CISSP ch 18

Question 1

DRP

Answer 1

Disaster recovery plan

disaster recovery planning picks up where business continuity planning leaves off

goal of DRP is to restore regular business activity as quickly as possible

preventing business interruption is the goal of business continuity

Question 2

100-year floodplain

Answer 2

chance of flooding in that area are 1 in 100, or 1.0 percent

Question 3

UPS

Answer 3

uninterruptible power supply = provides battery-supplied power for a short period of time, between 5 and 30 minutes

Question 4

Generator

Answer 4

provides long-term power

Question 5

SPOF

Answer 5

single point of failure

Question 6

RAID-0

Answer 6

striping

uses two or more disks and improves the disk subsystem performance, but does not provide fault tolerance

Question 7

RAID-1

Answer 7

mirroring

uses two disks, which both hold the same data

Question 8

RAID-5

Answer 8

= striping with parity

uses three or more disks with the equivalent of one disk holding parity information

parity information allows the reconstruction of data through mathematical calculations if a single disk is lost

if any single disk fails, the RAID array will continue to operate, but will be slower

Question 9

RAID-6

Answer 9

functions in the same manner as RAID-5 but stores parity information on two disks, protecting against the failure of two separate disks but requiring a minimum of four disks to implement

Question 10

RAID-10

Answer 10

RAID 1 + 0 = stripe of mirrors

configured as two or more mirrors (RAID-1) with each mirror configured in a striped configuration (RAID-0)

uses at least four disks but can support more as long as an even number of disks are added

will continue to operate even if multiple disks fail, as long as at least one drive in each mirror continues to function

Question 11

software-based RAID solutions/systems

Answer 11

require the operating system to manage the disks in the array and can reduce overall system performance

relatively inexpensive

Question 12

hardware-based RAID solutions/systems

Answer 12

generally more efficient and reliable

more expensive

typically include spare drives that can be logically added to the array

Question 13

hot swapping

Answer 13

replacing failed disks without powering down the system

Question 14

cold swapping

Answer 14

requires the system to be powered down to replace a faulty drive

Question 15

failover

Answer 15

when another server in a cluster takes of the load of a failed server in an automatic process

Question 16

trusted recovery

Answer 16

provides assurances that after a failure or crash, the system is just as secure as it was before the failure or crash occurred

Question 17

Manual recovery (trusted recovery)

Answer 17

if a system fails, it does not fail in a secure state; instead, an administrator is required to manually perform the actions necessary to implement a secured or trusted recovery after a failure or system crash

Question 18

automated recovery (trusted recovery)

Answer 18

system is able to perform trusted recovery activities to restore itself against at least one type of failure

Question 19

automated recovery without undue loss (trusted recovery)

Answer 19

similar to automated recovery, but included mechanisms to ensure that specific objects are protected to prevent their loss

e.g., steps to restore data or other objects, restore corrupted files, rebuild data from transaction logs and verify the integrity of key system and security components

Question 20

function recovery (trusted recovery)

Answer 20

automatically recover specific functions

ensures that the system is able to successfully complete the recovery for the functions, or that the system will be able to roll back the changes to return to a secure state

Question 21

QoS

Answer 21

Quality of service controls = protect the availability of data networks under load

Question 22

bandwidth

Answer 22

the network capacity available to carry communications

Question 23

latency

Answer 23

the time it takes a packet to travel from source to destination

Question 24

jitter

Answer 24

the variation in latency between different packets

Question 25

packet loss

Answer 25

some packets may be lost between source and destination, requiring retransmission

Question 26

interference

Answer 26

electrical noise, faulty equipment and other factors may corrupt the contents of packets

Question 27

ACV clause

Answer 27

actual cash value clause in insurance contracts = when damaged property is compensated based on the fair market value of the items on the date of loss, less all accumulated depreciation since the time of their purchase

Question 28

BIA

Answer 28

business impact analysis

Question 29

MTTR

Answer 29

mean time to repair

Question 30

MTD

Answer 30

maximum tolerable downtime

Question 31

RTO

Answer 31

recovery time objective

Question 32

RPO

Answer 32

recovery point objective

specifies the maximum amount of data that may be lost during a disaster and should be used to guide backup strategies

Question 33

fail-secure system

Answer 33

will default to a secure state in the event of a failure, blocking all access

Question 34

fail-open system

Answer 34

will fail in an open state, granting all access

Question 35

MAAs

Answer 35

mutual assistance agreements = reciprocal agreements

rare in real-world practice but popular in literature

two organizations pledge to assist each other in the event of a disaster by sharing computing facilities or other technological resources

Question 36

Electronic vaulting

Answer 36

database backups are moved to a remote site using bulk transfers

remote location may be a dedicated alternative recovery site or simply an offsite location managed within the company or by a contractor for the purpose of maintaining backup data

potential for data loss - you will only be able to recover information as of the time of the last vaulting operation

Question 37

remote journaling

Answer 37

data transfers are performed in a more expeditious manner; data transfers still occur in a bulk transfer mode, but on a more frequent basis, usually once every hour and sometimes more frequently

instead of entire database backup, only database transaction logs are transferred, containing transactions that occurred since the previous bulk transfer

not applied to a live database, maintained in a backup device

when disaster is declared, technicians retrieve the appropriate transaction logs and apply them to the production database

Question 38

remote mirroring

Answer 38

Most advanced database backup solution and the most expensive

live database server is maintained at the backup site

ready to take over an operational role at a moment’s notice

popular strategy when implementing a hot site

Question 39

full backup

Answer 39

1 backup to load

once a full backup is complete, the archive bit on every file is reset, turned off or set to 0

Question 40

differential backups

Answer 40

1 full back up + 1 differential backup to load

store all files that have been modified since the time of the most recent full backup

the differential backup does not change the archive bit

when restoring, just need last full backup and most recent differential backup

don’t take as long to restore, but take longer to create than incremental backups

Question 41

incremental backups

Answer 41

1 full backup + n incremental backups to load

store only those files that have been modified since the time of the most recent full or incremental backup

only files that have the archive bit turned on, enabled or set to 1 are duplicated

once an incremental backup is complete, the archive bit on all duplicated files is reset, turned off or set to 0

when restoring, need last full backup and all incremental backups

Question 42

D2D

Answer 42

Disk-to-disk backup solutions

Question 43

VTL

Answer 43

virtual tape libraries = support the use of disks with the tape paradigm by using software to make disk storage appear as tapes to backup software

Question 44

Tape rotation strategies

Answer 44

Grandfather-Father-Son (GFS)

Tower of Hanoi

Six Cartridge Weekly Backup

Question 45

HSM

Answer 45

hierarchical storage management system = an automated robotic backup jukebox consisting of 32 or 64 optical or tape backup devices; all the drive elements with an HSM system are configured as a single drive array (a bit like a RAID)

Question 46

recovery vs restoration

Answer 46

Recovery = bringing business operations and processes back to a working state

Restoration = bringing a business facility and environment back to a workable state

Question 47

Test types

Answer 47

read-through test / checklist tests

structured walk-through / tabletop exercise

simulation tests

similar to structure walk-through, but business can actually be interrupted and tested

parallel tests

full-interruption tests