Domain 7 Flashcards
7.10 Implement recovery strategies
7.10.1 Backups and Off-site Storage
BACKUP - copies of data
stored on tape, disk, the cloud, or other media as a last-ditch recovery option.
There are three main types
of backups:
1) Full Backups
Store a complete copy of the data contained on the protected device.
Duplicate every file on the system regardless of the setting of the archive bit.
Once a full backup is complete, the archive bit on every file is reset, turned off, or set to 0.
2) Incremental Backups
Store only those files that have been modified since the time of the most recent full or incremental backup.
Only files that have the
archive bit turned on, enabled, or set to 1 are duplicated.
Once an incremental backup is
complete, the archive bit on all duplicated files is reset, turned off, or set to 0.
3) Differential Backups
store all files that have been modified since
the time of the most recent full backup.
Only files that have the archive bit turned on,
enabled, or set to 1 are duplicated.
Key Differences Between Incremental and Differential Backups:
Restoration Process
i) Incremental Backups
Restore the most recent full backup and all incremental backups since the last full backup.
ii) Differential Backups
Restore the most recent full backup and the most recent differential backup.
Restoration Time
i)Incremental Backups
Slower (multiple backups need to be restored).
ii) Differential Backups Faster (only two backups need to be restored).
Storage Requirements
i)Incremental Backups
Generally less storage needed over time.
ii) Differential Backups
Generally more storage needed over time.
Frequency of Full Backups
i)Incremental Backups
Requires fewer full backups.
ii) Differential Backups
May require more frequent full backups to manage size and time.
7.11 Implement disaster recovery (DR) processes
Incident Response Steps:
DR MR RR LL
#Detect–>Response
#Mitigate—>Report
#Recover—>Remediate
#Lesson Learned
Detect:
Not every incident needs to be reported or escalated (Identify FPs)
Response:
Respond to the true incident immediately and effectively
Mitigate:
Ensure no further damage is caused. (Contain )
Report:
It should be reported to the senior management and concerned people. (Only designated person should be allowed to speak with media)
Recover:
Build the system at least as secure as it was before the incident
Remediate:
Identify the root cause of the incident.
Lesson Learned:
What can be improved from the past experience
7.10 Implement recovery strategies
7.10.4 System resilience, high availability (HA), Quality of Service (QoS), and fault tolerance
RAID
Protecting Hard drives
Redundant Array of Inexpensive Disks (RAID)
RAID 0 —> Striping ; Great performance (Speed). No redundancy
RAID 1—> Mirroring; 2 disks, both holds same data. Fault tolerance
RAID 3—> Byte level striping with dedicated Parity
RAID 5—> Striping + distributed Parity; Fault tolerance + High Speed. 3 or more disks are used
RAID 6—> Stripe with Dual parity
RAID 10—> Combination of RAID 1 and 0; At least 4 disks are used. Striping + Mirroring. Even
number of disks.
What is striping, Mirroring and Parity?
S T R I P E
S is stored in Hardware 1
T is stored in Hardware 2
R is stored in Hardware 3
I is stored in Hardware 4
P is stored in Hardware 5
E is stored in Hardware 6
STRIPING PROVIDES HIGH PERFORMANCE
MIRRORING
M M
I I
R R
R R
O O
R R
I I
N N
G G
MIRRORING PROVIDES REDUNDANCY
PARITY
DATA IS ALWAYS STORED AS BITS
storage 1 Storage 2
1 0
0 1
1 1
0 0
1 0
STORAGE 3 = XOR OF 1 and 2
1
1
0
0
1
Parity provides redundancy
Lochards Exchange principle and Five rules of Evidence
LOCARDS EXCHANGE PRINCIPLE
Every Contact leaves a trace
Five Rules Of Evidence
- Accuracy
- Authenticity
- Comprehensive
- Convincing
- Objectivity
