Chapter 8: Disaster Recovery

Question 1

Is an element of an internal control system established to maintain availability and restoration of critical processes in the event of interruption

Answer 1

Disaster Recovery Planning

Question 2

What are the two goals of DRP

Answer 2

1. Respond to incidents that impact people and operations
2. Comply with regulatory requirements

Question 3

It indicates the earliest point in time in which it is acceptable to recover data

Answer 3

RPO

Question 4

RPO and RTO: The RPO is determined based on what?

Answer 4

Acceptable data loss

Question 5

RPO and RTO: It is possible to recover every data that was affected by the disaster (T or F)

Answer 5

False. It is impossible

Question 6

RPO and RTO: What do you call data that is lost

Answer 6

Orphan data

Question 7

It indicates the earliest point in time at which the business operations must resume after a disaster

Answer 7

Recovery Time Objective

Question 8

RPO and RTO: The RTO is determine based on?

Answer 8

Acceptable downtime

Question 9

The RTO includes business operations recovery only (T or F)

Answer 9

False. It includes supporting IT systems

Question 10

RPO and RTO: What is the relationship of cost and technology with reference to time to disruption?

Answer 10

the nearer the RPO and RTO to the time of disruption, the higher the cost and technology

Question 11

RPO and RTO: What can you employ for RPO and RTO with the lowest acceptable data loss and downtime?

Answer 11

For RPO: Data Mirroring, Real Time Replication
For RTO: Mirror Site/ Hot site, Dedicated Spare Servers and Clustering

Question 12

RPO and RTO: It is the time gap within which the business can accept the unavailability of IT critical service

Answer 12

Disaster Tolerance

Question 13

RPO and RTO: What is the relationship of disaster tolerance and RTO?

Answer 13

The lower the RTO, the lower the disaster tolerance

Question 14

RPO and RTO: The RTO is focused on _____ solutions, while the RPO is focused on ___ ___ solutions.

Answer 14

Recovery; data protection

Question 15

RPO and RTO: What are the additional parameters that are important in defining the recovery strategies?

Answer 15

Interruption Window
Service Delivery objective
Maximum tolerable outages

Question 16

Recovery Strategies: the maximum period of time the organization can wait from the point of failure to the critical services restoration

Answer 16

Interruption Window

Question 17

Recovery Strategies: What can happen if the interruption window is exceeded?

Answer 17

The losses incurred by the company becomes unaffordable

Question 18

Recovery Strategies: Level of services to be reached during the alternate process mode until the normal situation is restored (minimum of level of serviceability to be achieved while restoring to normal operations)

Answer 18

Service delivery objective (SDO)

Question 19

Recovery Strategies: The SDO is related to what?

Answer 19

Business needs (Critical operations)

Question 20

Recovery Strategies: Maximum time the organization can support processing in alternate mode.

Answer 20

Maximum tolerable outages (MTO)

Question 21

Recovery Strategies: After the MTO, different problems may arise especially if?

Answer 21

1. The SDO is lower than the usual SDO
2. The information pending to be updated becomes unmanageable

Question 22

Identifies the best way to recover a system (may be on or many) in case of an interruption.

Answer 22

Recovery Strategy

Question 23

Recovery Strategies: There can only be one recovery strategy (T or F)

Answer 23

False. Strategies with different alternatives must be developed

Question 24

Recovery Strategies: The developed recovery strategies must be presented to ?

Answer 24

Senior Management

Question 25

Recovery Alternatives: When the normal production facilities become unavailable, the business may use?

Answer 25

Alternate facilities

Question 26

Recovery Alternatives: facilities with the space and basic infrastructure but lack IT equipment and communications.

Answer 26

Cold sites

Question 27

Recovery Alternatives: Plans that utilize cold sites should have what?

Answer 27

A provision for the installation of requisite hardware and software

Question 28

Recovery Alternatives: packaged, modular processing facilities mounted on transportable vehicles and kept ready to be delivered

Answer 28

Mobile Sites

Question 29

Recovery Alternatives: a plan that uses mobile sites must do what 3 things?

Answer 29

1. Specify location 2. Right of access to the location 3. Ancillary infrastructure

Question 30

Recovery Alternatives: this alternative has complete infrastructure but partially configured IT

Answer 30

Warm site

Question 31

Recovery Alternatives: Warm sites have network connections already (T or F)

Answer 31

True

Question 32

Recovery Alternatives: What must be done to the program and data at warm sites before operation can be resumed?

Answer 32

Versions of programs and data must be loaded

Question 33

Recovery Alternatives: are facilities with space, basic infrastructure and all of the IT and communications equipment to support the critical applications

Answer 33

Hot Site

Question 34

Recovery Alternatives: What is a difference between hot and warm sites

Answer 34

1. Warm sites have partial IT configurations while hot sites have all IT requirements. 2. Warm site can support critical applications at an interim basis while Hot Sites can fully support critical applications

Question 35

Recovery Alternatives: What is a difference between hot sites and mirrored sites

Answer 35

1. The amount of staff 2. Data may or may not be duplicated in real time for hot sites

Question 36

Recovery Alternatives: fully redundant sites and users will not perceive any interruption

Answer 36

Mirrored sites

Question 37

Recovery Alternatives: contracts between similar industry companies to share their IT facilities in case one company loses theirs

Answer 37

Reciprocal agreements

Question 38

Recovery Alternatives: Reciprocal agreements are viable options for recovery (T or F)

Answer 38

False. It is not

Question 39

Recovery Alternatives: Mobile sites can be from a third party (T or F)

Answer 39

True

Question 40

Recovery Alternatives: a recovery alternative that involves two or more organizations with unique equipment or applications

Answer 40

Reciprocal agreements with other organization

Question 41

Recovery Alternatives: What is needed when an alternate processing facilities come from a third party?

Answer 41

SLA

Question 42

Development of DRP: the DRP is done after what?

Answer 42

BIA and Risk assessment

Question 43

Development of DRP: the DRP must be what 2 things?

Answer 43

1. Documented 2. Written in simple language

Question 44

Development of DRP: the DRP typically contains which 10 things

Answer 44

1. Escalation procedures 2. Plan activation criteria 3. How it links with overarching plans 4. People responsible per function in plan execution 5. Recovery teams and their responsibilities 6. Contact and notification list 7. The step by step of the whole recovery process 8. Recovery procedures for each component 9. Contacts for vendors 10. Resources required for recovery

Question 45

Development of DRP: copies of the plan should be?

Answer 45

Maintained off-site

Question 46

DR Testing Methods: Based on the risk assessment and BIA, which are identified for testing

Answer 46

Critical applications and infrastructure

Question 47

Recovery plans MUST be tested (T or F)

Answer 47

TruTruee

Question 48

DR Testing Methods: what must be developed to ensure that measurable benefits can be achieved?

Answer 48

Test objectives

Question 49

DR Testing Methods: Who must be present in the testing and what are their roles?

Answer 49

An independent third party A recommendation list

Question 50

DR Testing Methods: Sometimes, recovery plans can be without fault, and no further actions need to be done. (T or F)

Answer 50

False, no plan is perfect

Question 51

DR Testing Methods: usually the preliminary step to a real test

Answer 51

Checklist review

Question 52

DR Testing Methods: checklists are given to the recovery team for review to ensure?

Answer 52

That it is current

Question 53

DR Testing Methods: physically implement the plans on paper and review each steep to assess its effectiveness

Answer 53

Structured walk through

Question 54

DR Testing Methods: a disaster role play without activating the recovery site

Answer 54

Simulation test

Question 55

DR Testing Methods: The role play is done with the recovery site but primary site continues operations

Answer 55

Parallel Test

Question 56

DR Testing Methods: operations are shut down at the primary site and shifted to the recovery site (Full on role play)

Answer 56

Full interruption test