Chapter 8: Disaster Recovery Flashcards

1
Q

Is an element of an internal control system established to maintain availability and restoration of critical processes in the event of interruption

A

Disaster Recovery Planning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the two goals of DRP

A
  1. Respond to incidents that impact people and operations
  2. Comply with regulatory requirements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

It indicates the earliest point in time in which it is acceptable to recover data

A

RPO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

RPO and RTO: The RPO is determined based on what?

A

Acceptable data loss

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

RPO and RTO: It is possible to recover every data that was affected by the disaster (T or F)

A

False. It is impossible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

RPO and RTO: What do you call data that is lost

A

Orphan data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

It indicates the earliest point in time at which the business operations must resume after a disaster

A

Recovery Time Objective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

RPO and RTO: The RTO is determine based on?

A

Acceptable downtime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The RTO includes business operations recovery only (T or F)

A

False. It includes supporting IT systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

RPO and RTO: What is the relationship of cost and technology with reference to time to disruption?

A

the nearer the RPO and RTO to the time of disruption, the higher the cost and technology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

RPO and RTO: What can you employ for RPO and RTO with the lowest acceptable data loss and downtime?

A

For RPO: Data Mirroring, Real Time Replication
For RTO: Mirror Site/ Hot site, Dedicated Spare Servers and Clustering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

RPO and RTO: It is the time gap within which the business can accept the unavailability of IT critical service

A

Disaster Tolerance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

RPO and RTO: What is the relationship of disaster tolerance and RTO?

A

The lower the RTO, the lower the disaster tolerance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

RPO and RTO: The RTO is focused on _____ solutions, while the RPO is focused on ___ ___ solutions.

A

Recovery; data protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

RPO and RTO: What are the additional parameters that are important in defining the recovery strategies?

A

Interruption Window
Service Delivery objective
Maximum tolerable outages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Recovery Strategies: the maximum period of time the organization can wait from the point of failure to the critical services restoration

A

Interruption Window

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Recovery Strategies: What can happen if the interruption window is exceeded?

A

The losses incurred by the company becomes unaffordable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Recovery Strategies: Level of services to be reached during the alternate process mode until the normal situation is restored (minimum of level of serviceability to be achieved while restoring to normal operations)

A

Service delivery objective (SDO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Recovery Strategies: The SDO is related to what?

A

Business needs (Critical operations)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Recovery Strategies: Maximum time the organization can support processing in alternate mode.

A

Maximum tolerable outages (MTO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Recovery Strategies: After the MTO, different problems may arise especially if?

A
  1. The SDO is lower than the usual SDO
  2. The information pending to be updated becomes unmanageable
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Identifies the best way to recover a system (may be on or many) in case of an interruption.

A

Recovery Strategy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Recovery Strategies: There can only be one recovery strategy (T or F)

A

False. Strategies with different alternatives must be developed

24
Q

Recovery Strategies: The developed recovery strategies must be presented to ?

A

Senior Management

25
Recovery Alternatives: When the normal production facilities become unavailable, the business may use?
Alternate facilities
26
Recovery Alternatives: facilities with the space and basic infrastructure but lack IT equipment and communications.
Cold sites
27
Recovery Alternatives: Plans that utilize cold sites should have what?
A provision for the installation of requisite hardware and software
28
Recovery Alternatives: packaged, modular processing facilities mounted on transportable vehicles and kept ready to be delivered
Mobile Sites
29
Recovery Alternatives: a plan that uses mobile sites must do what 3 things?
1. Specify location 2. Right of access to the location 3. Ancillary infrastructure
30
Recovery Alternatives: this alternative has complete infrastructure but partially configured IT
Warm site
31
Recovery Alternatives: Warm sites have network connections already (T or F)
True
32
Recovery Alternatives: What must be done to the program and data at warm sites before operation can be resumed?
Versions of programs and data must be loaded
33
Recovery Alternatives: are facilities with space, basic infrastructure and all of the IT and communications equipment to support the critical applications
Hot Site
34
Recovery Alternatives: What is a difference between hot and warm sites
1. Warm sites have partial IT configurations while hot sites have all IT requirements. 2. Warm site can support critical applications at an interim basis while Hot Sites can fully support critical applications
35
Recovery Alternatives: What is a difference between hot sites and mirrored sites
1. The amount of staff 2. Data may or may not be duplicated in real time for hot sites
36
Recovery Alternatives: fully redundant sites and users will not perceive any interruption
Mirrored sites
37
Recovery Alternatives: contracts between similar industry companies to share their IT facilities in case one company loses theirs
Reciprocal agreements
38
Recovery Alternatives: Reciprocal agreements are viable options for recovery (T or F)
False. It is not
39
Recovery Alternatives: Mobile sites can be from a third party (T or F)
True
40
Recovery Alternatives: a recovery alternative that involves two or more organizations with unique equipment or applications
Reciprocal agreements with other organization
41
Recovery Alternatives: What is needed when an alternate processing facilities come from a third party?
SLA
42
Development of DRP: the DRP is done after what?
BIA and Risk assessment
43
Development of DRP: the DRP must be what 2 things?
1. Documented 2. Written in simple language
44
Development of DRP: the DRP typically contains which 10 things
1. Escalation procedures 2. Plan activation criteria 3. How it links with overarching plans 4. People responsible per function in plan execution 5. Recovery teams and their responsibilities 6. Contact and notification list 7. The step by step of the whole recovery process 8. Recovery procedures for each component 9. Contacts for vendors 10. Resources required for recovery
45
Development of DRP: copies of the plan should be?
Maintained off-site
46
DR Testing Methods: Based on the risk assessment and BIA, which are identified for testing
Critical applications and infrastructure
47
Recovery plans MUST be tested (T or F)
TruTruee
48
DR Testing Methods: what must be developed to ensure that measurable benefits can be achieved?
Test objectives
49
DR Testing Methods: Who must be present in the testing and what are their roles?
An independent third party A recommendation list
50
DR Testing Methods: Sometimes, recovery plans can be without fault, and no further actions need to be done. (T or F)
False, no plan is perfect
51
DR Testing Methods: usually the preliminary step to a real test
Checklist review
52
DR Testing Methods: checklists are given to the recovery team for review to ensure?
That it is current
53
DR Testing Methods: physically implement the plans on paper and review each steep to assess its effectiveness
Structured walk through
54
DR Testing Methods: a disaster role play without activating the recovery site
Simulation test
55
DR Testing Methods: The role play is done with the recovery site but primary site continues operations
Parallel Test
56
DR Testing Methods: operations are shut down at the primary site and shifted to the recovery site (Full on role play)
Full interruption test