CISSP Domain 7 Security Operations - 7.10 Managing Disaster Recovery Plan Maintenance Question & Answer
A momentary power outage is a: spike blackout surge fault
fault
The common types of recovery facilities are hot sites, warm sites, cold sites, and _____________ sites. incident mobile extra hot coldest
mobile
Which of the following is the most complete disaster recovery plan test type, to be performed after successfully completing the Parallel test? Full Interruption test Checklist test Simulation test Structured walk-through test
Full Interruption test
hich of the following backup sites is the most effective for disaster recovery? Time brokers Hot sites Cold sites Reciprocal Agreement
Hot sites
The MAIN advantage of using hot sites is: Hot sites can be made ready for operation within a short period of time. Costs associated with this solution are relatively low. Hot sites can be used for an extended amount of time. Hot sites do not require that equipment and systems software be compatible with the primary installation being backed up.
Hot sites can be made ready for operation within a short period of time.
Which of the following is an ADVANTAGE of the use of hot sites as a alternate site alternative? Hot sites do not require that equipment and systems software be compatible with the primary installation being backed up. Hot sites can be used for an extended amount of time. Hot sites can be made ready for operation within a short period of time. The costs associated with hot sites are low.
Hot sites can be made ready for operation within a short period of time.
There are ____________ types of disaster recovery plan tests. 5 4 3 2
5 These are: 1. Read-through / Checklist 2. Walk-through / Tabletop 3. Simulation 4. Parallel Test 5. Full-interruption
Which of the following is NOT a characteristic of a host-based intrusion detection system? A HIDS does not consume large amounts of system resources A HIDS can analyze system logs, processes and resources A HIDS looks for unauthorized changes to the system A HIDS can notify system administrators when unusual events are identified
A HIDS does not consume large amounts of system resources
Recovery Site Strategies for the technology environment depend on how much downtime an organization can tolerate before the recovery must be completed. What would you call a strategy where the alternate site is internal, standby ready, with all the technology and equipment necessary to run the applications? External Hot site Warm Site Internal Hot Site Dual Data Center
Internal Hot Site
Which of the following questions is less likely to help in assessing physical access controls? Are keys or other access devices needed to enter the computer room and media library? Are visitors to sensitive areas signed in and escorted? Is the operating system configured to prevent circumvention of the security software and application controls? Does management regularly review the list of persons with physical access to sensitive facilities?
Is the operating system configured to prevent circumvention of the security software and application controls?
Which of the following level in CMMI model focuses on process innovation and continuous optimization? Level 2 Level 3 Level 4 Level 5
Level 5
Which of the following results in the most devastating business interruptions? Loss of Hardware/Software Loss of Data Loss of Communication Links Loss of Applications
Loss of Data
Valuable paper insurance coverage does not cover damage to which of the following? Inscribed, printed and Written documents Manuscripts Records Money and Securities
Money and Securities
Ding Ltd. is a firm specialized in intellectual property business. A new video streaming application needs to be installed for the purpose of conducting the annual awareness program as per the firm security program. The application will stream internally copyrighted computer based training videos. The requirements for the application installation are to use a single server, low cost technologies, high performance and no high availability capacities. In regards to storage technology, what is the most suitable configuration for the server hard drives? Single hard disk (no RAID) RAID 0 RAID 1 RAID 10
RAID 0
Which RAID implementation is commonly called mirroring? RAID level 2 RAID level 3 RAID level 5 RAID level 1
RAID level 1
The purposes of RAID (Redundant Array of Inexpensive Disks) are to provide which of the following? Redundancy and Higher Data Transfer performance Prevent file server hard disks crashes Fault Tolerance Performance Increase
Redundancy and Higher Data Transfer performance
___________ is the process of sending copies of database modifications to the remote server at the same time as the production server at the live site. Remote mirroring Remote journaling Emergency response Electronic vaulting
Remote mirroring
Which of the following would best classify as a management control? Review of security controls Personnel security Physical and environmental protection Documentation
Review of security controls
The main risks that physical security components combat are all of the following EXCEPT: SYN flood physical damage theft Tailgating
SYN flood
The high availability of multiple all-inclusive, easy-to-use hacking tools that do NOT require much technical knowledge has brought a growth in the number of which type of attackers? Black hats White hats Script kiddies Phreakers
Script kiddies
Which of the following assertions is NOT true about pattern matching and anomaly detection in intrusion detection: Anomaly detection tends to produce more data A pattern matching IDS can only identify known attacks Stateful matching scans for attack signatures by analyzing individual packets instead of traffic streams An anomaly-based engine develops baselines of normal traffic activity and throughput, and alerts on deviations from these baselines
Stateful matching scans for attack signatures by analyzing individual packets instead of traffic streams
The control of communications test equipment should be clearly addressed by security policy for which of the following reasons? Test equipment is easily damaged. Test equipment can be used to browse information passing on a network. Test equipment is difficult to replace if lost or stolen. Test equipment must always be available for the maintenance personnel.
Test equipment can be used to browse information passing on a network.
The security of a computer application is most effective and economical in which of the following cases? The system is optimized prior to the addition of security. The system is procured off-the-shelf. The system is customized to meet the specific security threat. The system is originally designed to provide the necessary security.
The system is originally designed to provide the necessary security.
Guards are appropriate whenever the function required by the security program involves which of the following? The use of discriminating judgment The use of physical force The operation of access control devices The need to detect unauthorized access
The use of discriminating judgment
Which of the following floors would be most appropriate to locate information processing facilities in a six-story building? Basement Ground floor Third floor Sixth floor
Third floor
True or False: The disaster recovery plan should be set up so that it can almost run on autopilot. T F
True
The end result of implementing the principle of least privilege means which of the following? Users would get access to only the info for which they have a need to know Users can access all systems. Users get new privileges added when they change positions. Authorization creep.
Users would get access to only the info for which they have a need to know
If your property Insurance has Actual Cash Valuation (ACV) clause, your damaged property will be compensated based on: Value of item on the date of loss Replacement with a new item for the old one regardless of condition of lost item Value of item one month before the loss Value of item on the date of loss plus 10 percent
Value of item on the date of loss
When backing up an applications system's data, which of the following is a key question to be answered first? When to make backups Where to keep backups What records to backup How to store backups
What records to backup
When should a post-mortem review meeting be held after an intrusion has been properly taken care of? Within the first week of completing the investigation of the intrusion. Within the first month after the investigation of the intrusion is completed. Within the first week after prosecution of intruders have taken place, whether successful or not. Within the first three months after the investigation of the intrusion is completed.
Within the first week of completing the investigation of the intrusion.
Business Continuity and Disaster Recovery Planning primarily addresses the: Availability of the CIA triad Confidentiality of the CIA triad Integrity of the CIA triad Availability, Confidentiality and Integrity of the CIA triad
Availability of the CIA triad
Once evidence is seized, a law enforcement officer should emphasize which of the following? Chain of command Chain of custody Chain of control Chain of communications
Chain of custody
True or False: Backups should be scheduled at night during the most common high peak business hours. T F
False
True or False: Your DRP plan should be well distributed to all employees and customers. T F
False
This baseline sets certain thresholds for specific errors or mistakes allowed and the amount of these occurrences that can take place before it is considered suspicious? Clipping level Threshold level Ceiling level Checkpoint level
Clipping level
Which of the following best describes what would be expected at a "hot site"? Computers, climate control, cables and peripherals Computers and peripherals Computers and dedicated climate control systems. Dedicated climate control systems
Computers, climate control, cables and peripherals
Which of the following is NOT a preventive operational control? Protecting laptops, personal computers and workstations. Controlling software viruses. Controlling data media access and disposal. Conducting security awareness and technical training.
Conducting security awareness and technical training.
Which of the following is the most critical item from a disaster recovery point of view? Data Hardware/Software Communication Links Software Applications
Data
Which of the following is the most reliable and secure way of removing data from magnetic storage media such as a magnetic tape, or a cassette? Degaussing Parity Bit Manipulation Zeroization Buffer overflow
Degaussing
_______________ store only those files that have been modified since the time of the most recent full backup. Incremental backups Full backups Differential backups All backups
Differential backups
Organizations should not view disaster recovery as which of the following? Committed expense. Discretionary expense. Enforcement of legal statutes. Compliance with regulations.
Discretionary expense.
What would be the PRIMARY purpose of periodically testing offsite hardware backup facilities? Ensure that operations documentation remains current Eliminate the need to develop detailed contingency plans Ensure the continued compatibility of the contingency facilities Ensure that data can be restored at offsite facilities.
Ensure the continued compatibility of the contingency facilities
What would be the PRIMARY purpose of periodically testing offsite hardware backup facilities? Ensure the continued compatibility of the contingency facilities Ensure that data can be restored at offsite facilities. Eliminate the need to develop detailed contingency plans Ensure that operations documentation remains current
Ensure the continued compatibility of the contingency facilities
Ensuring least privilege does not require: Identifying the user's job. Ensuring that the user alone does not have sufficient rights to subvert an important process. Determining the minimum set of privileges required for a user to perform their duties. Restricting the user to required privileges and nothing more
Ensuring that the user alone does not have sufficient rights to subvert an important process.
Which of the following is the most important consideration in locating an alternate computing facility during the development of a disaster recovery plan? It is unlikely to be affected by the same disaster. It is close enough to become operational quickly. It is close enough to serve its users. It is convenient to airports and hotels.
It is unlikely to be affected by the same disaster.
Which element must computer evidence have to be admissible in court? It must be printed. It must be annotated. It must be relevant. It must contain source code.
It must be relevant.
How should a doorway of a manned facility with automatic locks be configured? It should be configured to be fail-secure. It should be configured to be fail-safe. It should have a door delay cipher lock. It should not allow piggybacking.
It should be configured to be fail-safe.
Which of the following is a fraud detection method whereby employees are moved from position to position? Job Rotation Mandatory Rotation Mandatory Vacations Mandatory Job Duties
Job Rotation
Of the following types of IDS - Intrusion Detection Systems, which would sit between the user's computer and the external firewalling listening for particular patterns which match a threat? NIDS - Network-Based Intrusion Detection HIDS - Host-Based IDS HBSS - Host Based Security System NICS - Network Integrity Checking System
NIDS - Network-Based Intrusion Detection
Operations Security seeks to primarily protect against which of the following? object reuse facility disaster compromising emanations asset threats
asset threats
Which of the following would assist the most in Host Based intrusion detection? audit trails. access control lists. security clearances. host-based authentication.
audit trails.
The only difference between RAID 3 and RAID 4 is that level 3 is implemented at the byte level while level 4 is usually implemented at which of the following? buffer level. channel level. bridge level. block level.
block level.
The number of violations that will be accepted or forgiven before a violation record is produced is called which of the following? clipping level acceptance level forgiveness level logging level
clipping level
Which of the following computer recovery sites is the least expensive and the most difficult to test? non-mobile hot site. mobile hot site. warm site. cold site.
cold site.
A disaster recovery plan should also contain a list of ______________ to contact in the event of a disaster. private numbers relatives friends personnel
personnel
Contracts and agreements are often times unenforceable or hard to enforce in which of the following alternate facility recovery agreement? hot site. warm site. cold site. reciprocal agreement.
reciprocal agreement.
Which of the following defines when RAID separates the data into multiple units and stores it on multiple disks? screening scanning shadowing striping
striping
The spare drives that replace the failed drives are usually hot swappable, meaning they can be replaced on the server in which of the following scenarios? system is up and in single-user-mode system is up and running system is quiesced but operational system is idle but operational
system is up and running
In disaster recovery planning, the structured walkthrough is also known as ___________________________. table top exercise top exercise table top table up exercise
table top exercise
Which of the following is not a physical control for physical security? lighting fences training facility construction materials
training
Devices that supply power when the commercial utility power system fails are called which of the following? power conditioners uninterruptible power supplies power filters power dividers
uninterruptible power supplies
Your DRP plan should include contact information for ____________ services such as sewer, water, electricity. recovery utility analysis security management
utility
Which of the following computer recovery sites is only partially equipped with processing equipment? hot site. rolling hot site. warm site. cold site.
warm site.
