CVSS Metrics and DREAD Model Quiz

Questions and Answers

What does RTO stand for in the context of Business Impact Analysis?

Regulatory Time Obligation

Risk Tolerance Outcome

Recovery Time Objective (correct)

Recovery Point Operation

How is Annualized Loss Expectancy (ALE) calculated?

By adding the asset value to the exposure factor

By multiplying the annual rate of occurrence by the Single Loss Expectancy (SLE) (correct)

By dividing the Single Loss Expectancy (SLE) by the asset value

By multiplying the asset value by the exposure factor

What does SLE stand for in the context of describing incidents?

Security Log Entry

Single Loss Expectancy (correct)

Systematic Loss Evaluation

Severity Level Examination

What does CVSS stand for in the context of Common Vulnerability Scoring System?

Common Vulnerability Scoring System

What is the primary focus of IT teams when preserving evidence in the event of a DoS attack?

Determining how the incident occurred

Which of the following metrics is NOT a part of the CVSS Base Group Metrics?

Environmental Impact

Why is failure to preserve forensic information detrimental to IT teams?

It prevents effectively evaluating the cause of incidents

What does ARO represent in the calculation of Annualized Loss Expectancy (ALE)?

Annual Rate of Occurrence

What is an example of an adverse event as mentioned in the text?

Unauthorized access

Why is it important to weave forensic methodology into an organization's incident response policy?

To preserve evidence for evaluation and future prevention

What should IT teams do to effectively reduce risk after an incident?

Provide appropriate training to staff for preserving evidence

What is the negative consequence of not preserving forensic evidence for future incidents?

Prevents effective evaluation of incident causes

What is the purpose of an Ishikawa diagram?

Determining what caused a disaster

Which type of backup captures all changes since the last full backup?

Incremental

What is the main focus of the Mean Percentage Error (MPE) formula?

Calculating the average error percentage

Which action is part of the Post Recovery Follow-Up process?

Determining system weaknesses

What does HSM stand for in the context of backups?

Hierarchical storage management

Why is it important to have an off-site backup of data?

To ensure data recovery in case of on-site damage

What is the purpose of DREAD model in cybersecurity?

To evaluate the impact of an attack

Which metric group focuses on evaluating the impact of an attack in terms of damage potential and discoverability?

Temporal Metric Group

What does Remote Network MONitoring (RMON) provide in cybersecurity?

A standardized method of classifying network traffic

Who developed Remote Network MONitoring (RMON) to support network monitoring and protocol analysis?

The Internet Engineering Task Force (IETF)

Which aspect of an attack does the DREAD model NOT evaluate?

Impact on confidentiality requirement

What does Mean Squared Deviation (MSD) involve?

A mean square deviation formula

What does a Disaster Recovery Plan (DRP) focus on?

Executing a full recovery to normal operations

What is the main focus of a Business Continuity Plan (BCP)?

Keeping an organization functioning until full recovery is possible

What does Business Impact Analysis (BIA) identify?

The effects a disaster would have on business and IT functions

Which term is related to the average time it takes to repair an item?

Mean time to repair (MTTR)

What does Mean Time to Failure (MTTF) refer to?

The amount of time before a given device is likely to fail

What aspect does Maximum Tolerable Downtime (MTD) consider?

The maximum acceptable downtime for critical systems

What is the best method for determining the cause of a disaster and preventing a recurrence?

Forensic techniques

When does the forensic process begin in response to an incident?

Once the incident has been discovered

Which of the following is NOT a component of an incidence response plan for IT-related disasters?

Firewalls implementation

What is the main purpose of a Disaster Recovery Plan (DRP)?

To restore operations after an IT-related disaster

What can be included in an organization's incident response plan as a response to an intrusion?

Malware infection countermeasures

For which scenario would forensic techniques be particularly useful in an incident response?

Data breach investigation

What type of backup captures all changes since the last full backup?

Differential backup

What is the focus of the Post Recovery Follow-Up process?

Assess what happened and why

Which type of backup involves continuous backup according to the text?

Hierarchical storage management (HSM)

In the context of backups, what does 'RTO' stand for?

Recovery Time Objective

What aspect does the DREAD model NOT evaluate in cybersecurity?

Reproducibility

Why is it crucial for IT teams to have an off-site backup of data?

To facilitate data restoration during disasters

What does a Disaster Recovery Plan (DRP) primarily focus on?

Executing a full recovery to normal operations

What is the main purpose of Business Impact Analysis (BIA)?

Identifying the effects a disaster would have on business and IT functions

Which metric is NOT considered as part of the Business Impact Analysis (BIA)?

Mean Squared Deviation (MSD)

What is the relationship between Mean Time to Repair (MTTR) and Mean Time to Failure (MTTF)?

MTTR and MTTF are independent of each other

What does Maximum Tolerable Downtime (MTD) consider when planning for disasters?

The maximum acceptable downtime for critical systems

Which standard focuses on establishing Federal Standards for Business Continuity Plans?

NFPA 1600

What is the primary purpose of adding forensics to incident response?

To identify forensic resources and provide appropriate training for preserving evidence

What is the impact of failure to preserve forensic information on IT teams?

It prevents IT teams from reducing risk effectively

In the context of an incident, what does preserving forensic evidence often require IT teams to do?

Perform recovery while preserving forensic data

Why is it important to weave forensic methodology into an organization's incident response policy?

To ensure proper preservation of evidence and aid in future incident prevention

What role does preserving forensic evidence play in reducing future incident risks?

It helps in identifying the cause of incidents effectively

What does adding forensics to an organization's incident response policy aim to achieve?

Provide appropriate training for staff in preserving evidence

What is the purpose of Single Loss Expectancy (SLE) in the context of Business Impact Analysis?

To quantify the cost of a single security incident

Which metric is used to determine how long it would take to recover a system in Business Impact Analysis?

Recovery Time Objective (RTO)

What is the main focus of the Common Vulnerability Scoring System (CVSS) Base Group Metrics?

Scoring vulnerabilities based on severity

How is Annualized Loss Expectancy (ALE) calculated in Business Impact Analysis?

By multiplying the annual rate of occurrence by the SLE

What does the Common Vulnerability Scoring System (CVSS) NOT evaluate?

Scope of the attack

In IT security, what does Recovery Point Objective (RPO) primarily focus on?

Determining data loss tolerance

What is the primary focus when preserving evidence in the event of a DoS attack?

Restoring network connectivity

In the context of incident response, what does preserving forensic evidence often require IT teams to do?

Avoid accessing affected systems to prevent contamination

What is the main focus of adding forensics to an organization's incident response policy?

Identifying areas for process improvement

Why is it crucial to have an off-site backup of data in disaster recovery planning?

To maintain data integrity

Which action is typically part of the Post Recovery Follow-Up process in disaster recovery?

Conducting a thorough root cause analysis

What is the primary purpose of Business Impact Analysis (BIA)?

Identifying critical business functions and the impact of their loss

What does the Hierarchical Storage Management (HSM) backup method involve?

Continuous backup with frequent snapshots

In the context of backups, what does the Differential backup method capture?

All changes since the last hierarchical storage management (HSM) backup

Why is it important for IT teams to have alternate facilities identified in a Disaster Recovery Plan (DRP)?

To continue operations if primary facilities are compromised

What is the primary purpose of the Post Recovery Follow-Up process?

To identify weaknesses in the system

In Business Impact Analysis (BIA), what does Mean Percentage Error (MPE) measure?

The accuracy of recovery plan predictions

Why is it crucial for IT teams to ensure that off-site backups of data can be readily retrieved and restored?

To prevent data loss during disaster recovery

What does the Single Loss Expectancy (SLE) in Business Impact Analysis represent?

The total value of assets affected by an incident

In the context of cybersecurity, what does the Common Vulnerability Scoring System (CVSS) Base Group Metrics NOT include?

Recovery Time Objective (RTO)

What is the purpose of calculating the Annualized Loss Expectancy (ALE) in Business Impact Analysis?

To estimate the potential monetary loss from an event over a year

What is the purpose of the Common Vulnerability Scoring System (CVSS) in cybersecurity?

To classify vulnerabilities based on severity

Which metric is NOT considered in the Business Impact Analysis (BIA) process?

Mean Time to Failure (MTTF)

Which group of metrics does the Common Vulnerability Scoring System (CVSS) NOT include?

Recovery

What is a key reason for IT teams to preserve forensic evidence in incident response?

To prevent future incidents

Why is recovery sometimes performed at the expense of preserving forensic evidence?

To prioritize system availability over evidence preservation

What is the main challenge IT teams face when forensic information is not preserved?

Modifying company policies effectively

Why should organizations weave forensic methodology into their incident response policies?

To ensure effective evidence preservation

What is a primary focus when identifying forensic resources for incident response?

Preserving evidence integrity

How does the failure to preserve forensic information impact an organization's incident response?

Makes it difficult to determine cause of incidents

What does the Mean Time to Repair (MTTR) measure?

The average time it takes to repair an item

Which term refers to the average time before a device is likely to fail through normal use?

Mean Time to Failure (MTTF)

In the context of disaster recovery and business continuity, what does Maximum Tolerable Downtime (MTD) relate to?

Amount of time an organization can afford for a system to be down

What is the main focus of a Disaster Recovery Plan (DRP) according to the text?

Executing a full recovery to normal operations

Which standard is focused on establishing Federal Standards for Business Continuity Plans?

None of the above

What does Business Impact Analysis (BIA) identify according to the text?

The priority of different critical systems in an organization