Topic 5: Risk analysis, disaster recovery (DR) and business continuity planning (BCP) Flashcards
Which of the statements below best describe Disaster Recovery?
A. returning to a position of full operation after an emergency.
B. maintaining business processes to some degree while in a state of emergency.
C. implementation of a remediation plan during a state of emergency.
D. operating backup systems during a state of emergency
A. returning to a position of full operation after an emergency.
What is the primary focus of DR/BCP?
A. integrity.
B. confidentiality.
C. disclosure.
D. availability
D. availability
What are the 3 risk control remedies?
A. reduction, assignment, acceptance.
B. reduction, acceptance, ignore.
C. acceptance, assessment, transference.
D. reduction, reuse, recycling
A. reduction, assignment, acceptance.
A risk matrix is the same thing as a threat matrix.
This statement is:
A. True
B. False
A. True
This type of analysis is scenario-driven and doesn’t attempt to assign numeric values to the components (assets and threats) of the risk analysis. What type of analysis is it?
A. quantitative.
B. qualitative.
C. speculative.
D. cumulative
B. qualitative.
Which of the following RAID versions offers the least amount of performance degradation when a disk in the array fails?
A. RAID 0
B. RAID 1
C. RAID 4
D. RAID 5
B. RAID 1 is known as mirroring. If one drive fails, the other will still function and there will be no downtime and no degraded performance. All the rest of the answers are striping-based and therefore have either downtime or degraded performance associated with them. RAID 5 is the second best option because in many scenarios it will have zero downtime and little degraded performance. RAID 0 will not recover from a failure; it is not fault tolerant.
Which of the following can facilitate a full recovery within minutes?
A. Warm site
B. Cold site
C. Reestablishing a mirror
D. Hot site
D. A hot site can facilitate a full recovery of communications software and equipment within minutes. Warm and cold sites cannot facilitate a full recovery but may have some of the options necessary to continue business. Reestablishing a mirror will not necessarily implement a full recovery of data communications or equipment.
What device should be used to ensure that a server does not shut down when there is a power outage?
A. RAID 1 box
B. UPS
C. Redundant NIC
D. Hot site
B. A UPS (uninterruptible power supply) ensures that a computer will keep running even if a power outage occurs. The number of minutes the computer can continue in this fashion depends on the type of UPS and battery it contains. A backup generator can also be used, but it does not guarantee 100% uptime, because there might be a delay between when the power outage occurs and when the generator comes online. RAID 1 has to do with the fault tolerance of data. Redundant NICs (network interface cards, also known as network adapters) are used on servers in the case that one of them fails. Hot sites are completely different places that a company can inhabit. Although the hot site can be ready in minutes, and although it may have a mirror of the server in question, it does not ensure that the original server will not shut down during a power outage.
Which of the following tape backup methods enables daily backups, weekly full backups, and monthly full backups?
A. Towers of Hanoi
B. Incremental
C. Grandfather-father-son
D. Differential
E. Snapshot
C. The grandfather-father-son (GFS) backup scheme generally uses daily backups (the son), weekly backups (the father), and monthly backups (the grandfather). The Towers of Hanoi is a more complex strategy based on a puzzle. Incremental backups are simply one-time backups that back up all data that has changed since the last incremental backup. These might be used as the son in a GFS scheme. Differential backups back up everything since the last full backup. A snapshot is a backup type, not a method; it is primarily designed to image systems.
To prevent electrical damage to a computer and its peripherals, the computer should be connected to what?
A. Power strip
B. Power inverter
C. AC to DC converter
D. UPS
D. A UPS (uninterruptible power supply) protects computer equipment against surges, spikes, sags, brownouts, and blackouts. Power strips, unlike surge protectors, do not protect against surges.
Which of the following would not be considered part of a disaster recovery plan?
A. Hot site
B. Patch management software
C. Backing up computers
D. Tape backup
B. Patching a system is part of the normal maintenance of a computer. In the case of a disaster to a particular computer, the computer’s OS and latest service pack would have to be reinstalled. The same would be true in the case of a disaster to a larger area, like the building. Hot sites, backing up computers, and tape backup are all components of a disaster recovery plan.
Which of the following factors should you consider when evaluating assets to a company? (Select the two best answers.)
A. Their value to the company
B. Their replacement cost
C. Where they were purchased from
D. Their salvage value
A and B. When evaluating assets to a company, it is important to know the replacement cost of those assets and the value of the assets to the company. If the assets were lost or stolen, the salvage value is not important, and although you may want to know where the assets were purchased from, it is not one of the best answers.
You are using the following backup scheme: A full backup is made every Friday night at 6 p.m., and differential backups are made every other night at 6 p.m. Your database server fails on a Thursday afternoon at 4 p.m. How many tapes will you need to restore the database server?
A. One
B. Two
C. Three
D. Four
B. You need two tapes to restore the database server—the full backup tape made on Friday and the differential backup tape made on the following Wednesday. Only the last differential tape is needed. When restoring the database server, the technician must remember to start with the full backup tape.
Of the following, what is the worst place to store a backup tape?
A. Near a bundle of fiber-optic cables
B. Near a power line
C. Near a server
D. Near an LCD screen
B. Backup tapes should be kept away from power sources, including power lines, CRT monitors, speakers, and so on. And the admin should keep backup tapes away from sources that might emit EMI. LCD screens, servers, and fiber-optic cables have low EMI emissions.
Critical equipment should always be able to get power. What is the correct order of devices that your critical equipment should draw power from?
A. Generator, line conditioner, UPS battery
B. Line conditioner, UPS battery, generator
C. Generator, UPS battery, line conditioner
D. Line conditioner, generator, UPS battery
B. The line conditioner is constantly serving critical equipment with clean power. It should be first and should always be on. The UPS battery should kick in only if there is a power outage. Finally, the generator should kick in only when the UPS battery is about to run out of power. Often, the line conditioner and UPS battery will be the same device. However, the line conditioner function will always be used, but the battery comes into play only when there is a power outage, or brownout.