CISSP Sybex Official Study Guide Chapter 18 Review Questions Flashcards

1
Q

What is the end goal of disaster recovery planning?

A. Preventing business interruption
B. Setting up temporary business operations
C. Restoring normal business activity
D. Minimizing the impact of a disaster

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 840). Wiley. Kindle Edition.

A

C. Restoring normal business activity

Explanation:
Once a disaster interrupts the business operations, the goal of DRP is to restore regular business activity as quickly as possible. Thus, disaster recovery planning picks up where business continuity planning leaves off.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which one of the following is an example of a man-made disaster?

A. Tsunami
B. Earthquake
C. Power outage
D. Lightning strike

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 840). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 840). Wiley. Kindle Edition.

A

C. Power outage

Explanation:
A power outage is an example of a man-made disaster. The other events listed—tsunamis, earthquakes, and lightning strikes—are all naturally occurring events.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

According to the Federal Emergency Management Agency, approximately what percentage of U.S. states is rated with at least a moderate risk of seismic activity?

A. 20 percent
B. 40 percent
C. 60 percent
D. 80 percent

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 840). Wiley. Kindle Edition.

A

D. 80 percent

Explanation:
Forty-one of the 50 U.S. states are considered to have a moderate, high, or very high risk of seismic activity. This rounds to 80 percent to provide the value given in option D.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which one of the following disaster types is not usually covered by standard business or homeowner’s insurance?

A. Earthquake
B. Flood
C. Fire
D. Theft

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 840). Wiley. Kindle Edition.

A

B. Flood

Explanation:
Most general business insurance and homeowner’s insurance policies do not provide any protection against the risk of flooding or flash floods. If floods pose a risk to your organization, you should consider purchasing supplemental flood insurance under FEMA’s National Flood Insurance Program.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which one of the following controls provides fault tolerance for storage devices?

A. Load balancing
B. RAID
C. Clustering
D. HA pairs

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 840). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 840). Wiley. Kindle Edition.

A

B. RAID

Explanation:
Redundant arrays of inexpensive disks (RAID) are fault tolerance controls that allow an organization’s storage service to withstand the loss of one or more individual disks. Load balancing, clustering, and HA pairs are all fault tolerance services designed for servers, not storage.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which one of the following storage locations provides a good option when the organization does not know where it will be when it tries to recover operations?

A. Primary data center
B. Field office
C. Cloud computing
D. IT manager’s home

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 840). Wiley. Kindle Edition.

A

C. Cloud computing

Explanation:
Cloud computing services provide an excellent location for backup storage because they are accessible from any location.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does the term “100-year flood plain” mean to emergency preparedness officials?

A. The last flood of any kind to hit the area was more than 100 years ago.
B. The odds of a flood at this level are 1 in 100 in any given year.
C. The area is expected to be safe from flooding for at least 100 years.
D. The last significant flood to hit the area was more than 100 years ago.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 841). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 841). Wiley. Kindle Edition.

A

B. The odds of a flood at this level are 1 in 100 in any given year.

Explanation:
The term 100-year flood plain is used to describe an area where flooding is expected once every 100 years. It is, however, more mathematically correct to say that this label indicates a 1 percent probability of flooding in any given year.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In which one of the following database recovery techniques is an exact, up-to-date copy of the database maintained at an alternative location?

A. Transaction logging
B. Remote journaling
C. Electronic vaulting
D. Remote mirroring

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 841). Wiley. Kindle Edition.

A

D. Remote mirroring

Explanation:
When you use remote mirroring, an exact copy of the database is maintained at an alternative location. You keep the remote copy up-to-date by executing all transactions on both the primary and remote site at the same time.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What disaster recovery principle best protects your organization against hardware failure?

A. Consistency
B. Efficiency
C. Redundancy
D. Primacy

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 841). Wiley. Kindle Edition.

A

C. Redundancy

Explanation:
Redundant systems/components provide protection against the failure of one particular piece of hardware.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What business continuity planning technique can help you prepare the business unit prioritization task of disaster recovery planning?

A. Vulnerability analysis
B. Business impact assessment
C. Risk management
D. Continuity planning

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 841). Wiley. Kindle Edition.

A

B. Business impact assessment

Explanation:
During the business impact assessment phase, you must identify the business priorities of your organization to assist with the allocation of BCP resources. You can use this same information to drive the DRP business unit prioritization.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which one of the following alternative processing sites takes the longest time to activate?

A. Hot site
B. Mobile site
C. Cold site
D. Warm site

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 841). Wiley. Kindle Edition.

A

C. Cold site

Explanation:
The cold site contains none of the equipment necessary to restore operations. All of the equipment must be brought in and configured and data must be restored to it before operations can commence. This often takes weeks.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the typical time estimate to activate a warm site from the time a disaster is declared?

A. 1 hour
B. 6 hours
C. 12 hours
D. 24 hours

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 841). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 841). Wiley. Kindle Edition.

A

C. 12 hours

Explanation:
Warm sites typically take about 12 hours to activate from the time a disaster is declared. This is compared to the relatively instantaneous activation of a hot site and the lengthy time (at least a week) required to bring a cold site to operational status.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 981). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 981). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which one of the following items is a characteristic of hot sites but not a characteristic of warm sites?

A. Communications circuits
B. Workstations
C. Servers
D. Current data

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 842). Wiley. Kindle Edition.

A

D. Current data

Explanation:
Warm sites and hot sites both contain workstations, servers, and the communications circuits necessary to achieve operational status. The main difference between the two alternatives is the fact that hot sites contain near-real-time copies of the operational data and warm sites require the restoration of data from backup.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 981). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What type of database backup strategy involves maintenance of a live backup server at the remote site?

A. Transaction logging
B. Remote journaling
C. Electronic vaulting
D. Remote mirroring

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 842). Wiley. Kindle Edition.

A

D. Remote mirroring

Explanation:
Remote mirroring is the only backup option in which a live backup server at a remote site maintains a bit-for-bit copy of the contents of the primary server, synchronized as closely as the latency in the link between primary and remote systems will allow.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 981). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 981). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What type of document will help public relations specialists and other individuals who need a high-level summary of disaster recovery efforts while they are under way?

A. Executive summary
B. Technical guides
C. Department-specific plans
D. Checklists

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 842). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 842). Wiley. Kindle Edition.

A

A. Executive summary

Explanation:
The executive summary provides a high-level view of the entire organization’s disaster recovery efforts. This document is useful for the managers and leaders of the firm as well as public relations personnel who need a nontechnical perspective on this complex effort.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 981). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What disaster recovery planning tool can be used to protect an organization against the failure of a critical software firm to provide appropriate support for their products?

A. Differential backups
B. Business impact assessment
C. Incremental backups
D. Software escrow agreement

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 842). Wiley. Kindle Edition.

A

D. Software escrow agreement

Explanation:
Software escrow agreements place the application source code in the hands of an independent third party, thus providing firms with a “safety net” in the event a developer goes out of business or fails to honor the terms of a service agreement.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 981). Wiley. Kindle Edition.

16
Q

What type of backup involves always storing copies of all files modified since the most recent full backup?

A. Differential backups
B. Partial backup
C. Incremental backups
D. Database backup

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 842). Wiley. Kindle Edition.

A

A. Differential backups

Explanation:
Differential backups involve always storing copies of all files modified since the most recent full backup regardless of any incremental or differential backups created during the intervening time period.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 981). Wiley. Kindle Edition.

17
Q

What combination of backup strategies provides the fastest backup creation time?

A. Full backups and differential backups
B. Partial backups and incremental backups
C. Full backups and incremental backups
D. Incremental backups and differential backups

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 842). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 842). Wiley. Kindle Edition.

A

C. Full backups and incremental backups

Explanation:
Any backup strategy must include full backups at some point in the process. Incremental backups are created faster than differential backups because of the number of files it is necessary to back up each time.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 981). Wiley. Kindle Edition.

18
Q

What combination of backup strategies provides the fastest backup restoration time?

A. Full backups and differential backups
B. Partial backups and incremental backups
C. Full backups and incremental backups
D. Incremental backups and differential backups

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 843). Wiley. Kindle Edition.

A

A. Full backups and differential backups

Explanation:
Any backup strategy must include full backups at some point in the process. If a combination of full and differential backups is used, a maximum of two backups must be restored. If a combination of full and incremental backups is chosen, the number of required restorations may be unlimited.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 981). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 981). Wiley. Kindle Edition.

19
Q

What type of disaster recovery plan test fully evaluates operations at the backup facility but does not shift primary operations responsibility from the main site?

A. Structured walk-through
B. Parallel test
C. Full-interruption test
D. Simulation test

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 843). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 843). Wiley. Kindle Edition.

A

B. Parallel test

Explanation:
Parallel tests involve moving personnel to the recovery site and gearing up operations, but responsibility for conducting day-to-day operations of the business remains at the primary operations center.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 981). Wiley. Kindle Edition.