Disaster Recovery Quiz

Top Disaster Recovery Quiz Questions With Answers

Disaster recovery planning is a crucial aspect of any organization’s overall business continuity strategy. It involves identifying potential threats and risks that could disrupt normal operations and developing a plan to mitigate those risks and minimize the impact of a disaster. Testing and assessing the effectiveness of a disaster recovery plan is equally important, and one way to do that is through quizzes. In this article, we will provide a list of top disaster recovery quiz questions with answers to help organizations test their disaster recovery knowledge and preparedness. These questions cover a range of topics, including disaster recovery planning, backup and recovery strategies, and data protection and security.

So, let’s get started with some disaster recovery quiz questions and their answers.

Q1. A ____ rootkit is one that becomes a part of the system bootstrap process and is loaded every time the system boots.

a. user-mode 
b. memory-based 
c. kernel-mode 
d. persistent

Q2. If an intruder can __ a device, then no electronic protection can deter the loss of information.

a. log and monitor
b. packet sniff
c. trap and trace
d. physically access

Q3. Many attacks come through ports and then attack legitimate processes to allow themselves access or to conduct subsequent attacks.


Q4. A(n) __ is the set of rules and configuration guidelines governing the implementation and operation of IDPSs within the organization

a. attack stimulus
b. confidence
c. site policy
d. IR policy

Q5. In the event that a definite indicator is recognized, the corresponding __ must be activated immediately

a. alarm
b. IR plan
c. rootkit

Q6. The organization must first understand what skills are needed to effectively respond to an incident. If necessary, management must determine if it is willing to acquire needed __ to fill in the gaps.

a. policies
b. personnel
c. equipment
d. administration

Q7. The determination of what systems fall under the CSIRT ’s responsibility is called its __.

a. constituency
b. scope of operations
c. mission
d. policy

Q8. The CSIRT is also known as the IR Reaction Team

a. True
b. False

Q9. Giving the IR team the responsibility for __ is generally not recommended

a. incident analysis
b. patch management
c. vulnerability assessment
d. advisory distribution

Q10. One of the first signals that an organization is making progress in the development of its IR program, specifically in the development of its CSIRT, is a dramatic drop in the number of identified incidents.

a. True
b. False

Q11. Once the CSIRT has been notified and arrives “on scene,” whether physically or virtually, the first task that must occur is an assessment of the situation.

a. True
b. False

Q12. When a second attack, using the means and methods of the first attack is undertaken while the first attack is still underway, this is considered a(n) ____ recurrence.

a. concurrent
b. simultaneous
c. intrusive
d. ongoing

Q13. __ incidents are predominantly characterized as a violation of policy rather than an effort to abuse existing systems

a. Inappropriate use
b. Unauthorized access 
c. Denial of service 
d. Malicious code

Q14. According to NIST, which of the following is an example of a UA attack?

a. Asking for large numbers of resources
b. Knowingly sending a virus-infected message
c. Downloading unauthorized software
d. Modifying Web-based content without permission

Q15. When an incident includes a breach of physical security, all aspects of physical security should be escalated under a containment strategy known as ____.

a. disablement
b. isolation
c. lockdown
d. block

Q16. The functional part of forensics called __ is about assessing the “scene,” identifying the sources of relevant digital information, and preserving it for later analysis using sound processes

a. data sensitivity
b. first response
c. analysis and presentation
d. investigation

Q17. ____ is used both for intrusion analysis and as part of evidence collection and analysis.

a. Configuration
b. Loss analysis
c. Forensics
d. Rehearsal

Q18. In evidence handling, specifically designed ____ are helpful because they are very difficult to remove without breaking.

a. break kits 
b. forensic locks 
c. evidence seals
d. package guards 

Q19. The laws governing search and seizure in the public sector are much more straightforward than those in the private sector.

a. True
b. False

Q20. The forensic tool ____ does extensive pre-processing of evidence items that recovers deleted files and extracts e-mail messages.

a. EnCase
b. Forensic Toolkit (FTK)
c. AccessData
d. Guidance


  1. d
  2. d
  3. a
  4. c
  5. b
  6. b
  7. b
  8. a
  9. a
  10. b
  11. a
  12. a
  13. a
  14. d
  15. c
  16. b
  17. c
  18. c
  19. b
  20. b