384 Appendix ■ Answers
2 5. D. A disaster is any event that can disrupt normal IT operations and can be either natural
or manmade. Hacking and terrorism are examples of manmade disasters, while flooding
and fire are examples of natural disasters.- D. The checklist review is the least disruptive type of disaster recovery test. During
a checklist review, team members each review the contents of their disaster recovery
checklists on their own and suggest any necessary changes. During a tabletop exercise,
team members come together and walk through a scenario without making any
changes to information systems. During a parallel test, the team actually activates the
disaster recovery site for testing, but the primary site remains operational. During a full
interruption test, the team takes down the primary site and confirms that the disaster
recovery site is capable of handling regular operations. The full interruption test is the
most thorough test but also the most disruptive. - B. The Grandfather/Father/Son, Tower of Hanoi, and Six Cartridge Weekly schemes are
all different approaches to rotating backup media that balance reuse of media with data
retention concerns. Meet-in-the-middle is a cryptographic attack against 2DES encryption. - B. In this scenario, Helen designed a process that requires the concurrence of two people
to perform a sensitive action. This is an example of two-person control. - C. Evidence provided in court must be relevant to determining a fact in question, material
to the case at hand, and competently obtained. Evidence does not need to be tangible.
Witness testimony is an example of intangible evidence that may be offered in court. - A. In the public cloud computing model, the vendor builds a single platform that is shared
among many different customers. This is also known as the shared tenancy model. - D. CSIRT representation normally includes at least representatives of senior management,
information security professionals, legal representatives, public affairs staff, and
engineering/technical staff. - C. In this scenario, all of the files on the server will be backed up on Monday evening
during the full backup. The differential backup on Wednesday will then copy all files
modified since the last full backup. These include files 1, 2, 3, 5, and 6: a total of five files. - C. Intrusion detection systems (IDSs) provide only passive responses, such as alerting
administrators to a suspected attack. Intrusion prevention systems and firewalls, on the
other hand, may take action to block an attack attempt. Antivirus software also may
engage in active response by quarantining suspect files.