CIS 359 Week 11 Final Exam - Strayer University; Latest complete solution, already Graded A.

Document Content and Description Below

CIS 359 Week 11 Final Exam A continuously changing process presents challenges in acquisition, as there is not a fixed state that can be collected, hashed, and so forth. This has given rise to the co... ncept of ____ forensics which captures a point-in-time picture of a process. ____ is used both for intrusion analysis and as part of evidence collection and analysis. In evidence handling, specifically designed ____ are helpful because they are very difficult to remove without breaking. A search is constitutional if it does not violate a person’s reasonable or legitimate____. The forensic tool ____ does extensive pre-processing of evidence items that recovers deleted files and extracts e-mail messages. Most digital forensic teams have a prepacked field kit, also known as a(n) ____. The ____ handles computer crimes that are categorized as felonies. Forensic investigators use ____ copying when making a forensic image of a device, which reads a sector (or block; 512 bytes on most devices) from the source drive and writes it to the target drive; this process continues until all sectors on the suspect drive have been copied. 1. Grounds for challenging the results of a digital investigation can come from possible ____—that is, alleging that the relevant evidence came from somewhere else or was somehow tainted in the collection process. 2. The U.S. Department of Homeland Security’s Federal Emergency Management Association has developed a support Web site at ____ that includes a suite of tools to guide the development of disaster recovery/business continuity plans. 3. Identifying measures, called ____, that reduce the effects of system disruptions can reduce continuity life-cycle costs. 4. Two dominantly recognized professional institutions certifying business continuity professionals agree on the ____ as the basis for certification. 5. Unless an organization has contracted for a ____ or equivalent, office equipment such as desktop computers are not provided at BC alternate site. 6. ____ planning represents the final response of the organization when faced with any interruption of its critical operations. 7. A BC subteam called the ____ is responsible for establishing the core business functions needed to sustain critical business operations. 8. One activity that occurs during the clearing phase of a BC implementation is scheduling a move back to the primary site. 9. In the ____ phase of the BC plan, the organization specifies what type of relocation services are desired and what type of data management strategies are deployed to support relocation. 10. ____ occur over time and slowly deteriorate the organization’s capacity to withstand their effects. 11. Contingency strategies for ____ should emphasize the need for absolutely reliable data backup and recovery procedures because they have less inherent redundancy than a distributed architecture. 12. ____ may be caused by earthquakes, floods, storm winds, tornadoes, or mud flows. 13. ____ disasters include acts of terrorism and acts of war. 14. Once the incident has been contained, and all signs of the incident removed, the ____ phase begins. 15. A ____ is a description of the disasters that may befall an organization, along with information on their probability of occurrence, a brief description of the organization’s actions to prepare for that disaster, and the best case, worst case, and most likely case outcomes of the disaster. 16. ____ are highly probable when infected machines are brought back online or when other infected computers that may have been offline at the time of the attack are brought back up. 17. The part of a disaster recovery policy that identifies the organizational units and groups of employees to which the policy applies is called the ____ section. 18. ____ is the set of actions taken by an organization in response to an emergency situation in an effort to minimize injury or loss of life. 19. In contrast to emergency response that focuses on the immediate safety of those affected, ____ addresses the services needed to get the organization and its stakeholders back to original levels of productivity or satisfaction. 20. ____ is the movement of employees from one position to another so they can develop additional skills and abilities. 21. A(n) ____ is the list of officials ranging from an individual’s immediate supervisor through the top executive of the organization. 22. A(n) ____ is created to enable management to gain and maintain control of ongoing emergency situations, to provide oversight and control to designated first responders, and to marshal IR, DR, and DC plans and resources as needed. 23. Organizations typically respond to a crisis by focusing on technical issues and economic priorities, and overlook the steps needed to preserve the most critical assets of the organization: its people. 24. ____ are those actions taken in order to manage the immediate physical, health, and environmental impacts resulting from an incident. 25. ____ refers to those actions taken to meet the psychological and emotional needs of various stakeholders. 26. According to the 2010/2011 Computer Crime and Security Survey, ____ is “the most commonly seen attack, with 67.1 percent of respondents reporting it.” 27. When an alert warns of new malicious code that targets software used by an organization, the first response should be to research the new virus to determine whether it is ____. 28. In a “block” containment strategy, in which the attacker’s path into the environment is disrupted, you should use the most precise strategy possible, starting with ____. 29. If a user receives a message whose tone and terminology seems intended to invoke a panic or sense of urgency, it may be a(n) ____. 30. Many malware attacks are ____ attacks, which involve more than one type of malware and/or more than one type of transmission method. 31. A ____ is a small quantity of data kept by a Web site as a means of recording that a system has visited that Web site. 32. A(n) ____ attack is a method of combining attacks with rootkits and back doors. 33. According to NIST, which of the following is an example of a UA attack? 34. Which of the following is the most suitable as a response strategy for malware outbreaks? 35. The ____ team is responsible for working with suppliers and vendors to replace damaged or destroyed equipment or services, as determined by the other teams. 36. The ____ team is responsible for the recovery of information and the reestablishment of operations in storage area networks or network attached storage. 37. The ____ system is an information system with a telephony interface that can be used to automate the alert process. 38. ____ is the inclusion of action steps to minimize the damage associated with the disaster on the operations of the organization. 39. The ____ team is primarily responsible for data restoration and recovery. 40. The ____ is the phase associated with implementing the initial reaction to a disaster; it is focused on controlling or stabilizing the situation, if that is possible. 41. The ____ team is responsible for recovering and reestablishing operating systems (OSs). 42. During the ____ phase, the organization begins the recovery of the most time-critical business functions - those necessary to reestablish business operations and prevent further economic and image loss to the organization. [Show More]

Last updated: 1 year ago

Preview 1 out of 12 pages