e-forense - Análise Forense Computacional, Hacking, Segurança & Código

Sexta parte do question dump para o CISSP

Bom antes do exame convém sempre, para além da frequência do curso, ter alguma literatura:

- https://umeshume.files.wordpress.com/2013/03/mcgraw-hill-osborne-media-cissp-all-in-one-exam-guide-6th-edition-2012.pdf

Dar uma vista atenta a este link: http://opensecuritytraining.info/CISSP-Main.HTML

---

Question:
Which of the following statements is false?

A.A disaster recovery team’s primary task is to restore critical business functions at the alternate backup processing site.
B.A disaster salvage team’s task is to ensure that the primary site returns to normal processing conditions.
C.The disaster recovery plan should include how the company will return from the alternate site to the primary site.
D.When returning to the primary site, the most critical applications should be brought back first.

Answer:
D.When returning to the primary site, the most critical applications should be brought back first.

Explanation:
When the primary site is ready to receive operations again, less critical systems should be brought back first to ensure that everything is running smoothly before returning critical systems, which are already operating normally at the recovery site.

Question:
The least expensive and most difficult to test computer recovery site is a:

A.Non-mobile hot site
B.Mobile hot site
C.Warm site
D.Cold site

Answer:
D.Cold site

Explanation:
The cold site’s lack of equipment reduces its annual cost, but complicates testing or recovery because the equipment must be obtained, shipped, and installed at the site prior to use.

Question:
_______________ includes activities to test and validate system capability and functionality and outlines actions that can be taken to return the system to normal operating condition and prepare the system against future outages.

A.Activation
B.Recovery
C.Reconstitution
D.Validation

Answer:
C.Reconstitution

Explanation:
The Activation/Notification Phase describes the process of activating the plan based on outage impacts and notifying recovery personnel. The Recovery Phase details a suggested course of action for recovery teams to restore system operations at an alternate site or using contingency capabilities. The final phase, Reconstitution, includes activities to test and validate system capability and functionality and outlines actions that can be taken to return the system to normal operating condition and prepare the system against future outages.

Question:
What is a main advantage of using hot sites?

A.Costs are relatively low.
B.They can be used for an extended amount of time.
C.They do not require that equipment and systems software be compatible with the primary installation being backed up.
D.They can be made ready for operation quickly.

Answer:
D.They can be made ready for operation quickly.

Explanation:
The main advantage of hot sites is that they can normally be made ready for operation within hours.

Question:
A business continuity plan is an example of a __________ control.

A.Corrective
B.Detective
C.Preventive
D.Collective

Answer:
A.Corrective

Explanation:
Business continuity plans are designed to minimize the damage inflicted by an event and to facilitate restoration of the organization to its full operational capacity.

Question:
Business continuity plans are required for:

A.All areas of the enterprise
B.Financial resources and information processing
C.Operating areas of the enterprise
D.Marketing, finance, and information processing

Answer:
A.All areas of the enterprise

Explanation:
Business continuity plans are required for all parts of an enterprise.

Question:
In disaster recovery planning, what is the recovery point objective?

A.The point to which application data must be recovered to resume business operations
B.The maximum elapsed time required to complete recovery of application data
C.The point to which application data must be recovered to resume system operations
D.The point to which information system must be operational at an alternate site

Answer:
C.The point to which application data must be recovered to resume system operations

Explanation:
The Recovery Point Objective (RPO) is the point in time to which you must recover data as defined by your organization. This is generally a definition of what an organization determines is an "acceptable loss" in a disaster situation. If the RPO of a company is 2 hours and the time it takes to get the data back into production is 5 hours, the RPO is still 2 hours. Based on this RPO the data must be restored to within 2 hours of the disaster.

Question:
In contingency planning, the first step is:

A.Perform a hardware backup
B.Perform a data backup
C.Perform an operating systems software backup
D.Perform an application software backup

Answer:
B.Perform a data backup

Explanation:
A data backup is the first step in contingency planning. Without data, there is nothing to process.

Question:
The most devastating business interruptions are the result of loss of:

A.Hardware/software
B.Data
C.Communication links
D.Applications

Answer:
B.Data

Explanation:
Loss of data can cause the most damage to an enterprise in the short and long run.

Question:
The Information Systems Contingency Plan does not include which of the following?

A.Information on system recovery
B.Information on roles and responsibilities
C.Assessment results
D.Testing procedures

Answer:
C.Assessment results

Explanation:
The Information Systems Contingency Plan provides key information needed for system recovery, including roles and responsibilities, inventory information, assessment procedures, detailed recovery procedures, and testing of a system.

---

Parte 1: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems.html
Parte 2: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_1.HTML
Parte 3: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_2.HTML
Parte 4: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_5.html
Parte 5: http://e-forense.blogspot.com/2014/05/isc-cissp-certified-information-systems_8.html