• Choose a category
• All
• Classic-Fiction

a. Subscriber

b. Relying party

c. Third party

d. Omni registrar

17. Which of the following would normally not be part of an incident-response policy?

a. Outside agencies (that require status)

b. Outside experts (to resolve the incident)

c. Contingency plans

d. Evidence collection procedures

18. MTS is in the process of increasing all security for all resources. No longer will the legacy method of assigning rights to users as they’re needed be accepted. From now on, all rights must be obtained for the network or system through group membership. Which of the following groups is used to manage access in a network?

a. Security group

b. Single sign-on group

c. Resource sharing group

d. AD group

19. Which process inspects procedures and verifies that they’re working?

a. Audit

b. Business continuity plan

c. Security review

d. Group privilege management

20. The present method of requiring access to be strictly defined on every object is proving too cumbersome for your environment. The edict has come down from upper management that access requirements should be reduced slightly. Which access model allows users some flexibility for information-sharing purposes?

a. DAC

b. MAC

c. RBAC

d. MLAC

Answers to Review Questions

1. A. The disaster-recovery plan deals with site relocation in the event of an emergency, natural disaster, or service outage.

2. B. Working copies are backups that are usually kept in the computer room for immediate use in recovering a system or lost file.

3. A. Large-scale database systems usually provide an audit file process that allows transactions to be recovered in the event of a data loss.

4. B. An incremental backup backs up files that have changed since the last full or partial backup.

5. C. A differential backup backs up all the files that have changed since the last full backup.

6. A. The Grandfather, Father, Son backup method is designed to provide a rotating schedule of backup processes. It allows for a minimum usage of backup media, and it still allows for long-term archiving.

7. B. Warm sites provide some capabilities in the event of a recovery. The organization that wants to use a warm site will need to install, configure, and reestablish operations on systems that may already exist at the warm site.

8. D. A reciprocal agreement is between two organizations and allows one to use the other’s site in an emergency.

9. C. Fail-over occurs when a system that is developing a malfunction automatically switches processes to another system to continue operations.

10. A. RAID 0 is a method of spreading data from a single disk over a number of disk drives. It’s used primarily for performance purposes.

11. C. A service-level agreement (SLA) specifies performance requirements for a vendor. This agreement may use MTBF and MTTR as performance measures in the SLA.

12. A. Code escrow allows customers to access the source code of installed systems under specific conditions, such as the bankruptcy of a vendor.

13. B. The acceptable-use policy dictates how computers can be used within an organization. This policy should also outline the consequences of misuse.

14. B. Due-care policies dictate the expected precautions to be used to safeguard client records.

15. A. A certificate policy dictates how an organization uses, manages, and validates certificates.

16. C. The third party is responsible for assuring the relying party that the subscriber is genuine.

17. C. A contingency plan wouldn’t normally be part of an incident-response policy. It would be part of a disaster-recovery plan.

18. A. A security group is used to manage user access to a network or system.

19. A. An audit is used to inspect and test procedures within an organization to verify that those procedures are working and up-to-date. The result of an audit is a report to management.

20. A. DAC allows some flexibility in information-sharing capabilities within the network.

Chapter 9