d. operation
Q9. ____ is an operational process that is carried out to ensure the continuing effectiveness of continuity plans.
a. Recovery analysis
b. Threat analysis
c. Business impact analysis
d. Risk analysis
Q10. ____ is meant to ensure a disciplined recovery from a specific disaster.
a. Emergency planning
b. Disaster planning
c. Continuity planning
d. Recovery planning
Q11. ____ have a considerable economic advantage over other recovery approaches because they only require a hardware and software environment compatible with the live site.
a. Warmsites
b. Hotsites
c. Fullsites
d. Coldsites
Q12. The goal of enterprise continuity management is to develop and then oversee a process to ensure that the critical elements of the organization's information and information processing function survive in the event of a disaster or other adverse event.
a. True
b. False
Q13. The next step down from total redundancy is the ____.
a. Data Recovery Hotsite
b. Data Recovery Coldsite
c. Data Recovery Warmsite
d. Data Recovery Offsite
Q14. In the world of business, the most common model for access control is ____.
a. RBAC
b. MAC
c. DAC
d. TAC
Q15. Detecting intrusions and other violations of the integrity of the system is one of the primary operational duties of anybody managing the data security process.
a. True
b. False
Q16. In a ____ system, the subject's access permissions are assigned based on the security attributes that they possess and the rules that have been established for those attributes.
a. mandatory access control
b. role-based access control
c. discretionary access control
d. delegated access control
Q17. The data security management function is geared around ____ creation and enforcement.
a. procedure
b. policy
c. standard
d. resource
Q18. In simple terms, cryptography involves a(n) ____ algorithm.
a. conversion
b. diversion
c. communication
d. encryption
Q19. ____ incidents include such things as pre-attack probes, unauthorized access attempts, or structural vulnerabilities.
a. Potential
b. Actual
c. Reference
d. Auditable
Q20. The ____ sets a specific period of time to retain each record type, after which that particular record is erased from the system or archived in places that are difficult to access.
a. data access policy
b. data security policy
c. data retention policy
d. data loss policy
Q21. ____ is highly detail-oriented and requires a roadmap of policies and procedures that is designed to ensure maximum compliance with a wide range of rules and regulations.
a. Chain of evidence
b. Chain of ownership
c. Chain of custody
d. Chain of use
Q22. ____ consists of the protocols for the analysis of data.
a. Forensic analysis
b. System analysis
c. Threat analysis
d. Risk analysis
Q23. Ensuring legally correct evidence in digital forensics is a tricky proposition, because it relies on the proper use of ____.
a. tools
b. search warrants
c. legal instruments
d. authority
Q24. The aspect that distinguishes digital forensics from the general forensics investigative process is the ____.
a. chain of evidence
b. nature of the evidence
c. due cause
d. chain of value
Q25. The aim of the digital forensics process is to ensure that the procedures used to gather the facts are explicitly trustworthy.
a. True
b. False