312-76 : EC-Council Disaster Recovery Professional : Part 02

312-76 : EC-Council Disaster Recovery Professional : Part 02

1. IT Service Continuity Management (ITSCM) is used to support the overall Business Continuity Management (BCM) in order to ensure that the required IT infrastructure and the IT service provision are recovered within an agreed business time scales. Which of the following are the benefits of implementing IT Service Continuity Management?

   Each correct answer represents a complete solution. Choose all that apply.

   • It prioritizes the recovery of IT services by working with BCM and SLM.
   • It minimizes costs related with recovery plans using proper proactive planning and testing.
   • It confirms competence, impartiality, and performance capability of an organization that performs audits.
   • It minimizes disruption in IT services when it follows a major interruption or disaster.

2. You work as an Incident handling manager for Orangesect Inc. You detect a virus attack incident in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the Incident handling process will utilize the signature to resolve this incident?

   • Eradication
   • Identification
   • Containment
   • Recovery

3. Which of the following is established during the Business Impact Analysis by the owner of a process in accepted business continuity planning methodology?

   • Recovery Consistency Objective
   • Recovery Time Objective
   • Recovery Point Objective
   • Recovery Time Actual

4. Which of the following options is an intellectual property right to protect inventions?

   • Snooping
   • Patent
   • Copyright
   • Utility model

5. Pete works as a Network Security Officer for Gentech Inc. He wants to encrypt his network traffic. The specific requirement for the encryption algorithm is that it must be a symmetric key block cipher. Which of the following techniques will he use to fulfill this requirement?

   • AES
   • DES
   • IDEA
   • PGP

6. Which of the following is the simulation of the disaster recovery plans?

   • Walk-through test
   • Full operational test
   • Paper test
   • Preparedness test

7. You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements. Which project management plan will define who will be available to share information on the project risks?

   • Communications Management Plan
   • Resource Management Plan
   • Risk Management Plan
   • Stakeholder management strategy

8. Which of the following levels of RAID provides security features that are availability, enhanced performance, and fault tolerance?

   • RAID-10
   • RAID-5
   • RAID-0
   • RAID-1

9. Which of the following backup sites takes the longest recovery time?

   • Cold backup site
   • Hot backup site
   • Warm backup site
   • Mobile backup site

10. Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect’s computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system?

    • Volatile data, file slack, registry, system state backup, internet traces, file system, memory dumps
    • Volatile data, file slack, internet traces, registry, memory dumps, system state backup, file system
    • Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces
    • Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces

11. Which of the following defines the communication link between a Web server and Web applications?

    • IETF
    • Firewall
    • PGP
    • CGI

12. Which of the following plans is documented and organized for emergency response, backup operations, and recovery maintained by an activity as part of its security program that will ensure the availability of critical resources and facilitates the continuity of operations in an emergency situation?

    • Disaster Recovery Plan
    • Continuity Of Operations Plan
    • Business Continuity Plan
    • Contingency Plan

13. Which of the following features of the Cisco MDS 9000 SAN Extension over IP Package help in implementing efficient FCIP-based business-continuity and disaster-recovery solutions?

    Each correct answer represents a complete solution. Choose all that apply.

    • FCIP write acceleration
    • IVR
    • FCIP compression
    • SAN extension tuner

14. Which of the following methods is a means of ensuring that system changes are approved before being implemented, and the implementation is complete and accurate?

    • Configuration identification
    • Configuration control
    • Configuration auditing
    • Documentation control

15. Which of the following roles is responsible for review and risk analysis of all contracts on a regular basis?

    • The IT Service Continuity Manager
    • The Configuration Manager
    • The Supplier Manager
    • The Service Catalogue Manager

16. Which of the following statements about a certification authority (CA) is true?

    • It is a non-profit organization that sets security standards for e-commerce.
    • It is a business-to-consumer (B2C) commerce model that is used for high-volume transactions.
    • It is a trusted third-party organization that issues digital certificates to create digital signatures and public key pairs.
    • It issues physical certificates that confirm the identity of entities.

17. BS 7799 is an internationally recognized ISM standard that provides high level, conceptual recommendations on enterprise security. BS 7799 is basically divided into three parts. Which of the following statements are true about BS 7799?

    Each correct answer represents a complete solution. Choose all that apply.

    • BS 7799 Part 3 was published in 2005, covering risk analysis and management.
    • BS 7799 Part 1 was a standard originally published as BS 7799 by the British Standards Institute (BSI) in 1995.
    • BS 7799 Part 2 was adopted by ISO as ISO/IEC 27001 in November 2005.
    • BS 7799 Part 1 was adopted by ISO as ISO/IEC 27001 in November 2005.

18. An organization monitors the hard disks of its employees’ computers from time to time. Which policy does this pertain to?

    • User password policy
    • Backup policy
    • Privacy policy
    • Network security policy

19. Which of the following disaster recovery tests includes the operations that shut down at the primary site, and are shifted to the recovery site according to the disaster recovery plan?

    • Parallel test
    • Simulation test
    • Full-interruption test
    • Structured walk-through test

20. SIMULATION

    Fill in the blank with the appropriate phrase.

    ____________ privilege escalation is the process of attempting to access sources with a higher access, such as a user account trying to access admin privileges.

    • Vertical