Business Continuity - Chapter 13
A. prevent certain applications from launching that will consume too much power
A UPS can perform each of the following except __________. A. prevent certain applications from launching that will consume too much power B. disconnect users and shut down the server C. prevent any new users form logging on D. notify all users that they must finish their work immediately and log off.
C. hot site
A __________ is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running. A. cold site B. warm site C. hot site D. replicated site
Server Cluster
A combination (clustering) of two or more servers that are interconnected to appear as one.
Single Point of Failure
A component or entity in a system which, if it no longer functions, would adversely affect the entire system.
A. disk to disk to tape (D2D2T)
A data backup solution that uses a magnetic disk as a temporary storage area is ___________. A. disk to disk to tape (D2D2T) B. disk to disk (D2D) C. tape to disk (T2D) D. continuous data protection (CDP)
Hot Site
A duplicate of the production site that has all the equipment needed for an organization to continue running, including office space and furniture, telephone jacks, computer equipment, and a live telecommunications link.
Hot Aisle/Cold Aisle
A layout in a data center that can be used to reduce heat by managing the air flow.
Faraday Cage
A metallic enclosure that prevents the entry or escape of an electromagnetic field.
Bitstream Backup
A mirror image is also referred to as __________.
Chain of Custody
A process of documentation that shows that the evidence was under strict control at all times and no unauthorized individuals were given the opportunity to corrupt the evidence.
Warm Site
A remote site that contains computer equipment but does not have active Internet or telecommunication facilities, and does not have backups of data.
Cold Site
A remote site that provides office space; the customer must provide and install all the equipment needed to continue operations.
RAID Level 1
A simple RAID to implement, but can slow down a system if RAID controlling software is used instead of hardware.
RAID Level 0
A simple design and easy to implement RAID, but not fault tolerant.
System Image
A snapshot of the current state of the computer that contains all settings and data.
A. asymmetric server cluster
A standby server that exists only to take over for another server in the event of its failure is known as a(n) __________. A. asymmetric server cluster B. rollover server C. failsafe server D. symmetric server cluster
Mean Time Between Failures (MTBF)
A statistical value that is the average time until a component fails, cannot be repaired, and must be replaced.
High Availability
A system that can function for an extended period of time with little downtime.
Asymmetric Server Cluster
A technology in which a standby server exists only to take over for another server in the event of its failure.
Symmetric Server Cluster
A technology in which every server in the cluster performs useful work and if one server fails, the remaining servers continue to perform their normal work as well as that of the failed server.
RAID (Redundant Array of Independent Drives)
A technology that uses multiple hard disk drives for increased reliability and performance.
Disaster Recovery Plan (DRP)
A written document that details the process for restoring IT resources following an event that causes a significant disruption in the service.
C. online UPS
A(n) __________ is always running off its battery while the main power runs the battery charger. A. offline UPS B. backup UPS C. online UPS D. secure UPS
B. 1
Any time the contents of a file are changed, the archive bit is changed to _____, meaning that this modified file now needs to be backed up. A. 0 B. 1 C. 2 D. 3
Business Impact Analysis
BIA stands for __________.
Disaster Recovery Plan
DRP stands for __________.
RAID Level 5
Databases are the typical application for this RAID level.
Succession Planning
Determining in advance who will be authorized to take over in the event of the incapacitation or death of key employees.
A. how long will it take to finish the backup?
Each of the following is a basic question to be asked regarding creating a data backup except: __________. A. how long will it take to finish the backup? B. where should the backup be stored? C. what information should be backed up? D. what media should be used?
C. wet chemical system
Each of the following is a category of fire suppression systems except a ____________. A. clean agent system B. dry chemical system C. wet chemical system D. water sprinkler system
A. a spark to start the process
Each of the following is required for a fire to occur except __________. A. a spark to start the process B. a type of fuel or combustible material C. sufficient oxygen to sustain the combustion D. a chemical reaction that is the fire itself
RAID Level 1
Financial applications are typically used for this RAID level.
Backout/Contingency Option
Rolling back a disaster recovery implementation to the starting point so that different approach can be taken.
Heating, Ventilation, and Air Conditioning (HVAC)
Systems that provide and regulate heating and cooling.
Business Continuity
The ability of an organization to maintain its operations and services in the face of a disruptive event.
Forensics (Forensic Science)
The application of science to questions that are of interest to the legal profession.
C. Level 0+1
Which of the following is an example of a nested RAID? A. Level 1-0 B. Level 0-1 C. Level 0+1 D. Level 0/1
B. it is a private document only used by top-level administrators for planning
Which of the following is not a characteristic of a disaster recover plan (DRP)? A. it is updated regularly B. it is a private document only used by top-level administrators for planning C. it is written D. it is detailed
B. recovery point objective (RPO)
__________ is the maximum length of time that an organization can tolerate between data backups. A. recovery service point (RSP) B. recovery point objective (RPO) C. optimal recovery time frame (ORT) D. recover time objective (RTO)
4
Minimum number of drives needed for RAID Level 0+1.
2
Minimum number of drives needed for RAID Level 0.
2
Minimum number of drives needed for RAID Level 1.
3
Minimum number of drives needed for RAID Level 5.
1- water sprinkler 2- dry chemical 3- clean agent
Name the 3 types of fire suppression systems.
B. the air-handling space above drop ceilings
Plenums are __________. A. no longer used today B. the air-handling space above drop ceilings C. required in all buildings with over six stories D. never to be used for locating equipment
A. Level 1
RAID __________ uses disk mirroring and is considered fault-tolerant. A. Level 1 B. Level 2 C. Level 3 D. Level 4
C. Redundant Array of Independent Drives
RAID is an abbreviation of __________. A. Redundant Array of IDE Drives B. Resilient Architecture for Interdependent Discs C. Redundant Array of Independent Drives D. Resistant Architecture of Interrelated Data Storage
RAID Level 0+1
RAID level that uses a mirrored array whose segments are RAID 0 arrays.
RAID Level 0
RAID level that uses a striped disk array so that data is broken down into blocks and each block is written to a separate disk drive.
RAID Level 1
RAID level that writes data twice to separate drives.
RAID Level 5
RAID level where each entire data block is written on a data disk and parity for blocks in the same rank is generated and recorded on a separate disk.
Recovery Point Objective
RPO stands for __________.
Recovery Time Objective
RTO stands for __________.
Computer Forensics
Using technology to search for computer evidence of a crime.
B. picking up electromagnetic fields generated by a computer system
Van Eck phreaking is __________. A. blocked by using shielded cabling B. picking up electromagnetic fields generated by a computer system. C. reverse confidentiality D. is always used with wireless networks
RAID Level 0
Video production and editing applications are typically used for this RAID level.
1. Report the incident to security or the police 2. Confront any suspects (if the situation allows) 3. Neutralize the suspected perpetrator form harming others (if necessary) 4. Secure physical security features 5. Quarantine electronic equipment 6. Contact the response team
What are the 6 steps in damage control?
Electrostatic discharge is the sudden flow of electrical current between two objects.
What is ESD?
Service Level Agreement is a service contract between a vendor and client that specifies what services will be provided, responsibilities of each party, and any guarantees of service. Most SLA's are based on percentages of uptime that are guaranteed.
What is an SLA?
B. secure the crime scene
When an unauthorized event occurs, the first duty of the computer forensics response should be to ___________. A. log-off the server B. secure the crime scene C. back up the hard drive D. reboot the system
1. What information should be backed up? 2. How often should it be backed up? 3. What media should be used? 4. Where should the backup be stored? 5. What hardware or software should be used?
When creating a data backup, five basic questions should be asked. List the questions.
Business Impact Analysis (BIA)
An analysis of the most important mission-critical business functions, which identifies and quantifies the impact of such loss of the functions may have on the organization in terms of its operational and financial positions.
C. Class C
An electrical fire like that which would be found in a computer data center is known as what type of fire? A. Class A B. Class B C. Class C D. Class D
D. copies all files changed since the last full or incremental backup
An incremental backup ___________. A. copies selected files B. copies all files C. copies all files since the last full backup D.. copies all files changed since the last full or incremental backup
A differential backup backs up any data that has changed since the last full backup. After the backup the archive bit is not cleared (set to 1). The full backup and only the last differential backup are needed to recover files.
Explain how a differential backup is used, what the archive bit is set to after the backup, and what files are needed for recovery.
A full backup is the starting point for all backups. After the backup the archive bit is cleared (set to 0). The full backup is needed to recover files.
Explain how a full backup is used, what the archive bit is set to after the backup, and what files are needed for recovery.
An incremental backup backs up any data that has changed since the last full backup or last incremental backup. After the backup the archive bit is cleared (set to 0). The full backup and all incremental backups are needed to recover files.
Explain how a incremental backup is used, what the archive bit is set to after the backup, and what files are needed for recovery.
1- rows of rack fronts are the cold aisles and face air conditioning output ducts 2- rows that are the back of the racks where the heated exhaust exits are the hot aisles and generally face the air conditioning return ducts.
Explain the server hot aisle/cold aisle layout.
MTBF= total time measured divided by total number of failures observed
How is MTBF calculated?
RAID Level 0+1
Imaging applications are typically used for this RAID level.
1. RAM Slack- pertains to the last sector of a file 2. Drive File Slack- can contain remnants of previously deleted files or data
List and describe the 2 types of slack.
1. Block-level CDP- the entire volume is protected. 2. File-level CDP- the individual files are protected. 3. Application-level CDP- individual application changes are protected.
List the 3 types of CDP and the type of data that is protected.
1. Secure the crime scene 2. Preserve the evidence 3. Establish the chain of custody 4. Examine the evidence
List the 4 basic forensic procedures:
First- register, cache, peripheral memory Second- random access memory (RAM) Third- network state Fourth- running processes
List the orders of volatility and the location of the data.
Mean Time Between Failures
MTBF stands for __________.
Mean Time to Restore
MTTR stands for __________.
Mean Time to Restore (MTTR)
The average time needed to reestablish services to their former state.
D. custody
The chain of __________ documents that the evidence was under strict control at all times and no unauthorized person was given the opportunity to corrupt the evidence. A. forensics B. evidence C. control D. custody
Recover Time Objective (RTO)
The length of time it will take to recover the data that has been backed up.
Recovery Point Objective (RPO)
The maximum length of time that an organization can tolerate between backups.
RAID Level 5
The most versatile RAID, but it can be difficult to rebuild in the event a disk fails.
Disaster Recovery
The procedures and processes for restoring an organization's IT operations following a disaster.
Data Backups
The process of copying information to a different medium and storing it (preferably at an off-site location) so that it can be used in the event of a disaster.
Business Continuity Planning and Testing
The process of identifying exposure to threats, creating preventive and recovery procedures, and then testing them to determine if they are sufficient.
Order of Volatility
The sequence of volatile data that must be preserved in a computer forensic investigation.
RAID Level 0+1
This RAID has high input/output rates and is expensive.
