Conducting A Forensic Investigation

1.

What term describes the risk that exists after an organization has performed all planned countermeasures and controls?

A.

Total risk
B.

Business risk
C.

Transparent risk
D.

Residual risk

Correct Answer
D. Residual risk

Explanation
Residual risk refers to the remaining risk that exists after an organization has implemented all planned countermeasures and controls. It represents the potential harm or negative impact that can still occur despite the implementation of preventive measures. Residual risk is important to consider as it helps organizations understand the level of risk that they are still exposed to and allows them to make informed decisions regarding risk management strategies.

Rate this question:

2.

Violet deploys an intrusion prevention system (IPS) on her network as a security control. What type of control has Violet deployed?

A.

Detective
B.

Preventive
C.

Corrective
D.

Deterrent

Correct Answer
B. Preventive

Explanation
Violet has deployed a preventive control by implementing an intrusion prevention system (IPS) on her network. This control is designed to proactively identify and block potential intrusions or attacks before they can cause any harm. By continuously monitoring network traffic and analyzing patterns, the IPS can detect and prevent unauthorized access or malicious activities, helping to maintain the security and integrity of Violet's network.

Rate this question:

3.

Brian needs to design a control that prevents piggybacking, only allowing one person to enter a facility at a time. What type of control would best meet this need?

A.

Video surveillance
B.

Motion detectors
C.

Mantraps
D.

Biometrics

Correct Answer
C. Mantraps

Explanation
Mantraps would best meet the need of preventing piggybacking and allowing only one person to enter a facility at a time. Mantraps are physical security devices that consist of two interlocking doors or gates. They are designed to only allow one person to pass through at a time, preventing unauthorized access. Other options like video surveillance, motion detectors, and biometrics may provide additional security measures but may not specifically address the issue of piggybacking.

Rate this question:

4.

What term describes the longest period of time that a business can survive without a particular critical system?

A.

Maximum tolerable downtime (MTD)
B.

Recovery time objective (RTO)
C.

Recovery point objective (RPO)
D.

Emergency operations center (EOC)

Correct Answer
A. Maximum tolerable downtime (MTD)

Explanation
The term that describes the longest period of time that a business can survive without a particular critical system is Maximum tolerable downtime (MTD). MTD refers to the maximum amount of time that a business can tolerate being without a critical system before it starts to experience significant negative impacts. It is important for businesses to determine their MTD in order to prioritize their recovery efforts and ensure that critical systems are restored within the acceptable time frame.

Rate this question:

5.

Which control is NOT an example of a fault tolerance technique designed to avoid interruptions that would cause downtime?

A.

Clustering
B.

Warm site
C.

Load balancing
D.

Redundant array of inexpensive Disks (RAID)

Correct Answer
B. Warm site

Explanation
A warm site is not an example of a fault tolerance technique designed to avoid interruptions that would cause downtime. A warm site refers to a backup facility that is partially equipped with the necessary hardware and infrastructure to quickly restore operations in the event of a disaster. It is not specifically designed to avoid interruptions, but rather to provide a backup location for business continuity purposes. In contrast, clustering, load balancing, and RAID are all examples of fault tolerance techniques that are specifically designed to avoid interruptions and minimize downtime by distributing workloads, balancing resources, and providing redundant storage, respectively.

Rate this question:

6.

Nancy performs a full backup of her server every Sunday at 1 A.M. and differential backups on Mondays through Fridays at 1 A.M. Her server fails at 9 A.M. Wednesday. How many backups does Nancy need to restore?

A.

1
B.

2
C.

3
D.

4

Correct Answer
B. 2

Explanation
Nancy performs a full backup on Sunday and differential backups on Monday, Tuesday, and Wednesday. Since her server fails on Wednesday at 9 A.M., she would need to restore the latest full backup (Sunday) and the latest differential backup (Tuesday) to restore her server. Therefore, Nancy needs to restore a total of 2 backups.

Rate this question:

7.

Which data source comes first in the order of volatility when conducting a forensic investigation?

A.

Logs
B.

Data files on disk
C.

Swap and paging files
D.

RAM

Correct Answer
D. RAM

Explanation
RAM (Random Access Memory) comes first in the order of volatility when conducting a forensic investigation. RAM is a volatile memory that stores data temporarily while the computer is running. It contains information about the current state of the system, including running processes, open files, network connections, and other valuable data. Since RAM loses its contents when the computer is powered off or restarted, it is crucial to prioritize its analysis in a forensic investigation to capture any relevant evidence before it is lost.

Rate this question:

8.

Which recovery site option provides readiness in minutes to hours?

A.

Warm site
B.

Cold site
C.

Multiple sites
D.

Hot site

Correct Answer
D. Hot site

Explanation
A hot site is a recovery site option that provides readiness in minutes to hours. It is a fully operational and fully equipped secondary site that is ready to take over the primary site's operations immediately in case of a disaster. It has all the necessary hardware, software, and data backups in place, allowing for a quick and seamless transition. This option ensures minimal downtime and allows for business continuity with minimal disruption to operations.

Rate this question:

9.

A(n) _________ is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime.

A.

Incident
B.

Event
C.

Disaster
D.

Emergency

Correct Answer
C. Disaster

Explanation
A disaster is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime. Unlike incidents or emergencies, disasters have a more severe impact and longer-lasting consequences on the CBF. Disasters often require extensive recovery efforts and may result in significant financial losses, damage to infrastructure, or loss of life. Therefore, a disaster is the most appropriate term to describe an event that causes prolonged disruption to a critical business function.

Rate this question:

10.

Forensics and incident response are examples of __________ controls.

A.

Preventive
B.

Detective
C.

Corrective
D.

Deterrent

Correct Answer
C. Corrective

Explanation
Forensics and incident response are examples of corrective controls because they are focused on addressing and mitigating the impact of security incidents after they have occurred. These controls are designed to identify and respond to security breaches, investigate the root cause of incidents, and implement measures to prevent future occurrences. They are an important part of an overall security strategy to minimize the impact of security incidents and ensure that proper actions are taken to remediate any vulnerabilities or weaknesses in the system.

Rate this question: