Skip to content

Summary of Exam Objectives

In this chapter we have discussed operational security. Operations security concerns the security of systems and data while being actively used in a production environment. Ultimately, operations security is about people, data, media, and hardware, all of which are elements that need to be considered from a security perspective. The best technical security infrastructure in the world will be rendered moot if an individual with privileged access decides to turn against the organization and there are no preventive or detective controls in place within the organization.

We also discussed Business Continuity and Disaster Recovery Planning, which serve as an organization’s last control to prevent failure. Of all controls, a failed BCP or DRP can be most devastating, potentially resulting in organizational failure or injury or loss of life.

Beyond mitigating such stark risks, Business Continuity and Disaster Recovery Planning have evolved to provide true business value to organizations, even in the absence of disaster. The organizational diligence required to build a comprehensive BCP/DRP can pay many dividends, through the thorough understanding of key business processes, asset tracking, prudent backup and recovery strategies, and the use of standards. Mapping risk to key business processes can result in preventive risk measures taken in advance of any disaster, a process that may avoid future disasters entirely.

Self-Test

Note Please see the Self-Test Appendix for explanations of all correct and incorrect answers.

  1. What type of backup is typically obtained during the Response phase of Incident Management?
    A. Incremental
    B. Full
    C. Differential
    D. Binary

  2. What is the primary goal of a disaster recovery plan (DRP)?
    A. Integrity of data
    B. Preservation of business capital
    C. Restoration of business processes
    D. Safety of personnel

  3. Adversaries targeting your organization have created a custom maliciously crafted document and emailed it to a user within your organization. Which control is more likely to aid the organization in identifying this targeted attack?
    A. Antimalware
    B. Next Generation Firewall (NGFW)
    C. Sandboxing
    D. User and Entity Behavior Analytics (UEBA)

  4. Your Maximum Tolerable Downtime is 48 hours. What is the most cost-effective alternate site choice?
    A. Cold
    B. Hot
    C. Redundant
    D. Warm

  5. Your organization receives communication from an ISAC detailing indicators associated with a recently observed intrusion campaign. This process would be considered a form of which of the following?
    A. Disaster recovery
    B. Incident management
    C. Threat intelligence
    D. Behavior analytics

  6. Which type of backup will include only those files that have changed since the most recent Full backup?
    A. Full
    B. Differential
    C. Incremental
    D. Binary

  7. Which preventive control would be most appropriate to defend a custom developed application from SQL injection attacks?
    A. Web Application Firewall (WAF)
    B. Vulnerability scanner
    C. Intrusion Prevention System (IPS)
    D. Sandboxing

  8. Which statement regarding the Business Continuity Plan is true?
    A. BCP and DRP are separate, equal plans
    B. BCP is an overarching “umbrella” plan that includes other focused plans such as DRP
    C. DRP is an overarching “umbrella” plan that includes other focused plans such as BCP
    D. COOP is an overarching “umbrella” plan that includes other focused plans such as BCP

  9. Which HA solution involves multiple systems all of which are online and actively processing traffic or data?
    A. Active-active
    B. Active-passive
    C. Redundant
    D. Warm

  10. Which plan is designed to provide effective coordination among the managers of the organization in the event of an emergency or disruptive event?
    A. Call tree
    B. Continuity of Support Plan
    C. Crisis Management Plan
    D. Crisis Communications Plan