2 BC/IR/DR

Question 1

Business Continuity Planning (BCP) =

Answer 1

a set of activities and controls designed to keep a business running in the face of adversity (Availability!)

Question 2

Business Impact Assessment (BIA) =

Answer 2

a tool that identifies and prioritizes risk (risk assessment)

Question 3

The BIA output =

Answer 3

a prioritized listing of risks with associated cost - compare control cost with annualized loss expectancy

Question 4

Single Point of Failure Analysis (SPOFs) (Business continuity tool)

Answer 4

identifies and removes SPOFs (single server - replace with server cluster)

Question 5

2 key concepts to improve availability

Answer 5

1 High Availability (HA) - redundant systems 2 Fault Tolerance (FT) - helps protect a single system from failing in the first place

Question 6

Load Balancing =

Answer 6

(related but different concept)
- uses multiple systems in an attempt to spread the burden of providing services across those systems

Question 7

3 Common Points of Failure that FT addresses:

Answer 7

1 Power Supplies 2 Storage Media
3 Networking

Question 8

RAID is a

Answer 8

Fault Tolerance technique to protect against a single disk failure, it is not a backup strategy!

Question 9

RAID types (2)

Answer 9

1 Disk Mirroring (RAID level 1)
2 Disk Striping with Parity (RAID level 5)

Question 10

Disk Mirroring (RAID level 1) server has

Answer 10

• 2 disks
• data is written to both identically (synchronized)

Question 11

Disk Striping with Parity (RAID level 5)

Answer 11

• 3 or more disks
• data is written across those disks with parity blocks (additional data) spread across the disks

Question 12

Incident Response Process (4) (lifecycle)

Answer 12

1 Preparation
2 Detection/Analysis
3 Containment/Eradication/Recovery
4 Post-incident Activity
NIST SP 800-61 (standard process)

Question 13

Incident Response Plan elements:

Answer 13

1 statement of purpose/scope
2 clear strategies and goals for the incident response effort
3 the organization’s approach to incident response (who is responsible for what?)
4 communication with other groups
5 senior leadership approval

Question 14

IR Plan should (4)

Answer 14

1 covers both internal and external communications
2 contain notification and escalation procedures
3 limit external communications (PR, alert attackers, etc)
4 alerting law enforcement is usually not required (complex - threat to safety, obligation)

Question 15

SIEM =

Answer 15

Security Incident and Event Management

Question 16

SOAR =

Answer 16

Security Orchestration, Automation and Response

Question 17

DR steps in when

Answer 17

Business continuity fails! (a subset of Business Continuity)

Question 18

DR Initial response goals (2)

Answer 18

1 contain the damage
2 recover normal operations

Question 19

3 Metrics to used to develop the DR plan

Answer 19

1 RTO (Recovery Time Objective)
2 RPO (Recovery Point Objective)
3 RSL (Recovery Service Level)

Question 20

RTO =

Answer 20

targeted amount of time to restore service to meet the organization’s objectives

Question 21

RPO =

Answer 21

• the organization’s data loss tolerance (the maximum amount of data loss that is acceptable)
• example: an RPO of 1 hr requires a backup every hour

Question 22

RSL =

Answer 22

• the percentage of service that must be available during a disaster

Question 23

3 types of backup media

Answer 23

1 Tape Backups
2 Disk-to-disk (NAS, offsite)
3 Cloud backups

Question 24

3 primary backup types

Answer 24

1 Full Backups
2 Differential Backups
3 Incremental Backups

Question 25

Full backup

Answer 25

complete copy, clears the archive bit

Question 26

Differential Backup

Answer 26

• a copy of only the data that has changed since the last full backup
• does not clear the archive bit

Question 27

Incremental Backup

Answer 27

• a copy of files that have changed since either the most recent incremental or full backup. clears the archive bit

Question 28

Disaster Recovery Sites (3 types)

Answer 28

1 Hot Sites
2 Cold Sites (empty data center)
3 Warm Sites (has hardware, but software not running in parallel)

Question 29

DR testing goals (2)

Answer 29

1 validate that the plan functions correctly
2 identify necessary plan updates

Question 30

5 types of disaster recovery testing

Answer 30

1 read-through (check list reviews)
2 walk-through (tabletop discussion of everyone’s roles)
3 simulation (talk-through of actions for an actual scenario)
4 parallel test (activates DR environment but does not switch operations there)
5 full interruption test (rare - switches primary operations to the DR environment)