Topic 7B

Question 1

continuity of operations planning (COOP)

Answer 1

involves developing processes and procedures to ensure critical business functions can continue during and after a disruption.

Key elements of a COOP plan include identifying critical business functions, establishing priorities, and determining the resources needed to support these functions.

Orgs may consider remote work options for their employees

Question 2

High availability (HA) clustering

Answer 2

ensuring systems remain operational and accessible with minimal downtime.

It involves designing and implementing hardware components, servers, networking, datacenters, and physical locations for fault tolerance and redundancy.

For a critical system, availability is described using the “nines” term, such as two-nines (99%) up to five- or six-nines (99.9999%)

also means that a system cancope with rapid growth in demand. Should be able to scale resources and power of existing resources.

Question 3

business continuity (BC)

Answer 3

takes a broader approach, considering not only the continuity of critical functions but also the overall resilience and recovery of the entire organization.

Business continuity planning includes the assessment of risks, the development of strategies to mitigate those risks, and the creation of plans to maintain or restore business operations in the face of various threats.

This may involve addressing supply chain management, employee safety and communication, legal and regulatory compliance, and reputation management

Question 4

Capacity planning

Answer 4

a critical process in which organizations assess their current and future resource requirements to ensure they can efficiently meet their business objectives.

This process involves evaluating and forecasting the necessary resources in terms of people, technology, and infrastructure to support anticipated growth, changes in demand, or other factors that may impact operations.

may involve evaluating workforce productivity, analyzing staffing levels, and identifying potential skills gaps

Question 5

Things that put CAPACITY PLANNING at risk

Answer 5

Lack of cross-training or succession planning can create dependency on specific individuals, increasing vulnerability to disruptions.

Cross-Training—Requires employees to develop skills and knowledge outside their primary roles to mitigate the risk of relying heavily on specific individuals or teams.

Remote Work Plans—Outline strategies for employees to work effectively outside the traditional office environment. Remote work plans define communication channels, technology requirements, and expectations for remote work arrangements.

Alternative Reporting Structures—Describe backup or temporary reporting relationships to reduce the risk associated with single points of failure in management or decision-making.

Question 6

fault tolerant

Answer 6

A system that can experience failures and continue to provide the same (or nearly the same) level of service

often achieved by provisioning redundancy for critical components and single points of failure.

Question 7

Site resiliency is described as hot, warm, or cold:

Answer 7

A hot site can failover almost immediately. It generally means the site is within the organization’s ownership and ready to deploy. For example, a hot site could consist of a building with operational computer equipment kept updated with a live data set.

A warm site could be similar, but with the requirement that the latest data set needs to be loaded.

A cold site takes longer to set up. A cold site may be an empty building with a lease agreement in place to install whatever equipment is required when necessary.

Question 8

Geographic dispersion

Answer 8

refers to the distribution of recovery sites across different geographic locations for disaster recovery (DR) purposes.

Question 9

Cloud as Disaster Recovery (DR)

Answer 9

Cost efficiency plays a significant role, as cloud providers offer more affordable redundancy and backup options due to their economies of scale.

Simplified management is another critical factor, with cloud providers offering tools and services that reduce the complexity of managing redundant infrastructure

Question 10

Load testing

Answer 10

incorporates specialized software tools to validate a system’s performance under expected or peak loads and identify bottlenecks or scalability issues.

Question 11

Clustering

Answer 11

A load balancing technique where a group of servers are configured as a unit and work together to provide network services.

Question 12

failover

Answer 12

A technique that ensures a redundant component, device, or application can quickly and efficiently take over the functionality of an asset that has failed.

Question 13

Common Address Redundancy Protocol (CARP)

Answer 13

enabling the active node to “own” the virtual IP and respond to connections. The redundancy protocol also implements a heartbeat mechanism to allow failover to the passive node if the active one should suffer a fault.

Question 14

power distribution unit (PDU)

Answer 14

An advanced strip socket that provides filtered output voltage. A managed unit supports remote administration.

provide protection against spikes, surges, and under-voltage events; and integrate with uninterruptible power supplies (UPSs).

Managed PDUs support remote power monitoring functions, such as reporting load and status, switching power to a socket on and off, or switching sockets on in a particular sequence.

Question 15

uninterruptible power supply (UPS)

Answer 15

In its simplest form, a UPS comprises a bank of batteries and their charging circuit plus an inverter to generate AC voltage from the DC voltage supplied by the batteries.

The UPS allows sufficient time to failover to an alternative power source, such as a standby generator. If there is no secondary power source, a UPS will allow the administrator to at least shut down the server or appliance properly

Question 16

Platform diversity

Answer 16

a concept in cybersecurity that refers to using multiple technologies, operating systems, and hardware or software components within an organization’s infrastructure.

Protects from single point of attack.

can make it more challenging for threat actors to navigate,

Question 17

Defense in depth

Answer 17

a comprehensive cybersecurity strategy that emphasizes the implementation of multiple layers of protection to safeguard an organization’s information and infrastructure

Organizations can implement segmentation, secure access controls, and traffic monitoring at the network level to prevent unauthorized access and contain potential breaches. Endpoint security solutions, such as antivirus software and device hardening, help protect individual devices, while regular patch management ensures software vulnerabilities are addressed promptly.

Question 18

Vendor diversity benefits

Answer 18

Cybersecurity
Business resilience
Innovation
Competition
Customization and flexibility
Risk Management
Compliance

Question 19

Deception and disruption technologies

Answer 19

are cybersecurity resilience tools and techniques to increase the cost of attack planning for the threat actor

Honeypots, Honeynets, Honeyfiles, and Honeytokens are all cybersecurity tools used to detect and defend against attacks.

Question 20

Honeypots, Honeynets, Honeyfiles, and Honeytokens

Answer 20

Honeypots are decoy systems that mimic real systems and applications. They are designed to allow security teams to monitor attacker activity and gather information about their tactics and tools.

Honeynets are a network of interconnected honeypots that simulate an entire network, providing a more extensive and realistic environment for attackers to engage with.

Honeyfiles are fake files that appear to contain sensitive information, used to detect attempts to access and steal data.

Honeytokens are false credentials, login credentials, or other data types used to distract attackers, trigger alerts, and provide insight into attacker activity.

Question 21

Disruption Strategy counters

Answer 21

These adopt some of the obfuscation strategies used by malicious actors. The aim is to raise the attack cost and tie up the adversary’s resources.

Using bogus DNS entries to list multiple hosts that do not exist.
Configuring a web server with multiple decoy directories or dynamically generated pages to slow down scanning.

Using port triggering or spoofing to return fake telemetry data when a host detects port scanning activity. This will result in multiple ports being falsely reported as open and slow down the scan.

Telemetry can refer to any type of measurement or data returned by remote scanning. Similar fake telemetry could be used to report IP addresses as up when they are not, for instance.

Using a DNS sinkhole to route suspect traffic to a different network, such as a honeynet, where it can be analyzed.

Question 22

Tabletop Exercises

Answer 22

involve teams discussing and working through hypothetical scenarios to assess their response plans and decision-making processes. These exercises help identify knowledge, communication, and coordination gaps, ultimately strengthening the organization’s incident response capabilities.

Question 23

Parallel Processing Tests

Answer 23

involve running primary and backup systems simultaneously to validate the functionality and performance of backup systems without disrupting normal operations. These tests help organizations ensure their backup systems can handle the same workload as primary systems during an incident