The PRIMARY purpose of installing an intrusion detection system (IDS) is to identify: A. weaknesses in network security. B. patterns of suspicious access. C. how an attack was launched on the network. D. potential attacks on the internal network.
Correct Answer: D
Explanation:
Explanation:
The most important function of an intrusion detection system (IDS) is to identify potential attacks on the network. Identifying how the attack was launched is secondary. It is not designed specifically to identify weaknesses in network security or to identify patterns of suspicious logon attempts.
The business continuity policy should contain which of the following? A. Emergency call trees B. Recovery criteria C. Business impact assessment (BIA) D. Critical backups inventory
Correct Answer: B
Explanation:
Explanation:
Recovery criteria, indicating the circumstances under which specific actions are undertaken, should be contained within a business continuity policy. Telephone trees, business impact assessments (BIAs) and listings of critical backup files are too detailed to include in a policy document.
Which of the following is the MOST important element to ensure the successful recovery of a business during a disaster? A. Detailed technical recovery plans are maintained offsite B. Network redundancy is maintained through separate providers C. Hot site equipment needs are recertified on a regular basis D. Appropriate declaration criteria have been established
Correct Answer: A
Explanation:
Explanation:
In a major disaster, staff can be injured or can be prevented from traveling to the hot site, so technical skills and business knowledge can be lost. It is therefore critical to maintain an updated copy of the detailed recovery plan at an offsite location. Continuity of the business requires adequate network redundancy, hot site infrastructure that is certified as compatible and clear criteria for declaring a disaster. Ideally, the business continuity program addresses all of these satisfactorily. However, in a disaster situation, where all these elements are present, but without the detailed technical plan, business recovery will be seriously impaired.
Which of the following should be performed FIRST in the aftermath of a denial-of-service attack? A. Restore servers from backup media stored offsite B. Conduct an assessment to determine system status C. Perform an impact analysis of the outage D. Isolate the screened subnet
Correct Answer: B
Explanation:
Explanation:
An assessment should be conducted to determine whether any permanent damage occurred and the overall system status. It is not necessary at this point to rebuild any servers. An impact analysis of the outage or isolating the demilitarized zone (DMZ) or screen subnet will not provide any immediate benefit.
Which of the following terms and conditions represent a significant deficiency if included in a commercial hot site contract? A. A hot site facility will be shared in multiple disaster declarations B. All equipment is provided "at time of disaster, not on floor" C. The facility is subject to a "first-come, first-served" policy D. Equipment may be substituted with equivalent model
Correct Answer: B
Explanation:
Explanation:
Equipment provided “at time of disaster (ATOD), not on floor” means that the equipment is not available but will be acquired by the commercial hot site provider ON a best effort basis. This leaves the customer at the mercy of the marketplace. If equipment is not immediately available, the recovery will be delayed. Many commercial providers do require sharing facilities in cases where there are multiple simultaneous declarations, and that priority may be established on a first-come, first-served basis. It is also common for the provider to substitute equivalent or better equipment, as they are frequently upgrading and changing equipment.
When a large organization discovers that it is the subject of a network probe, which of the following actions should be taken? A. Reboot the router connecting the DMZ to the firewall B. Power down all servers located on the DMZ segment C. Monitor the probe and isolate the affected segment D. Enable server trace logging on the affected segment
Correct Answer: C
Explanation:
Explanation: In the case of a probe, the situation should be monitored and the affected network segment isolated. Rebooting the router, powering down the demilitarized zone (DMZ) servers and enabling server trace routing are not warranted.
A new e-mail virus that uses an attachment disguised as a picture file is spreading rapidly over the Internet. Which of the following should be performed FIRST in response to this threat? A. Quarantine all picture files stored on file servers B. Block all e-mails containing picture file attachments C. Quarantine all mail servers connected to the Internet D. Block incoming Internet mail, but permit outgoing mail
Correct Answer: B
Explanation:
Explanation:
Until signature files can be updated, incoming e-mail containing picture file attachments should be blocked. Quarantining picture files already stored on file servers is not effective since these files must be intercepted before they are opened. Quarantine of all mail servers or blocking all incoming mail is unnecessary overkill since only those e-mails containing attached picture files are in question.
Which of the following is MOST important when deciding whether to build an alternate facility or subscribe to a third-party hot site? A. Cost to build a redundant processing facility and invocation B. Daily cost of losing critical systems and recovery time objectives (RTOs) C. Infrastructure complexity and system sensitivity D. Criticality results from the business impact analysis (BIA)
Correct Answer: C
Explanation:
Explanation:
The complexity and business sensitivity of the processing infrastructure and operations largely determines the viability of such an option; the concern is whether the recovery site meets the operational and security needs of the organization. The cost to build a redundant facility is not relevant since only a fraction of the total processing capacity is considered critical at the time of the disaster and recurring contract costs would accrue over time. Invocation costs are not a factor because they will be the same regardless. The incremental daily cost of losing different systems and the recovery time objectives (RTOs) do not distinguish whether a commercial facility is chosen. Resulting criticality from the business impact analysis (BIA) will determine the scope and timeline of the recovery efforts, regardless of the recovery location.
Which of the following is MOST important in determining whether a disaster recovery test is successful? A. Only business data files from offsite storage are used B. IT staff fully recovers the processing infrastructure C. Critical business processes are duplicated D. All systems are restored within recovery time objectives (RTOs)
Correct Answer: C
Explanation:
Explanation:
To ensure that a disaster recovery test is successful, it is most important to determine whether all critical business functions were successfully recovered and duplicated. Although ensuring that only materials taken from offsite storage are used in the test is important, this is not as critical in determining a test’s success. While full recovery of the processing infrastructure is a key recovery milestone, it does not ensure the success of a test. Achieving the RTOs is another important milestone, but does not necessarily prove that the critical business functions can be conducted, due to interdependencies with other applications and key elements such as data, staff, manual processes, materials and accessories, etc.
An organization with multiple data centers has designated one of its own facilities as the recovery site. The MOST important concern is the: A. communication line capacity between data centers. B. current processing capacity loads at data centers. C. differences in logical security at each center. D. synchronization of system software release versions.
Correct Answer: B
Explanation:
Explanation:
If data centers are operating at or near capacity, it may prove difficult to recover critical operations at an alternate data center. Although line capacity is important from a mirroring perspective, this is secondary to having the necessary capacity to restore critical systems. By comparison, differences in logical and physical security and synchronization of system software releases are much easier issues to overcome and are, therefore, of less concern.
Please disable your adblocker or whitelist this site!