________________________ is the process of evaluating thecircumstances around organizational events, determining which adverse events are possible incidents (incident candidates) and whether a particular adverse event constitutes an actual incident.
__________________________services are performed in response to a request or a defined event, such as a help desk alert, an IDPS alarm, or a vendor alert of an emerging vulnerability.
The Incident Response Planning team (IRP team), should consist of individuals from all relevant constituent groups that will be affected by the actions of the front line response teams

___True

____False
___________________is the process of examining, documenting, and assessing the security posture of an organization’s information technology and the risks it faces.
A(n) ________________________ is a detailed examination of the events that occurred, from first detection to final recovery.
The most common method of calculating business impact is to review financial reports and budgets.

________True

_________False

___________________are computer servers configured to resemble production systems, containing rich information just begging to be hacked.

__________________is used to understand the ways systems operate and to chart process flows and interdependency studies for both manual and automated systems.
The CP policy is the formal policy that will guide the efforts of
the subordinate teams in developing their plans, and the overall
operations of the organization during contingency operations.

_________

True

__________False
The focus during an AAR is on establishing who is to blame.

_____True

___
False
_________________is the storage of duplicate online transaction data, along with the duplication of the databases, at the remote site to a redundant server.
_______________is the process of applying controls to reduce the risks to an organization’s data and information systems.

________________is the transfer of live transactions to an off-site facility.

A(n) ________________a type of IDPS that is similar to the NIDPS, reviews the log files generated by servers, network devices, and even other IDPSs.
______________is a set of procedures that commence when an incident is detected.
An advantage of outsourcing the IR process is the early notification of potential problems in the region.

_________True
_________False

An example of a contradictory policy would be one that claims data security as a first priority and also requires complete privacy for all stakeholders.

_______True

________False
At a minimum, the CSIRT development plan should be reviewed annually.

______True

______False
The _________________________ is the period of time within which systems, applications, or functions must be recovered after an outage.

__________________services are undertaken to prepare the organization or the CSIRT constituents to protect and secure systems in anticipation of problems, attacks, or other events.
____________________are methods for assessing the relative worth and operations of a subject of interest.
Name the three critical elements of the C.I.A. triangle.
1.
2.
3.

The _________________________________ is a CSIRT team member, other than the team leader, who is currently performing the responsibilities of the team leader in scanning the organization’s information infrastructure for signs of an incident.
Objects, persons, or other entities that pose a potential risk of
loss to an asset are called ____________________________