ITS 4350 - Disaster Recovery

Review for First Test

The following questions are provided to help you study for the first test. Do not expect to see these exact questions on the test.


  1. What is the CIA security triad?

  2. What is the CNSS security model also called? What are the three perspectives it represents?

  3. What are some of the ways we can define an asset's value?

  4. Why may a single loss expectancy be different from an asset's value? How about an annualized loss expectancy?

  5. Explain the differences between these contingency planning documents: BIA, IRP, BCP, and DRP.

  6. Explain the scope and compliance requirement for each of these terms: Guideline, Policy, Procedure, Standard.

  7. When would you use each of these security strategies: transferral, mitigation, acceptance, termination.



  8. How does a BIA establish the most critical functions of an organization? Why might they come out differently if different people create their own BIA?

  9. How can Maximum Tolerable Downtime be different from Recovery Time Objective? Is it reasonable for them to be different?

  10. How is the cost of a recovery system likely to be related to the time it requires to utilize it? What about the cost of a disruption compared to the time it takes to recover your system?



  11. Explain the essential differences between hot, warm, and cold sites with regard to Business Continuity.

  12. Regarding the three external site strategies, what makes the more expensive ones more valuable to an organization?

  13. What are the three classic backup strategies, and how do they work?

  14. What is electronic vaulting? What is an essential difference between it and remote journaling?

  15. To which of the two methods above is Database Shadowing more similar? How is it different?

  16. What are some of the relevant RAID technologies mentioned in the text? They seem to go up in price for each new number. What do you expect to get for your money when you go up to the next level?

  17. Name three products that can be used to run virtual machines. What are some benefits of virtual machines?



  18. What are the three tests a incident must meet to be considered an IT security incident?

  19. When preparing an incident response plan, why did the text show us that it should be done in three ordered stages, being during, after, and before?

  20. What are some trigger events that you would expect to begin a security incident?

  21. What are some of the steps in preparing and testing an incident response plan?



  22. NIST SP 800-61, R1 presents five categories for incidents. The last one is a combination of the others. What are the others?

  23. In which indicator category would you find the following behaviors (possible, probable, or definite)

    • presence or execution of unknown programs or processes

    • unusual consumption of resources

    • reported attacks

    • use of dormant accounts

  24. What is a service? What does a port have to do with a service?

  25. What is port scanning?

  26. What are the three general divisions of port numbers? Do the divisions relate to a port possibly being exploitable?



  27. What does a CSIRT do?

  28. What are some skills that a CSIRT employee should have?

  29. Why do we expect to continue to train CSIRT staff?

  30. How should communication about a new policy or new division in an organization flow to the actual line staff?

  31. What are some of the problems that can be associated with outsourcing CSIRT duties?

  32. What does Dilly Dilly mean, anyway?