Business Continuity and Disaster Recovery Planning

Question 1

BCP

Answer 1

Business Continuity Plan. A long-term to ensure continuity of business operations. Goal is to ensure a business will continue to operate before, throughout and after a disaster event.

Question 2

COOP

Answer 2

Continuity of Operations Plan. A plan to maintain operations during a disaster.

Question 3

DRP

Answer 3

Disaster Recovery Plan. A short-term plan to recover from a disruptive event.

Question 4

MTBF

Answer 4

Mean Time Between Failures. Quantifies how long a new or repaired system will run on average before failing.

Question 5

MTTR

Answer 5

Mean Time To Repair. Describes how long it will take to recover a failed system.

Question 6

PIDAS Fence

Answer 6

Perimeter Intruder Detection Assessment System

Question 7

Disruptive Events (Disaster) Types (3)

Answer 7

Natural, Human or Environmental

Question 8

MTD

Answer 8

Maximum Tolerable Downtime.
Consists of:
(1) RTO - Recovery Time Objective
(2) WRT - Work Recovery Time

Question 9

DRP Process Steps

Answer 9

Respond, Activate Recovery Team, Communications, Assessment & Reconsistution

Question 10

BCP/DRP Planning Steps

Answer 10

Project Initiation
Scope the Project
Business Impact Analysis
Identify Preventive Controls
Recovery Strategy
Plan Design and Development
Implementation, Training and Testing
BCP/DRP Maintenance

Question 11

BIA

Answer 11

Business Impact Analysis. Process for determining how a disruption to the IT systems of an organization will impact the organization’s requirements, processes and interdependencies.

Question 12

BIA Components (2)

Answer 12

(1) Identification of critical assets

(2) Comprehensive risk analysis

Question 13

Failure and Recovery Metrics

Answer 13

RPO, RTO, WRT, MTBF MTTR MORs

Question 14

RPO

Answer 14

Recovery Point Objective. The amount of data loss or system inaccessibility that an organization can withstand.

Question 15

RTO/WRT

Answer 15

Recovery Time Objective/Work Recovery Time. RTO is the maximum time allowed to recover business or IT systems - how long it take to get the hardware running. WRT is the time needed to configure a recovered system.

Question 16

MTD

Answer 16

Maximum Tolerable Downtime. also MAD, MTO or MAO

…MTD = RTO + WRT

Question 17

MOR

Answer 17

Minimum Operating Requirements. The minimal environmental and connectivity requirements in order to operate computer equipment.

Question 18

Redundant Site

Answer 18

Exact production duplicate site with real-time synchronization of data. Highest cost and highest availability of all recovery options. No loss of data and changeover is transparent to users. Immediate recovery.

Question 19

Hot Site

Answer 19

Contains all necessary hardware and critical applications data mirrored in real time. Ready to go site. Recovery in hours.

Question 20

Warm Site

Answer 20

Fully configured and ready data center. Relies on backups to restore systems. Recovery in days

Question 21

Cold Site

Answer 21

Ready building with contingencies for equipment, supplies and applications. Recovery in weeks.

Question 22

Mobile Sites

Answer 22

Datacenters on wheels. Contain equipment, HVAC, fire suppression and physical security. Can be used on-site of original datacenter.

Question 23

Crisis Communications Plan

Answer 23

A plan for communicating to staff and the public.

(1) Call Trees/Automated call trees

Question 24

HA

Answer 24

High Availability Cluster. The goal is to decrease the recovery time of a system or network device so that the availability of the service is less impacted than it would be by having to rebuild, reconfigure, etc.
(1) Active-active Cluster: Multiply systems used to process traffic or data, load balancing. (2) Active-Passive Cluster: Secondary system online and active with data backed to system.

Question 25

DRP Testing Methods

Answer 25

(1) DRP Review: Review of plan.
(2) Checklist (Consistency): Using focused checklist to ensure availability of all necessary resources.
(3) Structured Walk-through: Tabletop exercise. Each aspect of plan is discussed and talk through steps.
(4) Simulation Test: A walk-through drill. Teams respond to simulated disaster to carry out recovery plan
(5) Parallel Processing: Recovery of critical processing components at an alternative facility and then restore data from a previous backup. Main site remains online.
(6) Business Interruption: Main site stopped and recovery performed at alternate site.