Top 20 Disaster Recovery Questions and Answers

Top 20 Disaster Recovery Questions and Answers

Disaster recovery is a critical aspect of business continuity planning, ensuring that organizations can resume their operations swiftly and efficiently in the event of unforeseen disasters or disruptions. To help you understand the key principles and considerations surrounding disaster recovery, here are 20 common questions and answers that provide valuable insights into this vital field. Whether you’re an IT professional, a business owner, or someone simply interested in safeguarding against potential disasters, these Q&A responses will shed light on the strategies, technologies, and best practices that underpin effective disaster recovery planning and execution.

Now, let’s move on to the top 20 Disaster Recovery Questions and Answers

Q1. The term unauthorized access is a synonym for hacking.

Select one:
a. True
b. False

Q2. The _______ is a detailed examination of the events that occurred, from first detection to final recovery.

a. case training tool
b. rehearsal event
c. after-action review
d. IR inspection

Q3. A continuously changing process presents challenges in acquisition, as there is not a fixed state that can be collected, hashed, and so forth. This has given rise to the concept of forensics which captures a point-in-time picture of a process.

Select one:
a. live
b. point
C. camera
d. snapshot

Q4. Most organizations will find themselves awash in incident candidates at one time or another, and the vast majority will be

Select one:
a. definite indicators
b. reported attacks
c. unusual system crashes
d. false positives

Q5. A _______ rootkit is one that becomes a part of the system bootstrap process and is loaded every time the system boots.

Select one:
a. user-mode
b. memory-based
C. kernel-mode
d. persistent

Q6. The ________ flow of information needed from the CSIRT to organizational and IT/InfoSec management is a critical communication requirement

Select one:
a. operations
b. identifying
c. geographic
d. upward

Q7. Most modern antivirus/anti-malware utilities cannot detect rootkits.

Select one:
a. True
b. False

Q8. The determination of what systems fall under the CSIRT’s responsibility is called its__.

Select one:
a. constituency
b. scope of operations
c. mission
d. policy

Q9. In evidence handling, specifically designed________are helpful because they are very difficult to remove without breaking.

Select one:
a.break kits
b. forensic locks
c. evidence seals
d. package guards

Q10. One way to identify a particular digital item (collection of bits) is by means of a(n)___

a. cryptographic hash
b. learning algorithm
c. digital code
d. boot tag

Q11. The number-one IU preparation-and-prevention strategy is___.

Select one:
a. periodic audit of logs
b. organizational policy
c. minimize file sharing
d. configuring network devices

Q12. Once the CSIRT has been notified and arrives “on scene,” whether physically or virtually, the first task that must occur is an assessment of the situation.

Select one:
a. True
b. False

Q13. Once a compromised system is disconnected, it is safe from further damage.

Select one:
a. True
b. False

Q14. _________involves an attempt made by those who may become subject to digital forensic techniques to obfuscate or hide items of evidentiary value.

Select one:
a. Anti-discovery
b. Digital masking
c. Digital obstruction
d. Anti-forensics

Q15. The Windows Task Manager can be used to seek out Trojan programs on Microsoft Windows computers.

Select one:
a. True
b. False

Q16. Many malware attacks are _____attacks, which involve more than one type of malware and/or more than one type of transmission method.

Select one:
a. rootkit
b. blended
C. malicious software
d. unauthorized access

Q17. The______ of a hub, switch or other networking device is a specially configured connection that is capable of viewing all the traffic that moves through the entire device.

Select one:
a. monitoring port
b. external router
c. TCP/IP sensor
d. IDPS console

Q18. The involvement of the CSIRT in incident response typically starts with prevention.

Select one:
a. True
b. False

Q19. Those services performed in response to a request or a defined event such as a help desk alert are called_______.

a. vulnerability assessment services
b. security quality management services
c. proactive services
d. reactive services

Q20.One way to build and maintain staff skills is to develop incident-handling and have the team members discuss how they would handle them.

Select one:
a. True
b. False


  1. a
  2. c
  3. d
  4. d
  5. d
  6. d
  7. b
  8. b
  9. c
  10. a
  11. b
  12. a
  13. b
  14. d
  15. b
  16. b
  17. a
  18. b
  19. d
  20. a