Accounting
Anthropology
Archaeology
Art History
Banking
Biology & Life Science
Business
Business Communication
Business Development
Business Ethics
Business Law
Chemistry
Communication
Computer Science
Counseling
Criminal Law
Curriculum & Instruction
Design
Earth Science
Economic
Education
Engineering
Finance
History & Theory
Humanities
Human Resource
International Business
Investments & Securities
Journalism
Law
Management
Marketing
Medicine
Medicine & Health Science
Nursing
Philosophy
Physic
Psychology
Real Estate
Science
Social Science
Sociology
Special Education
Speech
Visual Arts
Media Study
Q:
________ is the act of actually stopping an incident's damage.
A) Disconnection
B) Gapping
C) Containment
D) Termination
Q:
________ is the act of passing an incident to the CSIRT or business continuity team.
A) Transference
B) Escalation
C) Delegation
D) Acceleration
Q:
________ allows a response team to determine an incident's damage potential and to gather information needed to begin containment and recovery.
A) Detection
B) Analysis
C) Both A and B
D) Neither A nor B
Q:
Live tests are ________.
A) more effective than walkthroughs
B) inexpensive
C) Both A and B
D) Neither A nor B
Q:
Walkthroughs are better than live tests because walkthroughs can reveal subtleties that live tests may miss.
Q:
Walkthroughs are ________ table-top exercises.
A) better than
B) just as good as
C) worse than
D) the same thing as
Q:
A walkthrough is also called a ________.
A) table-top exercise
B) live test
C) Both A and B
D) Neither A nor B
Q:
Rehearsals improve ________.
A) accuracy
B) speed
C) Both A and B
D) Neither A nor B
Q:
Incident response is defined as reacting to incidents impromptu.
Q:
Incident response is defined as reacting to incidents according to plan.
Q:
________ of response is critical.
A) Accuracy
B) Speed
C) Both A and B
D) Neither A nor B
Q:
The business continuity team should be headed by ________.
A) a senior business manager
B) the chief information officer
C) the chief security officer
D) None of the above
Q:
________ is concerned with the restarting of the day-to-day revenue generating operations of the firm.
A) Business continuity planning
B) IT disaster recovery
C) Both A and B
D) Neither A nor B
Q:
A CSIRT should not include members from the legal department.
Q:
A CSIRT should include members from the public relations department.
Q:
A major security incident is generally handled by the ________.
A) IT disaster response team
B) business continuity team
C) CSIRT
D) All of the above
Q:
Which of the following is not one of the four security levels of incidents?
A) False alarms
B) Minor incidents
C) Virus epidemics
D) Disasters
Q:
False positives are legitimate activities that are flagged as suspicious.
Q:
Successful attacks are commonly called ________.
A) security incidents
B) countermeasures
C) Both A and B
D) Neither A nor B
Q:
With good planning and protection, a company can eliminate security incidents.
Q:
Wal-Mart was able to respond to hurricane Katrina so quickly because it had ________.
A) detailed business continuity plans
B) a full-time director of business continuity
C) Both A and B
D) Neither A nor B
Q:
Rehearsing IT disaster recovery procedures is essential to improve response speed and accuracy.
Q:
Restoration from backup tapes is one way to move files to the backup site.
Q:
With CDP, the backup site already has the proper equipment, and data and recovery is instantaneous.
Q:
Hot sites ________.
A) are more expensive than CDP
B) Lose less data during a disaster than CDP
C) Both A and B
D) Neither A nor B
Q:
Which of the following is the most effective alternative for disaster recovery backup?
A) Hot sites
B) Cold sites
C) CDP
D) All of the above
Q:
Getting a firm's IT back into operation is ________.
A) IT disaster recovery
B) business continuity recovery
C) response
D) None of the above
Q:
Having a permanent business continuity staff is necessary.
Q:
Which of the following is one of the four steps in business process analysis?
A) Specifying resource needs
B) Prioritizing business processes
C) Both A and B
D) Neither A nor B
Q:
In a crisis, rigid adherence to plans and processes for recovery is critical.
Q:
In a crisis, human cognition ________.
A) is degraded
B) is enhanced
C) Both A and B
D) Neither A nor B
Q:
What protection can a firm provide for people in the event of an emergency?
A) Not allowing people to go into an unsafe environment
B) Accounting for all staff immediately
C) Both A and B
D) Neither A nor B
Q:
________ specify how a company will restore IT functions after a disaster.
A) Business continuity plans
B) IT disaster recovery plans
C) Both A and B
D) Neither A nor B
Q:
________ specify how a company will maintain or restore core business operations after disasters.
A) Business continuity plans
B) IT disaster recovery plans
C) Both A and B
D) Neither A nor B
Q:
Traffic in a honeypot usually indicates an attack.
Q:
A ________ is a fake network segment with multiple clients and servers.
A) trap
B) honeypot
C) IDS
D) virtual network
Q:
When a system runs out of storage space, ________.
A) new events are not saved
B) the IDS will start a new log file
C) Both A and B
D) Neither A nor B
Q:
If an IDS cannot process all of the packets it receives, it will ________ packets it cannot process.
A) drop
B) pass
C) quarantine
D) None of the above
Q:
________ are failures to report true attack activities.
A) False positives
B) False negatives
C) Both A and B
D) Neither A nor B
Q:
In an IDS, ________ means that the IDS should report all attacks events and report as few false alarms as possible.
A) precision
B) event correlation
C) Both A and B
D) Neither A nor B
Q:
The analysis of multi-event patterns is called ________.
A) event correlation
B) aggregation
C) filtering
D) All of the above
Q:
Companies achieve time synchronization for integrated log files by using ________.
A) the Greenwich mean time protocol
B) the Network Time Protocol
C) Both A and B
D) Neither A nor B
Q:
Integrated log files ________.
A) tend to have problems with format incompatibilities
B) tend to have time synchronization problems
C) Both A and B
D) Neither A nor B
Q:
Integrated log files are ________ event logs from multiple IDSs.
A) filtered
B) correlated
C) aggregated
D) All of the above
Q:
Host operating system monitors look at ________.
A) multiple failed logins
B) creating new accounts
C) Both A and B
D) Neither A nor B
Q:
HIDSs ________.
A) provide highly specific information about what happened on a particular host
B) cannot be compromised by hacking the host
C) Both A and B
D) Neither A nor B
Q:
A NIDS can ________.
A) see all packets passing through its position in a network
B) scan encrypted data
C) Both A and B
D) Neither A nor B
Q:
A router can be a NIDS.
Q:
NIDs look at ________.
A) all host traffic in a network
B) all network traffic in a network
C) Both A and B
D) Neither A nor B
Q:
Communication between IDS ________ must be secure.
A) managers and agents
B) vendors and managers
C) Both A and B
D) Neither A nor B
Q:
In ________ transfers, each event's data goes to the manager immediately.
A) batch
B) real-time
C) Both A and B
D) Neither A nor B
Q:
In ________ transfers, the agent waits until it has several minutes or several hours of data and then sends a block of log file data to the manager.
A) batch
B) real-time
C) Both A and B
D) Neither A nor B
Q:
The ________ is responsible for integrating the information from the multiple agents that run on multiple monitoring devices.
A) manager
B) agent
C) Both A and B
D) Neither A nor B
Q:
The ________ collects event data and stores them in log files on the monitoring devices.
A) manager
B) agent
C) Both A and B
D) Neither A nor B
Q:
A ________ IDS sends data from many devices at a central management console.
A) centralized
B) distributed
C) fragmented
D) decentralized
Q:
Interactive log file analysis can filter out irrelevant entries.
Q:
What information should alarms give the security staff?
A) A way to test the alarm for accuracy
B) Advice about what the security administrator should do
C) Both A and B
D) Neither A nor B
Q:
Which type of analysis do IDSs usually do?
A) Attack signature detection
B) Anomaly detection
C) Both A and B
D) Neither A nor B
Q:
An IDS is a ________ control.
A) preventative
B) detective
C) restorative
D) All of the above
Q:
An IDS provides query and reporting tools to help administrators analyze the data interactively during and after an incident.
Q:
Which of the following is a function of IDSs?
A) Strike-back
B) Automated analysis
C) Both A and B
D) Neither A nor B
Q:
False alarms in an IDS are known as ________.
A) false positives
B) false negatives
C) pranks
D) noise
Q:
IDS false alarms cause ________.
A) companies to ignore IDS alerts
B) companies to install multiple IDSs using different methods
C) Both A and B
D) Neither A nor B
Q:
18 U.S.C. 2511 prohibits ________.
A) the interception of electronic messages
B) hacking
C) Both A and B
D) Neither A nor B
Q:
18 U.S.C. 1030 protects ________.
A) all computers
B) "protected computers" such as government computers
C) Both A and B
D) Neither A nor B
Q:
18 U.S.C. 1030 prohibits ________.
A) hacking
B) malware attacks
C) denial-of-service attacks
D) All of the above
Q:
18 U.S.C. 1030 prohibits hacking.
Q:
Only an expert witness is allowed to interpret facts for juries.
Q:
A(n) ________ is a professional who is trained to collect and evaluate computer evidence in ways that are likely to be admissible in court.
A) expert witness
B) computer forensics expert
C) Both A and B
D) Neither A nor B
Q:
Courts will often admit unreliable evidence if judges believe that juries can be trusted to evaluate it properly.
Q:
International laws about cybercrime are fairly uniform.
Q:
Federal jurisdiction typically does not extend to computer crimes that are committed entirely within a state and that do not have a bearing on interstate commerce.
Q:
Precedents can be created by ________.
A) U.S. Circuit Courts of Appeal.
B) U.S. District Courts
C) Both A and B
D) Neither A nor B
Q:
Which of the following is not one of the three levels of U.S. federal courts?
A) U.S. District Courts
B) U.S. Circuit Courts of Appeal
C) U.S. State Courts
D) The U.S. Supreme Court
Q:
A ________ is law dealing with information technology.
A) cyberlaw
B) Title 13
C) Title 17
D) All of the above
Q:
________ are areas of responsibility within which different government bodies can make and enforce laws but beyond which they cannot.
A) Mens rea
B) Jurisdictions
C) Statutes
D) Precedents
Q:
Past judicial precedents constitute ________.
A) case law
B) statutes
C) criminal law
D) All of the above
Q:
If a defendant has already been prosecuted in a criminal trial, he or she cannot later be tried in a civil trial.
Q:
Mens Rea usually is important is ________ trials.
A) civil
B) criminal
C) Both A and B
D) Neither A nor B
Q:
The prosecutor must demonstrate ________ at the time of the action at the center of a criminal trial.
A) reasonable doubt
B) mens rea
C) Both A and B
D) Neither A nor B