Disaster recovery plan (DR plan) Means The documented product. It focuses on
restoring systems. TRUE FALSE. Disaster recovery planning (DRP) Means The actions taken. TRUE FALSE. Incident response plan (IR plan) Means The documented product. It focuses on
immediate response- but if the attack is there. TRUE FALSE. Recovery time objective (RTO) Means An investigation and assessment of the
various adverse events that can affect the organization. The BIA attempts to answer
the question- “How will it affect us?” TRUE FALSE. Business impact analysis (BIA) Means The total amount of time the system owner
or authorizing official is willing to accept for a mission/business process outage or
disruption- including all impact considerations. TRUE FALSE. Maximum tolerable downtime (MTD) Means The point in time prior to a
disruption or system outage to which mission/business process data can be recovered
after an outage (given the most recent backup copy of the data). TRUE FALSE. Recovery point objective (RPO) Means The maximum amount of time that a
system resource can remain unavailable before there is an unacceptable impact on
other system resources- supported mission/business processes- and the MTD. TRUE FALSE. Work recovery time (WRT) Means The amount of effort (expressed as elapsed
time) necessary to make the business function operational after the technology
element is recovered (as identified with RTO). Tasks include testing and validation of
the system. TRUE FALSE. Business Impact Analysis stage2 Means It is important to collect critical
information about each business unit before prioritizing the business units TRUE FALSE. Business Impact Analysis stage1 Means Identify Resource Requirements. Once the
organization has created a prioritized list of its mission and business processes- it
needs to determine which resources would be required to recover those processes
and associated assets. TRUE FALSE. Business Impact Analysis stage3 Means Identify Recovery Priorities for System
Resources To do so- it needs to understand the information assets used by those
processes. TRUE FALSE. Loss of confidentiality Means The process of examining an incident candidate and
determining whether it constitutes an actual incident (both host-based and network-based). TRUE FALSE. Incident classification Means Information or information systems become
unavailable. TRUE FALSE. Loss of availability Means Users report corrupt data files- garbage where data
should be- or data that looks wrong. TRUE FALSE. Loss of integrity Means You are notified of sensitive information leaks or informed
that information you thought was protected has been disclosed TRUE FALSE. Violation of policy Means Organizational policies that address information or
information security have been violated. TRUE FALSE. Violation of law Means The law has been broken- and the organization’s
information assets are involved TRUE FALSE. Alert roster Means A scripted description of the incident that usually contains just
enough information so that each person knows what portion of the IR plan to
implement without slowing down the notification process TRUE FALSE. Alert message Means A document that contains contact information for people to
be notified in the event of an incident. TRUE FALSE. After-action review Means A detailed examination and discussion of the events
that occurred- from first detection to final recovery. TRUE FALSE. Evidence Means The process of collecting- analyzing- and preserving computerrelated
evidence. TRUE FALSE. Software as a Service (SaaS) Means A physical object or documented information
entered into a legal proceeding that proves an action occurred or identifies the intent
of a perpetrator. TRUE FALSE. Computer forensics Means in which applications are provided for a fee but hosted
on third-party systems and accessed over the Internet and the Web. TRUE FALSE. Platform as a Service (PaaS) Means in which development platforms are available
to developers for a fee and are hosted by third parties. TRUE FALSE. Disaster Recovery as a Service (DRaaS) Means which is informally known as
Everything as a Service- provides hardware and operating systems resources to host
whatever the organization wants to implement. Again- the service is hosted by a third
party for a fee. TRUE FALSE. Full backup Means One of the newest options available as a specialized disaster
recovery. TRUE FALSE. Infrastructure as a Service (IaaS) Means The duplication of all files that have
changed or been added since the last full backup. TRUE FALSE. Disk duplexing Means The duplication of all files for an entire system- including all
applications- operating systems components- and data TRUE FALSE. Differential backup Means The duplication of only the files that have been
modified since the previous incremental backup. TRUE FALSE. Disk mirroring L1 Means An approach to disk mirroring in which each drive has its
own controller to provide additional redundancy. TRUE FALSE. Disk striping L0 Means It is where the computer records all data to twin drives
simultaneously- providing a backup if the primary drive fails TRUE FALSE. Incremental backup Means L1- It is where one logical volume is created by storing
data across several available hard drives in segments called stripes TRUE FALSE. Hot swap Means A hard drive feature that allows individual drives to be replaced
without powering down the entire system and without causing a fault during the
replacement. TRUE FALSE. Redundant array of independent disks (RAID) Means A system of drives that stores
information across Multiple units to spread out data and minimize the impact of a
single drive failure. TRUE FALSE. Database shadowing Means provided by mirroring entire servers to provide
redundant capaA level of redundancy city for services. TRUE FALSE. Server fault tolerance Means A facility that provides only rudimentary serviceswith
no computer hardware or peripherals. TRUE FALSE. Cold site Means A backup strategy to store duplicate online transaction data along
with duplicate databases at the remote site on a redundant server. TRUE FALSE. Warm site Means A fully configured computing facility that includes all services communications
links- and physical plant operations. TRUE FALSE. Hot site Means A facility that provides many of the same services and options as a
hot site- but typically without installed and configured software applications TRUE FALSE. Bonus Means Bonus TRUE FALSE. competitive advantage Means That The adoption and implementation of an
innovative business model- method- technique- resource- or technology in order to
outperform the competition. TRUE FALSE. risk assessment Means That A determination of the extent to which an organization’s
information assets are exposed to risk. TRUE FALSE. risk identification Means That The application of controls that reduce the risks to an
organization’s information assets to an acceptable level. TRUE FALSE. risk control Means That The recognition- enumeration- and documentation of risks to
an organization’s information assets. TRUE FALSE. risk management Means That The process of identifying risk- assessing its relative
magnitude- and taking steps to reduce it to an acceptable level. TRUE FALSE. residual risk Means That The risk to information assets that remains even after
current controls have been applied. TRUE FALSE. In Asset Identification - People Means That Position name- number- or ID (avoid using
people’s names and stick to identifying positions- roles- or functions)- supervisor security
clearance level- special skills TRUE FALSE. Procedures Means That Description- intended purpose- relationship to software hardware-
and networking elements- storage location for reference- storage location
for update TRUE FALSE. Name Means That Classification- owner- creator- and manager- size of data structure data
structure used (sequential or relational)- online or offline- location- backup
procedures employed. TRUE FALSE. Data Means That Make sure that the names you choose are meaningful to all the
groups that use the information. You should adopt naming standards that do not
convey information to potential system attackers. TRUE FALSE. IP address Means That This can be a useful identifier for network devices and servers but
it does not usually apply to software. You can- however- use a relational database
to track software instances on specific servers or networking devices. TRUE FALSE. Media access control (MAC) address Means That They are sometimes called
electronic serial numbers or hardware addresses. TRUE FALSE. Element type Means That For hardware- you can develop a list of element types such
as servers- desktops- networking devices- or test equipment. For software
elements- you may develop a list of types that includes operating systems- custom
applications by type (accounting- HR- or payroll- for example)- packaged applications and
specialty applications- such as firewall programs TRUE FALSE. Physical location Means That This information falls under asset inventory- which can
be performed once the identification process is started TRUE FALSE. Threats-vulnerabilities assets(TVA) Means That The logical location is most useful for
networking devices and indicates the logical network where the device is connected. TRUE FALSE. Logical location Means That triples Apairing of an asset with a threat and an
identification of vulnerabilities that exist between the two. TRUE FALSE. Loss Frequency Means That Likelihood ? Attack Success Probability TRUE FALSE. Loss Magnitude Means That Asset Value ? Probable Loss TRUE FALSE. single loss expectancy (SLE) Means That exposure factor (EF) * asset value (AV). TRUE FALSE. attack success probability Means That single loss expectancy (SLE) * annualized rate
of occurrence (ARO) TRUE FALSE. annualized loss expectancy (ALE) Means That The number of successful attacks that
are expected to occur within a specified time period. TRUE FALSE. loss frequency Means That The probability that a specific vulnerability within an
organization will be the target of an attack. TRUE FALSE. Likelihood Means That The calculation of the likelihood of an attack coupled with the
attack frequency to determine the expected number of losses within a specified time
range. TRUE FALSE. transference risk control strategy Means That It attempts to shift risk to other assets other
processes- or other organizations. TRUE FALSE. termination risk control strategy Means That It indicates the organization is willing to
accept the current level of risk. TRUE FALSE. Acceptance Means That It eliminates all risk associated with an information asset by
removing it from service or handling decision points TRUE FALSE. access control Means That The selective method by which systems specify who may
use a particular resource and how they may use it. TRUE FALSE. attribute-based access control (ABAC) Means That Specifications of authorization that
govern the rights and privileges of users to a particular information asset. TRUE FALSE. access control list (ACL) Means That An access control approach whereby the
organization specifies the use of objects based on some attribute of the user or
system. TRUE FALSE. capabilities table Means That In a lattice-based access control- the row of attributes
associated with a particular subject (such as a user). TRUE FALSE. discretionary access controls (DACs) Means That Access controls that are
implemented at the discretion or option of the data user. TRUE FALSE. ? lattice-based access control (LBAC) Means That A variation on the MAC form of
access control- which assigns users a matrix of authorizations for particular areas of
access- incorporating the information assets of subjects such as users and objects TRUE FALSE. mandatory access control (MAC) Means That A required- structured data
classification scheme that rates each collection of information as well as each user. TRUE FALSE. nondiscretionary access controls (NDACs) Means That They are implemented by a
central authority. TRUE FALSE. role-based access control (RBAC) Means That An example of a nondiscretionary
control where privileges are tied to the role a user performs in an organization- and
are inherited when a user is assigned to that role. TRUE FALSE. task-based access control (TBAC) Means That An example of a nondiscretionary
control where privileges are tied to a task a user performs in an organization and are
inherited when a user is assigned to that task. TRUE FALSE. accountability Means That An integration of access control lists (focusing on assets)
and capabilities tables (focusing on users) that results in a matrixwith organizational
assets listed in the column headings and users listed in the row headings TRUE FALSE. access control matrix Means That The access control mechanism that ensures all
actions on a system—authorized or unauthorized—can be attributed to
anauthenticated identity. Also known as auditability. TRUE FALSE. authentication Means That The access control mechanism that requires the
validation and verification of an unauthenticated entity’s purported identity TRUE FALSE. authorization Means That The access control mechanism that represents the
matching of an authenticated entity to a list of information assets and corresponding
access levels. TRUE FALSE. Access control Means That It is the method by which systems determine whether and
how to admit a user into a trusted area of the organization—that is-information
systems- restricted areas such as computer rooms- and the entire physical location TRUE FALSE. identification Means That An authentication card that contains digital user data- such
as a personal identification number (PIN)- against which user input is compared. TRUE FALSE. dumb card Means That The access control mechanism whereby unverified or
unauthenticated entities who seek access to a resource provide a label by which they
are known to the system. TRUE FALSE. passphrase Means That A plain-language phrase- typically longer than a password from
which a virtual password is derived TRUE FALSE. password Means That A secret word or combination of characters that only the user
should know- a password is used to authenticate the user. TRUE FALSE. biometric access control Means That An authentication component similar to a dumb
card that contains a computer chip to verify and validate several pieces of information
instead of just a PIN. TRUE FALSE. smart card Means That The use of physiological characteristics to provide
authentication for a provided identification TRUE FALSE. minutiae Means That In biometric access controls- unique points of reference that
are digitized and stored in an encrypted format when the user’s system access
credentials are created TRUE FALSE. address restrictions Means That Firewall rules designed to prohibit packets with
certain addresses or partial addresses from passing through the device. TRUE FALSE. dynamic packet-filtering firewall Means That A firewall type that can react to network
traffic and create or modify configuration rules to adapt TRUE FALSE. firewall Means That In information security- a combination of hardware and software
that filters or prevents specific information from moving between the outside network
and the inside network. TRUE FALSE. application layer proxy firewall Means That A device capable of functioning both as a
firewall and an application layer proxy server. TRUE FALSE. demilitarized zone (DMZ) Means That An intermediate area between two networks
designed to provide servers and firewall filtering between a trusted internal network
and the outside- untrusted network. TRUE FALSE. proxy server Means That A server that exists to intercept requests for information
from external users and provide the requested information by retrieving it from an
internal server- thus protecting and minimizing the demand on internal servers. Some
proxy servers are also cache servers TRUE FALSE. content filter Means That A software program or hardware/software appliance that
allows administrators to restrict content that comes into or leaves a network—for
example- restricting user access to Web sites from material that is not related to
business- such as pornography or entertainment TRUE FALSE. data loss prevention Means That A strategy to gain assurance that the users of a
network do not send high value information or other critical information outside the
network. TRUE FALSE. virtual private network (VPN) Means That A private- secure network operated over a
public and insecure network TRUE FALSE. In authentication factors - Something You Know Means That This factor of
authentication relies on what the unverified user or system knows and can recall—for
example- a assword- passphrase- or other unique authentication code- such as a
personal identification number (PIN). TRUE FALSE. In authentication factors - Something You Have Means That This authentication
factor relies on something an unverified user or system has and can produce when
necessary. TRUE FALSE. In authentication factors - Something You Are or Can Produce Means That This relies
on individual characteristics- such as fingerprints- palm or prints TRUE FALSE. intrusion Means That An adverse event in which an attacker attempts to gain entry
into an information system or disrupt its normal operations- almost always with the
intent to do harm. TRUE FALSE. intrusion detection and prevention system (IDPS) Means That The general term for a
system that can both detect and modify its configuration and environment to prevent TRUE FALSE. IDPS response technique Means That A system capable of automatically detecting an
intrusion into an organization’s networks or host systems and notifying a designated
authority. TRUE FALSE. intrusion detection system (IDS) Means That Terminating- Blocking- and Blocking all
access TRUE FALSE. Alarm filtering Means That A process of grouping almost identical alarms that occur
nearly at the same time into a single higher-level alarm TRUE FALSE. Alarm clustering and compaction Means That The process of classifying IDPS alerts so
they can be more effectively managed. TRUE FALSE. Confidence value Means That The measure of an IDPS’s ability to correctly detect and
identify certain types of attacks which is based on fuzzy logic. TRUE FALSE. False attack stimulus Means That The process by which attackers change the format
and/or timing of their activities to avoid being detected by an IDPS. TRUE FALSE. Evasion Means That An event that triggers an alarm when no actual attack is in
progress. Scenarios that test the configuration of IDPSs may use false attack stimuli to
determine if the IDPSs can distinguish between these stimuli and real attacks. TRUE FALSE. False negative Means That The failure of an IDPS to react to an actual attack event TRUE FALSE. False positive Means That An alert or alarm that occurs in the absence of an actual
attack. TRUE FALSE. Tuning Means That The process of adjusting an IDPS to maximize its efficiency in
detecting true positives while minimizing false positives and false negatives. TRUE FALSE. Noise Means That Alarm events that are accurate and noteworthy but do not pose
significant threats to information security TRUE FALSE. Site policy Means That The rules and configuration guidelines governing the
implementation and operation of IDPSs within the organization TRUE FALSE. Data Collection Means That In the process of analyzing data and network activity-
IDPSs can be configured to log data for later analysis TRUE FALSE. Attack Deterrence Means That Another reason to install an IDPS is that it serves as a
deterrent by increasing the fear of detection among would be attackers TRUE FALSE. application protocol verification Means That The process of examining and verifying
the higher-order protocols (HTTP- FTP- and Telnet) in network traffic for unexpected
packet behavior or improper use TRUE FALSE. host-based IDPS (HIDPS) Means That An IDPS that resides on a particular computer or
server- known as the host- and monitors activity only on that system TRUE FALSE. monitoring port Means That Also known as a switched port analysis (SPAN) port or
mirror port- a specially configured connection on a network device that can view all
the traffic that moves through the device. TRUE FALSE. protocol stack verification Means That The process of examining and verifying
network traffic for invalid data packets—that is- packets that are malformed under the
rules of the TCP/IP protocol. TRUE FALSE. sensor Means That A hardware and/or software component deployed on a remote
computer or network segment and designed to monitor network or system traffic for
suspicious activities and report back to the host application. TRUE FALSE. Intrusion detection and prevention typically includes Means That Source IP addresses
- Source and destination TCP - Number of packets and bytes transmitted in the session -
Starting and ending timestamps for the session TRUE FALSE. anomaly-based detection Means That Also known as behavior-based detection- an
IDPS detection method that compares current data and traffic patterns to an
established baseline of normalcy TRUE FALSE. clipping level Means That A predefined assessment level that triggers a
predetermined response when surpassed TRUE FALSE. signature-based detection Means That Also known as knowledge-based detection or
misuse detection- the examination of system or network data in search of patterns
that match known attack signatures TRUE FALSE. stateful protocol analysis (SPA) Means That The comparison of vendor-supplied
profiles of protocol use and behavior against observed data and network patterns in
an effort to detect misuse and attacks TRUE FALSE. log file monitor (LFM) Means That An attack detection method that reviews the log
files generated by computer systems- looking for patterns and signatures that may
indicate an attack or intrusion is in process or has already occurred TRUE FALSE. security information and event management (SIEM) Means That A software-enabled
approach to aggregating- filtering- and managing the reaction to events- many of
which are collected by logging activities of IDPSs and network management devices. TRUE FALSE. honeynet Means That A monitored network or network segment that contains
multiple honeypot systems. TRUE FALSE. honeypot Means That An application that entices people who are illegally perusing
the internal areas of a network by providing simulated rich content while the software
notifies the administrator of the intrusion TRUE FALSE. padded cell system Means That A protected honeypot that cannot be easily
compromised. TRUE FALSE. back hack Means That The process of illegally attempting to determine the source of
an intrusion by tracing it and trying to gain access to the originating system TRUE FALSE. enticement Means That The act of attracting attention to a system by placing
tantalizing information in key locations TRUE FALSE. pen register Means That The act of luring a person into committing a crime in order
to get a conviction. TRUE FALSE. entrapment Means That An application that records information about outbound
communications TRUE FALSE. attack protocol Means That An application that combines the function of honeypots
or honeynets with the capability to track the attacker back through the network TRUE FALSE. trap-and-trace application Means That A logical sequence of steps or processes used
by anattacker to launch an attack against a target system or network TRUE FALSE. fingerprinting Means That The systematic survey of a targeted organization’s Internet
addresses collected during the footprinting phase to identify the network services
offered by the hosts in that range TRUE FALSE. footprinting Means That The organized research and investigation of Internet
addresses owned or controlled by a target organization. TRUE FALSE. port scanners Means That It used both by attackers and defenders to identify
fingerprint active computers on a network- the active ports and serviceson those
computers- the functions and roles of the machines- and other useful information TRUE FALSE.