Week 5: Data Recovery and Backups
Why are detection measures included in a disaster recovery plan?
- Because it's important to know when a disaster occurs (The sooner you can be alerted that an incident is going on, the quicker you can take measures to stop it)
Which of the following is an advantage of off-site backups?
- Data is safe in case of disaster
What does the summary section of a post-mortem cover?
- Description of the incident, how long it lasted, the impact of the incident, and how it was fixed
What should the timeline in a post-mortem include?
- Detailed dates and times - Actions taken before, during, and after the event (The timeline should include actions taken leading up to, during, and after the incident, along with the dates and times when these actions were taken)
What elements should as a disaster recovery plan cover?
- Detection measures - Recovery measures - Preventative measures (A disaster recovery plan shouldn't only have recovery procedures; it should include detection measures so that you can be made aware of an incident, along with preventative measures to avoid a disaster in the first place)
Which of the following are key parts of the disaster recovery testing process?
- Document restoration procedures - Run simulations of disaster events
Which of the following is a critical part of data recovery?
- Effectively backing up data
Which type of backup only saves the parts of data that have changed within files since the last backup took place?
- Incremental backup
Why is it important for post-incident analysis to highlight things that went well?
- It helps demonstrate the effectiveness of systems in place
What's magnetic tape backup media best suited for?
- Long-tern archival data (Magnetic tape media is very cheap, but it's also super slow and inconvenient to retrieve data from. This makes it a good option for archiving old data that won't be needed often.)
What is the standard medium for long-term archival backup data storage?
- Magnetic tapes
Which of the following issues often make reliable backups for client devices more challenging than for infrastructure devices?
- Many client devices are mobile and won't be in the office all the time - There are likely to be more client devices to backup compared to infrastructure devices - Infrastructure backups do not require complicated scheduling or configuration
What are preventative measures?
- Measures that cover any procedures or systems in place that will proactively minimize the impact of a disaster (Preventative measures include things like regular backups and redudant systems. Anything that's done before an actual disaster that's able to reduce the overall downtime of the event is considered preventative)
Which element of the disaster recovery plan is designed to proactively minimize the impact of a disaster?
- Preventative measures
How can you recover from an unexpected data loss event?
- Restore data from backups - Recover data from damaged devices (If a hard drive or device becomes damaged or fails, you can attempt to recover data using specialized software. If data becomes corrupt or gets deleted, you can also restore the data from backup)
You are performing a network risk assessment to develop your disaster recovery plan. Which of these are examples of corrective or recovery measures?
- Restoring data from backup - Hardware repair and replacement
What is a good recovery measure to incorporate in your organization?
- Restoring server configs from backup (Maintaining backups of server configs will make restoring a damaged system much quicker and easier. Detailed documentation on how exactly to do this will also speed up this process.)
Which of these should be included in your organization's backups?
- Sales databases - Firewall configurations (Critical data for an organization, like firewall configs and relevant databases, should be included in the backup plans)
What is the next step after writing a post-mortem report?
- Share the report with other people on your team and/or other teams (Sharing post-mortems with other teams at an organization helps encourage a culture of learning from mistakes, it shows that your team is willing to acknowledge when you mess up)
What are good detection measures to incorporate in your organization?
- System performance monitoring - Environmental monitoring (Monitoring environmental conditions in a server room will alert you if things might cause problems for your equipment. System performance monitoring can also alert you to anomalies in requests or traffic to a server)
Why is it important to test backups and restoration procedurers?
- To ensure that relevant data is included in the backups - To ensure backups work and data can be restored from them (It's super important to test backups and restore procedures to ensure that they actually work! Backup archives could be corrupted or inconsistent, preventing proper restoration. Restore procedures are just as important to test, to ensure that critical data can be extracted from backups if a disaster strikes. Disaster testing can also reveal any gaps in your backup coverage without risking real-world data loss)
What's the purpose of a post-mortem report?
- To learn from mistakes
What's the main purpose of writing a post-mortem?
- To learn from mistakes and how to improve in the future (A post-mortem is meant to analyze what happened around an incident to identify what went wrong so it can be avoided in the future)
What is one aspect of post-mortems that are often overlooked?
- What went well (During the post-incident analysis, it's also good to highlight things that went well. These include: fail safe or fail of a system that worked as designed, and prevented a large outage, or minimized the severity of the outage. This helps to demonstrate the effectiveness of our systems in place)
Which of the following backup types are most space-efficient?
- incremental backups (Incremental backups are the most efficient. While they start with a full backup, on subsequent runs, they only backup the parts of files that have changed since the last run)
