Victor Sabani
ITT Technical Institute
Quiz Week 5
Quiz Questions
1. What is the purpose of a CIRT plan? Describe what this plan does and what other plan it ties into.
The purpose of the CIRT plan is to identify which group is responsible for what. It also provides information for the DRP.
2. Describe what the three models are for a CIRT plan based on the NIST SP 800-61 template.
Critical incident response team, Distributed incident response teams, and the Coordinating team
3. Define three of the responsibilities that an Incident Response Team would have. List them and describe the responsibilities.
Develop Responsibilities generic procedures to respondto an incedent, determine cuase of incident determine best response to an incident, and protect collected evidence, to ensure that there is noo tampering of evidence.
4. As much as 80% of all incidents are a result of internal attacks. List four inappropriate usages from users.
File sharing P2P, access web sites that are prohibited, purposely do things not supposed to according to the AUP, and spam coworkers.
5. List and explain three basic protection steps you can take to ensure all servers are hardened, thus reducing incidents.
You can enable firewalls to block ports, have up to date AV software, reduce the attack surface disabling services not used/.
6. Define a DRP and explain when it is invoked.
A DRP according to the book is a plan of what to do when something happens. It is invoked after a incident.
7. Describe two CSFs for a DRP.
Two CSFs for a DRP are management support, a disaster recovery budget.
8. Explain what Recovery Time Objective (RTO) is and why the DRP needs to be written to meet it.
A RTO is the time needed to recover a system, so the MAO can be accurate.
9. Describe the advantages and disadvantages for each of the DRP location possibilities.
A Cold site is cheap, a warm site is not to expensive to maintain, and a hot siteis the easiest to test.
10. List and describe