197. c. The quality of the outsourcer’s work remains an important consideration. Organizations should consider not only the current quality of work, but also the outsourcer’s efforts to ensure the quality of future work, which are the major considerations. Organizations should think about how they could audit or otherwise objectively assess the quality of the outsourcer’s work. Lack of organization-specific knowledge will reflect in the current and future quality of work. The other three choices are minor considerations and are a part of the major considerations.
198. The incident response team should work with which of the following when attempting to contain, eradicate, and recover from large-scale incidents?
a. Advisory distribution team
b. Vulnerability assessment team
c. Technology watch team
d. Patch management team
198. d. Patch management staff work is separate from that of the incident response staff. Effective communication channels between the patch management team and the incident response team are likely to improve the success of a patch management program when containing, eradicating, and recovering from large-scale incidents. The activities listed in the other choices are the responsibility of the incident response team.
199. Which of the following is the foundation of the incident response program?
a. Incident response policies
b. Incident response procedures
c. Incident response standards
d. Incident response guidelines
199. a. The incident response policies are the foundation of the incident response program. They define which events are considered as incidents, establish the organizational structure for the incident response program, define roles and responsibilities, and list the requirements for reporting incidents.
200. All the following can increase an information system’s resilience except:
a. A system achieves a secure initial state.
b. A system reaches a secure failure state after failure.
c. A system’s recovery procedures take the system to a known secure state after failure.
d. All of a system’s identified vulnerabilities are fixed.
200. d. There are vulnerabilities in a system that cannot be fixed, those that have not yet been fixed, those that are not known, and those that are not practical to fix due to operational constraints. Therefore, a statement that “all of a system’s identified vulnerabilities are fixed” is not correct. The other three choices can increase a system’s resilience.
201. Media sanitization ensures which of the following?
a. Data integrity
b. Data confidentiality
c. Data availability
d. Data accountability
201. b. Media sanitization refers to the general process of removing data from storage media, such that there is reasonable assurance, in proportion to the confidentiality of the data, that the data may not be retrieved and reconstructed. The other three choices are not relevant here.
202. Regarding media sanitization, degaussing is the same as:
a. Incinerating
b. Melting
c. Demagnetizing
d. Smelting
202. c. Degaussing reduces the magnetic flux to virtual zero by applying a reverse magnetizing field. It is also called demagnetizing.
203. Regarding media sanitization, what is residual information remaining on storage media after clearing called?
a. Residue
b. Remanence
c. Leftover data
d. Leftover information
203. b. Remanence is residual information remaining on storage media after clearing. Choice (a) is incorrect because residue is data left in storage after information-processing operations are complete but before degaussing or overwriting (clearing) has taken place. Leftover data and leftover information are too general as terms to be of any use here.
204. What is the security goal of the media sanitization requiring an overwriting process?
a. To replace random data with written data.
b. To replace test data with written data.
c. To replace written data with random data.
d. To replace written data with statistical data.
204. c. The security goal of the overwriting process is to replace written data with random data. The process may include overwriting not only the logical storage of a file (for example, file allocation table) but also may include all addressable locations.
