Chapter 9 Implementing Controls to Protect Assets

Question 1

____ ____ _____ help protect access to secure areas

Answer 1

Physical security controls

Question 2

____ and ____ _____ strategies help eliminate single points of failure for critical systems.

Answer 2

Redundancy and fault-tolerance

Question 3

_____ ensure that data remains available even after data is lost.

Answer 3

Backups

Question 4

_____ ______ strategies help ensure mission critical functions continue to operate even if a disaster destroys a primary business location

Answer 4

Business continuity

Question 5

____ ___ _____ refers to the security practice of implementing several layers of protection.

Answer 5

Defense in depth (aka layered security)

Question 6

True or False: You must implement security at several different layers so if one layer fails you still have additional layers to protect you.

Answer 6

True

Question 7

____ _____ is the use of different security control types, such as technical controls, administrative controls, and physical controls.

Answer 7

Control diversity

Question 8

_____ ____ such as vulnerability assessments and penetration tests can help verify that these controls are working as expected

Answer 8

Administrative controls

Question 9

____ ________ is the practice of implementing security controls from different vendors to increase security.

Answer 9

Vendor diversity

Question 10

True or False: Many DMZs use two firewalls and vendor diversity dictates the use of firewalls from different vendors.

Answer 10

True

Example: One firewall could be a Cisco firewall and the other one could be a Check Point firewall.

Question 11

_____ _______ also helps provide defense in depth.

Answer 11

User training

Question 12

True or False: If users engage in risky behaviors, such as downloading and installing files from unknown sources or responding to phishing emails, they can give attackers a path into an organization’s network.

Answer 12

True

Question 13

True or False: Providing regular user training on common threats, and emerging threats, helps them avoid these types of attacks.

Answer 13

True

Question 14

A _____ ____ _____ is something you can physically touch, such as a hardware lock, a fence, an identification badge, and a security camera.

Answer 14

Physical security control

Question 15

______ _____ _____ ______ attempt to control entry and exits, and organizations commonly implement different controls at different boundaries

Answer 15

Physical security access controls

Question 16

List some physical security access controls

Answer 16

1. Perimeter - Border around land
2. Buildings
3. Secure work areas - i.e. SOCC, NOC
4. Hardware - Cabinet locks, cable locks, etc.
5. Airgap

Question 17

An ______ is a physical security control that ensures that a computer or network is physically isolated from another computer or network.

Answer 17

Airgap

Question 18

True or False: A complex physical security control is a sign

Answer 18

False

It is a simple physical security control

Question 19

True or False: It is common to secure access to controlled areas of a building with door locks, and there are many different lock types.

Answer 19

True

Question 20

A ____ ____ ____ is one that only opens after some access control mechanism is used

Answer 20

Door access system

Question 21

True or False: When implementing door access systems, it’s not important to limit the number of entry and exit points.

Answer 21

False

It is important

Question 22

True or False: In the event of a fire, door access systems should allow personnel to exit the building without any form of authentication.

Answer 22

True

Question 23

____ ____ often have four or five buttons labeled with numbers.

Answer 23

Cipher locks

Question 24

Cipher locks can be ______ or ______

Answer 24

Electronic or manual

Question 25

An _____ _____ _____ automatically unlocks the door after you enter the correct code into the keypad

Answer 25

Electronic cipher lock

Question 26

A _____ _____ _____ requires a user to turn a handle after entering the code.

Answer 26

Manual cipher lock

Question 27

True or False: To add complexity and reduce brute force attacks, many manual cipher locks include a code that requires two numbers entered at the same time.

Answer 27

True

Question 28

True or False: One challenge with cipher locks is that they don’t identify the users.

Answer 28

True

Question 29

True or False: Uneducated users cannot give out the cipher code to unauthorized individuals without understanding the risks

Answer 29

False

They can

Question 30

_______ _____ are small credit card-sized cards that activate when they are in close proximity to a card reader.

Answer 30

Proximity cards

Question 31

True or False: Many self-serve gasoline stations and fast-food restaurants use proximity card readers embedded in credit cards.

Answer 31

True

Question 32

True or False: The proximity card does not require its own power source.

Answer 32

True
The electronics in the card include a capacitor and a coil that can accept a charge from the proximity card reader. When you pass the card close to the reader, the reader excites the coil and stores a charge in the capacitor. Once charged, the card transmits the information to the reader using a radio frequency.

Question 33

True or False: Some door access systems include details on the user and record when the user enter or exists the area

Answer 33

True

When used this way, it’s common to combine the proximity card reader with a keypad requiring the user to enter a personal identification number (PIN). This identifies and authenticates the user with multifactor authentication. The user has something (proximity card) and knows something (PIN)

Question 34

It is also possible to use _______ methods as an access control system.

Answer 34

Biometric

Question 35

True or False: One of the benefits with using a biometric method for access control is that it provides both identification and authentication

Answer 35

True

Question 36

True or False: It’s important to ensure you use an accurate biometric system and configure it to use a low false acceptance rate.

Answer 36

True

Question 37

_______ occurs when one user follows closely behind another user without using credentials.

Answer 37

Tailgating (also called piggybacking)

Question 38

True or False: If authorized users routinely do tailgating, it indicates the environment is susceptible to a social engineering attack where an unauthorized user follows closely behind an authorized user.

Answer 38

True

Question 39

True or False: Social engineers take advantage of people’s polite and courteous manners

Answer 39

True

Question 40

______ ______ areas are most susceptible to tailgating attacks.

Answer 40

High traffic

Question 41

True or False: The best solution for preventing tailgating is a mantrap

Answer 41

True

Question 42

A ____ is a physical security mechanism designed to control access to a secure area through a buffer zone.

Answer 42

Mantrap

Question 43

True or False: Because they only allow one person through at a time, mantraps prevent tailgating

Answer 43

True

Question 44

_______ get their name due to their ability to lock a person between two areas, such as an open access area and a secure access area, but not all of them are that sophisticated.

Answer 44

Mantraps

Question 45

True or False: It’s also possible to require identification and authentication before allowing passage through a mantrap.

Answer 45

True

Question 46

Cameras are connected to a _____ ____ ______ system which transmits signals from video cameras to monitors that are similar to TVs

Answer 46

Closed circuit televisions (CCTVs)

Question 47

True or False: In addition to providing security, CCTV can also enhance safety by deterring threats.

Answer 47

True

Question 48

______ _________ provides the most reliable proof of a person’s location and activity.

Answer 48

Video surveillance

Question 49

True or False: Access logs provide a record, but it’s possible to circumvent the security of an access log.

Answer 49

True
Ex. someone can use another’s proximity card to enter an area but it will be recorded as the card owner not the person who used it.

Question 50

True or False: When using video surveillance in a work environment, it’s important to respect privacy and to be aware of privacy laws.

Answer 50

True

Question 51

List some things to consider with video surveillance and privacy

Answer 51

1. Only record activity in public areas. It is often illegal to record activity in locker rooms and restrooms
2. Notify employees of the surveillance - If employees aren’t notified of the surveillance, legal issues related to the video surveillance can arise.
3. Do not record audio - Recording audio is illegal in many jurisdictions, without the express consent of all parties being recorded.

Question 52

_____ provide a barrier around a property and deter people from entering.

Answer 52

Fences

Question 53

True or False: When using a fence, it’s common to control access to the area via specific gates.

Answer 53

True

Question 54

True or False: When additional security is required, organizations sometimes configure dual gates, allowing access into one area where credentials are checked before allowing full access.

Answer 54

True

This effectively creates a cage preventing full access, but also prevents unauthorized individuals from escaping.

Question 55

True or False: Many organizations use a combination of automation, light dimmers, and motion sensors to save on electricity costs without sacrificing security.

Answer 55

True

Question 56

Installing _____ at all entrances to a building can deter attackers from trying to break in.

Answer 56

Lights

Question 57

_______ provide an additional physical security protection

Answer 57

Alarms

Question 58

True or False: You cannot combine motion detection systems with burglary prevention systems

Answer 58

False

Question 59

_____ ______ sense infrared radiation sometimes called infrared light, which effectively sees a difference between objects of different temperatures

Answer 59

Infrared detectors

Question 60

True or False: The use of infrared detectors can help eliminate false alarms by sensing more than just motion, but motion from objects of different temperatures

Answer 60

True

Question 61

______, ______, and _____ (when combined) all provide layered physical security

Answer 61

Fencing, lighting, and alarms

Question 62

Organizations often use _____, which are short vertical posts, composed of reinforced concrete and/or steel.

Answer 62

Bollards

Question 63

True or False: Orgs often place the bollards in front of entrances about three or four feet apart.

Answer 63

True

Question 64

True or False: Companies that don’t have the resources to employ advanced security systems often use hardware locks to prevent access to secure areas

Answer 64

True

Question 65

___ _______ is an important concept to consider when using hardware locks.

Answer 65

Key management

Question 66

True or False: Proper key management ensures that only authorized personnel can access the physical keys

Answer 66

True

Question 67

____ ____ are a great theft deterrent for mobile computers, and even many desktop computers at work.

Answer 67

Cable locks

Question 68

True or False: Another common use of a cable lock is for computers in unsupervised labs.

Answer 68

True

Question 69

True or False: Often in server rooms, administrators use locking cabinets or enclosures to secure equipment mounted within bays.

Answer 69

True

Question 70

You can store smaller devices such as external USB drives or USB flash drives in an ______ ____ or _______ _______ when they aren’t in use

Answer 70

Office safe or locking cabinet

Question 71

____ _______ is the process of tracking valuable assets throughout their life cycles.

Answer 71

Asset management

Question 72

True or False: An effective asset management system can help reduce several vulnerabilities

Answer 72

True

Question 73

True or False: Asset management helps reduce architecture and design weaknesses by ensuring that purchases go through an approval process.

Answer 73

True

Question 74

____ ____ occurs when an organization has more systems than it needs, and systems it owns are underutilized

Answer 74

System sprawl

Question 75

True or False: Asset management begins before the hardware is purchased and helps prevent system sprawl by evaluating the purchase

Answer 75

True

Question 76

True or False: Additionally after the asset is purchased, the process ensures the hardware is added into the asset management tracking system.

Answer 76

True

This ensures that the assets are managed and tracked from cradle to grave.

Question 77

___ _____ ________ methods can track the movement of devices

Answer 77

Radio frequency identification (RFID)

Same as what stores use to prevent shoplifting

Question 78

True or False: Mobile devices are easy to lose track of, so organizations often use asset tracking methods to reduce losses.

Answer 78

True

Question 79

True or False: Environmental controls directly contribute to the availability of systems

Answer 79

True

Question 80

True or False: Environmental controls include ensuring temperature and humidity controls are operating properly, fire suppression systems are in place, and proper procedures are used when running cables.

Answer 80

True

Question 81

______, _________, and ___ ________ systems are important physical security controls that enhance the availability of systems.

Answer 81

Heating, ventilation, and air conditioning (HVAC)

Question 82

True or False: If systems overheat, chips can actually burn themselves out.

Answer 82

True

Question 83

_____ ______ HVAC systems provide more cooling capacity. This keeps server rooms at lower operating temperatures and results in fewer failures.

Answer 83

Higher tonnage

Question 84

___ ___ ____ _____ help regulate the cooling in data centers with multiple rows of cabinets.

Answer 84

Hot and cold aisles

Question 85

True or False: With hot and cold aisles, the back of all cabinets in one row faces the back of all the cabinets in an adjacent row. The same for the front of the cabinets. This way hot air for two row cabinets and cold air for two row cabinets flows through the same aisle

Answer 85

True

Question 86

An HVAC also includes a _________ as a temperature control and additional humidity controls

Answer 86

Thermostat

Question 87

In HVAC, the _______ ensures that the air temperature is controlled and maintained

Answer 87

Thermostat

Question 88

_____ humidity can cause condensation on the equipment, which causes water damage

Answer 88

High

Question 89

___ humidity allows a higher incidence of electrostatic discharge (ESD)

Answer 89

Low

Question 90

True or False: HVAC systems are not often integrated with fire alarm systems.

Answer 90

False

They often are to prevent a fire from spreading

Question 91

One of the core elements of a fire is ______

Answer 91

Oxygen

Question 92

True or False: If an HVAC continues to operate normally while a fire is active, it continues to pump oxygen, which feeds the fire

Answer 92

True

Question 93

True or False: When the HVAC is integrated with the fire alarm system, it controls the airflow to help prevent the rapid spread of the fire.

Answer 93

True

Question 94

A _____ fire system can detect a fire and automatically activate to extinguish the fire

Answer 94

Fixed

Question 95

The different components of a fire are ____, ______, ____, and a ______ ______ creating the fire

Answer 95

heat, oxygen, fuel, and a chain reaction

Question 96

True or False: Fire suppression methods attempt to remove or disrupt one of these elements to extinguish a fire.

Answer 96

True

Question 97

List methods of extinguishing a fire

Answer 97

1. Remove the heat. Fire extinguishers but not water for electrical fires
2. Remove the oxygen. Many methods use CO2 to displace oxygen. Common for fighting electrical fires because harmless to equipment.
3. Remove the fuel
4. Disrupt the chain reaction. Some chemicals can disrupt the chain reaction of fires to stop them.

Question 98

True or False: When using CO2 to displace oxygen in a fire, it’s important to ensure that personnel can get out before the oxygen is displaced

Answer 98

True

Question 99

True or False: It is important to ensure that an alternative allows personnel to exit even if the proximity card reader loses power.

Answer 99

True

Question 100

True or False: Administrators can review HVAC system logs to review the performance.

Answer 100

True

Question 101

________ helps prevent electromagnetic interference (EMI) and radio frequency interference (RFI) from interfering with normal signal transmissions.

Answer 101

Shielding

Question 102

_______ also protects against unwanted emissions and helps prevent an attacker from capturing network traffic.

Answer 102

Shielding

Question 103

____ comes from different types of motors, power lines, and even fluorescent lights.

Answer 103

EMI

Question 104

____ comes from radio frequency(RF) sources such as AM or FM transmitters.

Answer 104

RFI

Question 105

True or False: Shielding used to block interference from both EMI and RFI is often referred to as simply EMI shielding.

Answer 105

True

Question 106

True or False: EMI shielding fulfills the dual purpose of keeping interference out and preventing attackers from capturing network traffic

Answer 106

True.

Question 107

What is the difference between shielded twisted pair and unshielded twisted pair cabling?

Answer 107

STP has shielding to prevent attackers from capturing network traffic and helps block interference from corrupting data

Question 108

True or False: one method of reducing an attacker from splicing cable and connecting a hug using a protocol analyzer to capture traffic is to run cables through cable troughs or wiring ducts

Answer 108

True

Question 109

True or False: In addition to considering physical security, it’s important to keep cables away from EMI sources

Answer 109

True

Question 110

True or False: If techs run cables over or through fluorescent lighting fixtures, the EMI from the lights can disrupt the signals on the cables.

Answer 110

True

Question 111

A ________ ____ is typically a room that prevents signals from emanating beyond the room

Answer 111

Faraday cage

Question 112

A Faraday cage includes electrical features that cause ____ signals that reach the boundary of the room to be reflected back, preventing signal emanation outside of it.

Answer 112

RF

Question 113

True or False: A Faraday cage also provides shielding to prevent outside interference such as EMI and RFI from entering the room

Answer 113

True

Question 114

True or False: The metal shielding around an elevator acts as a Faraday cage, preventing signals from emanating out or signals from entering in.

Answer 114

True

Question 115

________ adds duplication to critical system components and networks and provides _____ _______

Answer 115

Redundancy, fault tolerance

Question 116

True or False: A system with fault tolerance can suffer a fault, but it can tolerate it and continue to operate.

Answer 116

True

Question 117

Organizations often add redundancies to eliminate _____ ______ of ______

Answer 117

Single points of failure

Question 118

List different levels redundancies can be added

Answer 118

1. Disk redundancies using RAID
2. Server redundancies by adding failover clusters
3. Power redundancies by adding generators or an UPS
4. Site redundancies by adding hot, cold, or warm sites

Question 119

A _______ _____ of ______ is a component within a system that can cause the entire system to fail if the component fails.

Answer 119

Single point of failure

Question 120

True or False: Some examples of single points of failure are disk, server, and power

Answer 120

True

Question 121

Any system has four primary resources: _____, _____, ___, and _____

Answer 121

Processor
Memory
Disk
Network interface

Question 122

True or False: The disk is the slowest and most susceptible failure

Answer 122

True

Question 123

______ _____ of ______ _____ subsystems provide fault tolerance for disks and increase the system availability

Answer 123

Redundant Array of Inexpensive Disks (RAID)

Question 124

True or False : RAID-0 doesn’t provide any redundancy or fault tolerance

Answer 124

True

It includes two or more physical disks. Files are spread across each of the disks.

Question 125

What is the benefit of a RAID-0?

Answer 125

Increased read and write performance

Question 126

True or False: RAID-1 uses two disks

Answer 126

True

Question 127

In RAID-1 data is written to _____ disks so if one fails the other disk still has all the data and the system can operate without any data loss.

Answer 127

Two

Question 128

True or False: You can add an additional disk controller to a RAID-1 configuration to remove the disk controller as a single point of failure

Answer 128

True

Question 129

Adding a second disk controller to a mirror is called _____ ________

Answer 129

Disk duplexing

Question 130

If you have two 500 GB drives used in a RAID-1 how much storage space do you have?

Answer 130

500 GB since the other 500 GB is dedicated to fault tolerant, mirrored volume.

Question 131

True or False: RAID-2, RAID-3, and RAID-4 are the most commonly used

Answer 131

False

They are rarely used

Question 132

_______ is three or more disks that are striped together similar to RAID-0

Answer 132

RAID-5

Question 133

______ _______ is striped across each of the drives in a RAID-5 and is used for fault tolerance

Answer 133

Parity information

Question 134

True or False: In a RAID-5 conf if one of the drive fails, the system can read the information on the remaining drives and determine what the actual data should be.

Answer 134

True

Question 135

True or False: If two of the drives fail in a RAID-5, the data is lost

Answer 135

True

Question 136

______ is an extension of RAID-5 and it includes an additional parity block.

Answer 136

RAID-6

Question 137

True or False: A huge benefit with RAID-6 is the disk subsystem will continue to operate even if two disk drives fail.

Answer 137

True

RAID-6 requires a minimum of four disks

Question 138

______ configuration combines the features of mirroring (RAID-1) and striping (RAID-0).

Answer 138

RAID-10

Question 139

True or False: The minimum number of drives in a RAID-10 is six

Answer 139

False

It is four

Question 140

When adding more drives to a RAID-10 you add ____ /multiples of ____.

Answer 140

Two

Question 141

If you have four 500 GB drives in a RAID-10 how much usable storage do you have?

Answer 141

1 TB

Question 142

___ _______ refers to a system or service that needs to remain operational with almost zero downtime.

Answer 142

High availability

Question 143

True or False: Utilizing different redundancy and fault-tolerance methods, it’s possible to achieve 99.999 percent uptime, commonly called five nines.

Answer 143

True

Question 144

What does five nines equate to in downtime minutes per year?

Answer 144

6 minutes of downtime a year

Question 145

________ _______ are a key component used to achieve five nines

Answer 145

Failover clusters

Question 146

Is five nines considered expensive or cheap?

Answer 146

Expensive

Question 147

True or False: High availability five nines is justifiable if the cost of a potential outage is high.

Answer 147

True

Question 148

_______ _______ is another option to provide both high availability and scalability, though it is typically used primarily in scientific applications.

Answer 148

Distributive allocation

Question 149

True or False: In a distributed application model, multiple computers (often called nodes) are configured within a local network.

Answer 149

True

Question 150

In a distributed application model, a ______ ________ divides the complex problem into smaller tasks then coordinates tasking of the individual nodes and collecting results. If any single node fails, the central processor doesn’t task it anymore but overall processing continues, providing high availability.

Answer 150

Central processor

Question 151

True or False: Distributive allocation provides high availability

Answer 151

True

Question 152

The primary purpose of a _______ _______ is to provide high availability for a service offered by a server.

Answer 152

Failover cluster

Question 153

True or False: Failover clusters use two or more servers in a cluster configuration, and the servers are referred to as nodes.

Answer 153

True

Question 154

In a failover cluster, at least ____ server or node is active and at least ___ is inactive.

Answer 154

One, one

Question 155

True or False: In a failover cluster, if an active node fails, the inactive node can take over the load without interruption to clients.

Answer 155

True

Question 156

True or False: In an active-active cluster configuration, the cluster balances the load between the servers

Answer 156

True

Question 157

Nodes need to have _____ to _________ hardware and are often quite expensive, but if a company truly needs to achieve 99.999 percent uptime, it’s worth the expense

Answer 157

Close to identical

Question 158

A ____ ________ can optimize and distribute data loads across multiple computers or multiple networks.

Answer 158

Load balancer

Question 159

True or False: A load balancer can be hardware or software

Answer 159

True

Question 160

A ________ based load balancer accepts traffic and directs it to servers based on factors such as processor utilization and the number of current connections to the server.

Answer 160

Hardware

Question 161

A ______ based load balancer uses software running on each of the servers in the load-balanced cluster to balance the load.

Answer 161

Software

Question 162

____ _______ primarily provides scalability, but it also contributes to high availability.

Answer 162

Load balancing

Question 163

______ refers to the ability of a service to serve more clients without any decrease in performance.

Answer 163

Scalability

Question 164

________ ensures that systems are up and operational when needed

Answer 164

Availability

Question 165

True or False: By spreading the load among multiple systems, it ensures that individual systems are not overloaded, increasing overall availability

Answer 165

True

Question 166

To scale ___ you add additional resources such as processors and memory

Answer 166

Up

Question 167

To scale ___ you ad additional servers in a load balancer

Answer 167

Out

Question 168

Some load balancers use source address _____ to direct the requests.

Answer 168

Affinity

Question 169

Source ______ sends requests to the same server based on the requestor’s IP address

Answer 169

Affinity

Question 170

True or False: Source affinity effectively sticks users to a specific server for the duration of their sessions

Answer 170

True

Question 171

True or False: An added benefit of many load balancers is that they can detect when a server fails.

Answer 171

True

Question 172

True or False: In general, failover clusters are commonly used for applications such as database applications.

Answer 172

True

Question 173

True or False: Load balancers are often used for services, such as web servers in a web farm.

Answer 173

True

Question 174

____ is a critical utility to consider when reviewing redundancies.

Answer 174

Power

Question 175

An ____ provides fault tolerance for power and can protect against power fluctuations.

Answer 175

UPS

Question 176

_______ provide long-term power in extended outages.

Answer 176

Generators

Question 177

______ are copies of data created to ensure that when the original data is lost or corrupted, it can be restored.

Answer 177

Backups

Question 178

The most common media used for backups is ____

Answer 178

Tape

Question 179

_____ store more data and are cheaper than other media

Answer 179

Tapes

Question 180

List some commonly used backup types

Answer 180

1. Full backup
2. Differential backup
3. Incremental backup
4. Snapshots

Question 181

A _____ _____ backs up all the selected data

Answer 181

Full backup

Question 182

A ______ ______ backs up all the data that has changed or is different since the last full backup

Answer 182

Differential backup

Question 183

A ________ _____ backs up all the data that has changed since the last full or incremental backup

Answer 183

Incremental backup

Question 184

A ______ captures the data at a point in time.

Answer 184

Snapshot (image backup)

Question 185

True or False: It’s possible to do a full backup on a daily basis but rare to do in most prod environments

Answer 185

True

Question 186

What two limiting factors are there for doing full backups daily?

Answer 186

1. Time - can take several hours to complete depending on how much data and affects availability of a system
2. Money - requires more resources i.e. media and storage

Question 187

True or False: A full backup is the easiest and quickest to restore

Answer 187

True

Question 188

True or False: Each differential backup are all the deltas since the last full backup.

Answer 188

True

I.e. Monday captures differential, Tuesday builds on top of Monday’s differential and so forth

Question 189

True or False: As time progresses the differential backup steadily grows in size

Answer 189

True

Question 190

True or False: Each incremental backup are all the deltas since the previous day

Answer 190

True
I.e. Sunday is a full, Monday captures deltas from Sunday thru Monday, Tuesday captures deltas from Monday thru Tuesday, etc.

Question 191

True or False: Full/incremental is better suited for orgs where time is priority and Full/Differential is better suited for orgs where restoration is priority

Answer 191

True

Question 192

True or False: Snapshots are commonly used with virtual machines and sometimes referred to as a checkpoint

Answer 192

True

Question 193

True or False: The only way to validate a backup is to perform a test restore

Answer 193

True

Question 194

Performing a _____ ______ is nothing more than restoring the data from a backup and verifying it’s integrity

Answer 194

Test restore

Question 195

True or False: It’s common to restore data to a different location other than the original source location, but in such a way that you can validate the data.

Answer 195

True

Question 196

What are the two possible outcomes in a test restore

Answer 196

1. Success

2. Fail

Question 197

True or False: An additional benefit of performing regular test restores is that it allows administrators to become familiar with the process.

Answer 197

True

Question 198

True or False: Backup media should be protected at the same level as the data that it holds.

Answer 198

True

Question 199

List how backups are protected

Answer 199

1. Storage - clear labeling to identify the data and physical security protection to prevent others from easily accessing it while it’s stored
2. Transfer - Data should be protected any time it is transferred from one location to another. Especially true when transferring a copy of the backup to a separate geographical location
3. Destruction - When no longer needed, destroyed. Accomplished by degaussing the media, shredding or burning the media, or scrubbing the media by repeatedly writing varying patterns of 1s and 0s onto the media

Question 200

True or False: Organizations typically create a backup policy to answer critical questions related to backups

Answer 200

True

Question 201

The ______ policy is a written document and will often identify issues such as what data to backup, how often to back up the data, how to test the backups, and how long to retain the backups.

Answer 201

Backup

Question 202

______ backups protect against a disaster such as a fire or a flood.

Answer 202

Off-site

Question 203

True or False: Many organizations have specific requirements related to the distance between the main site and the off-site location.

Answer 203

True

Question 204

The off-site backup ______ should be far enough away that environmental factors at the primary location doesn’t affect the off-site location

Answer 204

Location

Question 205

The _____ implications related to backups depends on the data stored in the backups.

Answer 205

Legal

Question 206

____ _______ refers to the legal implications when data is stored off-site.

Answer 206

Data sovereignty

If the data is stored in other countries, it can be subject to additional laws and regulations

Question 207

The goal of _______ __________ is to ensure that critical business operations continue and the organization can survive the outage.

Answer 207

Business continuity

Question 208

True or False: Organizations often create a business continuity plan (BCP)

Answer 208

True

Question 209

A _______ _____ _______ is an important part of a BCP.

Answer 209

Business impact analysis

Question 210

A ____ _______ ______ helps an organization identify critical systems and components that are essential to the organizations success.

Answer 210

Business impact analysis

Question 211

True or False: A business impact analysis helps identify vulnerable business processes that support mission essential functions

Answer 211

True

Question 212

True or False: The business impact analysis involves collecting information from throughout the organization and documenting the results. This documentation identifies core business or mission requirements.

Answer 212

True

Question 213

True or False: The Business Impact Analysis does not recommend solutions.

Answer 213

True

It provides management with valuable information so that they can focus on critical business functions.

Question 214

List some key questions that are addressed with a Business Impact Analysis

Answer 214

1. What are the critical systems and functions?
2. Are there any dependencies related to these critical systems and functions?
3. What is the maximum downtime limit of these critical systems and functions?
4. What scenarios are most likely to impact these critical systems and functions?
5. What is the potential loss from these scenarios?

Question 215

True or False: Identifying the maximum downtime limit is extremely important.

Answer 215

True
It drives decisions related to recovery objectives and helps an organization identify various contingency plans and policies.

Question 216

Two tools that organizations can use when completing a business impact analysis are a ______ ______ _______ and a _____ ______ _______

Answer 216

Privacy threshold assessment and privacy impact assessment

NIST SP 800-122 “Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)” covers these in more depth but refers to a privacy threshold assessment as a privacy threshold analysis.

Question 217

The primary purpose of the _____ _______ ________ is to help the organization identify PII within a system.

Answer 217

Privacy threshold assessment

Question 218

Who typically completes a privacy threshold assessment?

Answer 218

System owner or data owner

Question 219

If the system holds PII, the next step is to conduct a ______ ______ _________

Answer 219

Privacy impact assessment

Question 220

True or False: A privacy impact assessment attempts to identify potential risks related to the PII by reviewing how the information is handled

Answer 220

True

Question 221

What is the goal of a privacy impact assessment?

Answer 221

To ensure that the system is complying with applicable laws, regulations, and guidelines. The impact assessment provides a proactive method of addressing potential risks related to PII throughout the life cycle of a computing system.

Question 222

The _____ ___ _______ identifies the maximum amount of time it can take to restore a system after an outage.

Answer 222

Recovery time objective (RTO)

Question 223

A _____ _____ _______ identifies a point in time where data loss is acceptable.

Answer 223

Recovery point objective

Question 224

True or False: When working with a BIA, experts often attempt to predict the possibility of a failure

Answer 224

True

Question 225

____ ____ ____ ______ provides a measure of a system’s reliability and is usually represented in hours.

Answer 225

Mean time between failures

Question 226

True or False: Higher MTBF numbers indicate a higher reliability of a product or system.

Answer 226

True

Question 227

___ ___ __ ______ identifies the average time it takes to restore a failed system.

Answer 227

Mean time to recover

Question 228

________ __ ________ _______ focuses on restoring mission-essential functions at a recovery site after a critical outage.

Answer 228

Continuity of operations planning

Question 229

______ is the process of moving mission-essential functions to the alternate site.

Answer 229

Failover

Question 230

A ______ ____ is an alternate processing site that an organization can use after a disaster.

Answer 230

Recovery site

Question 231

List the three primary types of recovery sites

Answer 231

1. Hot sites
2. Cold sites
3. Warm sites

Question 232

True or False: Two other recovery sites are mobile sites and mirrored sites

Answer 232

True

Question 233

A __ ____ would be up and operational 24 hours a day, seven days a week and would be able to take over functionality from the primary site quickly after a primary site failure.

Answer 233

Hot site

Question 234

True or False: In many cases, copies of backup tapes are stored at the hot site as the off-site location.

Answer 234

True

Question 235

True or False: A hot site is the least effective disaster recovery solution for high-availability requirements.

Answer 235

False

It is the most effective

Question 236

True or False: A hot site is the most expensive to maintain and keep up to date.

Answer 236

True

Question 237

A ____ ____ requires power and connectivity but not much else.

Answer 237

Cold site

Question 238

True or False: With a cold site the organization brings all the equipment, software, and data to the site when it activates it.

Answer 238

True

Question 239

A ____ ____ is the cheapest to maintain, but it is also the most difficult to test.

Answer 239

Cold site

Question 240

A ____ ____ provides a compromise between a hot site and a cold site that an organization can tailor to meet its needs.

Answer 240

Warm site

Question 241

A _____ ____ is a self contained transportable unit with all the equipment needed for specific requirements

Answer 241

Mobile site

Ex. semitrailer with everything needed for operations

Question 242

_____ ____ are identical to the primary location and provide 100 percent availability.

Answer 242

Mirrored sites

Question 243

True or False: The mirrored site is always up and operational

Answer 243

True

Question 244

True or False: As a best practice, organizations return the least critical functions to the primary site first.

Answer 244

True

Question 245

True or False: By moving the least critical functions back to the primary site first will help to flush out undiscovered problems

Answer 245

True

Question 246

______ ______ is a part of an overall business continuity plan

Answer 246

Disaster recovery

Question 247

True or False: In some cases, an organization will have multiple Disaster Recovery Plans within a Business Continuity Plan

Answer 247

True

Question 248

True or False: A DRP or a BCP will include a hierarchical list of critical systems.

Answer 248

True

This list identifies what systems to restore after a disaster and in what order.

Question 249

List the different phases of a disaster recovery process

Answer 249

1. Activate the disaster recovery plan
2. Implement contingencies
3. Recover critical systems
4. Test recovered systems
5. After-action report

Question 250

True or False: Business continuity plans and Disaster recovery plans include testing.

Answer 250

True

Question 251

_____ validates that the plan works as desired and will often include testing redundancies and backups.

Answer 251

Testing

Question 252

Two primary types of exercises are ______ and _____

Answer 252

Tabletop and functional

Read NIST SP 800-34 “Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities”

Question 253

A _____ _____ is discussion based

Answer 253

Tabletop exercise

Question 254

_____ _______ provide personnel with an opportunity to test the plans in a simulated operational environment.

Answer 254

Functional exercises

Question 255

In a ______, the participants go through the steps in a controlled manner without affecting the actual system.

Answer 255

Simulation

Question 256

True or False: Running through a simulation will verify that the test works and the amount of time it will take to execute the plan

Answer 256

True

Question 257

List some of the common elements of testing

Answer 257

1. Backups - tested by restoring the data from the backup
2. Server restoration - rebuild a server using a test system without touching the live system
3. Server redundancy
4. Alternate sites