Examen:

CISSP - (ISC)2 Certified Information Systems Security Professional - Chapter 18

James is working with his organization’s leadership to help them understand the role that disaster recovery plays in their cybersecurity strategy. The leaders are confused about the differences between disaster recovery and business continuity.

1.-What is the end goal of disaster recovery planning?
A. Preventing business interruption
B. Setting up temporary business operations
C. Restoring normal business activity
D. Minimizing the impact of a disaster

Kevin is attempting to determine an appropriate backup frequency for his organization’s database server and wants to ensure that any data loss is within the organization’s risk appetite.

2.-Which one of the following security process metrics would best assist him with this task?
A. RTO
B. MTD
C. RPO
D. MTBF

Brian’s organization recently suffered a disaster and wants to improve their disaster recovery program based on their experience.

3.-Which one of the following activities will best assist with this task?
A. Training programs
B. Awareness efforts
C. BIA review
D. Lessons learned

Adam is reviewing the fault- tolerance controls used by his organization and realizes that they currently have a single point of failure in the disks used to support a critical server.

4.-Which one of the following controls can provide fault tolerance for these disks?
A. Load balancing
B. RAID
C. Clustering
D. HA pairs

Brad is helping to design a disaster recovery strategy for his organization and is analyzing possible storage locations for backup data. He is not certain where the organization will recover operations in the event of a disaster and would like to choose an option that allows them the flexibility to easily retrieve data from any DR site.

5.-Which one of the following storage locations provides the best option for Brad?
A. Primary data center
B. Field office
C. Cloud computing
D. IT manager’s home

(Choose all that apply.)
6.-Which of the following statements about business continuity planning and disaster recovery planning are correct?
A. Business continuity planning is focused on keeping business functions uninterrupted when a disaster strikes.
B. Organizations can choose whether to develop business continuity planning or disaster recovery planning plans.
C. Business continuity planning picks up where disaster recovery planning leaves off.
D. Disaster recovery planning guides an organization through recovery of normal operations at the primary facility.

Tonya is reviewing the flood risk to her organization and learns that their primary data center resides within a 100- year flood plain.

7.-What conclusion can she draw from this information?
A. The last flood of any kind to hit the area was more than 100 years ago.
B. The odds of a flood at this level are 1 in 100 in any given year.
C. The area is expected to be safe from flooding for at least 100 years.
D. The last significant flood to hit the area was more than 100 years ago.

Randi is designing a disaster recovery mechanism for her organization’s critical business databases. She selects a strategy where an exact, up- to- date copy of the database is maintained at an alternative location.

8.-What term describes this approach?
A. Transaction logging
B. Remote journaling
C. Electronic vaulting
D. Remote mirroring

Bryn runs a corporate website and currently uses a single server, which is capable of handling the site’s entire load. She is concerned, however, that an outage on that server could cause the organization to exceed its RTO.

9.-What action could she take that would best protect against this risk?
A. Install dual power supplies in the server.
B. Replace the server’s hard drives with RAID arrays.
C. Deploy multiple servers behind a load balancer.
D. Perform regular backups of the server.

Carl recently completed his organization’s annual business continuity plan refresh and is now turning his attention to the disaster recovery plan.

10.-What output from the business continuity plan can he use to prepare the business unit prioritization task of disaster recovery planning?
B. Business impact analysis
A. Vulnerability analysis
C. Risk management
D. Continuity planning

Nolan is considering the use of several different types of alternate processing facility for his organization’s data center.

11.-Which one of the following alternative processing sites takes the longest time to activate but has the lowest cost to implement?
A. Hot site
B. Mobile site
C. Cold site
D. Warm site

Ingrid is concerned that one of her organization’s data centers has been experiencing a series of momentary power outages.

12.-Which one of the following controls would best preserve their operating status?
A. Generator
B. Dual power supplies
C. UPS
D. Redundant network links

13.-Which one of the following items is a characteristic of hot sites but not a characteristic of warm sites?
A. Communications circuits
B. Workstations
C. Servers
D. Current data

Harry is conducting a disaster recovery test. He moved a group of personnel to the alternate recovery site, where they are mimicking the operations of the primary site but do not have operational responsibility.

14.-What type of disaster recovery test is he performing?
A. Checklist test
B. Structured walk-through
C. Simulation test
D. Parallel test

15.- What type of document will help public relations specialists and other individuals who need a high- level summary of disaster recovery efforts while they are under way?
A. Executive summary
B. Technical guides
C. Department-specific plans
D. Checklists

16.-What disaster recovery planning tool can be used to protect an organization against the failure of a critical software firm to provide appropriate support for their products?
A. Differential backups
B. Business impact analysis
C. Incremental backups
D. Software escrow agreement

17.-What type of backup involves always storing copies of all files modified since the most recent full backup?
A. Differential backups
B. Partial backup
C. Incremental backups
D. Database backup

You operate a grain processing business and are developing your restoration priorities.

18.-Which one of the following systems would likely be your highest priority?
A. Order-processing system
B. Fire suppression system
C. Payroll system
D. Website

19.-What combination of backup strategies provides the fastest backup restoration time?
A. Full backups and differential backups
B. Partial backups and incremental backups
C. Full backups and incremental backups
D. Incremental backups and differential backups

20.-What type of disaster recovery plan test fully evaluates operations at the backup facility but does not shift primary operations responsibility from the main site?
A. Structured walk-through
B. Parallel test
C. Full-interruption test
D. Simulation test