Page 843 - StudyBook.pdf
P. 843
Self Test Appendix • Appendix 827
13. An intruder has gained access to your Web site, and damaged a number of files needed by the
company. Entry was gained through a new Web server that had unneeded services running on
the machine.This Web server is used to provide e-commerce functions that provide a large per-
centage of the company’s annual sales. During the intrusion, you were working on upgrading a
router in another part of the building, which is why you did not notice audit notifications sent
to your e-mail address, which could have tipped you off about suspicious activity on the server.
You are concerned that a repeat attack may occur while repairs are underway.Which of the fol-
lowing should you do to deal with this incident and protect the network?
A. Remove the Web server from the Internet.
B. Remove the unneeded services running on the server.
C. Continue upgrading the router so that you can focus on audit notifications that may
occur.
D. Recover data files that were damaged in the attack.
Answer B. Remove the unneeded services running on the server. Since the attack was made
possible through these services, removing them would eliminate the previous entry into the
system. Once you have identified vulnerabilities, you should remove or deal with these weak-
nesses as soon as possible. Failing to do so could leave your system open to repeat attacks, or
make damage caused by disasters more significant.
Answer A is incorrect, because removing the Web server from the Internet will prevent the
business from continuing normal business functions.Answer C is incorrect, because the router
upgrade is unimportant to the situation.You could have been performing any number of other
tasks that would have had you fail to notice audit notifications.You cannot be expected to sit at
your desk looking at e-mail all day.Answer D is incorrect, because recovering the data files that
were damaged will not prevent a repeat attack.
14. You are creating a business continuity plan that incorporates several other plans to ensure that
key functions will not be interrupted for long if an incident occurs.What plan would be used
to identify a cold site that will be used to reestablish normal business functions in a disaster?
A. Business recovery plan
B. Business resumption plan
C. Contingency plan
D. SLA
Answer A.A business recovery plan addresses how business functions will resume at an alternate
site after a disaster occurs. It also will identify a cold, warm, or hot site to be used during the
recovery process.
Answer B is incorrect, because a business resumption plan does not specify locations used to
establish normal business functions, but addresses how critical systems and key functions of the
business will be maintained.Answer C is incorrect, because a contingency plan is used to
specify what actions can be performed to restore normal business activities after a disaster, or
when additional incidents occur during recovery.Answer D is incorrect, because SLAs are
agreements between clients and service providers that outline what services will be supplied,
what is expected from the service, and who will fix the service if it does not meet an expected
level of performance.
www.syngress.com
