cyber security 14
A forensic investigator at a crime lab is performing a forensic analysis of a hard drive that was brought in by state troopers. They make a mistake by using the wrong coer forensic tool during their forensics examination. What
should the investigator do?
Document the mistake and workaround the problem
When data is collected for a forensic investigation, what order should be followed?
Order of volatility
Along with the forensic investigation effort, the man hours and expense should not be tracked since the costs are always justified regardless, of the actual amount involved
(true or false)
False
For what purpose would it be desired to capture the system image?
So memory analysis can be performed later
The forensic investigator at a crime lab will be performing a forensic analysis of a hard drive that was brought in by state troopers. What should be done before performing the analysis?
Capture a system image
What will be the available drive space in a RAID 5
configured system with 3
250GB hard drives?
500 GB
Which RAID types would use a minimum of four hard drives? (Choose all that apply).
all are correct 51 10 6
What are some common symptoms of RAID array failures? (Choose all that apply.)
-OS not found
-Drive not recognized
-Failure to boot
You have been asked to implement a backup strategy for your organization.
The solution would provide real-time immediate data recovery in the event of system failure. Select the appropriate solution.
CDP
When reviewing the local copy of a file that has been backed up, you notice that the archive bit has not reset. What does that indicate?
Full backup
The minimum recommended backup strategy is 3-2-1. Including the original data how many copies will exist when this strategy is completely implemented?
4
You are reviewing backup solutions.
Which choice summarizes the process of creating a series of data reference markers at a specific time?
CDP
While evaluating network solutions for mission-essential functions you see a provider claiming a yearly downtime of 31.5 seconds. Which choice would be used to classify uptime?
99.9999
To ensure business continuity it is important to maintain consistent reliable electrical power. Which choice represents the LEAST expensive solution for power interruptions?
Offline UPS
When you are configuring a UPS you want to have it respond as quickly as practical. Of the choices shown which UPS type provides the cleanest most consistent power?
Online UPS
Select one of the choices to complete this statement. One of the limitations of a UPS is the amount of what?
it can provide
power to the system.
Time
Which solution to the limitations of a UPS is best described as a universally accessible repository for backups and disaster recovery?
Hot sites
Which of the choices provides the best option in terms of accessibility and recovery?
Online VMs
Dilma has been tasked with
creating a list of potential employees to serve in an upcoming tabletop exercise.
Which employees will be on her list?
Individuals on a decision-making level
Which of the following can a
UPS NOT perform?
Prevent certain applications from launching that will consume too much power
Which of these is an example
of a nested RAID?
Level 0+1
Which type of site is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running?
Hot site
Raul has been asked to help develop an outline of procedures to be followed in the event of a major IT incident or an incident that directly impacts IT. What type of planning is this?
IT contingency planning
Which level of RAID uses disk mirroring and is
considered fault-tolerant?
Level l
A (n) what ? is always running
off its battery while the main power runs the battery charger.
on-line UPS
Which of the following is
NOT required for a fire to occur?
A spark to start the process
Which of the following is
NOT a category of fire suppression systems?
Wet chemical system
Margaux has been asked to
work on the report that will analyze the exercise results with the purpose of identifying strengths to be maintained and weaknesses to be addressed for
improvement. What report will she be working on?
After-action report
Which question is NOT a
basic question to be asked regarding creating a data backup?
How long will it take to finish the backup?
What does an incremental backup do?
Copies all files changed since the last full or incremental backup
Which of these is NOT a characteristic of a disaster recovery plan (DRP)?
It is a private document used only by top-level administrators for planning.
The chain of
what ? documents
that the evidence was under strict control at all times and no unauthorized person was given the opportunity to corrupt the evidence.
custody (chain of custody)
What is the average amount of time that it will take a device to recover from a
failure that is not a terminal failure?
MTTR
When an unauthorized event occurs, what is the first duty of the cyber-incident
response team?
To secure the crime scene
What is the amount of time added to or subtracted from
Coordinated Universal Time to determine local time?
Time offset
An electrical fire like that which would be found in a computer data center is known as what type of fire?
Class C
What does the abbreviation
RAID represent?
Redundant Array of Independent
Drives
what is your goal for the maximum amount of data the organization can tolerate losing called?
RPO