CISSP Sybex Official Study Guide Chapter 18 Review Questions Flashcards
What is the end goal of disaster recovery planning?
A. Preventing business interruption
B. Setting up temporary business operations
C. Restoring normal business activity
D. Minimizing the impact of a disaster
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 840). Wiley. Kindle Edition.
C. Restoring normal business activity
Explanation:
Once a disaster interrupts the business operations, the goal of DRP is to restore regular business activity as quickly as possible. Thus, disaster recovery planning picks up where business continuity planning leaves off.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.
Which one of the following is an example of a man-made disaster?
A. Tsunami
B. Earthquake
C. Power outage
D. Lightning strike
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 840). Wiley. Kindle Edition.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 840). Wiley. Kindle Edition.
C. Power outage
Explanation:
A power outage is an example of a man-made disaster. The other events listed—tsunamis, earthquakes, and lightning strikes—are all naturally occurring events.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.
According to the Federal Emergency Management Agency, approximately what percentage of U.S. states is rated with at least a moderate risk of seismic activity?
A. 20 percent
B. 40 percent
C. 60 percent
D. 80 percent
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 840). Wiley. Kindle Edition.
D. 80 percent
Explanation:
Forty-one of the 50 U.S. states are considered to have a moderate, high, or very high risk of seismic activity. This rounds to 80 percent to provide the value given in option D.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.
Which one of the following disaster types is not usually covered by standard business or homeowner’s insurance?
A. Earthquake
B. Flood
C. Fire
D. Theft
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 840). Wiley. Kindle Edition.
B. Flood
Explanation:
Most general business insurance and homeowner’s insurance policies do not provide any protection against the risk of flooding or flash floods. If floods pose a risk to your organization, you should consider purchasing supplemental flood insurance under FEMA’s National Flood Insurance Program.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.
Which one of the following storage locations provides a good option when the organization does not know where it will be when it tries to recover operations?
A. Primary data center
B. Field office
C. Cloud computing
D. IT manager’s home
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 840). Wiley. Kindle Edition.
C. Cloud computing
Explanation:
Cloud computing services provide an excellent location for backup storage because they are accessible from any location.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.
What does the term “100-year flood plain” mean to emergency preparedness officials?
A. The last flood of any kind to hit the area was more than 100 years ago.
B. The odds of a flood at this level are 1 in 100 in any given year.
C. The area is expected to be safe from flooding for at least 100 years.
D. The last significant flood to hit the area was more than 100 years ago.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 841). Wiley. Kindle Edition.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 841). Wiley. Kindle Edition.
B. The odds of a flood at this level are 1 in 100 in any given year.
Explanation:
The term 100-year flood plain is used to describe an area where flooding is expected once every 100 years. It is, however, more mathematically correct to say that this label indicates a 1 percent probability of flooding in any given year.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.
In which one of the following database recovery techniques is an exact, up-to-date copy of the database maintained at an alternative location?
A. Transaction logging
B. Remote journaling
C. Electronic vaulting
D. Remote mirroring
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 841). Wiley. Kindle Edition.
D. Remote mirroring
Explanation:
When you use remote mirroring, an exact copy of the database is maintained at an alternative location. You keep the remote copy up-to-date by executing all transactions on both the primary and remote site at the same time.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.
What disaster recovery principle best protects your organization against hardware failure?
A. Consistency
B. Efficiency
C. Redundancy
D. Primacy
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 841). Wiley. Kindle Edition.
C. Redundancy
Explanation:
Redundant systems/components provide protection against the failure of one particular piece of hardware.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.
What business continuity planning technique can help you prepare the business unit prioritization task of disaster recovery planning?
A. Vulnerability analysis
B. Business impact assessment
C. Risk management
D. Continuity planning
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 841). Wiley. Kindle Edition.
B. Business impact assessment
Explanation:
During the business impact assessment phase, you must identify the business priorities of your organization to assist with the allocation of BCP resources. You can use this same information to drive the DRP business unit prioritization.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.
Which one of the following alternative processing sites takes the longest time to activate?
A. Hot site
B. Mobile site
C. Cold site
D. Warm site
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 841). Wiley. Kindle Edition.
C. Cold site
Explanation:
The cold site contains none of the equipment necessary to restore operations. All of the equipment must be brought in and configured and data must be restored to it before operations can commence. This often takes weeks.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 980). Wiley. Kindle Edition.
What is the typical time estimate to activate a warm site from the time a disaster is declared?
A. 1 hour
B. 6 hours
C. 12 hours
D. 24 hours
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 841). Wiley. Kindle Edition.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 841). Wiley. Kindle Edition.
C. 12 hours
Explanation:
Warm sites typically take about 12 hours to activate from the time a disaster is declared. This is compared to the relatively instantaneous activation of a hot site and the lengthy time (at least a week) required to bring a cold site to operational status.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 981). Wiley. Kindle Edition.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 981). Wiley. Kindle Edition.
Which one of the following items is a characteristic of hot sites but not a characteristic of warm sites?
A. Communications circuits
B. Workstations
C. Servers
D. Current data
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 842). Wiley. Kindle Edition.
D. Current data
Explanation:
Warm sites and hot sites both contain workstations, servers, and the communications circuits necessary to achieve operational status. The main difference between the two alternatives is the fact that hot sites contain near-real-time copies of the operational data and warm sites require the restoration of data from backup.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 981). Wiley. Kindle Edition.
What type of database backup strategy involves maintenance of a live backup server at the remote site?
A. Transaction logging
B. Remote journaling
C. Electronic vaulting
D. Remote mirroring
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 842). Wiley. Kindle Edition.
D. Remote mirroring
Explanation:
Remote mirroring is the only backup option in which a live backup server at a remote site maintains a bit-for-bit copy of the contents of the primary server, synchronized as closely as the latency in the link between primary and remote systems will allow.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 981). Wiley. Kindle Edition.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 981). Wiley. Kindle Edition.
What type of document will help public relations specialists and other individuals who need a high-level summary of disaster recovery efforts while they are under way?
A. Executive summary
B. Technical guides
C. Department-specific plans
D. Checklists
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 842). Wiley. Kindle Edition.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 842). Wiley. Kindle Edition.
A. Executive summary
Explanation:
The executive summary provides a high-level view of the entire organization’s disaster recovery efforts. This document is useful for the managers and leaders of the firm as well as public relations personnel who need a nontechnical perspective on this complex effort.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 981). Wiley. Kindle Edition.
What disaster recovery planning tool can be used to protect an organization against the failure of a critical software firm to provide appropriate support for their products?
A. Differential backups
B. Business impact assessment
C. Incremental backups
D. Software escrow agreement
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 842). Wiley. Kindle Edition.
D. Software escrow agreement
Explanation:
Software escrow agreements place the application source code in the hands of an independent third party, thus providing firms with a “safety net” in the event a developer goes out of business or fails to honor the terms of a service agreement.
Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 981). Wiley. Kindle Edition.
