CVSS Metrics and DREAD Model Quiz

Questions and Answers

What does RTO stand for in the context of Business Impact Analysis?

• Regulatory Time Obligation
• Risk Tolerance Outcome
• Recovery Time Objective (correct)
• Recovery Point Operation

How is Annualized Loss Expectancy (ALE) calculated?

• By adding the asset value to the exposure factor
• By multiplying the annual rate of occurrence by the Single Loss Expectancy (SLE) (correct)
• By dividing the Single Loss Expectancy (SLE) by the asset value
• By multiplying the asset value by the exposure factor

What does SLE stand for in the context of describing incidents?

• Security Log Entry
• Single Loss Expectancy (correct)
• Systematic Loss Evaluation
• Severity Level Examination

What does CVSS stand for in the context of Common Vulnerability Scoring System?

Common Vulnerability Scoring System (D)

What is the primary focus of IT teams when preserving evidence in the event of a DoS attack?

Determining how the incident occurred (C)

Which of the following metrics is NOT a part of the CVSS Base Group Metrics?

Environmental Impact (A)

Why is failure to preserve forensic information detrimental to IT teams?

It prevents effectively evaluating the cause of incidents (C)

What does ARO represent in the calculation of Annualized Loss Expectancy (ALE)?

Annual Rate of Occurrence (A)

What is an example of an adverse event as mentioned in the text?

Unauthorized access (A)

Why is it important to weave forensic methodology into an organization's incident response policy?

To preserve evidence for evaluation and future prevention (A)

What should IT teams do to effectively reduce risk after an incident?

Provide appropriate training to staff for preserving evidence (D)

What is the negative consequence of not preserving forensic evidence for future incidents?

Prevents effective evaluation of incident causes (C)

What is the purpose of an Ishikawa diagram?

Determining what caused a disaster (B)

Which type of backup captures all changes since the last full backup?

Incremental (D)

What is the main focus of the Mean Percentage Error (MPE) formula?

Calculating the average error percentage (B)

Which action is part of the Post Recovery Follow-Up process?

Determining system weaknesses (A)

What does HSM stand for in the context of backups?

Hierarchical storage management (C)

Why is it important to have an off-site backup of data?

To ensure data recovery in case of on-site damage (A)

What is the purpose of DREAD model in cybersecurity?

To evaluate the impact of an attack (A)

Which metric group focuses on evaluating the impact of an attack in terms of damage potential and discoverability?

Temporal Metric Group (C)

What does Remote Network MONitoring (RMON) provide in cybersecurity?

A standardized method of classifying network traffic (C)

Who developed Remote Network MONitoring (RMON) to support network monitoring and protocol analysis?

The Internet Engineering Task Force (IETF) (A)

Which aspect of an attack does the DREAD model NOT evaluate?

Impact on confidentiality requirement (C)

What does Mean Squared Deviation (MSD) involve?

A mean square deviation formula (D)

What does a Disaster Recovery Plan (DRP) focus on?

Executing a full recovery to normal operations (D)

What is the main focus of a Business Continuity Plan (BCP)?

Keeping an organization functioning until full recovery is possible (C)

What does Business Impact Analysis (BIA) identify?

The effects a disaster would have on business and IT functions (C)

Which term is related to the average time it takes to repair an item?

Mean time to repair (MTTR) (B)

What does Mean Time to Failure (MTTF) refer to?

The amount of time before a given device is likely to fail (B)

What aspect does Maximum Tolerable Downtime (MTD) consider?

The maximum acceptable downtime for critical systems (A)

What is the best method for determining the cause of a disaster and preventing a recurrence?

Forensic techniques (A)

When does the forensic process begin in response to an incident?

Once the incident has been discovered (B)

Which of the following is NOT a component of an incidence response plan for IT-related disasters?

Firewalls implementation (B)

What is the main purpose of a Disaster Recovery Plan (DRP)?

To restore operations after an IT-related disaster (B)

What can be included in an organization's incident response plan as a response to an intrusion?

Malware infection countermeasures (A)

For which scenario would forensic techniques be particularly useful in an incident response?

Data breach investigation (D)

What type of backup captures all changes since the last full backup?

Differential backup (D)

What is the focus of the Post Recovery Follow-Up process?

Assess what happened and why (B)

Which type of backup involves continuous backup according to the text?

Hierarchical storage management (HSM) (D)

In the context of backups, what does 'RTO' stand for?

Recovery Time Objective (B)

What aspect does the DREAD model NOT evaluate in cybersecurity?

Reproducibility (D)

Why is it crucial for IT teams to have an off-site backup of data?

To facilitate data restoration during disasters (A)

What does a Disaster Recovery Plan (DRP) primarily focus on?

Executing a full recovery to normal operations (B)

What is the main purpose of Business Impact Analysis (BIA)?

Identifying the effects a disaster would have on business and IT functions (A)

Which metric is NOT considered as part of the Business Impact Analysis (BIA)?

Mean Squared Deviation (MSD) (C)

What is the relationship between Mean Time to Repair (MTTR) and Mean Time to Failure (MTTF)?

MTTR and MTTF are independent of each other (C)

What does Maximum Tolerable Downtime (MTD) consider when planning for disasters?

The maximum acceptable downtime for critical systems (D)

Which standard focuses on establishing Federal Standards for Business Continuity Plans?

NFPA 1600 (B)

What is the primary purpose of adding forensics to incident response?

To identify forensic resources and provide appropriate training for preserving evidence (B)

What is the impact of failure to preserve forensic information on IT teams?

It prevents IT teams from reducing risk effectively (D)

In the context of an incident, what does preserving forensic evidence often require IT teams to do?

Perform recovery while preserving forensic data (D)

Why is it important to weave forensic methodology into an organization's incident response policy?

To ensure proper preservation of evidence and aid in future incident prevention (D)

What role does preserving forensic evidence play in reducing future incident risks?

It helps in identifying the cause of incidents effectively (B)

What does adding forensics to an organization's incident response policy aim to achieve?

Provide appropriate training for staff in preserving evidence (C)

What is the purpose of Single Loss Expectancy (SLE) in the context of Business Impact Analysis?

To quantify the cost of a single security incident (B)

Which metric is used to determine how long it would take to recover a system in Business Impact Analysis?

Recovery Time Objective (RTO) (D)

What is the main focus of the Common Vulnerability Scoring System (CVSS) Base Group Metrics?

Scoring vulnerabilities based on severity (B)

How is Annualized Loss Expectancy (ALE) calculated in Business Impact Analysis?

By multiplying the annual rate of occurrence by the SLE (C)

What does the Common Vulnerability Scoring System (CVSS) NOT evaluate?

Scope of the attack (D)

In IT security, what does Recovery Point Objective (RPO) primarily focus on?

Determining data loss tolerance (B)

What is the primary focus when preserving evidence in the event of a DoS attack?

Restoring network connectivity (D)

In the context of incident response, what does preserving forensic evidence often require IT teams to do?

Avoid accessing affected systems to prevent contamination (B)

What is the main focus of adding forensics to an organization's incident response policy?

Identifying areas for process improvement (A)

Why is it crucial to have an off-site backup of data in disaster recovery planning?

To maintain data integrity (A)

Which action is typically part of the Post Recovery Follow-Up process in disaster recovery?

Conducting a thorough root cause analysis (B)

What is the primary purpose of Business Impact Analysis (BIA)?

Identifying critical business functions and the impact of their loss (A)

What does the Hierarchical Storage Management (HSM) backup method involve?

Continuous backup with frequent snapshots (C)

In the context of backups, what does the Differential backup method capture?

All changes since the last hierarchical storage management (HSM) backup (C)

Why is it important for IT teams to have alternate facilities identified in a Disaster Recovery Plan (DRP)?

To continue operations if primary facilities are compromised (A)

What is the primary purpose of the Post Recovery Follow-Up process?

To identify weaknesses in the system (B)

In Business Impact Analysis (BIA), what does Mean Percentage Error (MPE) measure?

The accuracy of recovery plan predictions (D)

Why is it crucial for IT teams to ensure that off-site backups of data can be readily retrieved and restored?

To prevent data loss during disaster recovery (A)

What does the Single Loss Expectancy (SLE) in Business Impact Analysis represent?

The total value of assets affected by an incident (C)

In the context of cybersecurity, what does the Common Vulnerability Scoring System (CVSS) Base Group Metrics NOT include?

Recovery Time Objective (RTO) (C)

What is the purpose of calculating the Annualized Loss Expectancy (ALE) in Business Impact Analysis?

To estimate the potential monetary loss from an event over a year (B)

What is the purpose of the Common Vulnerability Scoring System (CVSS) in cybersecurity?

To classify vulnerabilities based on severity (A)

Which metric is NOT considered in the Business Impact Analysis (BIA) process?

Mean Time to Failure (MTTF) (D)

Which group of metrics does the Common Vulnerability Scoring System (CVSS) NOT include?

Recovery (D)

What is a key reason for IT teams to preserve forensic evidence in incident response?

To prevent future incidents (D)

Why is recovery sometimes performed at the expense of preserving forensic evidence?

To prioritize system availability over evidence preservation (C)

What is the main challenge IT teams face when forensic information is not preserved?

Modifying company policies effectively (C)

Why should organizations weave forensic methodology into their incident response policies?

To ensure effective evidence preservation (C)

What is a primary focus when identifying forensic resources for incident response?

Preserving evidence integrity (A)

How does the failure to preserve forensic information impact an organization's incident response?

Makes it difficult to determine cause of incidents (C)

What does the Mean Time to Repair (MTTR) measure?

The average time it takes to repair an item (C)

Which term refers to the average time before a device is likely to fail through normal use?

Mean Time to Failure (MTTF) (C)

In the context of disaster recovery and business continuity, what does Maximum Tolerable Downtime (MTD) relate to?

Amount of time an organization can afford for a system to be down (B)

What is the main focus of a Disaster Recovery Plan (DRP) according to the text?

Executing a full recovery to normal operations (B)

Which standard is focused on establishing Federal Standards for Business Continuity Plans?

None of the above (D)

What does Business Impact Analysis (BIA) identify according to the text?

The priority of different critical systems in an organization (B)

Flashcards are hidden until you start studying