ITS 4350 - Disaster Recovery
Review for First Test
The following questions are provided to help you study for the first
test. Do not expect to see these exact questions on the test.
- What is the CIA security triad?
- What is the CNSS security model also called? What are the three perspectives
- What are some of the ways we can define an asset's value?
- Why may a single loss expectancy be different from an asset's value?
How about an annualized loss expectancy?
- Explain the differences between these contingency planning documents:
BIA, IRP, BCP, and DRP.
- Explain the scope and compliance requirement for each of these terms:
Guideline, Policy, Procedure, Standard.
- When would you use each of these security strategies: transferral,
mitigation, acceptance, termination.
- How does a BIA establish the most critical functions of an organization?
Why might they come out differently if different people create their
- How can Maximum Tolerable Downtime be different from Recovery Time
Objective? Is it reasonable for them to be different?
- How is the cost of a recovery system likely to be related to the
time it requires to utilize it? What about the cost of a disruption
compared to the time it takes to recover your system?
- Explain the essential differences between hot, warm, and cold sites
with regard to Business Continuity.
- Regarding the three external site strategies, what makes the more
expensive ones more valuable to an organization?
- What are the three classic backup strategies, and how do they work?
- What is electronic vaulting? What is an essential difference between
it and remote journaling?
- To which of the two methods above is Database Shadowing more similar?
How is it different?
- What are some of the relevant RAID technologies mentioned in the
text? They seem to go up in price for each new number. What do you expect
to get for your money when you go up to the next level?
- Name three products that can be used to run virtual machines. What
are some benefits of virtual machines?
- What are the three tests a incident must meet to be considered an
IT security incident?
- When preparing an incident response plan, why did the text show us
that it should be done in three ordered stages, being during, after,
- What are some trigger events that you would expect to begin a security
- What are some of the steps in preparing and testing an incident response
- NIST SP 800-61, R1 presents five categories for incidents. The last
one is a combination of the others. What are the others?
- In which indicator category would you find the following behaviors
(possible, probable, or definite)
- presence or execution of unknown programs or processes
- unusual consumption of resources
- reported attacks
- use of dormant accounts
- What is a service? What does a port have to do with a service?
- What is port scanning?
- What are the three general divisions of port numbers? Do the divisions
relate to a port possibly being exploitable?
- What does a CSIRT do?
- What are some skills that a CSIRT employee should have?
- Why do we expect to continue to train CSIRT staff?
- How should communication about a new policy or new division in an
organization flow to the actual line staff?
- What are some of the problems that can be associated with outsourcing
- What does Dilly Dilly mean, anyway?