|
|
1. | What is the policy that includes all aspects of the security of an organization called?
|
|
2. | Which policy deals with information sensitivity and usage?
|
|
3. | What is the policy that identifies which software and hardware components can be used in the organization called?
|
|
4. | Which document dictates the layout of the network and what the existing configuration is?
|
|
5. | The process of ensuring that all policies, procedures, and standards are met is a function of which process?
|
|
6. | The set of guidelines that outline the components of an effective security management is called what?
|
|
7. | Which policy identifies the files and data that must be archived?
|
|
8. | Which of the following is not a necessary part of a forensic investigation?
|
|
9. | Which policy defines upgrade and systems requirements?
|
|
10. | Which of the following storage areas would be suitable for storing a disk drive as evidence?
|
|
11. | Which of the following would be an acceptable method of protecting the disk drive contents in an investigation?
|
|
12. | Which of the following tasks should be accomplished before analyzing a hard drive for forensic clues?
|
|
13. | What is a chain of custody?
|
|
14. | Which policy dictates the processes used to create archival copies of records?
|
|
15. | Which topic would not normally be covered in a user-oriented security- awareness program?
|
|
16. | Which group would most benefit from an overall briefing on security threats and issues?
|
|
17. | Which process is concerned with tracking evidence as it is used in an investigation?
|
|
18. | Who should be consulted before involving law enforcement in an investigation?
|
|
19. | Which of the following is essential in collecting evidence in an investigation?
|
|
20. | Which of the following should occur when a computer system becomes surplus?
|
|
Answers
1. | A. The security management policy encompasses items B, C, and D in this question. All aspects of security in the organization are encompassed in the security management policy. |
2. | B. The information classification policy discusses information sensitivity and access to information. |
3. | B. The configuration management policy is concerned with how systems are configured and what software can be installed on systems. |
4. | C. The systems architecture documentation identifies the configuration and changes that have been made to the network. These documents help keep track of the network, and they are useful in troubleshooting network problems. |
5. | B. Enforcement of policies, procedures, and standards is essential for effective sustainability of security efforts. The saying "Inspect what you expect" is relevant in this situation. |
6. | A. The term best practices refers to the essential elements of an effective security management effort. |
7. | D. Information retention policies dictate what information must be archived and the duration those archives must be kept. |
8. | D. The three A's of an investigation are acquiring, authenticating, and analyzing evidence. A security policy might dictate that a forensic investigation is needed in a given situation, but it is not part of the investigation. |
9. | A. Configuration management policy dictate the configurations and upgrades of systems in the organization. |
10. | A. Evidence should be kept in a limited access area that is environmentally appropriate for the media. Believe it or not, each of these other areas has been used as a storage area for evidence in several forensic sites—with poor results. |
11. | B. Authenticating evidence means that a way must be used to ensure that the contents of drive do not change. Encrypting the drive using a hashing-based algorithm (such as SHA or MD5) ensures the information will not be altered without being detected. |
12. | B. The first step in conducting an investigation would be to create a disk image of the original. If at all possible, all investigations should be performed on the backup drive, not the original. |
13. | A. The chain of custody demonstrates to the court the events and activities that have involved the evidence. Usually, this includes a log showing all of the activities involving the evidence from collection to presentation to the court as evidence. |
14. | A. The backup policy identifies the methods used to archive electronic and paper file systems. This policy works in conjunction with the information retention and storage policies. |
15. | C. Network technology and administration would not be covered in a user security-awareness program. Issues of policy, responsibilities, and importance of security would be key aspects of this program. |
16. | A. Managers would derive the most benefit from a high-level explanation of security threats and issues. Users need to know how to follow the policies and why they are important. Developers and network administrators need specific and focused information on how to better secure networks and applications. |
17. | B. The chain of custody identifies each and every step taken with the evidence in an investigation. |
18. | A. Management of the organization should be consulted before law enforcement is involved in an incident. Management will usually want to seek legal counsel as part of their decision-making process. |
19. | A. Investigators should be prepared to testify in legal proceedings about the methods used to collect evidence. It is extremely essential that investigators keep good records. A trial may not occur for several years from the time an investigation begins. |
20. | B. The only way to guarantee that data and applications on a disk drive are unreadable is to perform a low-level initialization of the storage media. This sets every storage location into a newly initialized state. This process is also referred to as disk wiping. |
|
|