CISSP (Chapter 8 - Business Continuity and Disaster Recovery) Flashcards

1
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

What action should take place to restore a system and its data files after a system failure?A. Restore from storage media backup.B. Perform a parallel test.C. Implement recovery procedures.D. Perform a walk-through test.

A

C. In this and similar situations, recovery procedures should be followed, which most likely include recovering data from the backup media. Recovery procedures could include proper steps for rebuilding a system from the beginning, applying the necessary patches and configurations, and ensuring that what needs to take place to ensure productivity is not affected. Some type of redundant system may need to be put into place.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

What is one of the first steps in developing a business continuity plan?A. Identify a backup solution.B. Perform a simulation test.C. Perform a business impact analysis.D. Develop a business resumption plan.

A

C. A business impact analysis includes identifying critical systems and functions of a company and interviewing representatives from each department. Once management’s support is solidified, a business impact analysis needs to be performed to identify the threats the company faces and the potential costs of these threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

How often should a business continuity plan be tested?A. At least every ten yearsB. Only when the infrastructure or environment changesC. At least every two yearsD. Whenever there are significant changes in the organization and annually

A

D. The plans should be tested if there have been substantial changes to the company or the environment. They should also be tested at least once a year.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

During a recovery procedure test, one important step is to maintain records of important events that happen during the test. What other step is just as important?A. Schedule another test to address issues that were identified during that procedure.B. Make sure someone is prepared to talk to the media with the appropriate responses.C. Report the events to management.D. Identify essential business functions.

A

C. When recovery procedures are carried out, the outcome of those procedures should be reported to the individuals who are responsible for this type of activity, which is usually some level of management. If the procedures worked properly, management should know it, and if problems were encountered, management should definitely be made aware of them. Members of management are the ones who are responsible overall for fixing the recovery system and will be the ones to delegate this work and provide the necessary funding and resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

Which of the following actions is least important when quantifying risks associated with a potential disaster?A. Gathering information from agencies that report the probability of certain natural disasters taking place in that areaB. Identifying the company’s key functions and business requirementsC. Identifying critical systems that support the company’s operationsD. Estimating the potential loss and impact the company would face based on how long the outage lasted

A

A. The question asked you about quantifying the risks, which means to calculate the potential business impact of specific disasters. The core components of a business impact analysis are• Identifying the company’s key functions and business requirements• Identifying critical systems that support the company’s operations• Estimating the potential loss and impact the company would face based on how long the outage lastedGathering information from agencies that report the probability of certain natural disasters taking place in that area is an important piece in determining the probability of these threats, but it is considered least necessary when quantifying the potential damage that could be experienced.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

The purpose of initiating emergency procedures right after a disaster takes place is to prevent loss of life and injuries, and to _______________.A. Secure the area to ensure that no looting or fraud takes placeB. Mitigate further damageC. Protect evidence and cluesD. Investigate the extent of the damages

A

B. The main goal of disaster recovery and business continuity plans is to mitigate all risks that could be experienced by a company. Emergency procedures first need to be carried out to protect human life, and then other procedures need to be executed to reduce the damage from further threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

Which of the following is the best way to ensure that the company’s backup tapes can be restored and used at a warm site?A. Retrieve the tapes from the offsite facility, and verify that the equipment at the original site can read them.B. Ask the offsite vendor to test them, and label the ones that were properly read.C. Test them on the vendor’s machine, which won’t be used during an emergency.D. Inventory each tape kept at the vendor’s site twice a month.

A

A. A warm site is a facility that will not be fully equipped with the company’s main systems. The goal of using a warm site is that, if a disaster takes place, the company will bring its systems with it to the warm site. If the company cannot bring the systems with it because they are damaged, the company must purchase new systems that are exactly like the original systems. So, to properly test backups, the company needs to test them by recovering the data on its original systems at its main site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

Which best describes a hot-site facility versus a warm- or cold-site facility?A. A site that has disk drives, controllers, and tape drivesB. A site that has all necessary PCs, servers, and telecommunicationsC. A site that has wiring, central air-conditioning, and raised flooringD. A mobile site that can be brought to the company’s parking lot

A

B. A hot site is a facility that is fully equipped and properly configured so that it can be up and running within hours to get a company back into production. Answer B gives the best definition of a fully functionally environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

Which is the best description of remote journaling?A. Backing up bulk data to an offsite facilityB. Backing up transaction logs to an offsite facilityC. Capturing and saving transactions to two mirrored servers in-houseD. Capturing and saving transactions to different media types

A

B. Remote journaling is a technology used to transmit data to an offsite facility, but this usually only includes moving the journal or transactionlogs to the offsite facility, not the actual files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

Which of the following is something that should be required of an offsite backup facility that stores backed-up media for companies?A. The facility should be within 10 to 15 minutes of the original facility to ensure easy access.B. The facility should contain all necessary PCs and servers and should have raised flooring.C. The facility should be protected by an armed guard.D. The facility should protect against unauthorized access and entry.

A

D. This question addresses a facility that is used to store backed-up data; it is not talking about an offsite facility used for disaster recovery purposes. The facility should not be only 10 to 15 minutes away, because some types of disasters could destroy both the company’s main facility and this facility if they are that close together, in which case the company would lose all of its information. The facility should have the same security standards as the company’s security, including protection against unauthorized access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

Which item will a business impact analysis not identify?A. Whether the company is best suited for a parallel or full-interrupt testB. What areas would suffer the greatest operational and financial loss in the event of a particular disaster or disruptionC. What systems are critical for the company and must be highly protectedD. What amount of outage time a company can endure before it is permanently crippled

A

A. All the other answers address the main components of a business impact analysis. Determining the best type of exercise or drill to carry out is not covered under this type of analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

Which areas of a company are recovery plans recommended for?A. The most important operational and financial areasB. The areas that house the critical systemsC. All areasD. The areas that the company cannot survive without

A

C. It is best if every department within the company has its own contingency plan and procedures in place. These individual plans would “roll up” into the overall enterprise BCP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

Who has the final approval of the business continuity plan?A. The planning committeeB. Each representative of each departmentC. ManagementD. External authority

A

C. Management really has the final approval over everything within a company, including these plans.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

Which is the proper sequence of steps followed in business continuity management?A. Project initiation, strategy development, business impact analysis, plan development, implementation, testing, and maintenanceB. Strategy development, project initiation, business impact analysis, plan development, implementation, testing, and maintenanceC. Implementation and testing, project initiation, strategy development, business impact analysis, and plan developmentD. Plan development, project initiation, strategy development, business impact analysis, implementation, testing, and maintenance

A

A. These steps outline the processes that should take place in the correct order from beginning to end in business continuity management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

What is the most crucial requirement in developing a business continuity plan?A. Business impact analysisB. Implementation, testing, and following throughC. Participation from each and every departmentD. Management support

A

D. Management’s support is the first thing to obtain before putting any real effort into developing these plans. Without management’s support, the effort will not receive the necessary attention, resources, funds, or enforcement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

During development, testing, and maintenance of the continuity plan, a high degree of interaction and communications is crucial to the process. Why?A. This is a regulatory requirement of the process.B. The more people who talk about it and are involved, the more awareness will increase.C. This is not crucial to the plan and should not be interactive because it will most likely affect operations.D. Management will more likely support it.

A

B. Communication not only spreads awareness of these plans and their contents, but also allows more people to discuss the possible threats and solutions, which may lead to ideas that the original team did not consider.

17
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

To get proper management support and approval of the plan, a business case must be made. Which of the following is least important to this business case?A. Regulatory and legal requirementsB. Company vulnerabilities to disasters and disruptionsC. How other companies are dealing with these issuesD. The impact the company can endure if a disaster hits

A

C. The other three answers are key components when building a business case. Although it is a good idea to investigate and learn about how other companies are dealing with similar issues, it is the least important of the four items listed.

18
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

Which of the following describes a parallel test?A. It is performed to ensure that operations performed at the alternate site also give the same results as at the primary site.B. All departments receive a copy of the disaster recovery plan and walk through it.C. Representatives from each department come together and go through the test collectively.D. Normal operations are shut down.

A

A. In a parallel test, some systems are run at the alternate site, and the results are compared with how processing takes place at the primary site. This is to ensure that the systems work in that area and productivity is not affected. This also extends the previous test and allows the team to walk through the steps of setting up and configuring systems at the offsite facility.

19
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

Which of the following describes a structured walk-through test?A. It is performed to ensure that critical systems will run at the alternate site.B. All departments receive a copy of the disaster recovery plan and walk through it.C. Representatives from each department come together and review the steps of the test collectively without actually performing those steps.D. Normal operations are shut down.

A

C. During a structured walk-through test, functional representatives review the plan to ensure its accuracy and that it correctly and accurately reflects the company’s recovery strategy.

20
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

When is the emergency actually over for a company?A. When all people are safe and accounted forB. When all operations and people are moved back into theprimary siteC. When operations are safely moved to the offsite facilityD. When a civil official declares that all is safe

A

B. The emergency is not actually over until the company moves back into its primary site. The company is still vulnerable and at risk while it is operating in an altered or crippled state. This state of vulnerability is not over until the company is operating in the way it was prior to the disaster. Of course, this may mean that the primary site has to be totally rebuilt if it was destroyed

21
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

Which of the following does not describe a reciprocal agreement?A. The agreement is enforceable.B. It is a cheap solution.C. It may be able to be implemented right after a disaster.D. It could overwhelm a current data processing site.

A

A. A reciprocal agreement is not enforceable, meaning that the company that agreed to let the damaged company work out of its facility can decide not to allow this to take place. A reciprocal agreement is a better secondary backup option if the original plan falls through.

22
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

Which of the following describes a cold site?A. Fully equipped and operational in a few hoursB. Partially equipped with data processing equipmentC. Expensive and fully configuredD. Provides environmental measures but no equipment

A

D. A cold site only provides environmental measures—wiring, air conditioning, raised floors—basically a shell of a building and no more.

23
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

Which of the following best describes what a disaster recovery planshould contain?A. Hardware, software, people, emergency procedures, recovery proceduresB. People, hardware, offsite facilityC. Software, media interaction, people, hardware, management issuesD. Hardware, emergency procedures, software, identified risk

A

A. The recovery plan should contain information about how to deal with people, hardware, software, emergency procedures, recovery procedures, facility issues, and supplies.

24
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

Which of the following is not an advantage of a hot site?A. Offers many hardware and software choices.B. Is readily available.C. Can be up and running in hours.D. Annual testing is available.

A

A. Because hot sites are fully equipped, they do not allow for a lot of different hardware and software choices. The subscription service offers basic software and hardware products, and does not usually offer a wide range of proprietary items

25
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

Disaster recovery plans can stay updated by doing any of thefollowing except:A. Making disaster recovery a part of every business decisionB. Making sure it is part of employees’ job descriptionsC. Performing regular drills that use the planD. Making copies of the plan and storing them in an offsite facility

A

D. The plan should be part of normal business activities. A lot of time and resources go into creating disaster recovery plans, after which they are usually stored away and forgotten. They need to be updated continuously as the environment changes to ensure that the company can properly react to any type of disaster or disruption

26
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

Business continuity planning needs to provide several types of functionalities and protection types for an organization. Which of the following is not one of these items?i. Provide an immediate and appropriate response to emergency situationsii. Protect lives and ensure safetyiii. Reduce business conflictsiv. Resume critical business functionsv. Work with outside vendors during the recovery periodvi. Reduce confusion during a crisisvii. Ensure survivability of the businessviii. Get “up and running” quickly after a disasterA. ii, iii, viiB. ii, iii, v, viC. iiiD. i, ii

A

C. Preplanned procedures allow an organization toi. Provide an immediate and appropriate response to emergency situationsii. Protect lives and ensure safetyiii. Reduce business impactiv. Resume critical business functionsv. Work with outside vendors during the recovery periodvi. Reduce confusion during a crisisvii. Ensure survivability of the businessviii. Get “up and running” quickly after a disaster

27
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

Which of the following have incorrect definition mapping when it comes to disaster recovery steps?i. Develop the continuity planning policy statement. Write a policy that provides the guidance necessary to develop a BCP and that assigns authority to the necessary roles to carry out these tasks.Chapter 8: Business Continuity and Disaster Recovery971ii. Conduct the BIA. Identify critical functions and systems, and allow the organization to prioritize them based on necessity. Identify vulnerabilities and threats, and calculate risks.iii. Identify preventive controls. Once threats are recognized, identify and implement controls and countermeasures to reduce the organization’s risk level in an economical manner.iv. Develop recovery strategies. Write procedures and guidelines for how the organization can still stay functional in a crippled state.v. Develop the contingency plan. Formulate methods to ensure systems and critical functions can be brought online quickly.vi. Test the plan and conduct training and exercises. Test the plan to identify deficiencies in the BCP, and conduct training to properly prepare individuals on their expected tasks.vii. Maintain the plan. Put in place steps to ensure the BCP is a living document that is updated regularly.A. iii, iv, vB. ii, viiC. iv, vD. iii, iv, v

A

C. The correct disaster recovery steps and their associated definition mappings are laid out as follows:i. Develop the continuity planning policy statement. Write a policy that provides the guidance necessary to develop a BCP and that assigns authority to the necessary roles to carry out these tasks.ii. Conduct the BIA. Identify critical functions and systems, and allow the organization to prioritize them based on necessity. Identify vulnerabilities and threats, and calculate risks.iii. Identify preventive controls. Once threats are recognized, identify and implement controls and countermeasures to reduce the organization’s risk level in an economical manner.iv. Develop recovery strategies. Formulate methods to ensure systems and critical functions can be brought online quickly.v. Develop the contingency plan. Write procedures and guidelines for how the organization can still stay functional in a crippled state.vi. Test the plan and conduct training and exercises. Test the plan to identify deficiencies in the BCP, and conduct training to properly prepare individuals on their expected tasks.vii. Maintain the plan. Put in place steps to ensure the BCP is a living document that is updated regularly.

28
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

Sam is a manager who is responsible for overseeing the development and the approval of the business continuity plan. He needs to make sure that his team is creating correct and all-inclusive loss criteria when it comes to potential business impacts. Which of the following is not a negative characteristic or value that is commonly included in the criteria?i. Loss in reputation and public confidenceii. Loss of competitive advantagesiii. Decrease in operational expensesiv. Violations of contract agreementsv. Violations of legal and regulatory requirementsvi. Delayed income costsvii. Loss in revenueviii. Loss in productivityA. i, vii, viiiB. iii, v, viC. iiiD. vi

A

C. Loss criteria must be applied to the individual threats that were identified. The criteria should include at least the following:• Loss in reputation and public confidence• Loss of competitive advantages• Increase in operational expenses• Violations of contract agreements• Violations of legal and regulatory requirements• Delayed income costs• Loss in revenue• Loss in productivity

29
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

Which of the following best describes the relationship between high-availability and disaster recovery techniques and technologies?A. High-availability technologies and processes are commonly put into place so that if a disaster does take place, either availability of the critical functions continues or the delay of getting them back online and running is low.B. High availability deals with asynchronous replication and recovery time objective requirements, which increases disaster recovery performance.C. High availability deals with synchronous replication and recovery point objective requirements, which increases disaster recovery performance.D. Disaster recovery technologies and processes are put into place to provide high-availability service levels.

A

A. High availability and disaster recovery are not the same, but they have a relationship. High-availability technologies and processes are commonly put into place so that if a disaster does take place, either availability of the critical functions continues or the delay of getting them back online and running is low.

30
Q

CISSP (Chapter 8 - Business Continuity and Disaster Recovery)

Susan is the new BCM coordinator and needs to identify various preventive and recovery solutions her company should implement for BCP\DRP efforts. She and her team have carried out an impact analysis and found out that the company’s order processing functionality cannot be out of operation for more than 15 hours. She has calculated that the order processing systems and applications must be brought back online within eight hours after a disruption. The analysis efforts have also indicated that the data that are restored cannot be older than five minutes of current real-time data. Which of the following best describes the metrics and their corresponding values that Susan’s team has derived?A. MTD of the order processing functionality is 15 hours. RPO value is8 hours. WRT value is 7 hours. RTO value is 5 minutes.B. MTD of the order processing functionality is 15 hours. RTO value is8 hours. WRT value is 7 hours. RPO value is 5 minutes.C. MTD of the order processing functionality is 15 hours. RTO value is7 hours. WRT value is 8 hours. RPO value is 5 minutes.D. MTD of the order processing functionality is 8 hours. RTO value is15 hours. WRT value is 7 hours. RPO value is 5 minutes.

A

B. The order processing functionality as a whole has to be up and running within 15 hours, which is the maximum tolerable downtime (MTD). The systems and applications have to be up and running in eight hours, which is the Recovery Time Objective (RTO). RTO deals with technology, but we still need processes and people in place to run the technology. Work Recovery Time (WRT) is the remainder of the overall MTD value. RTO usually deals with getting the infrastructure and systems back up and running, and WRT deals with restoring data, testing processes, and then making everything “live” for production purposes. The data that are restored for this function can onlybe five minutes old; thus, the Recovery Point Objective (RPO) has the valueof five minutes.