Continuity Flashcards

1
Q

What is CONOPS?

___ of _____

A

Concept of Operations (Cloud SP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How does CONOPS help organization ?

Helps ___ to document in ___ ____ what is _____ built for IS

A

Helps org to document in plain language what is Required & built for Information System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following statements correctly depicts the use of a Concept of Operations (CONOP) document?

A. Mandatory document required by ISO 27001 related
to security operations
B. Mandatory document required by ISSO 27023 related
to security operations
C. It helps an org to document in plain language what is
required and what should be built for an information
system
D. It provide requirements for an org to implem security
mgmt related to identity and access mgmt.

A

C. It helps an org to document in plain language what is
required and what should be built for an information
system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Bus Continuity contains 3 key elements?
_____ bounce back
_____ Planning
_____ Restore

A
  1. Resilience (Bounce back)
  2. Contingency (Planning)
  3. Recovery (Restore)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following actions should a company take if a cloud computing provider ceases to uphold their contract?

A. Consult the company’s exit plan.
B. Move the company data to the backup provider that was selected earlier.
C. Re-host all critical applications on the company’s internal servers.
D. Evaluate the company’s strategic options for an alternative provider

A

A. Consult the company’s exit plan.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following actions should a company take if a cloud computing provider ceases to uphold their contract?

A. Consult the company’s exit plan.
B. Move the company data to the backup provider that was selected earlier.
C. Re-host all critical applications on the company’s internal servers.
D. Evaluate the company’s strategic options for an alternative provider

A

A. Consult the company’s exit plan.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What (4) concerns do you consider with Bus Continuity Outage Support?
____ _____
____ of Data can afford to ____
How quickly you need to restore ____ _____
How vulnerable are ____ to _______

A
  1. Most Critical Processes
  2. Amount of data can afford to lose?
  3. How quickly do you need to restore Critical
    Processes?
  4. How Vulnerable are operations to disasters?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What (2) do you consider for BIA Business Impact Analysis
Identify all ___ ____
Assign level of ____ to each _____

A
  1. Identify all Bus function

2. Assign level of importance to each func

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
With Bus Continuity in Cloud what 4 benefits are there with using the cloud? (4)
Resource \_\_\_\_\_, \_\_\_\_\_\_
\_\_ \_\_\_\_\_\_\_\_ service
\_\_\_\_\_ of service
Service \_\_\_\_\_\_\_
A
  1. Resource pooling & elasticity
  2. Self-serve ON DEMAND service
  3. Quality of service
  4. Selection of service location
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the 7 steps of Bus Continuity Plan (BCP)(7)?
Document ___ ______
Work ___ _____
External ________ ie: Utility, municipal, police, fire, water, hospital, post office, office
Critical (2) _____ & _____
Contingency (2) ____ & ______
Create ___ __ ______
__________, stakeholders, members, impact by CBP

A
  1. Document key personnel
  2. (WORK ANY LOCATION) Telecommute / work
    anywhere
  3. External Suppliers – Utility, municipal, office, police,
    fire, water, hospital, post office
  4. Critical (2) equipment and docs
    Equipment – Fax, Copy, printers
    Documents
  5. Contingency (2) equipment and location
    Equipment
    Location
  6. Create HOW to instructions
  7. Communication – stakeholders, members, impact by
    CBP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the PROS for Cloud Bus Continuity Plan (BCP)? (5)

  1. _____
  2. _______ _______
  3. Save __, __, ______
  4. Working _____
  5. Access data _______
A
  1. Storage, BU
  2. Offsite locations
  3. Save HW, SW, Infrastructure
  4. Remote Working
  5. Access data anywhere
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the CONS for Cloud Bus Continuity Plan (BCP)?

  1. Existing BCP, could be ______
  2. Need clear _____
  3. Choose appropriate ___ to ____
  4. Consider ______
  5. Ensure relationship w/ ___
  6. Take time, careful to _______
A
  1. If org has existing BCP, chg plans could be expensive
  2. Need a CLEAR SLA
  3. Choose appropriate services to bus
  4. Consider policy
  5. Ensure credible relationship w/ SP
  6. FIPS 42 / ISO 9001
  7. Use small steps to implemlement
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A company would like to move an application to the cloud which resides on a single physical server in their data center. The server has two drives, one of which hosts the operating system, and the other hosts the application data. The operating system has been showing errors recently and the application data was corrupted last Friday at 4:00PM. Data is backed up every day at 1:00AM. Which of the following would be the BEST option for migrating this application to the
cloud?

A. Setup a server in the cloud, install an operating system, install the application, and copy the data
to the cloud server from last Friday’s backup
B. Setup a server in the cloud, install an operating system, install and configure the application, and
copy the data to the cloud server from last Thursday’s backup
C. Clone or P2V the server with both drives to the cloud platform
D. Clone or P2V the server with the application drive to the cloud platform and copy the operating
system to the cloud server

A

A. Setup a server in the cloud, install an operating system, install the application, and copy the data
to the cloud server from last Friday’s backup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following is a negative business impact of cloud computing?
A. It lowers the company’s overall application processing availability.
B. It is difficult to implement problem management.
C. It is more difficult to ensure policy compliance.
D. It slows down the company’s ability to deal with server capacity issues.

A

C. It is more difficult to ensure policy compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the 6 Common causes data losses occur due to disaster

A
  1. Natural Disasters
  2. Application failure
  3. System failure
  4. Network failure
  5. Network Intrusion
  6. Hacking or Malicious code
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

RPO

A

Recovery Point Objective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is RPO?

Data Loss measured in _____
If RPO = 1 hrs and it is noon, then recovery must include all data up to ____ AM or PM

A

Recovery Point Objective
Data LOSS measured in time
If RPO = 1 hrs … and it is noon, then recovery must incl all data up to 11AM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

RTO

A

Recovery Time Objective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is RTO?
______________________
If RTO = 8 hrs … and it is noon, then the back uptime must be ______ AM or PM

A

Recovery Time Objective
Downtime: Back up restoration
If RTO = 8 hrs … and it is noon, then the back uptime must by 8PM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

MTO

A

Max Tolerable Outage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is MTO?

Means: ___ ___ down before _________ org object

A

Max tolerable Outage

Max amount time sys down before compromise org object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

MTTR

A

Mean Time to Repair

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is MTTR?
____ ____ to repair device
measured by: _____ time / # ______

A

Mean Time to Repair
Average time to repair device (incl latency)
Maintenance time / # actions

24
Q

MTBF

A

Mean Time Before Failure

25
Q

What is MTBF?
______ time for failure of device
measured by: Total ____ hrs expected before ______

A

Mean Time Before Failure
Expected time for failure of device
Total unit hours expected

26
Q

What is difference between MTTR versus MTBF?

MTTR is ___ time to fix, and MTBF is the ______ ____ of the device before it quits.

A

MTTR is the AVG time to fix, and MTBF is the expected life of the device before it quits.

27
Q
Which of the following technologies are related to Web services?
A. HTML, IDM, JSON
B. HTML, IDM, XML
C. HTML, JSON, XML
D. DM, JSON, XML
A

C. HTML, JSON, XML

28
Q

How does cloud computing improve business flexibility?

A. Easier access by users outside of the organization
B. Faster deployment of applications
C. Rapidly growing and shrinking capacity
D. All of the above are correct

A

D. All of the above are correct

29
Q

7 Areas to look for when considering cloud?

A
  1. Storage
  2. Scalability
  3. Uptime/ Availability
  4. DR
  5. Security
  6. Compliance i.e.: HIPPA
  7. Support – multi channel i.e.: phone, chat, Email ,
    Social Media
30
Q

KPI

A

Key Performance Indicator

31
Q

Why are KPI important in Cloud?
Cloud sys are built to handle changing workloads.
It is important to state your ______, __ ____, and KPIs to know the workload can grow w/o impacting responsiveness, _______, or ________

A

Because cloud systems are built to handle changing workloads in a flexible manner, it is important to
state your requirements, service levels, and KPIs so that we can confirm the ability of workloads to
grow without impacting responsiveness, throughput, or availability.

32
Q

What should those KPI performance requirements be for the Cloud?(5)
__________ handle 6K trxn per min w/ 95% response
__________ response, util, avail, resolution
__________ Meas goals supports SLA
__________ Supported by agreement
__________ %time sys avail/down during avail WIN

A
  1. Performance / Scalability Requirements ie: handle 6K
    transaction per min with 95% response time not to
    exceed 5 min.
  2. Service Levels - response, utilization, avail, service
    level, problem turnaround
  3. SLO service level objective - measurable goals
    supports SLA
  4. SLA Supported by agreement
  5. KPI Key Performance Indicators - % time sys was
    available (down) during available window
33
Q

What is Cloud Container?
Container is form of __ _____ that is more efficient than __ _________
Alt to __ level ________
Runs multiple _____ ____ on single host
Uses 1 kernel per ____, vs FM 1 kernel per ____
* RHEL has ___ ____ same kernel technology

A
  1. Container is form of OS virtualization that is more
    efficient than HW virtualization
  2. Alt to OS level virtualization
  3. Used to run multiple isolated sys on single host
  4. Uses same kernel (1) per container vs VM (1) kernel
    per VM
  5. RHEL has OPEN-SHIFT (same kernel technology)
34
Q

What are benefits of Containers vs OS level virtualization (VMs)

  1. NO _____ ______
  2. Containers based on ______
  3. Cloud native applic work in ___ ___ vs using ____ ___
A
  1. No kernel isolation – just sys lib(s) and binaries to
    allow isolation btw containers
  2. Containers are based on LINUX
  3. Cloud native applications work in real time vs using
    VM services
35
Q

Containers by default are ?

  1. ______
  2. Containers cannot be accessed by ___ ____
    why: ? Need __ #, ____
  3. _ _ _ containers , tokens, access key + secret access key
A
  1. Secure - Sandboxed
  2. Containers cannot be accessed by
    outside sources!!! Need port #, packaged
  3. API – containers, tokens
    (access key ID + secret access key
36
Q

Virtualization vs Containerization
Which eliminates boot time / starts in seconds and why?
______ are ______ programs in one ____

A

Containers start in seconds, because they are not added VMs, they are compiled programs in one unit.

37
Q

Virually all PaaS sys has _______ foundation for running their platform tools.

A

Container foundation built in

38
Q

Virtualization vs Containerization
Which on e has Emulation of devices?

What does the other have?

A

Virtualization

Containers uses ACLs Plus Sys call

39
Q

Virtualization vs Containerization

Which one has Svc Deployment (individual components)

A

Containers

40
Q

A container is a form of 1__ 2_____ that is more efficient than typical HW Virtualization.

A

1 OS

2 Virtualization

41
Q

Containers can be used as alt to OS level Virtualization to ?

A

run multiple isolated systems on single host

42
Q
Which of the following character associated to OS-level Virtualization and not Containers?
A. Applying limits per process
B. Single Network file system caching
C. Emulation of devices
D. Single kernel
A

C. Emulation of devices

*OS level virtualization is based on emulation of devices (imitating another sys); whereas containers uses ACLs Plus syscall.

43
Q

What is DOCKER? (Moby)
Docker is ____ ____ engine w/ deployment any applic as ____ ____

Create lightweight private ____ environment

A

Docker is OPEN-Source engine w/ deployment any application as portable container that runs virtually anywhere.
Examples:
- Same container in Development tests on laptop at
scale, in Prod, on VMs, bare-metal servers,
OpenStack clusters, public instances, or combination
of these.
- Useful for deployment package of applications
- Creation lightweight private PaaS environment
- Automatic test/ continuous deployment
- Deploying/Scaling web apps, Db, backend services

*Red Hat supports Docker

44
Q

What is BIG DATA

Any collection of data sets so ____/______ it becomes difficult to process using DBMS
i.e.: _____ ______, _____ Source SW for storage
Datasets on ________ of HW

A

Any collection of data sets so large/complex becomes difficult to process using on-hand DB Mgmt tools
Examples:
- Apache Hadoop OPEN-Source SW for storage (large
scale processing)of datasets on clusters of
commodity HW.
- MapReduce used for BigData on clusters

45
Q
BIG DATA Challenges are same as traditional data
Data \_\_\_
Data \_\_ \_\_\_
Data \_\_\_
Data \_\_\_\_
Data \_\_\_\_\_\_
Data \_\_\_\_\_
A
  1. Data Location
  2. Data at Rest
  3. Data Loss
  4. Data Classification
  5. Data Reminisce
  6. Data Security
46
Q

What is Software Security Assurance?

Helps ___ / ____ SW that protects the data / resource

A

Helps design / implement Software that protects the data / resources contained in and controlled by the Software.

47
Q

APP Service Governance = (2 streams)

___ Mgmt + ____ Governance

A

API Mgmt + SOA Governance

48
Q

APIs are used for?

____ of ____

A

Integration of Services becoming channel for revenue

49
Q
API (application program interface) 
How does it differ from SOA ?
All Services use _ _ _ _
All services \_\_\_\_ from \_\_\_\_
\_\_ Barrier to use verbs/actions
Services use \_\_\_\_ \_\_\_ \_\_\_
A

All Services use REST
All services discover-able from portal
Low Barrier to use verbs/actions
Services use defacto Sec Standards

50
Q

SOA (Software Oriented Architecture)
How does it differ from API?
All Services use _ _ _ _ / _ _ _ _ interface
All services ______ from _ _ _ _____/Repos
___ Barrier to use verbs/actions
Services should use _ _ * Security

A

All Services use SOAP/WSDL interface
All services discover-able from SOA registry / Repos
High Barrier to use verbs/actions
Services should use WS-* Security

51
Q

What is not a char of SOA?

A. All components should be exposed as services
B. All services should use SOAP/WSDL interfaces
C. All services are discoverable from a portal
D. All services should use WS-* security

A

C. All services are discoverable from a portal

52
Q

DR TIER Data Storage (5)
Tier Data Recovery Restoration
0 0 offsite NO DR Plan Weeks/unsuccess
1 BU no hot site Need Config Time laboring
2 BU w/ hot site standby server
3 Electronic vault BU to hot site Netwk accessible
4. Pt in time copy Use remote site Netwk accessible
5. Trxn Integrity BEST. (=) PROD No loss of data

A

Tier 0
No offsite data. No DR Plan/ No saved data Recovery: Weeks / unsuccessful
Tier 1
Data BU w/o Hot site. Recovery: Need configuration / time laboring
Tier 2
Data BU w/ hot site. Hot BU site Recovery: Can run application at stand by servers
Tier 3
Electronic Vault. BU data accessible to hot site. Recovery: Network access is accessible
Tier 4
Point in time copies. Uses remote site. Recovery: Accessible by network
Tier 5
Transaction Integrity. BEST. Integrity means transaction are consistent btw PROD and recovery sites
Recovery: Should be no loss of data

53
Q

Consider the context of data center avail and physical Sec. Which Tier ensures highest AVAILABILITY

Tier I
Tier II
Tier III
Tier IV

A

Tier IV

54
Q

How many tiers should an ISCM per NIST 800-137 have:
A. 2 – Tier 1 (Org Bus Process), Tier 2 (Cloud Computing
Strategy Implem)
B. 2 – Tier 1 (Cloud Computing Strategy Implem), Tier 2
(Org Bus Process)
C. 3 – Tier 1 (Org Bus Process), Tier 2 (ICSM Strategy)
Tier 3 (Cloud Computing Strategy Implem)
D. 3 – Tier 1 (Cloud Computing Strategy Implem), Tier 2
(Org Bus Process), Tier 3 (ICSM Strategy)

A
C. 3 – Tier 1 (Org Bus Process), Tier 2 (ICSM Strategy) 
     Tier 3 (Cloud Computing Strategy Implem)
55
Q

DR TIER Data Storage
What Tier is Point in Time Copy?
Uses _____ site?
Is it netwk accessible?

A
  1. Tier 4
  2. Uses (Remote) site
  3. Yes Network Accessible
56
Q

DR TIER Data Storage
Which is best of Tier 0 - 2?
Why?

A

Tier 2

because it has a hot site and standby server

57
Q

DR TIER DATA Storage
What is best Tier? 0 - 5
Why? (3)
_____ _____. ______ ______, NO _____ ____

A

Tier 5

Trxn Integrity, it matches production, no loss of data