Continuity

Question 1

What is CONOPS?

___ of _____

Answer 1

Concept of Operations (Cloud SP)

Question 2

How does CONOPS help organization ?

Helps ___ to document in ___ ____ what is _____ built for IS

Answer 2

Helps org to document in plain language what is Required & built for Information System

Question 3

Which of the following statements correctly depicts the use of a Concept of Operations (CONOP) document?

A. Mandatory document required by ISO 27001 related
to security operations
B. Mandatory document required by ISSO 27023 related
to security operations
C. It helps an org to document in plain language what is
required and what should be built for an information
system
D. It provide requirements for an org to implem security
mgmt related to identity and access mgmt.

Answer 3

C. It helps an org to document in plain language what is
required and what should be built for an information
system

Question 4

Bus Continuity contains 3 key elements?
_____ bounce back
_____ Planning
_____ Restore

Answer 4

1. Resilience (Bounce back)
2. Contingency (Planning)
3. Recovery (Restore)

Question 5

Which of the following actions should a company take if a cloud computing provider ceases to uphold their contract?

A. Consult the company’s exit plan.
B. Move the company data to the backup provider that was selected earlier.
C. Re-host all critical applications on the company’s internal servers.
D. Evaluate the company’s strategic options for an alternative provider

Answer 5

A. Consult the company’s exit plan.

Question 6

Which of the following actions should a company take if a cloud computing provider ceases to uphold their contract?

A. Consult the company’s exit plan.
B. Move the company data to the backup provider that was selected earlier.
C. Re-host all critical applications on the company’s internal servers.
D. Evaluate the company’s strategic options for an alternative provider

Answer 6

A. Consult the company’s exit plan.

Question 7

What (4) concerns do you consider with Bus Continuity Outage Support?
____ _____
____ of Data can afford to ____
How quickly you need to restore ____ _____
How vulnerable are ____ to _______

Answer 7

1. Most Critical Processes
2. Amount of data can afford to lose?
3. How quickly do you need to restore Critical
   Processes?
4. How Vulnerable are operations to disasters?

Question 8

What (2) do you consider for BIA Business Impact Analysis
Identify all ___ ____
Assign level of ____ to each _____

Answer 8

1. Identify all Bus function

2. Assign level of importance to each func

Question 9

With Bus Continuity in Cloud what 4 benefits are there with using the cloud? (4)
Resource \_\_\_\_\_, \_\_\_\_\_\_
\_\_ \_\_\_\_\_\_\_\_ service
\_\_\_\_\_ of service
Service \_\_\_\_\_\_\_

Answer 9

1. Resource pooling & elasticity
2. Self-serve ON DEMAND service
3. Quality of service
4. Selection of service location

Question 10

What are the 7 steps of Bus Continuity Plan (BCP)(7)?
Document ___ ______
Work ___ _____
External ________ ie: Utility, municipal, police, fire, water, hospital, post office, office
Critical (2) _____ & _____
Contingency (2) ____ & ______
Create ___ __ ______
__________, stakeholders, members, impact by CBP

Answer 10

1. Document key personnel
2. (WORK ANY LOCATION) Telecommute / work
   anywhere
3. External Suppliers – Utility, municipal, office, police,
   fire, water, hospital, post office
4. Critical (2) equipment and docs
   Equipment – Fax, Copy, printers
   Documents
5. Contingency (2) equipment and location
   Equipment
   Location
6. Create HOW to instructions
7. Communication – stakeholders, members, impact by
   CBP

Question 11

What are the PROS for Cloud Bus Continuity Plan (BCP)? (5)

1. _____
2. _______ _______
3. Save __, __, ______
4. Working _____
5. Access data _______

Answer 11

1. Storage, BU
2. Offsite locations
3. Save HW, SW, Infrastructure
4. Remote Working
5. Access data anywhere

Question 12

What are the CONS for Cloud Bus Continuity Plan (BCP)?

1. Existing BCP, could be ______
2. Need clear _____
3. Choose appropriate ___ to ____
4. Consider ______
5. Ensure relationship w/ ___
6. Take time, careful to _______

Answer 12

1. If org has existing BCP, chg plans could be expensive
2. Need a CLEAR SLA
3. Choose appropriate services to bus
4. Consider policy
5. Ensure credible relationship w/ SP
6. FIPS 42 / ISO 9001
7. Use small steps to implemlement

Question 13

A company would like to move an application to the cloud which resides on a single physical server in their data center. The server has two drives, one of which hosts the operating system, and the other hosts the application data. The operating system has been showing errors recently and the application data was corrupted last Friday at 4:00PM. Data is backed up every day at 1:00AM. Which of the following would be the BEST option for migrating this application to the
cloud?

A. Setup a server in the cloud, install an operating system, install the application, and copy the data
to the cloud server from last Friday’s backup
B. Setup a server in the cloud, install an operating system, install and configure the application, and
copy the data to the cloud server from last Thursday’s backup
C. Clone or P2V the server with both drives to the cloud platform
D. Clone or P2V the server with the application drive to the cloud platform and copy the operating
system to the cloud server

Answer 13

A. Setup a server in the cloud, install an operating system, install the application, and copy the data
to the cloud server from last Friday’s backup

Question 14

Which of the following is a negative business impact of cloud computing?
A. It lowers the company’s overall application processing availability.
B. It is difficult to implement problem management.
C. It is more difficult to ensure policy compliance.
D. It slows down the company’s ability to deal with server capacity issues.

Answer 14

C. It is more difficult to ensure policy compliance.

Question 15

What are the 6 Common causes data losses occur due to disaster

Answer 15

1. Natural Disasters
2. Application failure
3. System failure
4. Network failure
5. Network Intrusion
6. Hacking or Malicious code

Question 16

RPO

Answer 16

Recovery Point Objective

Question 17

What is RPO?

Data Loss measured in _____
If RPO = 1 hrs and it is noon, then recovery must include all data up to ____ AM or PM

Answer 17

Recovery Point Objective
Data LOSS measured in time
If RPO = 1 hrs … and it is noon, then recovery must incl all data up to 11AM

Question 18

RTO

Answer 18

Recovery Time Objective

Question 19

What is RTO?
______________________
If RTO = 8 hrs … and it is noon, then the back uptime must be ______ AM or PM

Answer 19

Recovery Time Objective
Downtime: Back up restoration
If RTO = 8 hrs … and it is noon, then the back uptime must by 8PM

Question 20

MTO

Answer 20

Max Tolerable Outage

Question 21

What is MTO?

Means: ___ ___ down before _________ org object

Answer 21

Max tolerable Outage

Max amount time sys down before compromise org object

Question 22

MTTR

Answer 22

Mean Time to Repair

Question 23

What is MTTR?
____ ____ to repair device
measured by: _____ time / # ______

Answer 23

Mean Time to Repair
Average time to repair device (incl latency)
Maintenance time / # actions

Question 24

MTBF

Answer 24

Mean Time Before Failure

Question 25

What is MTBF?
______ time for failure of device
measured by: Total ____ hrs expected before ______

Answer 25

Mean Time Before Failure
Expected time for failure of device
Total unit hours expected

Question 26

What is difference between MTTR versus MTBF?

MTTR is ___ time to fix, and MTBF is the ______ ____ of the device before it quits.

Answer 26

MTTR is the AVG time to fix, and MTBF is the expected life of the device before it quits.

Question 27

Which of the following technologies are related to Web services?
A. HTML, IDM, JSON
B. HTML, IDM, XML
C. HTML, JSON, XML
D. DM, JSON, XML

Answer 27

C. HTML, JSON, XML

Question 28

How does cloud computing improve business flexibility?

A. Easier access by users outside of the organization
B. Faster deployment of applications
C. Rapidly growing and shrinking capacity
D. All of the above are correct

Answer 28

D. All of the above are correct

Question 29

7 Areas to look for when considering cloud?

Answer 29

1. Storage
2. Scalability
3. Uptime/ Availability
4. DR
5. Security
6. Compliance i.e.: HIPPA
7. Support – multi channel i.e.: phone, chat, Email ,
   Social Media

Question 30

KPI

Answer 30

Key Performance Indicator

Question 31

Why are KPI important in Cloud?
Cloud sys are built to handle changing workloads.
It is important to state your ______, __ ____, and KPIs to know the workload can grow w/o impacting responsiveness, _______, or ________

Answer 31

Because cloud systems are built to handle changing workloads in a flexible manner, it is important to
state your requirements, service levels, and KPIs so that we can confirm the ability of workloads to
grow without impacting responsiveness, throughput, or availability.

Question 32

What should those KPI performance requirements be for the Cloud?(5)
__________ handle 6K trxn per min w/ 95% response
__________ response, util, avail, resolution
__________ Meas goals supports SLA
__________ Supported by agreement
__________ %time sys avail/down during avail WIN

Answer 32

1. Performance / Scalability Requirements ie: handle 6K
   transaction per min with 95% response time not to
   exceed 5 min.
2. Service Levels - response, utilization, avail, service
   level, problem turnaround
3. SLO service level objective - measurable goals
   supports SLA
4. SLA Supported by agreement
5. KPI Key Performance Indicators - % time sys was
   available (down) during available window

Question 33

What is Cloud Container?
Container is form of __ _____ that is more efficient than __ _________
Alt to __ level ________
Runs multiple _____ ____ on single host
Uses 1 kernel per ____, vs FM 1 kernel per ____
* RHEL has ___ ____ same kernel technology

Answer 33

1. Container is form of OS virtualization that is more
   efficient than HW virtualization
2. Alt to OS level virtualization
3. Used to run multiple isolated sys on single host
4. Uses same kernel (1) per container vs VM (1) kernel
   per VM
5. RHEL has OPEN-SHIFT (same kernel technology)

Question 34

What are benefits of Containers vs OS level virtualization (VMs)

1. NO _____ ______
2. Containers based on ______
3. Cloud native applic work in ___ ___ vs using ____ ___

Answer 34

1. No kernel isolation – just sys lib(s) and binaries to
   allow isolation btw containers
2. Containers are based on LINUX
3. Cloud native applications work in real time vs using
   VM services

Question 35

Containers by default are ?

1. ______
2. Containers cannot be accessed by ___ ____
   why: ? Need __ #, ____
3. _ _ _ containers , tokens, access key + secret access key

Answer 35

1. Secure - Sandboxed
2. Containers cannot be accessed by
   outside sources!!! Need port #, packaged
3. API – containers, tokens
   (access key ID + secret access key

Question 36

Virtualization vs Containerization
Which eliminates boot time / starts in seconds and why?
______ are ______ programs in one ____

Answer 36

Containers start in seconds, because they are not added VMs, they are compiled programs in one unit.

Question 37

Virually all PaaS sys has _______ foundation for running their platform tools.

Answer 37

Container foundation built in

Question 38

Virtualization vs Containerization
Which on e has Emulation of devices?

What does the other have?

Answer 38

Virtualization

Containers uses ACLs Plus Sys call

Question 39

Virtualization vs Containerization

Which one has Svc Deployment (individual components)

Answer 39

Containers

Question 40

A container is a form of 1__ 2_____ that is more efficient than typical HW Virtualization.

Answer 40

1 OS

2 Virtualization

Question 41

Containers can be used as alt to OS level Virtualization to ?

Answer 41

run multiple isolated systems on single host

Question 42

Which of the following character associated to OS-level Virtualization and not Containers?
A. Applying limits per process
B. Single Network file system caching
C. Emulation of devices
D. Single kernel

Answer 42

C. Emulation of devices

*OS level virtualization is based on emulation of devices (imitating another sys); whereas containers uses ACLs Plus syscall.

Question 43

What is DOCKER? (Moby)
Docker is ____ ____ engine w/ deployment any applic as ____ ____

Create lightweight private ____ environment

Answer 43

Docker is OPEN-Source engine w/ deployment any application as portable container that runs virtually anywhere.
Examples:
- Same container in Development tests on laptop at
scale, in Prod, on VMs, bare-metal servers,
OpenStack clusters, public instances, or combination
of these.
- Useful for deployment package of applications
- Creation lightweight private PaaS environment
- Automatic test/ continuous deployment
- Deploying/Scaling web apps, Db, backend services

*Red Hat supports Docker

Question 44

What is BIG DATA

Any collection of data sets so ____/______ it becomes difficult to process using DBMS
i.e.: _____ ______, _____ Source SW for storage
Datasets on ________ of HW

Answer 44

Any collection of data sets so large/complex becomes difficult to process using on-hand DB Mgmt tools
Examples:
- Apache Hadoop OPEN-Source SW for storage (large
scale processing)of datasets on clusters of
commodity HW.
- MapReduce used for BigData on clusters

Question 45

BIG DATA Challenges are same as traditional data
Data \_\_\_
Data \_\_ \_\_\_
Data \_\_\_
Data \_\_\_\_
Data \_\_\_\_\_\_
Data \_\_\_\_\_

Answer 45

1. Data Location
2. Data at Rest
3. Data Loss
4. Data Classification
5. Data Reminisce
6. Data Security

Question 46

What is Software Security Assurance?

Helps ___ / ____ SW that protects the data / resource

Answer 46

Helps design / implement Software that protects the data / resources contained in and controlled by the Software.

Question 47

APP Service Governance = (2 streams)

___ Mgmt + ____ Governance

Answer 47

API Mgmt + SOA Governance

Question 48

APIs are used for?

____ of ____

Answer 48

Integration of Services becoming channel for revenue

Question 49

API (application program interface) 
How does it differ from SOA ?
All Services use _ _ _ _
All services \_\_\_\_ from \_\_\_\_
\_\_ Barrier to use verbs/actions
Services use \_\_\_\_ \_\_\_ \_\_\_

Answer 49

All Services use REST
All services discover-able from portal
Low Barrier to use verbs/actions
Services use defacto Sec Standards

Question 50

SOA (Software Oriented Architecture)
How does it differ from API?
All Services use _ _ _ _ / _ _ _ _ interface
All services ______ from _ _ _ _____/Repos
___ Barrier to use verbs/actions
Services should use _ _ * Security

Answer 50

All Services use SOAP/WSDL interface
All services discover-able from SOA registry / Repos
High Barrier to use verbs/actions
Services should use WS-* Security

Question 51

What is not a char of SOA?

A. All components should be exposed as services
B. All services should use SOAP/WSDL interfaces
C. All services are discoverable from a portal
D. All services should use WS-* security

Answer 51

C. All services are discoverable from a portal

Question 52

DR TIER Data Storage (5)
Tier Data Recovery Restoration
0 0 offsite NO DR Plan Weeks/unsuccess
1 BU no hot site Need Config Time laboring
2 BU w/ hot site standby server
3 Electronic vault BU to hot site Netwk accessible
4. Pt in time copy Use remote site Netwk accessible
5. Trxn Integrity BEST. (=) PROD No loss of data

Answer 52

Tier 0
No offsite data. No DR Plan/ No saved data Recovery: Weeks / unsuccessful
Tier 1
Data BU w/o Hot site. Recovery: Need configuration / time laboring
Tier 2
Data BU w/ hot site. Hot BU site Recovery: Can run application at stand by servers
Tier 3
Electronic Vault. BU data accessible to hot site. Recovery: Network access is accessible
Tier 4
Point in time copies. Uses remote site. Recovery: Accessible by network
Tier 5
Transaction Integrity. BEST. Integrity means transaction are consistent btw PROD and recovery sites
Recovery: Should be no loss of data

Question 53

Consider the context of data center avail and physical Sec. Which Tier ensures highest AVAILABILITY

Tier I
Tier II
Tier III
Tier IV

Answer 53

Tier IV

Question 54

How many tiers should an ISCM per NIST 800-137 have:
A. 2 – Tier 1 (Org Bus Process), Tier 2 (Cloud Computing
Strategy Implem)
B. 2 – Tier 1 (Cloud Computing Strategy Implem), Tier 2
(Org Bus Process)
C. 3 – Tier 1 (Org Bus Process), Tier 2 (ICSM Strategy)
Tier 3 (Cloud Computing Strategy Implem)
D. 3 – Tier 1 (Cloud Computing Strategy Implem), Tier 2
(Org Bus Process), Tier 3 (ICSM Strategy)

Answer 54

C. 3 – Tier 1 (Org Bus Process), Tier 2 (ICSM Strategy) 
     Tier 3 (Cloud Computing Strategy Implem)

Question 55

DR TIER Data Storage
What Tier is Point in Time Copy?
Uses _____ site?
Is it netwk accessible?

Answer 55

1. Tier 4
2. Uses (Remote) site
3. Yes Network Accessible

Question 56

DR TIER Data Storage
Which is best of Tier 0 - 2?
Why?

Answer 56

Tier 2

because it has a hot site and standby server

Question 57

DR TIER DATA Storage
What is best Tier? 0 - 5
Why? (3)
_____ _____. ______ ______, NO _____ ____

Answer 57

Tier 5

Trxn Integrity, it matches production, no loss of data