CISSP ch 18 Flashcards
DRP
Disaster recovery plan
disaster recovery planning picks up where business continuity planning leaves off
goal of DRP is to restore regular business activity as quickly as possible
preventing business interruption is the goal of business continuity
100-year floodplain
chance of flooding in that area are 1 in 100, or 1.0 percent
UPS
uninterruptible power supply = provides battery-supplied power for a short period of time, between 5 and 30 minutes
Generator
provides long-term power
SPOF
single point of failure
RAID-0
striping
uses two or more disks and improves the disk subsystem performance, but does not provide fault tolerance
RAID-1
mirroring
uses two disks, which both hold the same data
RAID-5
= striping with parity
uses three or more disks with the equivalent of one disk holding parity information
parity information allows the reconstruction of data through mathematical calculations if a single disk is lost
if any single disk fails, the RAID array will continue to operate, but will be slower
RAID-6
functions in the same manner as RAID-5 but stores parity information on two disks, protecting against the failure of two separate disks but requiring a minimum of four disks to implement
RAID-10
RAID 1 + 0 = stripe of mirrors
configured as two or more mirrors (RAID-1) with each mirror configured in a striped configuration (RAID-0)
uses at least four disks but can support more as long as an even number of disks are added
will continue to operate even if multiple disks fail, as long as at least one drive in each mirror continues to function
software-based RAID solutions/systems
require the operating system to manage the disks in the array and can reduce overall system performance
relatively inexpensive
hardware-based RAID solutions/systems
generally more efficient and reliable
more expensive
typically include spare drives that can be logically added to the array
hot swapping
replacing failed disks without powering down the system
cold swapping
requires the system to be powered down to replace a faulty drive
failover
when another server in a cluster takes of the load of a failed server in an automatic process
trusted recovery
provides assurances that after a failure or crash, the system is just as secure as it was before the failure or crash occurred
Manual recovery (trusted recovery)
if a system fails, it does not fail in a secure state; instead, an administrator is required to manually perform the actions necessary to implement a secured or trusted recovery after a failure or system crash
automated recovery (trusted recovery)
system is able to perform trusted recovery activities to restore itself against at least one type of failure
automated recovery without undue loss (trusted recovery)
similar to automated recovery, but included mechanisms to ensure that specific objects are protected to prevent their loss
e.g., steps to restore data or other objects, restore corrupted files, rebuild data from transaction logs and verify the integrity of key system and security components
function recovery (trusted recovery)
automatically recover specific functions
ensures that the system is able to successfully complete the recovery for the functions, or that the system will be able to roll back the changes to return to a secure state
QoS
Quality of service controls = protect the availability of data networks under load
bandwidth
the network capacity available to carry communications
latency
the time it takes a packet to travel from source to destination
jitter
the variation in latency between different packets
packet loss
some packets may be lost between source and destination, requiring retransmission
interference
electrical noise, faulty equipment and other factors may corrupt the contents of packets
ACV clause
actual cash value clause in insurance contracts = when damaged property is compensated based on the fair market value of the items on the date of loss, less all accumulated depreciation since the time of their purchase
BIA
business impact analysis
MTTR
mean time to repair
MTD
maximum tolerable downtime
RTO
recovery time objective
RPO
recovery point objective
specifies the maximum amount of data that may be lost during a disaster and should be used to guide backup strategies
fail-secure system
will default to a secure state in the event of a failure, blocking all access
fail-open system
will fail in an open state, granting all access
MAAs
mutual assistance agreements = reciprocal agreements
rare in real-world practice but popular in literature
two organizations pledge to assist each other in the event of a disaster by sharing computing facilities or other technological resources
Electronic vaulting
database backups are moved to a remote site using bulk transfers
remote location may be a dedicated alternative recovery site or simply an offsite location managed within the company or by a contractor for the purpose of maintaining backup data
potential for data loss - you will only be able to recover information as of the time of the last vaulting operation
remote journaling
data transfers are performed in a more expeditious manner; data transfers still occur in a bulk transfer mode, but on a more frequent basis, usually once every hour and sometimes more frequently
instead of entire database backup, only database transaction logs are transferred, containing transactions that occurred since the previous bulk transfer
not applied to a live database, maintained in a backup device
when disaster is declared, technicians retrieve the appropriate transaction logs and apply them to the production database
remote mirroring
Most advanced database backup solution and the most expensive
live database server is maintained at the backup site
ready to take over an operational role at a moment’s notice
popular strategy when implementing a hot site
full backup
1 backup to load
once a full backup is complete, the archive bit on every file is reset, turned off or set to 0
differential backups
1 full back up + 1 differential backup to load
store all files that have been modified since the time of the most recent full backup
the differential backup does not change the archive bit
when restoring, just need last full backup and most recent differential backup
don’t take as long to restore, but take longer to create than incremental backups
incremental backups
1 full backup + n incremental backups to load
store only those files that have been modified since the time of the most recent full or incremental backup
only files that have the archive bit turned on, enabled or set to 1 are duplicated
once an incremental backup is complete, the archive bit on all duplicated files is reset, turned off or set to 0
when restoring, need last full backup and all incremental backups
D2D
Disk-to-disk backup solutions
VTL
virtual tape libraries = support the use of disks with the tape paradigm by using software to make disk storage appear as tapes to backup software
Tape rotation strategies
Grandfather-Father-Son (GFS)
Tower of Hanoi
Six Cartridge Weekly Backup
HSM
hierarchical storage management system = an automated robotic backup jukebox consisting of 32 or 64 optical or tape backup devices; all the drive elements with an HSM system are configured as a single drive array (a bit like a RAID)
recovery vs restoration
Recovery = bringing business operations and processes back to a working state
Restoration = bringing a business facility and environment back to a workable state
Test types
read-through test / checklist tests
structured walk-through / tabletop exercise
simulation tests
similar to structure walk-through, but business can actually be interrupted and tested
parallel tests
full-interruption tests