9. Resilience & Physical security Flashcards
What is the purpose of redundancy in systems?
To build resilience and ensure availability
Name three key elements of redundant designs.
- Addressing organizational risks * Ensuring trade-offs between cost and capabilities * Geographic dispersal
What are some methods to build and ensure resiliency?
- Load balancers * Clustering * Power protection * RAID * Backups * Diversity of technologies
RAID (/reɪd/; redundant array of inexpensive disks or redundant array of independent disks) is a data storage virtualization technology that combines multiple physical data storage components into one or more logical units for the purposes of data redundancy, performance improvement, or both.
What considerations should be made when designing redundant systems?
(Requirements)
- Availability * Resilience * Cost * Responsiveness * Scalability * Ease of deployment * Risk transference * Ease of recovery * Patch availability * Power and compute
What is the role of capacity planning?
To ensure enough capacity to handle issues and outages
How do multicloud environments affect organizational resilience?
They help prevent a single technology’s outage but add complexity and costs
What is the primary purpose of backups?
To ensure organizations can recover from events and issues
What factors determine backup locations and frequency?
An organization’s risk profile and recovery needs
What are some methods of ensuring data availability in backups?
- Snapshots * Journaling * Replication
Snapshots create point-in-time copies of data for quick recovery, while replication creates a separate, usable copy of data for redundancy and minimizing downtime.
How is encryption used in backups?
To keep backups secure both in-transit and at rest
Why is response and recovery critical when failures occur?
Failures will occur, and knowing how to respond is essential
What types of disaster recovery locations can organizations use?
- Hot site * Warm site * Cold site * Redundant cloud location
What is the importance of having a predetermined restoration order?
To guide what needs to be brought back online first
What are common testing methods for response and recovery?
- Tabletop exercises * Failover testing * Simulations * Parallel processing
What are some physical security controls for site security?
- Fences * Lighting * Alarms * Bollards * Access control vestibules * Cameras
What is the role of access control in physical security?
To prevent unauthorized visitors
Which types of sensors may be used in physical security?
- Infrared * Ultrasonic * Pressure * Microwave
What types of attacks need to be considered in physical security design?
- Brute-force attacks * Attacks against RFID * Environmental attacks
