Continuity And Recovery 10

Question 0

What is business impact analysis, BIA

Answer 0

A preparation step in BCP development that identifies present organizational risks and determines the impact to ongoing, business critical operations and processes of risks actually occur.
Contain vulnerability assessments and evaluations to determine risks and their impact. Should include all phases of the business to ensure a strong business continuation strategy

Question 1

describe a business continuity plan, BCPs

Answer 1

A policy that defines how an organization will maintain normal day to day business operations in the event of disruption or crisis
Should involve the identification of critical systems and components to ensure that such assets are protected. Also ensures the survival of the organization by preserving key documents, establishing decision making authority, communicating with stakeholders and maintaining financial function. Should address infrastructure issues or fault tolerant systems.
Should be reviewed and tested regularly. The authorized executive should personally sign the plan.

Question 2

What is maximum tolerable downtime, MTD

Answer 2

The longest period of time that a business outage may occur without causing irrecoverable business failure
Can be a range of minutes to hours for critical functions, 24 hours for urgent functions, 7 days for normal functions, etc
Limits the amount of recovery time to resume operations.

Question 3

What is recovery point objective, RPO

Answer 3

The point in time, relative to a disaster, where the data recovery process begins.
Often when the last successful backup is performed before a disruptive event occurs

Question 4

What is recovery time objectives, RTO

Answer 4

The length of time within which normal business operations and activities can be restored following a disturbance.
Includes the necessary recovery time to return to the RPO and reinstate the system and resume processing from its current status. RTO must be achieved before the MTD.

Question 5

What is mean time to recovery, MTTR

Answer 5

The average time taken for a business to recover from an incident or failure and is an offset of the RTO. If exceeds the given RTO, then the business operations need to switch to the alternate site

Question 6

Describe a continuity of operations plan and what it includes

Answer 6

The component of the BCP that provides best practices to mitigate risks, and best measures to recover from the impact of an incident.
Effective plans include :
Auditing resources, staff and operational management
Auditing storage facilities, data centers, os, and software and applications
Auditing networks like LAN and WAN including remote access and authentication systems
Analyzing comprehensive risk and vulnerability
Creating data backups, recovery methods, and emergency response procedures
Establishing a process on how to manage operations during a disaster

Question 7

Name various alternate sites used to restore system functions

Answer 7

A hot site is a fully configured alternate network that can be online quickly after a disaster
A warm site is a location that is dormant or performs non-critical functions under normal conditions but can be rapidly converted to a key operations site if needed
A cold site is a predetermined alternate location where a network can be rebuilt after a disaster.

Question 8

What is an IT contingency plan

Answer 8

A component of the BCP that specifies alternative IT contingency procedures that can be switched to when an organization is faced with an attack or disruption of service
Can include operating out of an alternate site, using alternate equipment or relocating the main system
Effectiveness depends on key personnel understanding the components of the plan and when and how it should be initiated.
Reviewing the checklist to assure all the aspects are in place
Providing adequate training to exercise the plan

Question 9

What is a succession plan

Answer 9

Ensures that all key business personnel have designated backups who can perform critical functions when needed.

Question 10

Describe the business continuity testing methods

Answer 10

Paper testing methods: review plan contents, analyzing the solution, using checklists
Performing walkthroughs: focus on each BCP phase
Parallel testing: test that the systems perform at any alternate offsite facility without taking the main system offline. Simulations effectively test the validity and compliance of the BCP
cutover: this test mimics an actual business disruption by shutting down the original site to test transfer and migration procedures to the alternate site and test operations in an emergency

Question 11

What is disaster recovery plan, DRP

Answer 11

A plan that prepares an organization to react appropriately in the worst case scenario and provide the means to recover from such a disaster
Safety of personnel is most important concern
Can include:
A list and contact info of individuals responsible for recovery
Inventory of hardware and software
A record of important business and customer info required to continue business
A record of procedural manuals and other critical info such as BCPS and IT contingency plans
Specifications for alternate sites

Question 12

What is fault tolerance

Answer 12

The ability of a network or system to withstand a foreseeable component failure and continue to provide an acceptable level of service.
Often employ duplication or redundancy of resources to maintain functionality if one component is damaged or fails.

Question 13

Describe the two redundancy measures

Answer 13

MTTF mean time to failure
The rating that predicts the length of time that a device is expected to be operational
Used to evaluate the reliability of devices or components that are not repaired

MTBF mean time between failures
The rating on devices that predicts the expected time between failures. Based on the MTTF and or MTBF of a system. Must plan for redundancy measures

Question 14

Describe disks redundancy measures

Answer 14

The redundant array of independent disks, RAID standards for fault tolerant configurations on multiple disk systems. If a disk fails data can be recovered from the remaining disks. RAID can be implemented through os software but is more efficient deployed through hardware based. RAID 0, 1, 5. RAID 0 does not reduce the threat of gloss due to disk failures

Question 15

Describe circuits redundancy measures

Answer 15

A backup circuit should be made available and installed to serve as a redundant connection
May be used on an on-demand basis or all the time

Question 16

Describe servers redundancy measures

Answer 16

Sever clustering allows servers to work together to provide access, ensuring minimal data loss from a server failure. Possible decreased performance until the server is restored

Question 17

Describe router redundancy measures

Answer 17

deploy multiple routers in teams to limit the risk of routing failure should a router malfunction. Routers share common configurations and act as one to route and control information. If one fails the remaining routers assume the load and sustain the routing process

Question 18

Describe general hardware redundancy measures

Answer 18

Keep used or spare parts on hand for emergencies. Could be some security or backward compatibility issues with spare parts. Periodically add spare parts to your network to test them

Question 19

Describe power supplies redundancy measures

Answer 19

Power supplies feature two or more units built into one system with capabilities for each to supply power to the entire system. If one of the units fails by means of a hot swap the other unit supplies power

Question 20

Describe network adapters redundancy measures

Answer 20

Systems can be supplied with built in redundant network adapters that automatically hot swap of one fails

Question 21

What is high availability

Answer 21

A rating that expresses how closely systems approach the goal of providing data availability 100% of the time while maintaining a high level of system performance.
Usually rated as a percentage that shows the proportion of expected uptime to total time.
Methods used to achieve this include clustering, load balancing, and redundancy measures
Rated in 9s. Five 9s is high level 99.999% is 6 minutes of downtime per year
Six 9s 99.9999% 30 seconds of downtime per year

Question 22

Every DRP should be tested periodically and include an evaluation phase to ensure its effectiveness. Can use BCP testing and Evaluation techniques or the exercises. Describe the four planning exercises to evaluate DRPs

Answer 22

Walkthroughs, workshops, and orientation seminars

Tabletop exercise. Discussion based sessions about roles and responses in emergency situations

Functional exercises. Action scenario based sessions to validate DRPs in simulated environments

Full scale exercises: action based session in real situations held on site using real equipment

Question 23

Describe the disaster recovery process steps to properly resume business operation after a disruptive event

Answer 23

Notify stakeholders of a business critical disaster.
Begin emergency operations. The DRP should contain detailed steps
Assess the damage. To determine the extent of incurred facility damages, the cause, and estimate the amount of expected downtime
Assess the facility. Still primary location or need to relocate to alternate site
Begin recovery process.

Question 24

Describe the recovery team

Answer 24

A group of designated individuals who implement recovery procedures and control recovery operations in the event of a business disaster

Question 25

Describe secure recovery

Answer 25

The BCP or DRP must include provisions for securely recovering data, systems, and other sensitive resources.
Should be reviewed and tested on a regular basis

Question 26

The process of recovering data from a backup varies depending on the backup those included in the original backup plan. List the three main types

Answer 26

Full backup. All selected files are backed up. Clears the archive bit, which is a file property that indicates whether the file has been modified since it was last backed up.

Differential backup. All selected files that have changed since the last backup are backed up. Does not clear the archive bit. When used, must restore the last full backup plus the most recent differential backup

Incremental backup. All selected files that have changed since the last full or differential backup are backed up. Clears the archive bit. When used must restore the last full backup plus all subsequent incremental backups.

Question 27

What is a backout contingency plan

Answer 27

A documented plan that includes specific procedures and processes that are applied in the event that a change of modification made to a system must be undone.
May include key individuals, a list of systems, backout time frames and specific steps needed to fully undo a change.

Question 28

What are secure backups

Answer 28

Backups of sensitive data needs to secure and stored properly.
Most secure if stored offline and offsite and steered in an environment that is physically locked and protected from environmental intrusions

Question 29

Describe the importance of backup storage locations

Answer 29

The magnetic tapes or other physical media used to create data backups must be stored securely but must remain accessible in case the data is needed.
Employ both onsite and offsite backup storage.
The onsite is for most recent set of backups to access quickly
The offsite is a secure disaster resistant storage facility with a duplicate or older backup to protect against damage caused by a disaster at the primary site.

Question 30

Describe the guidelines for executing DRPs and procedures

Answer 30

Organization needs it identify the team handling the disaster situation
Each team member must have clear roles and responsibilities
Employees must be aware of the member of the recovery team and know who to contact in the event of a disaster
The disaster recovery team must work out s backup please for the incident to ensure continuity of business
Inform stakeholders
Roll out emergency services
Damage to the main site should be accessed and the recovery team should be brought in to repair any physical damage and assess the extent the main site can be restored
Restore backup of all files compromised or deleted
Decisions made to purchase or replace missing elements
Once complete document the steps taken and save a report to be used in case of another recovery process.