Chapter 11 Quiz
What is the purpose of a disaster recovery plan (DRP)? To set the value of each business process or resource as it relates to how the entire organization operates To identify the critical needs to develop a business recovery plan To set the order or priority for restoring an organization's functions after a disruption To enable an organization to make critical decisions ahead of time so personnel can manage and review decisions without the urgency of an actual disaster
(A DRP enables an organization to make critical decisions ahead of time. That way, personnel can manage and review decisions without the urgency of an actual disaster. If these plans are not ready in advance, security professionals and managers will have to make best-guess decisions under huge pressure.)
Susan performs a full backup of her server every Sunday at 1:00 a.m. and differential backups on Mondays through Fridays at 1:00 a.m. Her server fails at 9:00 a.m. on Wednesday. How many backups does Susan need to restore? 1 2 3 4
2
Hajar is responsible for keeping her banking institution's servers operating 24/7/365. Her recovery strategy is to have fully redundant or duplicate operations and synchronized data and to operate the site continuously. Which strategy has she selected? Alternate processing center or mirrored site Hot site Mobile site Warm site
Alternate processing center or mirrored site
Which method of fault tolerance connects two or more computers to act like a single computer in a highly coordinated manner? Redundant Array of Inexpensive Disks (RAID) Clustering Load balancing Outsourcing to the cloud
Clustering
Which of the following should you avoid during a disaster and recovery? Continue normal processes, such as separation of duties or spending limits If a number of systems are down, provide additional guidance or support to users Combine services that were on different hardware platforms onto common servers to speed up recovery While running at the alternate site, continue to make backups of data and systems
Continue normal processes, such as separation of duties or spending limits (It is better to suspend normal processes, such as separation of duties or spending limits. Compensate with additional controls or by additional auditing. The disaster recovery plan (DRP) should give added privileges or spending authority to certain people or for certain tasks.)
Which of the following is least likely to be needed when rebuilding systems that were damaged during a disaster? Updating operating systems and applications with the most current patches Restoring data to the recovery point objective (RPO) Ensuring there are adequate operating system licenses Activating access control rules, directories, and remote access systems to permit users to get on the new systems
Ensuring there are adequate operating system licenses
True or False? A business impact analysis (BIA) details the steps to recover from a disruption and restore the infrastructure necessary for normal business operations.
False
True or False? All types of disaster recovery sites are available in the cloud.
False
True or False? Clustering comprises multiple disk drives that appear as a single disk drive but actually store multiple copies of data in case a disk drive in the array fails.
False
True or False? During a simulation test of a contingency plan, you must shut down the original system at the primary site for the duration.
False
True or False? When outsourcing operations to a cloud service provider, the client is responsible for determining the best fault tolerance implementations to meet the service level-agreement (SLA) availability requirements.
False
During which step of the incident-handling process does triage take place? Identification Notification Response Recovery and follow-up
Identification
Which of the following is not true of data backup options? A full backup copies everything to backup media. A differential backup starts with making a full backup; successive backups back up changes made since the last full backup. An incremental backup starts with a full backup; successive backups back up only that day's changes. It is faster to create differential weekday backups than incremental backups.
It is faster to create differential weekday backups than incremental backups.
Isabella is an IT security manager for a state agency. The agency can survive for nine hours without a functioning data center. If the power goes out in her data center, Isabella estimates it will take six hours to move data center operations to an alternate site. Which of the following describes how long the agency can survive without a functioning data center? Critical business function (CBF) Maximum tolerable downtime (MTD) Recovery time objective (RTO) Recovery point objective (RPO)
Maximum tolerable downtime (MTD)
What is the average time a device will function before it fails? Recovery time objective (RTO) Recovery point objective (RPO) Mean time to failure (MTTF) Mean time between failures (MTBF)
Mean time to failure (MTTF)
During which step of the incident-handling process do you develop a formal communication plan and identify all key stakeholders? Preparation Identification Notification Documentation
Preparation
Which data source comes first in the order of volatility when conducting a forensic investigation? Logs Files on disk Swap and paging files Random access memory (RAM)
Random access memory (RAM)
Arturo is an IT manager for a school district. He is planning recovery options for a small data center that supports teacher and classroom activities for 5 of the 21 schools in his district. Many school districts in his state use similar classroom technology. Arturo is looking for a temporary alternate site that would be easy to cut over to and is affordable. Which option is most likely to fit Arturo's needs? Reciprocal agreement with another school district Reciprocal center Contingency carrie
Reciprocal agreement with another school district
During which step of the incident-handling process should a lessons-learned review of the incident be conducted? Notification Response Recovery and follow-up Documentation
Recovery and follow-up
Isabella is an IT security manager for a state agency. The agency can survive for nine hours without a functioning data center. The power goes out in her data center. It takes six hours to move data center operations to an alternate site. Which of the following describes the time it takes for the move? Critical business function (CBF) Mean time to failure (MTTF) Recovery time objective (RTO) Recovery point objective (RPO)
Recovery time objective (RTO)
During which step of the incident-handling process is the goal to contain the incident? Identification Notification Response Recovery and follow-up
Response
Carl has assembled a team of representatives from each department to test a new business continuity plan (BCP). During the test, the representatives meet in a room and review many aspects of the plan, such as the goals, scope, assumptions, and the structure of the organization. They also conduct scenario-based exercises as though they are executing the plan for a certain type of incident to find errors, such as gaps or overlaps. What type of plan is being conducted? Checklist Structured walk-th
Structured walk-through
Joe is responsible for the security of the systems that control and monitor devices for a power plant. What type of system does Joe likely administer? Supervisory Control and Data Acquisition (SCADA) Embedded robotic systems Mobile fleet Mainframe
Supervisory Control and Data Acquisition (SCADA)
Which of the following is not true of contingency planning? The maximum tolerable downtime (MTD) is the maximum period of time that a business can survive a disabled critical function. The recovery time objective (RTO) is the amount of time needed to recover a business process. It is often made up of several interlinked RTOs. The recovery point objective (RPO) is the point to which data must be recovered. The mean time between failures (MTBF) is closely associated with the recovery time objecti
The mean time between failures (MTBF) is closely associated with the recovery time objectives (RTOs) of several integrated critical business functions (CBFs).
True or False? Regarding disaster recovery, an alternate processing center or mirrored site is always ready and under the organization's control.
True
True or False? A parallel test of a contingency plan is the same as a full-interruption test except that processing does not stop at the primary site.
True
True or False? A successful business impact analysis (BIA) maps the context, the critical business functions (CBFs), and the processes on which they rely.
True
True or False? An organization can maintain a cloud-based disaster recovery site for a fraction of the cost of a physical site.
True
True or False? Any component that, if it fails, could interrupt business processing is called a single point of failure (SPOF).
True
True or False? Business continuity management includes business continuity planning, disaster recovery planning, crisis management, incident response management, and risk management.
True
True or False? Examples of major disruptions include extreme weather, application failure, and criminal activity.
True
True or False? Fault-tolerance options are not replacements for data backups.
True
True or False? Generally, once evidence becomes inadmissible, it cannot be fixed.
True
True or False? In an incremental backup, you start with a full backup when network traffic is light. Then, each night, you back up only that day's changes.
True
True or False? In remote journaling, a system writes a log of online transactions to an offsite location.
True
True or False? Patching computers and devices with the latest security fixes makes them more resistant to many types of attacks.
True
True or False? The emergency operations center (EOC) is the place where an organization's recovery team will meet and work during a disruption.
True
True or False? The recovery point objective (RPO) can come from the business impact analysis (BIA) or sometimes from a government mandate, such as banking laws.
True
True or False? While running business operations at an alternate site, you must continue to make backups of data and systems.
True
A(n) _________ is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime (MTD). incident violation disaster contingency
disaster