SAINT LEO COM540 FULL COURSE

| June 10, 2016

Question
DISCUSSIONS
MODULE 1
Discussion 1

Does your company (or school) have a current disaster recovery plan? What are some of the activities involved in it? Do you feel confident that your company (or school) is prepared to survive a major disaster? Why or why not?

All citations must be in APA format (See link for APA examples: https://owl.english.purdue.edu/owl/resource/560/02/)
MODULE 2
Discussion 2

Select one of the topics covered in this module, research it on the internet (excluding Wikipedia, which is not considered a valid reference by any regional accrediting body), and write a report of at least two paragraphs on it to the class. Show your references for your classmates to use. You may not duplicate someone else’s topic so check before you research. Duplicate topics (determined by date/time posted) will be given a 0 grade. In addition, respond to at least two of your classmates’ postings.

All citations must be in APA format (See link for APA examples: https://owl.english.purdue.edu/owl/resource/560/02/)

MODULE 3
Discussion 3

Considering the technical skills required, do you think it is feasible to have a CSIRT response team consisting of employees with other job duties (i.e., not a full-time CSIRT job category)? Why or why not? What factors will influence this?

All citations must be in APA format.MODULE 4
Discussion 4

Discuss the ethics and legality of using hacker techniques to attempt to trace hackers.

All citations must be in APA format.MODULE 5
Discussion 5

What type of training is required to become a member of a CSIRT? How would you build a CSIRT? What are the components to building an effective team?

All citations must be in APA format.MODULE 6
Discussion 6

When law enforcement becomes involved, the need may arise to freeze systems as part of the evidence. There is also the likelihood that the incident will become known publicly. Do you think these issues play a significant part in the decision to involve law enforcement? Why or why not?

Can you name some situations in which you believe that large organizations have decided not to involve law enforcement?

All citations must be in APA format.MODULE 7Discussion 7 You may have noticed the emphasis on preparedness in chapter 10. While society expects a business to be prepared for disasters and to recover using its own resources, we do not seem to expect individuals to be prepared to survive a disaster. Should we expect government at any level to be responsible for disaster recovery at either the personal or business level? Why or why not? What sacrifices would a business have to make if the disaster recovery process were turned over to a government agency? All citations must be in APA format.
ASSIGNMENTS
ASSIGNMENT 1
For this module you are to complete the following assignments:

•Chapter 1 – Answer Real-World Exercises 1-1, 1-2, 1-3, and 1-5

Submit your assignment to the Dropbox no later than Sunday 11:59 PM EST/EDT. (This Dropbox basket is linked to Turnitin.). When you save your document, please make sure it includes the format: “Firtsname-Lastname-Assingment1″

ASSIGNMENT 2
Assignment 2

For this module you are to complete the following assignments:

•Chapter 2 – Answer Real-World Exercises 2-1, 2-2, and 2-3

•Chapter 3 – Answer Real-World Exercises 3-2, 3-4, and 3-5

Submit your assignment to the Dropbox no later than Sunday 11:59 PM EST/EDT. (This Dropbox basket is linked to Turnitin.). When you save your document, please make sure it includes the format: “Firstname- Lastname–Assignment2″

ASSIGNMENT 3
Assignment 3

For this module you are to complete the following assignments:

•Chapter 4: Answer Real-World Exercises 1, 2, 3, and 4

Submit your assignment to the Dropbox no later than Sunday 11:59 PM EST/EDT. (This Dropbox basket is linked to Turnitin.). When you save your document, please make sure it includes the format: “Firstname- Lastname–Assignment3″

ASSIGNMENT 4
Assignment 4

For this module you are to complete the following assignments:

•Chapter 5: Answer Real-World Exercises 2, 3, and 4

Submit your assignment to the Dropbox no later than Sunday 11:59 PM EST/EDT. (This Dropbox basket is linked to Turnitin.). When you save your document, please make sure it includes the format: “Firstname- Lastname–Assignment4″

ASSIGNMENT 5
Assignment

For this module you are to complete the following assignments:

•Chapter 6: Answer Real-World Exercises 1, 2, and 3

•Chapter 7: Answer Real-World Exercises 1 and 2

Submit your assignment to the Dropbox no later than Sunday 11:59 PM EST/EDT. (This Dropbox basket is linked to Turnitin.). When you save your document, please make sure it includes the format: “Firstname- Lastname–Assignment5″

ASSIGNMENT 6
Assignment 6

For this module you are to complete the following assignments:

•Chapter 8: Answer Real-World Exercises 8-1, 8-2, and 8-3

•Chapter 9: Answer Real-World Exercises 2 and 3

Submit your assignment to the Dropbox no later than Sunday 11:59 PM EST/EDT. (This Dropbox basket is linked to Turnitin.). When you save your document, please make sure it includes the format: “Firstname- Lastname–Assignment6″

ASSIGNMENT 7
Assignment 7

For this module you are to complete the following assignments:

•Chapter 10: Answer Real-World Exercises 1 and 2

•Chapter 11: Answer Real-World Exercise 3

•Chapter 12: Answer Real-World Exercises 12-3 and 12-4

Submit your assignment to the Dropbox no later than Sunday 11:59 PM EST/EDT. (This Dropbox basket is linked to Turnitin.). When you save your document, please make sure it includes the format: “Firstname- Lastname–Assignment7”

COURSE PROJECT
COM 540Principles of Incident Response and Disaster Recovery
Project Requirements

Project Description
Download NIST Special Publication SP 800-94 entitled “Guide to Intrusion Detection and Prevention Systems (IDPS)” from the NIST website at http://www.csrc.nist.gov. You will submit a written report based on the criteria below:
Report
1. Review SP 800-94 and describe in your own words (you must not copy or paste) the material covered in the document on the different types of IDPS. You may use section heading of chapters 2-9 to describe each section of the document.
2. Use your textbook, Internet, and/or Appendix C of SP 800-94 to search for at least six (6) commercially available Intrusion Detection and Prevention Systems (IDPS). Create atable comparing their features, type (general and network, wireless, NBA, or host based), and cost.
3. Prepare a PowerPoint presentation (15–20 slides) explaining the content of the IDPS document to your senior management team.
The written report should be 6-8 pages long, 12-point character size, single line spacing, and 1” margins (left, right, top, and bottom).

Submission
Submit your project to the Course Project Dropbox no later than Sunday 11:59 PM EST/EDT of Module 8.
You must submit the following files:
? PWordarts1 and 2

A
6-8 page, 12-point, single-spaced
written reportusingMicrosoft

? Part3

A
15–20slidePowerPoint presentation
MID TERM
Grade Details – All Questions

Question 1. Question :

The ____ is the point in time by which systems and data must be recovered after an outage as determined by the business unit.

training objective

recovery time objective

dependency objective

recovery point objective

Question 2. Question :

The ____ contains the rules and configuration guidelines governing the implementation and operation of IDSs within the organization.

security policy

log file

honeypot

site policy

Question 3. Question :

____ services are triggered by an event or request, such as a report of a compromised host, wide-spreading malicious code, software vulnerability, or something that was identified by an intrusion detection or logging system.

Reactive

Forensic

Security

Proactive

Question 4. Question :

A(n) ____ is a document containing contact information for the individuals that need to be notified in the event of an actual incident.

root roster

alert roster

hierarchical roster

sequential roster

Question 5. Question :

____ is the control approach that attempts to shift the risk to other assets, other processes, or other organizations.

Acceptance

Transference

Mitigation

Avoidance

Question 6. Question :

A ____ deals with the preparation for and recovery from a disaster, whether natural or man-made.

risk assessment

mitigation plan

risk management

disaster recovery plan

Question 7. Question :

Which of the following is a proactive service?

Incident handling

Risk analysis

Announcements

Alerts and warnings

Question 8. Question :

A favorite pastime of information security professionals is ____, which is realistic, head-to-head attack and defend information, security attacks, and incident response methods.

parallel testing

war gaming

simulation

structured walk-through

Question 9. Question :

In an organization, unexpected activities occur periodically; these are referred to as ____.

warnings

problems

after-action

events

Question 10. Question :

The ____ job functions focus more on costs of system creation and operation, ease of use for system users, and timeliness of system creation, as well as transaction response time.

organizational management and professionals

information technology management and professionals

human resource management and professional

information security management and professionals

Question 11. Question :

____ is the control approach that attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation.

Acceptance

Avoidance

Transference

Mitigation

Question 12. Question :

____ occurs when valid packets exploit poorly configured DNS servers to inject false information to corrupt the servers’ answers to routine DNS queries from other systems on that network.

DNS cache poisoning

Clipping

Signature matching

Clustering

Question 13. Question :

____ is a common approach used in the discipline of systems analysis and design.

Database diagramming

Network diagramming

Application diagramming

Systems diagramming

Question 14. Question :

A ____ is a document that expresses how an organization ensures that critical business functions continue at an alternate location while the organization recovers its ability to function at the primary site if a catastrophic incident or disaster occurs.

risk assessment plan

worm

Trojan horse

business continuity plan

Question 15. Question :

____ are important when team members are preparing advisories and procedures.

Writing skills

Forensic skills

Medical skills

Mathematical skills

Question 16. Question :

____ is an IDS’s ability to dynamically modify its site policies in reaction or response to environmental activity.

Alarm Compaction

True Attack Stimulus

Confidence Value

Site policy awareness

Question 17. Question :

A(n) ____ is any clearly identified attack on the organization’s information assets that would threaten the assets’ confidentiality, integrity, or availability.

incident

threat

Trojan horse

worm

Question 18. Question :

A ____ is a type of IDS that is similar to the NIDS, reviews the log files generated by servers, network devices, and even other IDSs.

log file monitor

DNS cache

honeypot

alarm cluster

Question 19. Question :

The ____ can be used to collect information directly from the end users and business managers.

forensic analysis

system log session

facilitated data gathering session

data management session

Question 20. Question :

____ are tools used to identify which computers are active on a network, as well as which ports and services are active on the computers, what function or role the machines may be fulfilling, and so on.

Filters

Scanning utilities

Clusters

Triggers

Question 21. Question :

A ____ is a computer server configured to resemble a production system, containing rich information just begging to be hacked.

network cluster

honeypot

smart IDS

DNS cache

Question 22. Question :

____ enables authorized users – persons or computer systems – to access information without interference or obstruction, and to receive it in the required format.

Risk assessment

Integrity

Availability

Confidentiality

Question 23. Question :

____ ensures that only those with the rights and privileges to access information are able to do so.

Confidentiality

Risk assessment

Integrity

Availability

Question 24. Question :

____ is the process of moving the organization toward its vision.

Transference

Avoidance

Mitigation

Strategic planning

Question 25. Question :

Using a process known as ____, Network IDSs must look for attack patterns by comparing measured activity to known signatures in their knowledge base to determine whether or not an attack has occurred or may be underway.

cache poisoning

signature matching

clipping

scanning

Question 26. Question :

A(n) ____ is a SIRT team member, other than the team leader, who is currently performing the responsibilities of the team leader in scanning the organization’s information infrastructure for signs of an incident.

IR duty officer

software engineer

forensic expert

project manager

Question 27. Question :

____ is the coherent application of methodical investigatory techniques to solve crime cases.

Alarm Compaction

Scanning

Forensics

Signature matching

Question 28. Question :

____ is the process of systematically examining information assets for evidentiary material that can provide insight into how the incident transpired.

Incident response

Forensics analysis

War gaming

Disaster recovery

Question 29. Question :

A(n) ____ is generally thought of as a group of individuals united by shared interests or values within an organization and who share a common goal of making the organization function to meet its objectives.

network community

community of interest

database community

incident response community

Question 30. Question :

The violation of fair use of copyrighted material is an example of a(n) ____.

compromise to intellectual property

act of human error

deliberate act of information distortion

deliberate act of trespass

Question 31. Question :

A(n) ____ is an event that triggers alarms and causes a false positive when no actual attacks are in progress.

True Attack Stimulus

alert

false negative

false attack stimulus

Question 32. Question :

A(n) ____ is a detailed examination of the events that occurred from first detection to final recovery.

reactive review

proactive review

audit review

after-action review

Question 33. Question :

A(n) ____ is a type of attack on information assets in which the instigator attempts to gain unauthorized entry into a system or network or disrupt the normal operations of a system or network.

event

intrusion

alert

honeypot

Question 34. Question :

A(n) ____ requires that a contact person call each and every person on the roster.

root roster

alert roster

sequential roster

hierarchical roster

Question 35. Question :

The ____ is the period of time within which systems, applications, or functions must be recovered after an outage.

training objective

recovery time objective

recovery point objective

dependency objective

Question 36. Question :

A(n) ____ must lead the project and make sure a sound project planning process is used, a complete and useful project plan is developed, and project resources are prudently managed to reach the goals of the project.

champion

crisis manager

project manager

incident manager

Question 37. Question :

____ services augment existing and well-established services that are independent of incident handling and traditionally performed by other areas of an organization such as the IT, Audit, or Training departments.

Reactive

Forensic

Proactive

Security quality management

Question 38. Question :

A(n) ____ is prepared by the organization to anticipate, react to, and recover from events that threaten the security of information and information assets in the organization, and, subsequently, to restore the organization to normal modes of business operations.

asset

threat

social plan

contingency plan

Question 39. Question :

A ____ is an alarm or alert that indicates that an attack is in progress or that an attack has successfully occurred when in fact there was no such attack.

site policy

false positive

false negative

Confidence Value

Question 40. Question :

A(n) ____ is an investigation and assessment of the impact that various attacks can have on the organization.

threat

BIA

incident

intellectual property

FINAL EXAM
1. Question :

The ____ section of the business continuity policy provides an overview of the information storage and retrieval plans of the organization.

scope

training requirements

roles and responsibilities

special considerations

Question 2. Question :

A ____ is a fully configured computer facility, with all services, communications links, and physical plant operations.

cold site

service bureau

warm site

hot site

Question 3. Question :

A ____ agreement usually guarantees space when needed, even if this means that the service bureau has to acquire additional space in the event of a widespread disaster.

mutual

noncompete

service

nondisclosure

Question 4. Question :

The ____ team is responsible for providing any needed supplies, space, materials, food, services, or facilities needed at the primary site other than vendor-acquired technology and other material obtained by the vendor team.

damage assessment

data management

logistics

business interface

Question 5. Question :

The ____ team works to install operating systems on the hardware installed by the hardware team.

application recovery

OS

computer setup team

network recovery team

Question 6. Question :

The ____ team is responsible for recovering and reestablishing operating systems (OSs).

database recovery

systems recovery

applications recovery

vendor recovery

Question 7. Question :

____ is functionally similar to job rotation, but only involves the rotation of a portion of a job, rather than the entire position.

Vertical job rotation

Task rotation

Computer training

Horizontal job rotation

Question 8. Question :

The ____ team is responsible for recovering and reestablishing operations of critical business applications.

vendor contact

system recovery

applications recovery

network recovery

Question 9. Question :

The ____ method of backup uses a rotation of six sets of media and is perhaps the most simple and well known.

six tape rotation

six-day rotation

Tower of Hanoi

six night rotation

Question 10. Question :

The ____ method of backup uses five media sets per week and allows recovery of data for the previous three weeks.

Towers of Hanoi

six-tape rotation

Grandfather-Father-Son

six-day rotation

Question 11. Question :

In disaster recovery, the ____ is the point at which a management decision to react is made in reaction to a notice or other data such as a weather report or an activity report from IT indicating the escalation of an incident.

mirrored site

hot site

cold site

trigger

Question 12. Question :

____ is the movement of employees from one position to another so they can develop additional skills and abilities.

Job rotation

Task rotation

Computer training

Cross-training

Question 13. Question :

The ____ team works to quickly set up the hardware needed to establish operations in the alternate site.

business continuity management team

operations team

computer setup team

network recovery team

Question 14. Question :

____ uses a specialized parity coding mechanism known as the Hamming code to store stripes of data on multiple data drives and corresponding redundant error correction on separate error correcting drives.

RAID level 1

RAID level 2

RAID level 3

RAID level 4

Question 15. Question :

____ is the group charged with analyzing vulnerabilities, evaluating existing plans, and developing and implementing the comprehensive crisis management program.

Crisis management planning committee

Humanitarian planning committee

Emergency response committee

Cross-training planning committee

Question 16. Question :

The ____ lists and describes the efforts to resume normal operations at the primary places of business.

incremental backup plan

disaster recovery plan

full-backup plan

business continuity plan

Question 17. Question :

The ____ contains the steps for implementing critical business functions using alternate mechanisms until normal operations can be resumed at the primary site or elsewhere on a permanent basis.

incremental plan

disaster recovery plan

full-backup plan

business continuity plan

Question 18. Question :

A ____ allows the organization to provide a disaster recovery/business continuity option while reducing the overall cost.

service bureau

mutual agreement

time-share

service agreement

Question 19. Question :

____ are highly probable when infected machines are brought back online or when other in-fected computers that may have been offline at the time of the attack are brought back up.

Follow-on incidents

War games

Black bag operations

Blue bag operations

Question 20. Question :

Before returning to routine duties, the IR team must also conduct a(n) ____.

chain of custody

after-action review

war game

Alarm Compaction

Question 21. Question :

The ____ is the point in the past to which the recovered applications and data at the alternate infrastructure will be restored.

recovery point objective

relocation point objective

simulation point objective

warm site objective

Question 22. Question :

____ consists of efforts designed to address the psychological and emotional impact on the workforce.

Crisis communications

Humanitarian assistance

Emergency response

Cross-training

Question 23. Question :

Once the incident has been contained, and all signs of the incident removed, the ____ phase begins.

actions after

black bag operation

chain of custody

blue bag operation

Question 24. Question :

____ occur over time and slowly deteriorate the capacity of an organization to withstand their effects.

Slow onset disasters

Communication disasters

Rapid onset disasters

Data disasters

Question 25. Question :

The ____ involves providing copies of the DR plan to all teams and team members for review.

DR plan desk check

DR plan structured walk-through

DR plan simulation

DR plan parallel testing

Question 26. Question :

A ____ is owned by a single organization; it can be as small as two PCs attached to a single hub or it may support hundreds of users and multiple servers.

honeypot

cache

filter

LAN

Question 27. Question :

____ contingency considerations should enhance the ability of recovery personnel to restore WAN services after a disruption.

Cache

Server

Web site

WAN

Question 28. Question :

The ____ team works with the hardware and OS teams to get internal and external services up and running to begin supporting business functions.

applications recovery

OS

computer setup team

network recovery team

Question 29. Question :

During the ____ phase the organization begins the recovery of the most time-critical business functions – those necessary to reestablish business operations and prevent further economic and image loss to the organization.

recovery

risk analysis

parallel testing

audit review

Question 30. Question :

____ are those that occur suddenly, with little warning, taking the lives of people and destroying the means of production.

Slow onset disasters

Communication disasters

Rapid onset disasters

Data disasters

Question 31. Question :

The ____ is the group responsible for initiating the occupation of the alternate facility.

advance party

disaster recovery team

applications development team

forensic team

Question 32. Question :

In the ____ section of the business continuity policy, the training requirements for the various employee groups are defined and highlighted.

scope

training requirements

roles and responsibilities

special considerations

Question 33. Question :

The ____ team is responsible for working with the remainder of the organization to assist in the recovery of nontechnology functions.

damage assessment

data management

logistics

business interface

Question 34. Question :

A ____ is defined by the ICM as a disruption in the company’s business that occurs without warning and is likely to generate news coverage and may adversely impact employees, investors, customers, suppliers, and other stakeholders.

humanitarian crisis

sudden crisis

business crisis

smoldering crisis

Question 35. Question :

____ is the rapid relocation of an organization’s critical business functions to another location.

Business relocation

Business continuity

Incidence response

Reactive review

Question 36. Question :

The ____ system can be used both to distribute information about the disaster and to collect information about the status of the employees.

DR plan desk system

DR plan simulation

auxiliary phone alert and reporting system

damage assessment report

Question 37. Question :

____ is most commonly used in organizations that balance safety and redundancy against the costs of acquiring and operating the systems.

RAID level 4

RAID level 5

RAID level 6

RAID level 7

Question 38. Question :

A(n) ____ is a list of officials ranging from an individual’s immediate supervisor through the top executive of the organization.

emergency report

chain of command

cross-training

crisis report

Question 39. Question :

____ is the storage of duplicate online transaction data, along with the duplication of the databases at the remote site to a redundant server.

Remote journaling

Electronic vaulting

Hot swapping

Database shadowing

Question 40. Question :

____ involves the batch transfer of data to an offsite facility.

Database shadowing

Remote journaling

Six-tape rotation

Electronic vaulting

Order your essay today and save 30% with the discount code: ESSAYHELPOrder Now