Chapter 12 - Disaster Recovery & Incident Response Flashcards Preview

Security + > Chapter 12 - Disaster Recovery & Incident Response > Flashcards

Flashcards in Chapter 12 - Disaster Recovery & Incident Response Deck (25)
Loading flashcards...
1

what is BCP?

12 - 431

business continuity planning

implementing policies and controls to counteract the effects of losses, outages, or failures

2

what are CBFs?

12 - 431

critical business functions

these are the systems that must be made operational immediately when an outage occurs

3

tell me the 2 key components of the BCP

12 - 431

business impact analysis - evaluate the process

risk assessment - evaluate the risk, the likelihood of a loss

4

what are working copies?

12 - 432

shadow copies, they are partial or full backups that are kept for immediate recovery purposes

5

what is onsite storage?

12 - 432

a location on the site of the computer center that is used to store information locally

6

you have a disaster-recovery plan. what is the primary emphasis of that plan?

12 - 433

reestablishing services and minimizing losses

7

Describe to me the database transaction auditing process from the image provided in the book.

12 - 435

clients talk to database server

database server saves its databases files separate from its transaction/audit files

8

we've talked about full backups, incremental backup, and differential backups. there is a new type. tell me about it.

12 - 437

HSM, hierarchical storage management, provides continuous online backup by using optical or tape jukeboxes

9

explain the grandfather, father, son backup plan

12 - 438

grandfather - annual backups
father - monthly backups
son - weekly

10

explain the backup server backup plan

12 - 440

multiple types of servers all save to a backup server which houses the backup files

11

what is a hot site?

12 - 443

also known as an active backup model, it is a location that can provide operations within hours of a failure

12

tell me another name for a warm site/reciprocal site

12 - 444

active/active model

13

what is a cold site?

12 - 444

a facility that isn't immediately ready to use

14

what is an incident?

12 - 445

any attempt to violate a security policy, a successful penetration, a compromise of a system, or any unauthorized access to information. system failures and service disruptions are included.

15

there are certain items that an incident response policy establishes. there are 6 of them. tell me what they are.

12 - 446

notify outside agencies
resources used to deal with an incident
procedures to gather an secure evidence
list of info that should be collected
outside experts who can be used to address issues
policies and guidelines

16

explain to me the five steps of the incident response cycle

12 - 447

you have an incident in the center.

around that, identifying leads to investigation, leads to repairing, leads to adjusting procedures, leads back to identifying

17

if data gets stolen, what are the 3 steps you take to mitigate the damage?

12 - 451

immediately change all passwords
notify the relevant parties
make procedural changes so tha tthe info stolen cannot be used to affect additional breaches

18

you have a response plan and are going to run the drill. you are watching and evaluating people's responses. what 5 things are you looking for?

12 - 452

was the evidence gathered and the chain of custody maintained?
did the escalation procedures follow the correct path?
given the results of the investigation, would you be able to find and prosecute the culprit?
what was done that should not have been done?
what could have been done better?

19

when you are adjusting procedures, what 3 questions should you ask?

12 - 453

how did the policies work or not work in this situation?
what did you learn about the situation that was new?
what should you do differently next time?

20

what is succession planning?

12 - 454

outlines those internal to the organization who have the ability to step into positions when they open

21

when you are doing big data analysis, what three levels of testing will you apply?

12 - 454

document review, walkthrough, simulation

22

SLAs are also known as what?

12 - 456

maintenance contracts

23

what is code escrow?

12 - 457

refers to the storage and condition of a release of source code provided by a vendor

24

3 types of testing for security controls

12 - 459

black box
white box
gray box

25

credentialed scanning has several benefits. name them

12 - 460

not disrupting operations or consuming too many resources
definitive list of missing patches
client side software vulnerabilities are uncovered