e-forense - Análise Forense Computacional, Hacking, Segurança & Código

Terceira parte do question dump para o CISSP

Bom antes do exame convém sempre, para além da frequência do curso, ter alguma literatura:

- https://umeshume.files.wordpress.com/2013/03/mcgraw-hill-osborne-media-cissp-all-in-one-exam-guide-6th-edition-2012.pdf

Dar uma vista atenta a este link: http://opensecuritytraining.info/CISSP-Main.HTML

---

Question:
Which are the proper steps of developing a disaster recovery and continuity plan?

A.Project initiation, strategy development, business impact analysis, plan development, implementation, testing, and maintenance
B.Strategy development, project initiation, business impact analysis, plan development, implementation, testing, and maintenance
C.Implementation and testing, project initiation, strategy development, business impact analysis, and plan development
D.Plan development, project initiation, strategy development, business impact analysis, implementation, testing, and maintenance

Answer:
A.Project initiation, strategy development, business impact analysis, plan development, implementation, testing, and maintenance

Explanation:
These steps outline the processes that should take place from beginning to end pertaining to these types of plans.

Question:
During development, testing, and maintenance of the disaster recovery and continuity plan, a high degree of interaction and communication is crucial to the process. Why?

A.This is a regulatory requirement of the process.
B.The more people talk about it and get involved, the more awareness will increase.
C.This is not crucial to the plan and should not be interactive because it will most likely affect operations
D.Management will more likely support it.

Answer:
B.The more people talk about it and get involved, the more awareness will increase.

Explanation:
Communication not only provides awareness of these plans and their contents, but also allows more people to discuss the possible threats and solutions that the original team may not uncover.

Question:
John has to create a team to carry out a business impact analysis and develop the company's business continuity plan. Which of the following should not be on this team?
i. Business units
ii. Senior management
iii. IT department
iv. Security department
v. Communications department
vi. Legal department

A.v.
B.None of them
C.All of them
D.i

Answer:
B.None of them

Explanation:
The best plan is when all issues and threats are brought to the table and discussed. This cannot be done effectively with a few people who are familiar with only a couple of departments. Representatives from each department must be involved with not only the planning stages but also the testing and implementation stages.
The committee should be made up of representatives from at least the following departments:
- Business units
- Senior management
- IT department
- Security department
- Communications department
- Legal department

Question:
When is the emergency state actually over for a company?

A.When all people are safe and accounted for
B.When all operations and people are moved back into the primary site
C.When operations are safely moved to the off-site facility
D.When a civil official declares that all is safe

Answer:
B.When all operations and people are moved back into the primary site

Explanation:
The emergency state is not actually over until the company moves back into their primary site. The company is still vulnerable and at risk while it is operating in an altered or crippled state. This state of vulnerability is not over until the company is back operating in the fashion that it was prior to the disaster. Of course, this may mean that the primary site has to be totally rebuilt if it was destroyed.

Question:
Using another company's facilities in the event of a disaster is called what?

A.Rolling hot site
B.Redundant site
C.Merger
D.Reciprocal agreement

Answer:
D.Reciprocal agreement

Explanation:
Reciprocal agreements with other companies can be a cheap alternative to disaster recovery but are very difficult to enforce legally. A reciprocal agreement is not enforceable, meaning that the company that agreed to let the damaged company work out of its facility can decide not to allow this to take place.
A reciprocal agreement is a better secondary backup option if the primary plan falls through.

Question:
A disaster recovery procedure involving all affected departments acting out a specific scenario, but which does not go to an off-site facility, is referred to as a:

A.Simulation test
B.Structured walk-through test
C.Checklist test
D.Parallel test

Answer:
A.Simulation test

Explanation:
Simulation tests measure the responsiveness of each department during an emergency situation. A scenario is constructed, as in a flood, earthquake, or terrorist attack, and people are to carry out the tasks expected of them.

Question:
What should be done first when the original facility becomes operational again following a disaster?

A.Inform the media and stockholders
B.Inform all of the employees
C.Move the most critical functions to the original facility
D.Move the least critical functions to the original facility

Answer:
D.Move the least critical functions to the original facility

Explanation:
To ensure that critical business functions and systems continue to operate during a move back to the original facility, the first step should be reinstating the least critical functions.

Question:
Which is not true of a reciprocal agreement?

A.It is a temporary solution.
B.It is expensive.
C.It is difficult to enforce.
D.Most environments are not able to support multiple business operations at one time.

Answer:
B.It is expensive.

Explanation:
While a reciprocal agreement is difficult to implement and enforce, it does offer an extremely inexpensive alternative to disaster recovery. It is an agreement between two companies which usually have very similar technologies, to open their doors to the other in case of an emergency or disaster.

Question:
Which of the following disaster recovery tests is the most intrusive to business operations?

A.Parallel
B.Simulation
C.Full-interruption
D.Checklist

Answer:
C.Full-interruption

Explanation:
Full-interruption tests require the original site to be completely shut down and all processes moved to an alternate site. This can be very disruptive to a company, but is the only way to really know the disaster recovery plan will work when it is needed.

Question:
Talking to external organizations after a disaster is important for all of the following reasons except:

A.To inform customers and shareholders of the company's status
B.To redirect unfavorable attention to other entities
C.To ensure that the media is reporting the facts accurately
D.To help stop rumors from developing

Answer:
B.To redirect unfavorable attention to other entities

Explanation:
Informing the public and affected groups is a critical part of disaster recovery so that the company's reputation and overall business status are not damaged. The information that will be reported should be prepared beforehand, along with deciding who will be responsible for communicating the message to the public and press.

---

Parte 1: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems.html
Parte 2: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_1.HTML
Parte 4: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_5.HTML
Parte 5: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_8.html
Parte 6: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_9.html