e-forense - Análise Forense Computacional, Hacking, Segurança & Código

Sexta parte do question dump para o CISSP

Bom antes do exame convém sempre, para além da frequência do curso, ter alguma literatura:

- https://umeshume.files.wordpress.com/2013/03/mcgraw-hill-osborne-media-cissp-all-in-one-exam-guide-6th-edition-2012.pdf

Dar uma vista atenta a este link: http://opensecuritytraining.info/CISSP-Main.HTML

---

Question:
Which of the following statements is false?

A.A disaster recovery team’s primary task is to restore critical business functions at the alternate backup processing site.
B.A disaster salvage team’s task is to ensure that the primary site returns to normal processing conditions.
C.The disaster recovery plan should include how the company will return from the alternate site to the primary site.
D.When returning to the primary site, the most critical applications should be brought back first.

Answer:
D.When returning to the primary site, the most critical applications should be brought back first.

Explanation:
When the primary site is ready to receive operations again, less critical systems should be brought back first to ensure that everything is running smoothly before returning critical systems, which are already operating normally at the recovery site.

Question:
The least expensive and most difficult to test computer recovery site is a:

A.Non-mobile hot site
B.Mobile hot site
C.Warm site
D.Cold site

Answer:
D.Cold site

Explanation:
The cold site’s lack of equipment reduces its annual cost, but complicates testing or recovery because the equipment must be obtained, shipped, and installed at the site prior to use.

Question:
_______________ includes activities to test and validate system capability and functionality and outlines actions that can be taken to return the system to normal operating condition and prepare the system against future outages.

A.Activation
B.Recovery
C.Reconstitution
D.Validation

Answer:
C.Reconstitution

Explanation:
The Activation/Notification Phase describes the process of activating the plan based on outage impacts and notifying recovery personnel. The Recovery Phase details a suggested course of action for recovery teams to restore system operations at an alternate site or using contingency capabilities. The final phase, Reconstitution, includes activities to test and validate system capability and functionality and outlines actions that can be taken to return the system to normal operating condition and prepare the system against future outages.

Question:
What is a main advantage of using hot sites?

A.Costs are relatively low.
B.They can be used for an extended amount of time.
C.They do not require that equipment and systems software be compatible with the primary installation being backed up.
D.They can be made ready for operation quickly.

Answer:
D.They can be made ready for operation quickly.

Explanation:
The main advantage of hot sites is that they can normally be made ready for operation within hours.

Question:
A business continuity plan is an example of a __________ control.

A.Corrective
B.Detective
C.Preventive
D.Collective

Answer:
A.Corrective

Explanation:
Business continuity plans are designed to minimize the damage inflicted by an event and to facilitate restoration of the organization to its full operational capacity.

Question:
Business continuity plans are required for:

A.All areas of the enterprise
B.Financial resources and information processing
C.Operating areas of the enterprise
D.Marketing, finance, and information processing

Answer:
A.All areas of the enterprise

Explanation:
Business continuity plans are required for all parts of an enterprise.

Question:
In disaster recovery planning, what is the recovery point objective?

A.The point to which application data must be recovered to resume business operations
B.The maximum elapsed time required to complete recovery of application data
C.The point to which application data must be recovered to resume system operations
D.The point to which information system must be operational at an alternate site

Answer:
C.The point to which application data must be recovered to resume system operations

Explanation:
The Recovery Point Objective (RPO) is the point in time to which you must recover data as defined by your organization. This is generally a definition of what an organization determines is an "acceptable loss" in a disaster situation. If the RPO of a company is 2 hours and the time it takes to get the data back into production is 5 hours, the RPO is still 2 hours. Based on this RPO the data must be restored to within 2 hours of the disaster.

Question:
In contingency planning, the first step is:

A.Perform a hardware backup
B.Perform a data backup
C.Perform an operating systems software backup
D.Perform an application software backup

Answer:
B.Perform a data backup

Explanation:
A data backup is the first step in contingency planning. Without data, there is nothing to process.

Question:
The most devastating business interruptions are the result of loss of:

A.Hardware/software
B.Data
C.Communication links
D.Applications

Answer:
B.Data

Explanation:
Loss of data can cause the most damage to an enterprise in the short and long run.

Question:
The Information Systems Contingency Plan does not include which of the following?

A.Information on system recovery
B.Information on roles and responsibilities
C.Assessment results
D.Testing procedures

Answer:
C.Assessment results

Explanation:
The Information Systems Contingency Plan provides key information needed for system recovery, including roles and responsibilities, inventory information, assessment procedures, detailed recovery procedures, and testing of a system.

---

Parte 1: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems.html
Parte 2: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_1.HTML
Parte 3: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_2.HTML
Parte 4: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_5.html
Parte 5: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_8.html

Quinta parte do question dump para o CISSP

Bom antes do exame convém sempre, para além da frequência do curso, ter alguma literatura:

- https://umeshume.files.wordpress.com/2013/03/mcgraw-hill-osborne-media-cissp-all-in-one-exam-guide-6th-edition-2012.pdf

Dar uma vista atenta a este link: http://opensecuritytraining.info/CISSP-Main.HTML

---

Question:
Business continuity plans address all of the following except:

A.Critical servers used on the company's LAN
B.The most critical devices housed in the main data center
C.Individual workstations that are used by operations personnel
D.The protection of cold sites at a remote location

Answer:
D.The protection of cold sites at a remote location

Explanation:
A BCP does not address the protection of cold sites at remote location.

Question:
Organizations should not view disaster recovery as:

A.A committed expense
B.A discretionary expense
C.An enforcement of legal statues
D.Compliance with regulations

Answer:
B.A discretionary expense

Explanation:
Businesses need to treat disaster recovery planning as a committed expense, much like insurance is a requirement. In many sectors, disaster recovery is a legal requirement.

Question:
Which of the following best describes a continuity of operations plan?

A.Establishes senior management and a headquarters after a disaster. Outlines roles and authorities, orders of succession, and individual role tasks.
B.Plan for systems, networks, and major applications recovery procedures after disruptions. A contingency plan should be developed for each major system and application.
C.Includes internal and external communications structure and roles. Identifies specific individuals who will communicate with external entities. Contains predeveloped statements that are to be released.
D.Focuses on malware, hackers, intrusions, attacks, and other security issues. Outlines procedures for incident response.

Answer:
A.Establishes senior management and a headquarters after a disaster. Outlines roles and authorities, orders of succession, and individual role tasks.

Explanation:
The continuity of operations plan establishes senior management and a headquarters after a disaster. It outlines roles and authorities, orders of succession, and individual role tasks.

Question:
Which of the following best describes a parallel test?

A.A scenario is established and individuals are gathered to go through each step of the plan.
B.Copies of the plan are handed out to representatives from each functional area.
C.Some systems are moved to the alternate site and installed to test processing procedures and compatibility.
D.Management gathers and goes through a structured walk-through test.

Answer:
C.Some systems are moved to the alternate site and installed to test processing procedures and compatibility.

Explanation:
When a parallel test is performed, the critical systems are taken to the site where they would need to perform in an actual disaster.

Question:
Which of the following is not a purpose to develop and implement a disaster recovery plan?

A.Provides procedures for emergency responses
B.Extends backup operations to include more than just backing up data
C.Provides steps for a post-disaster recovery
D.Outlines business functions and systems

Answer:
D.Outlines business functions and systems

Explanation:
The disaster recovery plan does not outline business functions and systems. Those are handled in the business impact analysis.

Question:
A reciprocal agreement is best described how?

A.A site that has some computers and environmental controls
B.A site that has fully redundant systems, software, and configurations
C.A site that is in use by another company already
D.An agreement that is enforceable

Answer:
C.A site that is in use by another company already

Explanation:
A reciprocal agreement is when one company promises another company that it can move in if a disaster hits. This agreement is not enforceable.

Question:
A business impact analysis (BIA) does not typically include:

A.Identifying the type and quantity of resources required for the recovery
B.Identifying critical business processes and the dependencies between them
C.Identifying organizational risks
D.Developing a mission statement

Answer:
D.Developing a mission statement

Explanation:
The development of a mission statement is normally performed before the BIA.

Question:
An off-site information processing facility:

A.Should have the same degree of physical access restrictions as the primary processing site
B.Should be located close to the originating site so that it can quickly be made operational
C.Should be easily identified from the outside for easy emergency access
D.Need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive

Answer:
A.Should have the same degree of physical access restrictions as the primary processing site

Explanation:
An off-site information processing facility should have the same amount of physical control as the originating site.

Question:
Out of the following steps in the development of a disaster recovery plan, which is the second step?

A.Develop an information system contingency plan
B.Create contingency strategies
C.Conduct the business impact analysis (BIA)
D.Ensure plan testing, training, and exercises

Answer:
C.Conduct the business impact analysis (BIA)

Explanation:
The seven progressive steps are designed to be integrated into each stage of the system development life cycle.
- Develop the contingency planning policy statement. A formal policy provides the authority and guidance necessary to develop an effective contingency plan.
- Conduct the business impact analysis (BIA). The BIA helps identify and prioritize information systems and components critical to supporting the organization's mission/business functions. A template for developing the BIA is provided to assist the user.
- Identify preventive controls. Measures taken to reduce the effects of system disruptions can increase system availability and reduce contingency life cycle costs.
- Create contingency strategies. Thorough recovery strategies ensure that the system may be recovered quickly and effectively following a disruption.
- Develop an information system contingency plan. The contingency plan should contain detailed guidance and procedures for restoring a damaged system unique to the system's security impact level and recovery requirements.
- Ensure plan testing, training, and exercises. Testing validates recovery capabilities, whereas training prepares recovery personnel for plan activation and exercising the plan identifies planning gaps; combined, the activities improve plan effectiveness and overall organization preparedness.
- Ensure plan maintenance. The plan should be a living document that is updated regularly.

Question:
An organization wants to gain a common understanding of functions that are critical to its survival. Which of the following will help the most?

A.Risk assessment
B.Business assessment
C.Disaster recovery plan
D.Business impact analysis

Answer:
D.Business impact analysis

Explanation:
A business impact analysis (BIA) is an assessment of an organization’s business functions to develop an understanding of their criticality, recovery time objectives, and resources needed.

---

Parte 1: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems.html
Parte 2: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_1.HTML
Parte 3: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_2.HTML
Parte 4: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_5.html
Parte 6: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_9.html

Quarta parte do question dump para o CISSP

Bom antes do exame convém sempre, para além da frequência do curso, ter alguma literatura:

- https://umeshume.files.wordpress.com/2013/03/mcgraw-hill-osborne-media-cissp-all-in-one-exam-guide-6th-edition-2012.pdf

Dar uma vista atenta a este link: http://opensecuritytraining.info/CISSP-Main.HTML

---

Question:
Which is not a task for senior management in disaster recovery?

A.Approve of final plans
B.Oversee budget
C.Drive all phases of plan
D.Implement the plans themselves

Answer:
D.Implement the plans themselves

Explanation:
Senior management should support all functions of disaster recovery and business continuity, and they should oversee the progress of developing, implementing, and testing the plans. They should also ensure that the proper resources and budget are available. But they are not usually the ones who actually implement the plans.

Question:
Which of the following issues is least important when quantifying risks associated with a potential disaster?

A.Gathering information from agencies that report the probability of certain natural disasters taking place in that area
B.Identifying the company’s key functions and business requirements
C.Identifying critical systems that support the company’s operations
D.Estimating the potential loss and impact the company would face based on how long the outage lasts

Answer:
A.Gathering information from agencies that report the probability of certain natural disasters taking place in that área

Explanation:
Information gathered from agencies that report the probability of certain natural disasters taking place in that area would be the least important out of this list.

Question:
Which of the following is the fourth step in a business impact analysis?

A.Identify the company's critical business functions.
B.Calculate how long these functions can survive without these resources.
C.Identify the resources these functions depend upon.
D.Calculate the risk for each different business function.

Answer:
B.Calculate how long these functions can survive without these resources.

Explanation:
The detailed steps of carrying out a business impact analysis are shown below:
. Select individuals to interview for data gathering.
. Create data-gathering techniques (surveys, questionnaires, qualitative and quantitative approaches).
. Identify the company's critical business functions.
. Identify the resources these functions depend upon.
. Calculate how long these functions can survive without these resources.
. Identify vulnerabilities and threats to these functions.
. Calculate the risk for each different business function.
. Document findings and report them to management.

Question:
Which of the following statements is true of a full-scale BCP?

A.It is a long-term project.
B.It is a short-term project.
C.It is a single entity venture.
D.BCP guarantees no service interruption.

Answer:
A.It is a long-term project.

Explanation:
A BCP plan is a long-term project and must have support from upper management. It could take a year or more for a small to medium-size business before the plan is implemented and fully tested.

Question:
A hot site offers ___ recovery with ____ costs.

A.Instant, high
B.Moderate, high
C.Instant, low
D.Moderate, low

Answer:
A.Instant, high

Explanation:
A hot site has all of the equipment in place and can allow fast recovery. However it is also the most expensive solution.

Question:
Sam is a manager that is responsible for overseeing the development and the approval of the business continuity plan. He needs to make sure that his team is creating a correct and all inclusive loss criteria when it comes to potential business impacts. Which of the following should not be included in this criteria?
i. Loss in reputation and public confidence
ii. Loss of competitive advantages
iii. Decrease in operational expenses
iv. Violations of contract agreements
v. Violations of legal and regulatory requirements
vi. Delayed income costs
vii. Loss in revenue
viii. Loss in productivity

A.i, ii
B.v, vi
C.v
D.iii

Answer:
D.iii

Explanation:
Loss criteria must be applied to the individual threats that were identified. The criteria should include at least the following:
- Loss in reputation and public confidence
- Loss of competitive advantages
- Increase in operational expenses
- Violations of contract agreements
- Violations of legal and regulatory requirements
- Delayed income costs
- Loss in revenue
- Loss in productivity

Question:
Part of operational recovery is designing backup facility configurations to work in an acceptable manner so that business can continue. Which of the following is a setup that allows services to be distributed over two or more in-house centers?

A.Hot site
B.Multi-processing center
C.Mobile site
D.Reciprocal agreements

Answer:
B.Multi-processing center

Explanation:
A multi-processing center allows a company to have backup over multiple facilities where services have been distributed.

Question:
Recovery strategies are pre-established and management-______ steps that should be put into action in the event of a disaster.

A.Approved
B.Directed
C.Requested
D.Documented

Answer:
A.Approved

Explanation:
Recovery strategies are planned ahead of time before they are needed. These strategies are approved by management and are tested.

Question:
Amy has been appointed to the BCP team and is in charge of information gathering for the business impact analysis. Amy could use any of the following tools to gather information, except:

A.Surveys
B.Questionnaires
C.Workshops
D.Quantitative formulas

Answer:
D.Quantitative formulas

Explanation:
Amy is only at the information gathering step at this stage. She would not be doing her quantitative or qualitative risk assessment yet.

Question:
Which of the following provides the correct characteristic for the specific data backup type?

A.Differential process backs up the files that have been modified since the last backup
B.Differential process backs up the files that have been modified since the last full backup
C.Incremental process sets the archive bit to 1
D.Differential process sets the archive bit to 1

Answer:
B.Differential process backs up the files that have been modified since the last full backup

Explanation:
A differential process backs up the files that have been modified since the last full backup. When the data need to be restored, the full backup is laid down first, and then the most recent differential backup is put down on top of it.
The differential process does not change the archive bit value. An incremental process backs up all the files that have changed since the last full or incremental backup and sets the archive bit to 0.

---

Parte 1: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems.html
Parte 2: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_1.HTML
Parte 3: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_2.HTML
Parte 5: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_8.html
Parte 6: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_9.html

AccessEnum v1.32



Enquanto o modelo de segurança flexível existente nos sistemas de base Windows NT permitem o controlo total sobre as permissões de segurança e gestão de ficheiros. Já a gestão de permissões de utilizadores para que estes tenham acesso adequado a ficheiros, diretórios e chaves de registro pode ser difícil.

Não existe nenhuma solução built-in para visualizar rapidamente os acessos dos utilizadores a uma arvore de directórios ou a chaves.

AccessEnum dá-lhe uma visão completa do seu sistema de ficheiros e configurações de segurança do Registro em poucos segundos, o que torna esta ferramenta ideal para ajudá-lo a procurar falhas de segurança e bloquear permissões onde for necessário.

Mais informação: http://technet.microsoft.com/en-us/sysinternals/bb897332
Download: http://download.sysinternals.com/files/AccessEnum.zip

Terceira parte do question dump para o CISSP

Bom antes do exame convém sempre, para além da frequência do curso, ter alguma literatura:

- https://umeshume.files.wordpress.com/2013/03/mcgraw-hill-osborne-media-cissp-all-in-one-exam-guide-6th-edition-2012.pdf

Dar uma vista atenta a este link: http://opensecuritytraining.info/CISSP-Main.HTML

---

Question:
Which are the proper steps of developing a disaster recovery and continuity plan?

A.Project initiation, strategy development, business impact analysis, plan development, implementation, testing, and maintenance
B.Strategy development, project initiation, business impact analysis, plan development, implementation, testing, and maintenance
C.Implementation and testing, project initiation, strategy development, business impact analysis, and plan development
D.Plan development, project initiation, strategy development, business impact analysis, implementation, testing, and maintenance

Answer:
A.Project initiation, strategy development, business impact analysis, plan development, implementation, testing, and maintenance

Explanation:
These steps outline the processes that should take place from beginning to end pertaining to these types of plans.

Question:
During development, testing, and maintenance of the disaster recovery and continuity plan, a high degree of interaction and communication is crucial to the process. Why?

A.This is a regulatory requirement of the process.
B.The more people talk about it and get involved, the more awareness will increase.
C.This is not crucial to the plan and should not be interactive because it will most likely affect operations
D.Management will more likely support it.

Answer:
B.The more people talk about it and get involved, the more awareness will increase.

Explanation:
Communication not only provides awareness of these plans and their contents, but also allows more people to discuss the possible threats and solutions that the original team may not uncover.

Question:
John has to create a team to carry out a business impact analysis and develop the company's business continuity plan. Which of the following should not be on this team?
i. Business units
ii. Senior management
iii. IT department
iv. Security department
v. Communications department
vi. Legal department

A.v.
B.None of them
C.All of them
D.i

Answer:
B.None of them

Explanation:
The best plan is when all issues and threats are brought to the table and discussed. This cannot be done effectively with a few people who are familiar with only a couple of departments. Representatives from each department must be involved with not only the planning stages but also the testing and implementation stages.
The committee should be made up of representatives from at least the following departments:
- Business units
- Senior management
- IT department
- Security department
- Communications department
- Legal department

Question:
When is the emergency state actually over for a company?

A.When all people are safe and accounted for
B.When all operations and people are moved back into the primary site
C.When operations are safely moved to the off-site facility
D.When a civil official declares that all is safe

Answer:
B.When all operations and people are moved back into the primary site

Explanation:
The emergency state is not actually over until the company moves back into their primary site. The company is still vulnerable and at risk while it is operating in an altered or crippled state. This state of vulnerability is not over until the company is back operating in the fashion that it was prior to the disaster. Of course, this may mean that the primary site has to be totally rebuilt if it was destroyed.

Question:
Using another company's facilities in the event of a disaster is called what?

A.Rolling hot site
B.Redundant site
C.Merger
D.Reciprocal agreement

Answer:
D.Reciprocal agreement

Explanation:
Reciprocal agreements with other companies can be a cheap alternative to disaster recovery but are very difficult to enforce legally. A reciprocal agreement is not enforceable, meaning that the company that agreed to let the damaged company work out of its facility can decide not to allow this to take place.
A reciprocal agreement is a better secondary backup option if the primary plan falls through.

Question:
A disaster recovery procedure involving all affected departments acting out a specific scenario, but which does not go to an off-site facility, is referred to as a:

A.Simulation test
B.Structured walk-through test
C.Checklist test
D.Parallel test

Answer:
A.Simulation test

Explanation:
Simulation tests measure the responsiveness of each department during an emergency situation. A scenario is constructed, as in a flood, earthquake, or terrorist attack, and people are to carry out the tasks expected of them.

Question:
What should be done first when the original facility becomes operational again following a disaster?

A.Inform the media and stockholders
B.Inform all of the employees
C.Move the most critical functions to the original facility
D.Move the least critical functions to the original facility

Answer:
D.Move the least critical functions to the original facility

Explanation:
To ensure that critical business functions and systems continue to operate during a move back to the original facility, the first step should be reinstating the least critical functions.

Question:
Which is not true of a reciprocal agreement?

A.It is a temporary solution.
B.It is expensive.
C.It is difficult to enforce.
D.Most environments are not able to support multiple business operations at one time.

Answer:
B.It is expensive.

Explanation:
While a reciprocal agreement is difficult to implement and enforce, it does offer an extremely inexpensive alternative to disaster recovery. It is an agreement between two companies which usually have very similar technologies, to open their doors to the other in case of an emergency or disaster.

Question:
Which of the following disaster recovery tests is the most intrusive to business operations?

A.Parallel
B.Simulation
C.Full-interruption
D.Checklist

Answer:
C.Full-interruption

Explanation:
Full-interruption tests require the original site to be completely shut down and all processes moved to an alternate site. This can be very disruptive to a company, but is the only way to really know the disaster recovery plan will work when it is needed.

Question:
Talking to external organizations after a disaster is important for all of the following reasons except:

A.To inform customers and shareholders of the company's status
B.To redirect unfavorable attention to other entities
C.To ensure that the media is reporting the facts accurately
D.To help stop rumors from developing

Answer:
B.To redirect unfavorable attention to other entities

Explanation:
Informing the public and affected groups is a critical part of disaster recovery so that the company's reputation and overall business status are not damaged. The information that will be reported should be prepared beforehand, along with deciding who will be responsible for communicating the message to the public and press.

---

Parte 1: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems.html
Parte 2: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_1.HTML
Parte 4: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_5.HTML
Parte 5: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_8.html
Parte 6: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_9.html

Bom antes do exame convém sempre, para além da frequência do curso, ter alguma literatura:

- https://umeshume.files.wordpress.com/2013/03/mcgraw-hill-osborne-media-cissp-all-in-one-exam-guide-6th-edition-2012.pdf

Dar uma vista atenta a este link: http://opensecuritytraining.info/CISSP-Main.HTML

---

Deixo de seguida um dump de questões da certificação:

Question:
Business continuity planning needs to provide several types of functionalities and protection types for an organization. Which of the following is not one of these items?
i. Provide an immediate and appropriate response to emergency situations
ii. Protect lives and ensure safety
iii. Reduce business conflicts
iv. Resume critical business functions
v. Work with outside vendors during the recovery period
vi. Reduce confusion during a crisis
vii. Ensure survivability of the business
viii. Get "up and running" quickly after a disaster

A.ii, iii
B.iii, iv, vi
C.i, ii, vii
D.iii

Answer:
D.iii

Explanation:
Preplanned procedures allow an organization to:
i. Provide an immediate and appropriate response to emergency situations
ii. Protect lives and ensure safety
iii. Reduce business impact
iv. Resume critical business functions
v. Work with outside vendors during the recovery period
vi. Reduce confusion during a crisis
vii. Ensure survivability of the business
viii. Get "up and running" quickly after a disaster

Question:
What procedures should take place to restore a system and its data files after system failure?

A.Restore from storage media backup
B.Perform a parallel test
C.Implement recovery procedures
D.Perform a walk-through test

Answer:
C.Implement recovery procedures

Explanation:
In this and similar situations, recovery procedures should be followed, which most likely includes recovering data from the backup media. Recovery procedures could include proper steps of rebuilding a system from the beginning, applying the necessary patches and configurations, and whatever needs to take place to ensure productivity is not affected. Some type of redundant system may need to be put into place.

Question:
What is the first step in developing a disaster recovery plan?

A.Identify all critical systems and functions of the company
B.Decide if the company needs to perform a walk-through, parallel, or simulation
test
C.Perform a business impact analysis
D.Interview a representative from each department

Answer:
C.Perform a business impact analysis

Explanation:
A business impact analysis includes identifying critical systems and functions of a company and interviewing representatives from each department. Once management’s support is solidified, a business impact analysis needs to be performed to identify the threats the company faces and the potential costs of these threats.

Question:
During a recovery procedure, one important step is to maintain records of important events that happen during the procedure. What other step is just as important?

A.Schedule another test to address issues that took place during that procedure
B.Make sure someone is prepared to talk to the media with the appropriate responses
C.Report the events to management and the appropriate agencies
D.Identify essential business functions

Answer:
C.Report the events to management and the appropriate agencies

Explanation:
When recovery procedures are carried out, the outcome of those procedures should be reported to the individuals who are responsible for this type of activity. This is usually some level of management. If the procedures worked properly, they should know this, and if problems were encountered, they should definitely be made aware of this. They are the ones responsible for fixing the recovery system and will be the ones to delegate this work and provide the necessary funding and resources.

Question:
The purpose of initiating emergency actions right after a disaster takes place is to prevent loss of life, attend to injuries, and __________.

A.Secure the area to ensure that no looting or fraud takes place
B.Mitigate further damage
C.Protect evidence and clues
D.Investigate the extent of the damages

Answer:
B.Mitigate further damage

Explanation:
The main goal of disaster recovery and business continuity plans is to mitigate all risks that could be experienced by a company. Emergency procedures need to be carried out first to protect human life. Then other procedures need to be executed to reduce the damage from further threats.

Question:
Which of the following is the best way to ensure that a company’s backup tapes can be used at a warm site?

A.Retrieve the tapes from the off-site facility and verify that the equipment at the original site can read them
B.Test them on the vendor’s machine, which won’t be used during an emergency
C.Inventory each tape kept at the vendor’s site twice a month
D.Test them on the equipment maintained within the hot site

Answer:
A.Retrieve the tapes from the off-site facility and verify that the equipment at the original site can read them

Explanation:
A warm site is a facility that will not be fully equipped with the company’s main systems. The idea of using a warm site is that if a disaster takes place, the company would bring their systems with them. If they cannot bring the systems with them because they are damaged, the company must purchase new systems that are exactly like their original systems. So to properly test backups, the company needs to test them by recovering the data on their original systems at their main site.

Question:
Which of the following is something that should be required of an off-site backup facility that stores backed-up media for companies?

A.The facility should be within 10 to 15 minutes of the original facility to
ensure easy access.
B.The facility should contain all necessary PCs, servers, and raised flooring.
C.The facility should be protected by an armed guard.
D.The facility should protect against unauthorized access and entry.

Answer:
D.The facility should protect against unauthorized access and entry.

Explanation:
This question is addressing a facility that is used to store backed-up data; it is not talking about an off-site facility used for disaster recovery purposes. The facility should not be 10 to 15 minutes away because if there was some type of disaster, the company’s main facility and this facility could both be destroyed and the company would lose all of their information. The facility should have the same security standards as the company’s security, including protecting against unauthorized access.

Question:
Which item will a business impact analysis not identify?

A.If the company is best suited for a parallel or full-interrupt test
B.What areas would suffer the greatest operational and financial loss in the event of a particular disaster or disruption
C.What systems are critical for the company and must be highly protected
D.What amount of outage time a company can endure before it is permanently crippled

Answer:
A.If the company is best suited for a parallel or full-interrupt test

Explanation:
All of the other answers address the main components of a business impact analysis. Determining the best type of exercise or drill to carry out is not covered under this type of analysis.

Question:
Which areas of a company are business plans recommended for?

A.The most important operational and financial areas
B.The areas that house the critical systems
C.All areas
D.The areas that the company cannot survive without

Answer:
C.All areas

Explanation:
It is best if every department within the company has its own recovery plan and continuity plan and procedures in place. These individual plans would "roll up" into the overall enterprise plan.

Question:
Who has the final approval of the disaster recovery and business continuity plan?

A.The planning committee
B.Each representative of each department
C.Management
D.External authority

Answer:
C.Management

Explanation:
Management has the final approval over everything within a company, including these plans.

---

Parte 1: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems.html
Parte 3: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_2.html
Parte 4: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_5.html
Parte 5: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_8.html
Parte 6: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_9.html

(ISC)² International Information Systems Security Certification Consortium - CISSP Certified Information Systems Security Professional



- O que é?

CISSP é o acrônimo para Certified Information System Security Professional, é um certificado profissional emitido e mantido pela instituição (ISC)², fundada com o objetivo de estabelecer critérios para avaliar profissionais que trabalham com segurança da informação.

De acordo com o (ISC)², existem mais de 90.000 profissionais de segurança certificados em mais de 135 países.

Recentemente foi atribuída a certificação ANSI ISO/IEC Padrão ISO/IEC 17024 - trata-se da primeira certificação profissional a receber esta atribuição num espectro mundial.

A certificação é fundada sob um conjunto de melhores práticas estabelecidas pela instituição que foram agregadas na forma de 10 domínios.

Para se certificar, o profissional de segurança da informação deve passar o exame de conhecimentos específico, aceitar o Código de Ética da (ISC)², comprovar que tem um tempo mínimo de experiência na área e ser "apadrinhado" por outro profissional certificado.

- Áreas de incidência/domínios?

Metodologia e Sistema de Controle de Acesso:

Este domínio trata das melhores práticas para o desenvolvimento de metodologias de controlo de acessos. De controlos técnicos a gestão de controlos, trata-se de todo e qualquer mecanismo que tenha por objetivo estabelecer o triplo A (AAA - Autenticação, autorização e asserção - do inglês Authentication, authorization and accounting).

Segurança em Telecomunicações, Redes e Internet:

Este domínio trata dos principais controlos, técnicas e metodologias para assegurar a confidencialidade, integridade e disponibilidade de sistemas de informação através de mecanismos telecomunicação, redes de informação e Internet.

Práticas de Gestão de Segurança:

Trata-se do domínio que descreve as principais práticas de gestão da segurança de sistemas de informação. Está inserido neste contexto questões regulamentares (agências supragovernamentais), legislação específica (governo), gestão de políticas de segurança (diretrizes administrativas) e continuidade do negócio.

Desenvolvimento de Aplicações e Sistemas:

Este domínio compreende todas as práticas para gerir o desenvolvimento de aplicações e sistemas informativos com o foco em assegurar a confidencialidade, integridade e disponibilidade dos dados.

Criptografia:

O conjunto de melhores práticas para uso de algoritmos de criptografia simétricos, assimétricos e hash estão listados neste domínio. Considera-se também métodos de utilização híbridos que comportem a funcionalidade de autenticação, integridade e não-repúdio da informação.

Arquitetura e Modelos de Segurança:

Este domínio reúne os principais modelos de segurança utilizados para certificação de ambientes computacionais. São exemplos de modelos de certificação o ITSEC (Europa), TCSEC Estados Unidos (Orange Book), BS 7799 Inglaterra e Common Criteria.

Segurança Operacional:

Este domínio sugere uma compilação de boas práticas para a gestão operacional da segurança da informação, incluindo questões de armazenamento de cópias de segurança (técnicas de backup), controlo operacional de turnos, contratação de recursos humanos, etc.

Plano de Continuidade de Negócios:

O domínio mais próximo das necessidades da operação de negócios das empresas. Trata-se de uma compilação de melhores práticas para estabelecer um plano bem sucedido de continuidade de negócios, incluído procedimentos de contingência para componentes separados de negócio e, em casos mais tradicionais e custosos, um plano de recuperação de desastres.

Lei, Investigação e Ética:

Este domínio trata das questões legais que tangem o universo da segurança da informação. De exemplos concretos como os atos de proteção a sistemas de telecomunicação (1996) nos Estados Unidos à condição atual da legislação europeia, o objetivo é compreender a motivação para estabelecer regulamentações de proteção a informação em uma sociedade, processos investigativos para sustentar o devido processo legal e condição ética necessária para os profissionais envolvidos.

Segurança Física:

Conjunto de melhores práticas para avaliar e estabelecer controlos técnicos, operacionais e gerenciais de proteção física de um ambiente de processamento de dados.

- A quem se destina?

.Administradores de Segurança que pretendam melhorar as suas competências e assegurar a progressão da sua carreira profissional.

.Colaboradores de empresas que pretendam melhorar o ser perfil na área de segurança e garantir mais competitividade para a sua organização.

.Profissionais que colaborem em empresas especializadas na área de segurança e que necessitem de ver reconhecidas as suas competências na área da segurança perante parceiros, clientes e outras entidades terceiras, garantindo um patamar de destaque para a sua organização.

.Auditores e/ou Consultores de Segurança
.Quaisquer profissionais na área da segurança

---

Em Portugal pode-se encontrar o curso de preparação ao exame aqui:
http://www.behaviour-group.com/PT/homepage/isc2/cissp/

E os exames podem ser feitos nos centros certificados:
https://wsr.pearsonvue.com/testtaker/registration/SelectTestCenterProximity/ISC2/150639

CESAE Porto

---

Parte 2: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_1.html
Parte 3: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_2.HTML
Parte 4: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_5.html
Parte 5: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_8.html
Parte 6: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_9.html