Operational and Organizational Security: Policies and Disaster Recovery• Chapter 12  759

                 13. An intruder has gained access to your Web site, and damaged a number of files
                    needed by the company. Entry was gained through a new Web server that had
                    unneeded services running on the machine.This Web server is used to provide
                    e-commerce functions that provide a large percentage of the company’s annual
                    sales. During the intrusion, you were working on upgrading a router in another
                    part of the building, which is why you did not notice audit notifications sent to
                    your e-mail address, which could have tipped you off about suspicious activity
                    on the server.You are concerned that a repeat attack may occur while repairs
                    are underway.Which of the following should you do to deal with this incident
                    and protect the network?
                      A. Remove the Web server from the Internet.
                      B. Remove the unneeded services running on the server.

                      C. Continue upgrading the router so that you can focus on audit notifications
                         that may occur.

                      D. Recover data files that were damaged in the attack.

                 14. You are creating a business continuity plan that incorporates several other plans
                    to ensure that key functions will not be interrupted for long if an incident
                    occurs.What plan would be used to identify a cold site that will be used to
                    reestablish normal business functions in a disaster?
                    A. Business recovery plan
                    B. Business resumption plan
                    C. Contingency plan

                    D. SLA
























                                                                              www.syngress.com