Business Continuity and Disaster Recovery Flashcards

1
Q

A business is hosting high-demand content in an earthquake-prone zone. The chief information security officer has asked his leadership to prioritize what should be focused on in the event of a disaster. What should be the highest priority?

Availability of high-demand data

Integrity of organizational databases

Safety of personnel

A

Safety of personnel

Personnel safety should always be the highest priority. This can be facilitated using physical controls, such as locks or fire-suppression mechanisms, or through policies and procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You are installing a database server that requires several hard drives in a RAID array. In the event one of the drives fails, you need to be able to swap out a failed hard drive with no downtime. Which of the following types of hard drives do you require?

Cold swap

Suspend swap

Hot swap

A

Hot swap

A hot-swap device, such as a hard drive, can be inserted or removed without the need to shut down the server. This enables you to retain the availability of the services on that server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Your company is in the middle of budgeting for disaster recovery. You have been asked to justify the cost for offsite backup media storage. What is the primary security purpose of storing backup media at an offsite storage facility?

So that the facility can copy the data to a RAID system

For proper archive labeling and storage

To prevent a disaster onsite from destroying the only copies of your backup media

A

To prevent a disaster onsite from destroying the only copies of your backup media

All backup plans should require backup media to be sent to an offsite storage facility. That way, if a disaster destroys your physical location, the backup media will be safe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You have implemented a backup plan for your critical file servers, including proper media rotation, backup frequency, and offsite storage. Which of the following must be performed on a regular basis to ensure the validity and integrity of your backup system?

Periodic testing of restores

Multiple monthly backup media

Purchasing of new media

A

Periodic testing of restores

Regularly testing your backups by performing a test restore is the only way to ensure that your backup data is valid and the data is intact. If the information cannot be restored, your backup plan is not providing any benefit for a disaster recovery scenario

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

As part of your organization’s contingency plan in the event of a disaster, which of the following would be the primary component of the organization to make functional after an initial disaster incident?

Check all file servers and make sure they are running.

Retrieve all backup tapes from the offsite storage facility.

Ensure basic communications such as phone and Internet connectivity are functional.

A

Ensure basic communications such as phone and Internet connectivity are functional.

The most important part of the company to get operational is basic communications, such as phones, networking connectivity, and e-mail. Until these communication lines are functional, the ability to coordinate the disaster recovery effort will be greatly reduced

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

You must ensure that power is always available (24/7) for a critical web and database server that accepts customer orders and processes transactions. Which of the following devices should be installed?

Power conditioner

UPS

Power generator

A

Power generator

A power generator is required to ensure that there is always power for your server. A UPS battery typically contains only enough power to run a system for about 10 to 20 minutes, while a power conditioner or redundant power supply will not help if there is no power to run them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You are installing network cabling for the main backbone of a manufacturing facility network. The manufacturing machinery generates a significant amount of EMI. Which of the following network cabling types should you use?

STP

Fiber optic

UTP

A

Fiber optic

Because fiber-optic cabling uses light to transfer information over the cables, it isn’t susceptible to electromagnetic interference

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You are performing a risk analysis of the environmental factors for your primary server equipment room. Which of the following environmental issues is most likely to affect an enclosed server room?

Cool temperatures

Flooding

High temperatures

A

High temperatures

Server rooms can quickly rise in temperature with so many systems running in an enclosed area. At high temperatures, CPUs and hard drives can shut down due to the excessive heat. Most server rooms contain air-conditioning systems that keep the temperature regulated and cooler than normal. If this air-conditioning system fails, the heat can dramatically rise within minutes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

During disaster recovery planning, you must ensure you have a strategy in place for succession planning. Which of the following concepts describes succession planning?

Replacing key employees who are unavailable during a disaster

Organizing an emergency contact list

Having an alternate hot site facility in place

A

Replacing key employees who are unavailable during a disaster

Succession planning makes sure that you have replacements for key employees in the event they are unavailable during the disaster recovery phase. This requires that employees have the same security clearance and can immediately take over the responsibilities of another employee’s position

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

It has been determined that your organization is processing privacy data. Which of the following should be conducted?

Privacy implication assessment

Privacy processing assessment

Privacy impact assessment

A

Privacy impact assessment

A privacy impact assessment (PIA) is conducted when privacy data is being stored or processed; when conducted, the PIA will determine what type of data is being stored, how is it being stored, where is it being stored, and what might trigger a privacy lapse. Systems that require a PIA should incorporate increased controls to mitigate the risks of processing and storing privacy data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly