CISSP Chapter 18: Disaster Recovery Planning

____________ controls protect the integrity of data networks under load.

Quality of Service (QoS)

What are the 4 main RAID configurations?

RAID-0, RAID-1, RAID-5, RAID-10

What are the 5 main types of disaster recovery plan (DRP) tests/testing procedures?

Read-through tests, structured walk-throughs, simulation tests, parallel tests, and full interruption tests

RAID-____ is also called striping. It uses 2 or more disks and improves the disk subsystem performance, but it does not provide fault tolerance.

0

RAID-____ is also called mirroring. It uses two disks, which both hold the same data. If one disk fails, the other disk includes the data so a system can continue to operate after a single disk fails.

1

RAID-_____ is also known as RAID 1+0 or a stripe of mirrors, and is configured as two or more mirrors (RAID-1) configured in a striped (RAID-0) configuration. Uses at least 4 disks but can support more as long as an even number of disks are added. It will continue to operate even if multiple disks fail, as long as at least one drive in each mirror continues to function.

10

RAID-_____ is also called striping with parity. It uses 3 or more disks with the equivalent of one disk holding parity information. If any single disk fails, the RAID array will continue to operate, though it will be slower.

5

__________ recovery means that the system is able to perform trusted hardware activities to restore itself against at least one type of failure.

Automated

_____________ recovery means that a system can restore itself against at least one type of failure and includes mechanisms to ensure that specific objects are protected to prevent their loss. Includes steps to restore data and other objects.

Automated without Undue Loss

______________ is the network capacity available to carry communications.

Bandwidth

What factors influence Quality of Service (QoS)?

Bandwidth, latency, jitter, packet loss, and interference

_____________ are standby facilities large enough to handle the processing load of an organization and equipped with appropriate electrical and environmental support systems. Things like large warehouses, empty office buildings, or other similar structures. However, they have no computing facilities preinstalled and have no active broadband communications links (other than maybe a few phone lines).

Cold sites

What are the types of alternate processing sites?

Cold sites, hot sites, warm sites, and mobile sites

____________ backups store all files that have been modified since the time of the most recent full backup. Only files that have the archive bit turned on, enabled, or set to 1 are duplicated. This type of backup does not change the archive bit.

Differential

________________ means that database backups are moved to a remote site using bulk transfers. The remote location may be a dedicated alternative recovery site or simply an offsite location managed within the company or by a contractor for the purpose of maintaining backup data.

Electronic vaulting

What are the 3 main techniques used to create offsite copies of database content?

Electronic vaulting, remote journaling, and remote mirroring

Systems can be designed so that they fail in what 2 ways?

Fail-secure or fail-open

What are the two elements of the recovery process that are addressed to implement a trusted solution?

Failover preparation and system recovery

_____________ is the ability of a system to suffer a fault but continue to operate. Achieved by adding redundant components, such as a RAID array or additional servers within a failover clustered configuration.

Fault tolerance

____________ backups store a complete copy of the data contained on the protected device. They duplicate every file on the system regardless of the setting of the archive bit. Once this type of backup is complete, the archive bit on every file is reset, turned off, or set to 0.

Full

What combination of backup techniques only requires restoring 2 backups?

Full and Differential

What are the 3 main types of backups?

Full, incremental, and differential

______________ are a type of DRP testing that involve actually shutting down operations at the primary site and shifting them to the recovery site. Extremely difficult to arrange.

Full-interruption

___________ recovery means that systems are able to automatically recover specific functions, ensuring that they will be either restored or rolled back to a secure state.

Function

_____________ backups store only those files that have been modified since the time of the most recent full or incremental backup. Only files that have the archive bit turned on, enabled, or set to 1 are duplicated. Once this type of backup is complete, the archive bit on all duplicated files is reset, turned off, or set to 0.

Incremental

_____________ is electrical noise, faulty equipment, and other factors that may corrupt the contents of packets.

Interference

_____________ is the variation in latency between different packets.

Jitter

_____________ is the time it takes a packet to travel from source to destination.

Latency

_______________ UPSs include a variable-voltage transformer which can adjust to the overvoltage and under-voltage events without draining the battery.

Line-interactive

__________ recovery means that if a system fails, it does not fail in a secure state. Instead, an administrator is required to manually perform the actions necessary to implement a secured or trusted recovery after a failure or system crash.

Manual

The Common Criteria includes a section on trusted recovery that is relevant to system resilience and fault tolerance. Specifically, it defines what 4 types of trusted recovery?

Manual recovery, automated recovery, automated recovery without undue loss, and function recovery

________________ usually consist of self-contained trailers or other easily relocated units. These sites include all the environmental control systems necessary to maintain a safe computing environment. Usually configured as cold or warm sites, depending on the DRP plan they are designed to support. Good for supporting small workgroups.

Mobile sites

__________________ agreements are agreements that allow 2 organizations to pledge to assist each other in the event of a disaster by sharing computing facilities or other technological resources.

Mutual Assistance Agreements (MAAs)/reciprocal agreements

The ____________________ is the authority on fire updates/forecasts/etc.

National Interagency Fire Center

______________ are violent occurrences that result from changes in the Earth's surface or atmosphere that are beyond human control. Disaster recovery plans should provide a mechanism for responding to these whether they happen in a predicted fashion or at a moment's notice.

Natural disasters

____________ is when some packets are lost between source and destination, requiring retransmission.

Packet loss

_______________ are a type of DRP testing that involves relocating personnel the alternate recovery site and implementing site activation procedures. The employees relocated to the site perform their disaster recovery responsibilities just as they would for an actual disaster. The only difference is that operations the main facility are not interrupted.

Parallel tests

________________ involves bringing business operations and processes back to a working state.

Recovery

___________ means data transfers are performed in a bulk transfer mode, but they occur on a more frequent basis, usually once every hour and sometimes more frequently. This method transfers copies of the database transaction logs containing the transactions that occurred since the previous bulk transfer (rather than just copying entire database backup files).

Remote journaling

__________ means a live database server is maintained at the backup site. The remote server receives copies of the database modifications at the same time they are applied to the production server at the primary site. The most expensive database backup option.

Remote mirroring

_____________ involves bringing a business facility and environment back to a workable state.

Restoration

________________ are a type of DRP testing where disaster recovery team members are presented with a scenario and asked to develop and appropriate response. Some of these response measures are then tested. This may involve the interruption of noncritical business activities and the use of some operational personnel.

Simulation tests

A _____________________ is a unique tool used to protect a company against the failure of a software developer to provide adequate support for its products or against the possibility that the developer will go out of business and no technical support will be available for the product. Good for organizations using a lot of custom software. Under this kind of arrangement, the developer provides copies of the application source code to an independent third-party organization that maintains updated backup copies of the source code in a secure fashion.

Software escrow arrangement

_____________ refers to the ability of a system to maintain an acceptable level of service during an adverse event. Sometimes also refers to the ability of a system to return to a previous state after an adverse event. Implies that the failover cluster can fail back to the original server after the original server is repaired

System resilience

What does a 500-year flood plain mean?

The chances of a flood in a given year are 1/500

_____________ provides assurances that after a failure or crash, the system is just as secure as it was before the failure or crash occurred.

Trusted recovery

____________ contain the equipment and data circuits necessarily to rapidly establish operations in the event of a disaster. The systems are usually preconfigured, but they typically do not contain copies of the client's data. Typically takes about 12 hours to activate.

Warm sites

If property insurance includes an __________________ clause, then your damaged property will be compensated based on the fair market value of the items on the date of loss less all accumulated depreciation since the time of their purchase.

actual cash value (AVC)

An ___________________ can be used when the primary site is unavailable in the event of a disaster.

alternate processing site

A long-term decrease in voltage is called a _______________

brownout

A ______________ RAID requires the system to be powered down to replace a faulty drive.

cold swappable

Any event that stops, prevents, or interrupts an organization's ability to perform its work task is considered a ___________.

disaster

A _______________ is implemented in severe situation, such as a hurricane, fire, terrorist attack, etc. It should be able to "run on autopilot", meaning that it is designed to reduce decision-making activities and just a "this is what you do in this situation" type of plan.

disaster recovery plan (DRP)

Now that disk storage is cheap and up to terabytes in size, tape and optical media can't cope with data volume requirements anymore. Many enterprises now use ______________ backup solutions for some portion of their disaster recovery strategy as a result of this.

disk-to-disk (D2D)

A ______________ system will fail in an open state, granting all access.

fail-open

A ____________ electronic lock will be unlocked when the power is removed.

fail-safe

In the context of physical security with electric hardware locks, what two terms are used to describe the ways the lock can react when power is removed?

fail-safe and fail-secure

A ___________ electronic lock will remain locked when the power is removed.

fail-secure

A ___________ system will default to a secure state in the event of a failure, blocking all access.

fail-secure

The process of a server in a cluster taking over the load for a failed server automatically is called ___________.

failover

Fault tolerance can be added for critical servers with _______________. These include 2 or more servers, and if one of the servers fails, another server in the cluster can take over its load automatically.

failover clusters

The first element of the recovery process is _______________. This includes system resilience and fault-tolerant methods in addition to a reliable backup solution.

failure preparation

Tape rotation strategies can be implemented manually or automatically by using either commercial backup software or a fully automated __________________ system. This system consists of 32 or 64 optical or tape backup devices and all drive elements within it are configured as a single drive array (like RAID).

hierarchical storage management (HSM)

A _____________ is a standby facility that is maintained in constant working order, with a full complement of servers, workstations, and communications links ready to assume primary operations responsibilities. Servers and workstations are all preconfigured and loaded with appropriate OS's, applications, etc.

hot site

Most hardware-based RAID systems support ________________ allowing technicians to replace failed discs without powering off the system.

hot swapping

The ____________ DRP test is simple but critical. You distribute copies of the DRP to members of the disaster recovery team for review. Let's you ensure that key personnel are aware of their responsibilities and have that knowledge refreshed, provides individuals the opportunity to review the plans for obsolete information and update it, and identify situations in which key personnel have left the company and nobody bothered to reassign their disaster recovery responsibilities.

read-through test

A common way that fault tolerance and system resilience is added for computers is with a _________________________. This includes 2 or more disks, and most configurations will continue to operate even after one of the disks fails.

redundant array of disks (RAID) array

The ____________ of backup tapes is the frequency of backups and retention length of protected data.

rotation cycle

A power ________ is a quick instance of a reduction in voltage.

sag

A _____________ is a company that leases computer time. They own large server farms and often fields of workstations. Any organization can purchase a contract with one of these to consume some portion of their processing capacity. Can be on site or remotely accessed.

service bureau

A ______________ is any component that can cause an entire system to fail.

single point of failure

A power _________ is a quick instance of an increase in voltage.

spike

A __________________ DRP test, often called a table-top exercise, has members of the disaster recovery team gather in a large conference room and role-play a disaster scenario.

structured walk-through

A long-term increase in voltage is called a power __________

surge

The second element of the recovery process is __________.. The system should be forced to reboot into a single-user, non-privileged state, meaning that the system should reboot so that a normal user account can be used to log in and that the system does not grant unauthorized access to users.

system recovery

Occasionally, power lines have noise on them called _______________ that can come from many different sources.

transients

Software escrow agreements specify ______________ such as the failure of the developer to meet the terms of an SLA or the liquidation of the developer's firm. When these take place, the 3rd party defined in the escrow agreement releases copies of the application source code to the end user.

trigger events

Critical business systems are often protected by ____________________ devices to keep them running at least long enough to shut down or long enough to get emergency response generators up and working.

uninterruptible power supply (UPS)