Chapter 12: Disaster Recovery and Incident Response Flashcards

1
Q

Business Continuity

A

What a company does to minimize the impact of the failure of a key component needed for operation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Critical Business Functions (CBF)

A

Things that must be made operational immediately when an outage occurs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

BIA

A

Business Impact Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Working Copy Backups

A

Partial or full backups that are kept at the computer center for immediate recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Journaled File System (JFS)

A

Includes a log file of all changes and transactions within a set period of time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Onsite Storage

A

A location on the site of the computer center that is used to store info locally

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Offsite Storage

A

A place away from the computer center where you store backups and stuff

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Grandfather, Father, Son Method

A

Annual backups are grandfather, monthly are Father, and weekly are son.
The last full backup of the year is retained.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Full Archival Method

A

All backups of any type are kept forever

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Backup Server Method

A

Establishes a server with large amounts of disk space to back up data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Backout

A

A reversion from a change that had negative consequences

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Reciprocal Agreement

A

An agreement between two companies to provide services in the event of an emergency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Computer Security Incident Response Team (CSIRT)

A

The team that is in charge of responding to an incident, can be formalized or ad hoc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

IRP

A

Incident Response Plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Post-Mortem

A

Process of reviewing the successes and failures of your incident response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

OOV

A

Order Of Volatility

17
Q

Volatility

A

In this scenario, you can think of it as the amount of time that you have to collect certain data before the window of opportunity is gone

18
Q

System Image

A

A snapshot of what exists when the system is infected

19
Q

National Software Reference Library (NSRL)

A

An organization with the purpose of col- lecting “known, traceable software applications” through their hash values and storing them in a Reference Data Set (RDS) for law enforcement.

20
Q

Tabletop Exercise

A

Simulation of a disaster

21
Q

Document Review

A

A review of recovery, operations, resumption plans, and procedures

22
Q

Walkthrough

A

A group discussion of recovery, operations, resumption plans, and procedures

23
Q

Simulation

A

A fake staging of an incident for practice

24
Q

Parallel Test

A

You start up all backup systems but leave the main systems functioning

25
Q

Cutover Test

A

Shuts down the main systems and has everything fail over to backup systems

26
Q

Big Data Analysis

A

Should only be tested with document review, walkthrough, and simulation

27
Q

Maintenance Contracts

A

SLAs when they refer to hardware or software

28
Q

Code Escrow

A

Storage and conditions of release of source code provided by a vendor

29
Q

Orphanware

A

Software without support of any type because the company went out of business

30
Q

Credentialed vs. Uncredentialed Vulnerability Scanning

A

Credentialed scanning is done with network credentials so that it is actually in the system when it does the scan, making things just all around better usually.