Disaster recovery planning is a crucial aspect of any organization’s overall business continuity strategy. It involves identifying potential threats and risks that could disrupt normal operations and developing a plan to mitigate those risks and minimize the impact of a disaster. Testing and assessing the effectiveness of a disaster recovery plan is equally important, and one way to do that is through quizzes. In this article, we will provide a list of top disaster recovery quiz questions with answers to help organizations test their disaster recovery knowledge and preparedness. These questions cover a range of topics, including disaster recovery planning, backup and recovery strategies, and data protection and security.
So, let’s get started with some disaster recovery quiz questions and their answers.
Q1. A ____ rootkit is one that becomes a part of the system bootstrap process and is loaded every time the system boots.
a. user-mode
b. memory-based
c. kernel-mode
d. persistent
Q2. If an intruder can __ a device, then no electronic protection can deter the loss of information.
a. log and monitor
b. packet sniff
c. trap and trace
d. physically access
Q3. Many attacks come through ports and then attack legitimate processes to allow themselves access or to conduct subsequent attacks.
True
False
Q4. A(n) __ is the set of rules and configuration guidelines governing the implementation and operation of IDPSs within the organization
a. attack stimulus
b. confidence
c. site policy
d. IR policy
Q5. In the event that a definite indicator is recognized, the corresponding __ must be activated immediately
a. alarm
b. IR plan
c. rootkit
d. IDPS
Q6. The organization must first understand what skills are needed to effectively respond to an incident. If necessary, management must determine if it is willing to acquire needed __ to fill in the gaps.
a. policies
b. personnel
c. equipment
d. administration
Q7. The determination of what systems fall under the CSIRT ’s responsibility is called its __.
a. constituency
b. scope of operations
c. mission
d. policy
Q8. The CSIRT is also known as the IR Reaction Team
a. True
b. False
Q9. Giving the IR team the responsibility for __ is generally not recommended
a. incident analysis
b. patch management
c. vulnerability assessment
d. advisory distribution
Q10. One of the first signals that an organization is making progress in the development of its IR program, specifically in the development of its CSIRT, is a dramatic drop in the number of identified incidents.
a. True
b. False
Q11. Once the CSIRT has been notified and arrives “on scene,” whether physically or virtually, the first task that must occur is an assessment of the situation.
a. True
b. False
Q12. When a second attack, using the means and methods of the first attack is undertaken while the first attack is still underway, this is considered a(n) ____ recurrence.
a. concurrent
b. simultaneous
c. intrusive
d. ongoing
Q13. __ incidents are predominantly characterized as a violation of policy rather than an effort to abuse existing systems
a. Inappropriate use
b. Unauthorized access
c. Denial of service
d. Malicious code
Q14. According to NIST, which of the following is an example of a UA attack?
a. Asking for large numbers of resources
b. Knowingly sending a virus-infected message
c. Downloading unauthorized software
d. Modifying Web-based content without permission
Q15. When an incident includes a breach of physical security, all aspects of physical security should be escalated under a containment strategy known as ____.
a. disablement
b. isolation
c. lockdown
d. block
Q16. The functional part of forensics called __ is about assessing the “scene,” identifying the sources of relevant digital information, and preserving it for later analysis using sound processes
a. data sensitivity
b. first response
c. analysis and presentation
d. investigation
Q17. ____ is used both for intrusion analysis and as part of evidence collection and analysis.
a. Configuration
b. Loss analysis
c. Forensics
d. Rehearsal
Q18. In evidence handling, specifically designed ____ are helpful because they are very difficult to remove without breaking.
a. break kits
b. forensic locks
c. evidence seals
d. package guards
Q19. The laws governing search and seizure in the public sector are much more straightforward than those in the private sector.
a. True
b. False
Q20. The forensic tool ____ does extensive pre-processing of evidence items that recovers deleted files and extracts e-mail messages.
a. EnCase
b. Forensic Toolkit (FTK)
c. AccessData
d. Guidance
Answers
- d
- d
- a
- c
- b
- b
- b
- a
- a
- b
- a
- a
- a
- d
- c
- b
- c
- c
- b
- b