CHAPTER 18 Questions Flashcards
James is working with his organization’s leadership to help them understand the role that disaster recovery plays in their cybersecurity strategy. The leaders are confused about the differences between disaster recovery and business continuity. What is the end goal of disaster recovery planning?
A. Preventing business interruption
B. Setting up temporary business operations
C. Restoring normal business activity
D. Minimizing the impact of a disaster
C. Restoring normal business activity
Once a disaster interrupts the business operations, the goal of DRP is to restore regular business activity as quickly as possible. Thus, disaster recovery planning picks up where business continuity planning leaves off. Preventing business interruption is the goal of business continuity, not disaster recovery programs. Although disaster recovery programs are involved in restoring normal activity and minimizing the impact of disasters, this is not their end goal.
Kevin is attempting to determine an appropriate backup frequency for his organization’s database server and wants to ensure that any data loss is within the organization’s risk appetite. Which one of the following security process metrics would best assist him with this task?
A. RTO
B. MTD
C. RPO
D. MTBF
C. RPO
The recovery point objective (RPO) specifies the maximum amount of data that may be lost during a disaster and should be used to guide backup strategies. The maximum tolerable downtime (MTD) and recovery time objective (RTO) are related to the duration of an outage, rather than the amount of data lost. The mean time between failures (MTBF) is related to the frequency of failure events.
Brian’s organization recently suffered a disaster and wants to improve their disaster recovery program based on their experience. Which one of the following activities will best assist with this task?
A. Training programs
B. Awareness efforts
C. BIA review
D. Lessons learned
D. Lessons learned
The lessons learned session captures discoveries made during the disaster recovery process and facilitates continuous improvement. It may identify deficiencies in training and awareness or in the business impact analysis.
Adam is reviewing the fault-tolerance controls used by his organization and realizes that they currently have a single point of failure in the disks used to support a critical server. Which one of the following controls can provide fault tolerance for these disks?
A. Load balancing
B. RAID
C. Clustering
D. HA pairs
B. RAID
Redundant arrays of inexpensive disks (RAID) are a fault-tolerance control that allow an organization’s storage service to withstand the loss of one or more individual disks. Load balancing, clustering, and high-availability (HA) pairs are all fault-tolerance services designed for server compute capacity, not storage.
Brad is helping to design a disaster recovery strategy for his organization and is analyzing possible storage locations for backup data. He is not certain where the organization will recover operations in the event of a disaster and would like to choose an option that allows them the flexibility to easily retrieve data from any DR site. Which one of the following storage locations provides the best option for Brad?
A. Primary data center
B. Field office
C. Cloud computing
D. IT manager’s home
C. Cloud computing
Cloud computing services provide an excellent location for backup storage because they are accessible from any location. The primary data center is a poor choice, since it may be damaged during a disaster. A field office is reasonable, but it is in a specific location and is not as flexible as a cloud-based approach. The IT manager’s home is a poor choice—the IT manager may leave the organization or may not have appropriate environmental and physical security controls in place.
Which of the following statements about business continuity planning and disaster recovery planning are correct? (Choose all that apply.)
A. Business continuity planning is focused on keeping business functions uninterrupted when a disaster strikes.
B. Organizations can choose whether to develop business continuity planning or disaster recovery planning plans.
C. Business continuity planning picks up where disaster recovery planning leaves off.
D. Disaster recovery planning guides an organization through recovery of normal operations at the primary facility.
A. Business continuity planning is focused on keeping business functions uninterrupted when a disaster strikes.
B. Organizations can choose whether to develop business continuity planning or disaster recovery planning plans.
D. Disaster recovery planning guides an organization through recovery of normal operations at the primary facility.
The only incorrect statement here is that business continuity planning picks up where disaster recovery planning leaves off. In fact, the opposite is true: disaster recovery planning picks up where business continuity planning leaves off. The other three statements are all accurate reflections of the role of business continuity planning and disaster recovery planning. Business continuity planning is focused on keeping business functions uninterrupted when a disaster strikes. Organizations can choose whether to develop business continuity planning or disaster recovery planning plans, although it is highly recommended that they do so. Disaster recovery planning guides an organization through recovery of normal operations at the primary facility.
Tonya is reviewing the flood risk to her organization and learns that their primary data center resides within a 100-year flood plain. What conclusion can she draw from this information?
A. The last flood of any kind to hit the area was more than 100 years ago.
B. The odds of a flood at this level are 1 in 100 in any given year.
C. The area is expected to be safe from flooding for at least 100 years.
D. The last significant flood to hit the area was more than 100 years ago.
B. The odds of a flood at this level are 1 in 100 in any given year.
The term 100-year flood plain is used to describe an area where flooding is expected once every 100 years. It is, however, more mathematically correct to say that this label indicates a 1 percent probability of flooding in any given year.
Randi is designing a disaster recovery mechanism for her organization’s critical business databases. She selects a strategy where an exact, up-to-date copy of the database is maintained at an alternative location. What term describes this approach?
A. Transaction logging
B. Remote journaling
C. Electronic vaulting
D. Remote mirroring
D. Remote mirroring
When you use remote mirroring, an exact copy of the database is maintained at an alternative location. You keep the remote copy up to date by executing all transactions on both the primary and remote sites at the same time. Electronic vaulting follows a similar process of storing all data at the remote location, but it does not do so in real time. Transaction logging and remote journaling options send logs, rather than full data replicas, to the remote location.
Bryn runs a corporate website and currently uses a single server, which is capable of handling the site’s entire load. She is concerned, however, that an outage on that server could cause the organization to exceed its RTO. What action could she take that would best protect against this risk?
A. Install dual power supplies in the server.
B. Replace the server’s hard drives with RAID arrays.
C. Deploy multiple servers behind a load balancer.
D. Perform regular backups of the server.
C. Deploy multiple servers behind a load balancer.
All of these are good practices that could help improve the quality of service that Bryn provides from her website. Installing dual power supplies or deploying RAID arrays could reduce the likelihood of a server failure, but these measures only protect against a single risk each. Deploying multiple servers behind a load balancer is the best option because it protects against any type of risk that would cause a server failure. Backups are an important control for recovering operations after a disaster and different backup strategies could indeed alter the RTO, but it is even better if Bryn can design a web architecture that lowers the risk of the outage occurring in the first place.
Carl recently completed his organization’s annual business continuity plan refresh and is now turning his attention to the disaster recovery plan. What output from the business continuity plan can he use to prepare the business unit prioritization task of disaster recovery planning?
A. Vulnerability analysis
B. Business impact analysis
C. Risk management
D. Continuity planning
B. Business impact analysis
During the business impact analysis phase, you must identify the business priorities of your organization to assist with the allocation of BCP resources. You can use this same information to drive the disaster recovery planning business unit prioritization.
Nolan is considering the use of several different types of alternate processing facility for his organization’s data center. Which one of the following alternative processing sites takes the longest time to activate but has the lowest cost to implement?
A. Hot site
B. Mobile site
C. Cold site
D. Warm site
C. Cold site
The cold site contains none of the equipment necessary to restore operations. All of the equipment must be brought in and configured and data must be restored to it before operations can commence. This process often takes weeks, but cold sites also have the lowest cost to implement. Hot sites, warm sites, and mobile sites all have quicker recovery times.
Ingrid is concerned that one of her organization’s data centers has been experiencing a series of momentary power outages. Which one of the following controls would best preserve their operating status?
A. Generator
B. Dual power supplies
C. UPS
D. Redundant network links
C. UPS
Uninterruptible power supplies (UPSs) provide a battery-backed source of power that is capable of preserving operations in the event of brief power outages. Generators take a significant amount of time to start and are more suitable for longer-term outages. Dual power supplies protect against power supply failures and not power outages. Redundant network links are a network continuity control and do not provide power.
Which one of the following items is a characteristic of hot sites but not a characteristic of warm sites?
A. Communications circuits
B. Workstations
C. Servers
D. Current data
D. Current data
Warm sites and hot sites both contain workstations, servers, and the communications circuits necessary to achieve operational status. The main difference between the two alternatives is the fact that hot sites contain near-real-time copies of the operational data and warm sites require the restoration of data from backup.
Harry is conducting a disaster recovery test. He moved a group of personnel to the alternate recovery site, where they are mimicking the operations of the primary site but do not have operational responsibility. What type of disaster recovery test is he performing?
A. Checklist test
B. Structured walk-through
C. Simulation test
D. Parallel test
D. Parallel test
The parallel test involves relocating personnel to the alternate recovery site and implementing site activation procedures. Checklist tests, structured walk-throughs, and simulations are all test types that do not involve actually activating the alternate site.
What type of document will help public relations specialists and other individuals who need a high-level summary of disaster recovery efforts while they are under way?
A. Executive summary
B. Technical guides
C. Department-specific plans
D. Checklists
A. Executive summary
The executive summary provides a high-level view of the entire organization’s disaster recovery efforts. This document is useful for the managers and leaders of the firm as well as public relations personnel who need a nontechnical perspective on this complex effort.