1 / 85

CIS 359 Effective Communication - tutorialrank.com

For more course tutorials visit<br>www.tutorialrank.com<br><br>CIS 359 Final Exam Set 1<br>CIS 359 Final Exam Set 2<br>

Bartholomew20
Download Presentation

CIS 359 Effective Communication - tutorialrank.com

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CIS 359 Final ExamAll 2 Set For more course tutorials visit www.tutorialrank.com CIS 359 Final Exam Set 1 CIS 359 Final Exam Set 2 ************************************** CIS 359 Final Exam Set 1 For more course tutorials visit www.tutorialrank.com CIS 359 Final Exam Set 1 • Question 1 ____ are likely in the event of a hacker attack, when the attacker retreats to a chat room and describes in specific detail to his or her associates the method and results of his or her latest conquest. • Question 2

  2. Contingency strategies for ____ should emphasize the need for absolutely reliable data backup and recovery procedures because they have less inherent redundancy than a distributed architecture. • Question 3 A ____ is a description of the disasters that may befall an organization, along with information on their probability of occurrence, a brief description of the organization’s actions to prepare for that disaster, and the best case, worst case, and most likely case outcomes of the disaster. • Question 4 The primary vehicle for articulating the purpose of a disaster recovery program is the ____. • Question 5 The ____ assembles a disaster recovery team. • Question 6 A ____ is a collection of nodes in which the segments are geographically dispersed and the physical link is often a data communications channel provided by a public carrier. • Question 7 Deciding which technical contingency strategies are selected, developed, and implemented is most often based on the type of ____ being used. • Question 8

  3. ____ are highly probable when infected machines are brought back online or when other infected computers that may have been offline at the time of the attack are brought back up. • Question 9 A(n) ____ occurs when a situation results in service disruptions for weeks or months, requiring a government to declare a state of emergency. • Question 10 The ____ team is responsible for providing the initial assessments of the extent of damage to equipment and systems on-site and/or for physically recovering the equipment to be transported to a location where the other teams can evaluate it. • Question 11 During the ____ phase, the organization begins the recovery of the most time-critical business functions - those necessary to reestablish business operations and prevent further economic and image loss to the organization. • Question 12 In the context of disaster notification, the ____ is a scripted description of the disaster and consists of just enough information so that each response knows what port of the DR plan to implement. • Question 13 The ____ team is responsible for working with the remainder of the organization to assist in the recovery of nontechnology functions.

  4. Question 14 The ____ involves providing copies of the DR plan to all teams and team members for review. • Question 15 ____ is the inclusion of action steps to minimize the damage associated with the disaster on the operations of the organization. • Question 16 The ____ team is primarily responsible for data restoration and recovery. • Question 17 In the ____ phase of the BC plan, the organization specifies what type of relocation services are desired and what type of data management strategies are deployed to support relocation. • Question 18 The ____ is the amount of time that a business can tolerate losing capabilities until alternate capabilities are available. • Question 19 The ____ is the point in the past to which the recovered applications and data at the alternate infrastructure will be restored. • Question 20 The plan maintenance schedule in a BC policy statement should address the ____ of reviews, along with who will be involved in each review.

  5. Question 21 The ____ section of the business continuity policy provides an overview of the information storage and retrieval plans of the organization. • Question 22 In the ____ section of the business continuity policy, the training requirements for the various employee groups are defined and highlighted. • Question 23 ____ planning represents the final response of the organization when faced with any interruption of its critical operations. • Question 24 What phase of the BC plan specifies under what conditions and how the organization relocates from the primary to the alternate site? • Question 25 The CM ____ is responsible for overseeing the actions of the crisis management team and coordinating all crisis management efforts in cooperation with disaster recovery and/or business continuity planning, on an as-needed basis. • Question 26 ____ is the process of ensuring that every employee is trained to perform at least part of the job of another employee. • Question 27

  6. ____ is the movement of employees from one position to another so they can develop additional skills and abilities. • Question 28 In contrast to emergency response that focuses on the immediate safety of those affected, ____ addresses the services needed to get the organization and its stakeholders back to original levels of productivity or satisfaction. • Question 29 ____ are those steps taken to inform stakeholders regarding the timeline of events, the actions taken, and sometimes the reasons for those actions. • Question 30 A(n) ____ is created to enable management to gain and maintain control of ongoing emergency situations, to provide oversight and control to designated first responders, and to marshal IR, DR, and DC plans and resources as needed. • Question 31 A ____ is defined by the ICM as a disruption in the company’s business that occurs without warning and is likely to generate news coverage and may adversely impact employees, investors, customers, suppliers, and other stakeholders. • Question 32 Cross-training provides a mechanism to get everyone out of the crime scene and thus prevent contamination of possible evidentiary material.

  7. Question 33 The ____ handles computer crimes that are categorized as felonies. • Question 34 The forensic tool ____ does extensive pre-processing of evidence items that recovers deleted files and extracts e-mail messages. • Question 35 ____ is used both for intrusion analysis and as part of evidence collection and analysis. • Question 36 ____ is the determination of the initial flaw or vulnerability that allowed an incident to occur. • Question 37 Most digital forensic teams have a prepacked field kit, also known as a(n) ____. • Question 38 Many private sector organizations require a formal statement, called a(n) ____, which provides search authorization and furnishes much of the same information usually found in a public sector search warrant. • Question 39

  8. One way to identify a particular digital item (collection of bits) is by means of a(n) ____. • Question 40 The ____ phase of forensic analysis involves the use of forensic tools to recover the content of files that were deleted, operating system artifacts (such as event data and logging of user actions), and other relevant facts. • Question 41 Because it is possible for investigators to confuse the suspect and destination disks when performing imaging, and to preclude any grounds for challenging the image output, it is common practice to protect the suspect media using a ____. • Question 42 If a user receives a message whose tone and terminology seems intended to invoke a panic or sense of urgency, it may be a(n) ____. • Question 43 When an incident includes a breach of physical security, all aspects of physical security should be escalated under a containment strategy known as ____. • Question 44 Clifford Stoll’s book, ____, provides an excellent story about a real-world incident that turned into an international tale of espionage and intrigue. • Question 45

  9. There are a number of professional IR agencies, such as ____, that can provide additional resources to help prevent and detect DoS incidents. • Question 46 The CSIRT may not wish to “tip off” attackers that they have been detected, especially if the organization is following a(n) ____ approach. • Question 47

  10. Which of the following is the most suitable as a response strategy for malware outbreaks? • Question 48 Essentially a DoS attack, a ____ is a message aimed at causing organizational users to waste time reacting to a nonexistent malware threat. • Question 49 According to NIST, which of the following is an example of a UA attack? • Question 50

  11. ____ is a common indicator of a DoS attack. ************************************** CIS 359 Final Exam Set 2 For more course tutorials visit www.tutorialrank.com CIS 359 Final Exam Set 2 • Question 1 A continuously changing process presents challenges in acquisition, as there is not a fixed state that can be collected, hashed, and so forth. This has given rise to the concept of ____ forensics which captures a point-in-time picture of a process. • Question 2 ____ is used both for intrusion analysis and as part of evidence collection and analysis.

  12. Question 3 In evidence handling, specifically designed ____ are helpful because they are very difficult to remove without breaking. • Question 4 A search is constitutional if it does not violate a person’s reasonable or legitimate____.

  13. Question 5 The forensic tool ____ does extensive pre-processing of evidence items that recovers deleted files and extracts e-mail messages. • Question 6 Most digital forensic teams have a prepacked field kit, also known as a(n) ____. • Question 7

  14. The ____ handles computer crimes that are categorized as felonies. • Question 8 Forensic investigators use ____ copying when making a forensic image of a device, which reads a sector (or block; 512 bytes on most devices) from the source drive and writes it to the target drive; this process continues until all sectors on the suspect drive have been copied. • Question 9

  15. Grounds for challenging the results of a digital investigation can come from possible ____—that is, alleging that the relevant evidence came from somewhere else or was somehow tainted in the collection process. • Question 10 The U.S. Department of Homeland Security’s Federal Emergency Management Association has developed a support Web site at ____ that includes a suite of tools to guide the development of disaster recovery/business continuity plans. • Question 11

  16. Identifying measures, called ____, that reduce the effects of system disruptions can reduce continuity life-cycle costs. • Question 12 Two dominantly recognized professional institutions certifying business continuity professionals agree on the ____ as the basis for certification. • Question 13 Unless an organization has contracted for a ____ or equivalent, office equipment such as desktop computers are not provided at BC alternate site.

  17. Question 14 ____ planning represents the final response of the organization when faced with any interruption of its critical operations. • Question 15 A BC subteam called the ____ is responsible for establishing the core business functions needed to sustain critical business operations.

  18. Question 16 One activity that occurs during the clearing phase of a BC implementation is scheduling a move back to the primary site. • Question 17 In the ____ phase of the BC plan, the organization specifies what type of relocation services are desired and what type of data management strategies are deployed to support relocation. • Question 18

  19. ____ occur over time and slowly deteriorate the organization’s capacity to withstand their effects. • Question 19 Contingency strategies for ____ should emphasize the need for absolutely reliable data backup and recovery procedures because they have less inherent redundancy than a distributed architecture. • Question 20 ____ may be caused by earthquakes, floods, storm winds, tornadoes, or mud flows.

  20. Question 21 ____ disasters include acts of terrorism and acts of war. • Question 22 Once the incident has been contained, and all signs of the incident removed, the ____ phase begins. • Question 23

  21. A ____ is a description of the disasters that may befall an organization, along with information on their probability of occurrence, a brief description of the organization’s actions to prepare for that disaster, and the best case, worst case, and most likely case outcomes of the disaster. • Question 24 ____ are highly probable when infected machines are brought back online or when other infected computers that may have been offline at the time of the attack are brought back up. • Question 25

  22. The part of a disaster recovery policy that identifies the organizational units and groups of employees to which the policy applies is called the ____ section. • Question 26 ____ is the set of actions taken by an organization in response to an emergency situation in an effort to minimize injury or loss of life. • Question 27

  23. In contrast to emergency response that focuses on the immediate safety of those affected, ____ addresses the services needed to get the organization and its stakeholders back to original levels of productivity or satisfaction. • Question 28 ____ is the movement of employees from one position to another so they can develop additional skills and abilities. • Question 29

  24. A(n) ____ is the list of officials ranging from an individual’s immediate supervisor through the top executive of the organization. • Question 30 A(n) ____ is created to enable management to gain and maintain control of ongoing emergency situations, to provide oversight and control to designated first responders, and to marshal IR, DR, and DC plans and resources as needed. • Question 31

  25. Organizations typically respond to a crisis by focusing on technical issues and economic priorities, and overlook the steps needed to preserve the most critical assets of the organization: its people. • Question 32 ____ are those actions taken in order to manage the immediate physical, health, and environmental impacts resulting from an incident. • Question 33

  26. ____ refers to those actions taken to meet the psychological and emotional needs of various stakeholders. • Question 34 According to the 2010/2011 Computer Crime and Security Survey, ____ is “the most commonly seen attack, with 67.1 percent of respondents reporting it.” • Question 35

  27. When an alert warns of new malicious code that targets software used by an organization, the first response should be to research the new virus to determine whether it is ____. • Question 36 In a “block” containment strategy, in which the attacker’s path into the environment is disrupted, you should use the most precise strategy possible, starting with ____. • Question 37 If a user receives a message whose tone and terminology seems intended to invoke a panic or sense of urgency, it may be a(n) ____.

  28. Question 38 Many malware attacks are ____ attacks, which involve more than one type of malware and/or more than one type of transmission method. • Question 39 A ____ is a small quantity of data kept by a Web site as a means of recording that a system has visited that Web site.

  29. Question 40 A(n) ____ attack is a method of combining attacks with rootkits and back doors. • Question 41 According to NIST, which of the following is an example of a UA attack? • Question 42

  30. Which of the following is the most suitable as a response strategy for malware outbreaks? • Question 43 The ____ team is responsible for working with suppliers and vendors to replace damaged or destroyed equipment or services, as determined by the other teams. • Question 44

  31. The ____ team is responsible for the recovery of information and the reestablishment of operations in storage area networks or network attached storage. • Question 45 The ____ system is an information system with a telephony interface that can be used to automate the alert process. • Question 46 ____ is the inclusion of action steps to minimize the damage associated with the disaster on the operations of the organization.

  32. Question 47 The ____ team is primarily responsible for data restoration and recovery. • Question 48 The ____ is the phase associated with implementing the initial reaction to a disaster; it is focused on controlling or stabilizing the situation, if that is possible. • Question 49

  33. The ____ team is responsible for recovering and reestablishing operating systems (OSs). • Question 50 During the ____ phase, the organization begins the recovery of the most time-critical business functions - those necessary to reestablish business operations and prevent further economic and image loss to the organization. ************************************** CIS 359 Midterm ExamAll 3 Set For more course tutorials visit

  34. www.tutorialrank.com CIS 359 Midterm Exam Set 2 CIS 359 Midterm Exam Set 1 CIS 359 Midterm Exam Set 3 ************************************** CIS 359 Midterm Exam Set 1 For more course tutorials visit www.tutorialrank.com CIS 359 Midterm Exam Set 1 Question 1 A CSIRT model that is effective for large organizations and for organizations with major computing resources at distant locations is the ____. Question 2 The first group to communicate the CSIRT’s vision and operational plan is the managerial team or individual serving as the ____.

  35. Question 3 Those services performed in response to a request or a defined event such as a help desk alert are called ____. Question 4 One way to build and maintain staff skills is to develop incident- handling ____ and have the team members discuss how they would handle them. Question 5 Giving the IR team the responsibility for ____ is generally not recommended. Question 6 When an organization completely outsources its IR work, typically to an on-site contractor, it is called a(n) ____ model. Question 7 The focus during a(n) ____ is on learning what worked, what didn’t, and where communications and response procedures may have failed. Question 8

  36. Those services undertaken to prepare the organization or the CSIRT constituents to protect and secure systems in anticipation of problems, attacks, or other events are called ____. Question 9 ____ are closely monitored network decoys serving that can distract adversaries from more valuable machines on a network; can provide early warning about new attack and exploitation trends; and can allow in-depth examination of adversaries during and after exploitation. Question 10 Using a process known as ____, network-based IDPSs look for attack patterns by comparing measured activity to known signatures in their

  37. knowledge base to determine whether or not an attack has occurred or may be under way. Question 11 In an attack known as ____, valid protocol packets exploit poorly configured DNS servers to inject false information to corrupt the servers’ answers to routine DNS queries from other systems on that network. Question 12 The use of IDPS sensors and analysis systems can be quite complex. One very common approach is to use an open source software program called ____ running on an open source UNIX or Linux system that can

  38. be managed and queried from a desktop computer using a client interface. Question 13 The ____ approach for detecting intrusions is based on the frequency with which certain network activities take place. Question 14 A(n) ____ , a type of IDPS that is similar to the NIDPS, reviews the log files generated by servers, network devices, and even other IDPSs.

  39. Question 15 The ____ is a federal law that creates a general prohibition on the realtime monitoring of traffic data relating to communications. Question 16 A(n) ____ is often included in legal documents to ensure that a vendor is not liable for actions taken by a client. Question 17

  40. A ____ is an agency that provides physical facilities in the event of a disaster for a fee. Question 18 A potential disadvantage of a ____ site-resumption strategy is that more than one organization might need the facility simultaneously. Question 19

  41. An organization aggregates all local backups to a central repository and then backs up that repository to an online vendor, with a ____ backup strategy. Question 20 A(n) ____ is an extension of an organization’s intranet into cloud computing. Question 21 A ____ is a synonym for a virtualization application.

  42. Question 22 ____ uses a number of hard drives to store information across multiple drive units. Question 23 A resumption location known as a ____ is a fully configured computer facility capable of establishing operations at a moment’s notice. Question 24

  43. Some recovery strategies seek to improve the ____ of a server or system in addition to, or instead of, performing backups of data. Question 25 The ____ is used to collect information directly from the end users and business managers. Question 26 The purpose of the ____ is to define the scope of the CP operations and establish managerial intent with regard to timetables for response to

  44. incidents, recovery from disasters, and reestablishment of operations for continuity. Question 27 To a large extent, incident response capabilities are part of a normal IT budget. The only area in which additional budgeting is absolutely required for incident response is the maintenance of ____. Question 28 An manual alternative to the normal way of accomplishing an IT task might be employed in the event that IT is unavailable. This is called a ____.

  45. Question 29 What is a common approach used in the discipline of systems analysis and design to understand the ways systems operate and to chart process flows and interdependency studies? Question 30 Which of the following collects and provides reports on failed login attempts, probes, scans, denial-of-service attacks, and detected malware?

  46. Question 31 The last stage of a business impact analysis is prioritizing the resources associated with the ____, which brings a better understanding of what must be recovered first. Question 32 The final component to the CPMT planning process is to deal with ____. Question 33

  47. The ____ job functions and organizational roles focus on protecting the organization’s information systems and stored information from attacks. Question 34 A(n) ____ is a detailed examination of the events that occurred, from first detection of an incident to final recovery. Question 35 Incident analysis resources include network diagrams and lists of ____, such as database servers.

  48. Question 36 The U.S. National Institute of Standards and Technology recommends a set of tools for the CSIRT including incident reporting mechanisms with which users can report suspected incidents. At least one of these mechanisms should permit people to report incidents ____. Question 37 A(n) ____ is a CSIRT team member, other than the team leader, who is currently performing the responsibilities of the team leader in scanning the organization’s information infrastructure for signs of an incident.

  49. Question 38 ____ is the process of systematically examining information assets for evidentiary material that can provide insight into how an incident transpired. Question 39 A favorite pastime of information security professionals is ____, which is a simulation of attack and defense activities using realistic networks and information systems. Question 40

  50. Should an incident begin to escalate, the CSIRT team leader continues to add resources and skill sets as necessary to attempt to contain and terminate the incident. The resulting team is called the ____ for this particular incident. Question 41 General users require training on the technical details of how to do their jobs securely, including good security practices, ____ management, specialized access controls, and violation reporting. Question 42

More Related