CCNA Cc Bc Dr Ir Questions

20 of 95 questions · Page 2/2 · Cc Bc Dr Ir topic · Answers revealed

76
Multi-Selecthard

An incident response team is analyzing a data breach. Which THREE actions are part of the 'Lessons Learned' phase? (Select THREE)

Select 3 answers
A.Identifying the root cause of the breach
B.Documenting the timeline of events and actions taken
C.Updating the incident response plan based on findings
D.Conducting a post-incident review meeting with all stakeholders
E.Isolating affected systems to prevent further damage
AnswersB, C, D

Documentation helps improve future response.

Why this answer

Lessons Learned involves reviewing the incident, updating plans, and conducting post-mortems to improve future response. Identifying the root cause is part of analysis/eradication.

77
Multi-Selecthard

A security team is developing an incident response plan. Which THREE of the following are essential components of crisis communications during a data breach? (Choose three.)

Select 3 answers
A.Notifying affected customers
B.Revealing technical details of the attack to the public
C.Complying with regulatory notification requirements
D.Informing the organization's executive management
E.Deleting all logs to prevent evidence leakage
AnswersA, C, D

Customers whose data was breached must be informed.

Why this answer

Crisis communications should include notifying affected customers, informing management, and complying with legal/regulatory notification requirements. Public relations is also involved, but the options focus on key stakeholders.

78
Multi-Selectmedium

A company is selecting a recovery site strategy. Which TWO factors should be considered when choosing between a hot site and a warm site? (Select TWO.)

Select 2 answers
A.Number of employees
B.Cost
C.Color of the server racks
D.Type of operating system
E.Recovery Time Objective (RTO)
AnswersB, E

Hot sites are significantly more expensive than warm sites.

Why this answer

RTO and cost are primary differentiators: hot sites have shorter RTO but higher cost.

79
Multi-Selectmedium

An organization is evaluating recovery site options. Which TWO factors are most critical when selecting between a hot site and a warm site? (Select TWO.)

Select 2 answers
A.Cost
B.Geographic diversity
C.Number of employees
D.Recovery time objective (RTO)
E.Regulatory compliance
AnswersA, D

Cost differences are significant: hot sites require dedicated resources; warm sites are less expensive.

Why this answer

The primary factors are recovery time objective (RTO) and cost. Hot sites provide fast RTO but are expensive; warm sites are cheaper but have longer RTO.

80
MCQeasy

Which phase of the incident response process involves restoring systems to normal operations and confirming they are functioning correctly?

A.Recovery
B.Detection
C.Containment
D.Eradication
AnswerA

Recovery restores operations and verifies functionality.

Why this answer

Recovery is the phase after eradication where systems are restored and tested.

81
MCQhard

During an incident, a security analyst detects unusual network traffic from a workstation that is exfiltrating data to an external IP address. The analyst isolates the workstation. Which incident response phase does the isolation action belong to?

A.Detection
B.Analysis
C.Containment
D.Eradication
AnswerC

Isolation is a containment strategy to prevent further damage.

Why this answer

Containment is the phase where actions are taken to stop the incident from spreading or causing further damage, such as isolating affected systems.

82
Multi-Selecthard

A company is selecting a recovery site strategy. They need to balance cost and recovery time. Which THREE factors should they consider when choosing between hot, warm, and cold sites? (Select three.)

Select 3 answers
A.Geographic diversity
B.Vendor lock-in risks
C.Cost of the facility and equipment
D.Recovery time objective (RTO)
E.Data synchronization capabilities
AnswersC, D, E

Cost varies significantly among site types.

Why this answer

Key factors: cost, recovery time objective (RTO), and data synchronization capabilities. Geography and vendor lock-in are considerations but not primary for site type selection.

83
MCQeasy

Which backup method copies all data that has changed since the last full backup, regardless of subsequent incremental or differential backups?

A.Full backup
B.Synthetic full backup
C.Differential backup
D.Incremental backup
AnswerC

Differential copies changes since the last full backup.

Why this answer

A differential backup copies all changes since the last full backup, making it distinct from incremental which copies changes since the last backup of any type.

84
Multi-Selectmedium

A financial services company is conducting a Business Impact Analysis (BIA) for its online banking platform. Which TWO of the following are correctly defined metrics used in BIA?

Select 2 answers
A.Service Level Agreement (SLA) – the contractual uptime percentage guaranteed to customers.
B.Recovery Time Objective (RTO) – the maximum amount of time to restore a business function after a disruption.
C.Maximum Tolerable Downtime (MTD) – the total time a business function can be unavailable before causing irreparable harm.
D.Annualized Loss Expectancy (ALE) – the expected monetary loss per year from a risk.
E.Recovery Point Objective (RPO) – the maximum acceptable amount of data loss measured in time.
AnswersB, E

Correct. RTO is a BIA metric.

Why this answer

In BIA, RTO is the maximum time allowed to recover systems after a disaster, and RPO is the maximum acceptable data loss measured in time. MTD is also a BIA metric but is not one of the two correct answers in this question.

85
Multi-Selecthard

After a major power outage, an organization needs to declare a disaster and activate its DRP. Which THREE elements should be included in the initial crisis communication?

Select 3 answers
A.A statement that a disaster has been declared
B.Details of the vulnerability exploited
C.Contact information for the incident response team
D.Instructions for employees to work remotely
E.Names of affected customers
AnswersA, C, D

Essential for awareness.

Why this answer

Initial communication should confirm the disaster, provide initial instructions, and outline next steps without revealing sensitive details.

86
MCQeasy

During which phase of the incident response process would the team identify the root cause of a security incident?

A.Eradication
B.Preparation
C.Analysis
D.Detection
AnswerC

Analysis determines the root cause and impact.

Why this answer

The analysis phase involves examining the incident to determine the root cause, scope, and impact.

87
MCQmedium

A company's Business Impact Analysis (BIA) determines that its online payment system can tolerate a maximum of 2 hours of downtime. The IT team estimates that restoring the system from backups will take 1 hour, and the team needs another 30 minutes to verify data integrity and resume normal operations. Which metric does the 30-minute verification period represent?

A.Recovery Point Objective (RPO)
B.Work Recovery Time (WRT)
C.Maximum Tolerable Downtime (MTD)
D.Recovery Time Objective (RTO)
AnswerB

WRT is the additional time after system restoration to return to normal operations.

Why this answer

Work Recovery Time (WRT) is the time needed after systems are restored to return to normal operations, distinct from RTO which is the time to restore functionality.

88
MCQhard

A healthcare organization suffers a data breach involving protected health information (PHI). The incident occurred on Monday, and the organization discovers it on Wednesday. Under GDPR, if the breach affects EU residents, what is the deadline for notifying the supervisory authority?

A.Wednesday (day of discovery)
B.Saturday
C.Thursday
D.Monday (day of breach)
AnswerB

72 hours from Wednesday awareness is Saturday.

Why this answer

GDPR requires notification within 72 hours of becoming aware of the breach.

89
MCQmedium

A company uses a backup strategy where on Monday a full backup is taken, and on Tuesday only data changed since Monday is backed up. On Wednesday, the backup includes all data changed since Monday. What type of backup is the Wednesday backup?

A.Incremental backup
B.Synthetic full backup
C.Full backup
D.Differential backup
AnswerD

Differential includes all changes since last full backup.

Why this answer

Differential backup includes changes since last full backup.

90
MCQeasy

Which type of recovery site is pre-configured with hardware and software, but does not have live data, typically requiring days to become operational?

A.Warm site
B.Cloud-based recovery
C.Cold site
D.Hot site
AnswerA

Warm site has hardware/software but no live data, RTO days.

Why this answer

A warm site has partially configured infrastructure but no current data, leading to RTO of days.

91
MCQeasy

Which recovery site strategy provides the fastest recovery time, typically within hours, and is a fully mirrored environment ready to take over operations immediately?

A.Reciprocal agreement
B.Hot site
C.Warm site
D.Cold site
AnswerB

Hot site mirrors production and supports rapid recovery.

Why this answer

A hot site is fully configured with current data and systems, allowing recovery within hours.

92
Multi-Selecteasy

An organization experiences a denial-of-service (DoS) attack. Which TWO actions should the incident response team take during the containment phase? (Select two.)

Select 2 answers
A.Disconnect affected servers from the network
B.Filter malicious traffic at the firewall
C.Restore systems from backup
D.Notify law enforcement
E.Conduct a root cause analysis
AnswersA, B

This prevents further impact from the attack.

Why this answer

Containment aims to limit damage. Filtering traffic and disconnecting affected systems are typical containment actions for a DoS attack.

93
MCQhard

During a disaster, an organization activates a reciprocal agreement with another company. What is a primary risk associated with this strategy?

A.Potential lack of capacity when both parties need resources simultaneously
B.Long RTO due to data transfer
C.High cost of maintaining duplicate infrastructure
D.Incompatible hardware
AnswerA

Both may be affected or one may not have spare capacity.

Why this answer

Reciprocal agreements often fail because one party may lack capacity or resources when needed.

94
MCQhard

An organization's BIA determines that the payroll system has a Maximum Tolerable Downtime (MTD) of 4 hours. The current recovery plan has an RTO of 2 hours and an RPO of 1 hour. What is the maximum Work Recovery Time (WRT) allowed to meet the MTD?

A.2 hours
B.3 hours
C.4 hours
D.1 hour
AnswerA

MTD = RTO + WRT → 4 = 2 + WRT → WRT = 2 hours.

Why this answer

MTD = RTO + WRT. Given MTD=4, RTO=2, so WRT ≤ 2 hours.

95
MCQeasy

Which backup strategy requires the least amount of time to perform a daily backup but the most time to perform a full restore?

A.Differential backup
B.Full backup
C.Synthetic full backup
D.Incremental backup
AnswerD

Incremental is fastest to back up but slowest to restore.

Why this answer

Incremental backups only back up changes since the last backup (any type), making them fastest to perform but slowest to restore because all increments since the last full must be applied.

← PreviousPage 2 of 2 · 95 questions total

Ready to test yourself?

Try a timed practice session using only Cc Bc Dr Ir questions.