If the RTO is in minutes ( lowest acceptable time down), the ahot site dedicated spare servers and clustering must be used. Show H ____restrict the space available for running user queries. This prevents poorly formed queries from consuming excessive system resources and impacting general query performance. Limiting the space available to users in their own databases prevents them from building excessively large tables. This helps to control space utilization which itself acts to help performance by maintaining a buffer between the actual data volume stored and the physical device capacity. Additionally, it prevents users from consuming excessive resources in ad hoc table builds (as opposed to scheduled production loads that often can run overnight and are optimized for performance purposes). In a data warehouse, because you are not running online transactions, commitment and rollback does not have an impact on performance. A.Permanent table-space allocation C.User spool and database limit controls Steps in Disaster Recovery Planning DRP 1. Impact Analysis 2. Select Recovery Strategy 3. Map software systems, hardware and network components 4. Appoint recovery teams with defined personnel, roles and hierarchy DRP is the responsibility of/Approved by A. Board of Directors C. Senior Management business continuity plan is the responsibility of/Approved by A. Board of Directors A. Board of Directors continuity plan ... Which of the following is a continuity plan test that simulates a system crash and uses actual resources to cost-effectively obtain evidence about the plan's effectiveness? A. Paper test C. Preparedness test This is a walk-through of the plan, involving major players, who attempt to determine what might happen in a particular type of service disruption in the plan's execution. A. Paper test A. Paper test This is actually a test phase and is comprised of a group of activities such as returning all resources to their proper place, disconnecting equipment, returning personnel and deleting all company data from third-party systems. A. Paper test B. Posttest This a test involving a simulated disaster situation that tests the preparedness and understanding of management and staff rather than the actual resources. A. Paper test D. Walk-through This is a localized version of a full test, wherein resources are expended in the simulation of a system crash. This test is performed regularly on different aspects of the plan and can be a cost-effective way to gradually obtain evidence about the plan's effectiveness. It also provides a means to improve the plan in increments. A. Paper test C. Preparedness test ___provides disk mirroring. Data written to one disk are also written to another disk. Users in the network access data in the first disk; if disk one fails, the second disk takes over. This redundancy ensures the availability of data. Redundant Array of Inexpensive Disks (RAID) level 1 used for those systems classified as critical that have a low RTO. A. Warm site B. Hot site Which of the following would be the MOST appropriate recovery strategy for a sensitive system with a high recovery time objective (RTO)? A. Warm site C. Cold site ensitive systems having a high recovery time objective (RTO) can be performed manually at a tolerable cost for an extended period of time. The cold site would be the most cost-effective solution for such a system. After a disaster declaration, the media creation date at a warm recovery site is based on the: A.recovery point objective. A.recovery point objective. The ___ effectively quantifies the permissible amount of data loss in case of interruption. The media creation date will reflect the point to which data are to be restored or the ____ A.service delivery objective. ... This is the amount of time allowed for the recovery of a business function or resource after a disaster occurs. A.service delivery objective. B. recovery time objective. This is directly related to the business needs and is the level of service to be reached during the alternate process mode until the normal situation is restored A.service delivery objective. A.service delivery objective. _____This is determined based on the acceptable data loss in case of a disruption of operations. It indicates the earliest point in time that is acceptable to recover the data. A.service delivery objective. C. recovery point objective. This is the maximum time that an organization can support processing in alternate mode. A.service delivery objective. C. maximum tolerable outage An IS auditor is reviewing the most recent disaster recovery plan of an organization. Which approval is the MOST important when determining the availability of system resources required for the plan? A. Executive management B. IT management This group would determine the requirements for disaster recovery (recovery time objective and recovery point objective); A. Executive management D. Steering committee This guarantees that either the entire transaction is processed or none of it is. A. Consistency D. Atomicity This means that, while in an intermediate state, the transaction data are invisible to external operations. This prevents two transactions from attempting to access the same data at the same time. A. Consistency B. Isolation This ensures that the database is in a proper state when the transaction begins and ends and that the transaction has not violated integrity rules. A. Consistency A. Consistency prevent data integrity problems, which can arise when two update processes access the same data item at the same time.
Concurrency controls This guarantees that a successful transaction will persist and cannot be undone. A. Consistency C. Durability The primary purpose of _____ testing is to practice proper coordination because it involves all or some of the crisis team members and is focused more on coordination and communication issues than on technical process details. tabletop The primary purpose of _____ involves mobilization of personnel and resources at various geographic sites. A.Tabletop B.Functional The primary purpose of _____ testing involves enterprisewide participation and full involvement of external organizations. A.Tabletop C. Full-scale The primary purpose of _____ testing requires the least effort of the options given. Its aim is to ensure the plan is up to date and promote familiarity of the BCP to critical personnel from all areas. A.Tabletop
D.Deskcheck The objective of concurrency control in a database system is to: A. restrict updating of the database to authorized users. B. ensure integrity when two processes attempt to update the same data at the same time. C. prevent inadvertent or unauthorized disclosure of data in the database. D.ensure the accuracy, completeness and consistency of data. B. ensure integrity when two processes attempt to update the same data at the same time. _____measures an organization's tolerance for downtime A. Recovery time objective (RTO) A. Recovery time objective (RTO) _______measures how much data loss can be accepted. A. Recovery time objective (RTO) B. Recovery point objective (RPO) Which of the following is a network diagnostic tool that monitors and records network information? A.Online monitor D. Protocol analyzer These measure telecommunication transmissions and determine whether transmissions were accurate and complete. A.Online monitor A.Online monitor These are prepared by the help desk, which is staffed or supported by IS technical support personnel trained to handle problems occurring during the course of IS operations. A.Online monitor C.Help desk report These track the availability of telecommunication lines and circuits A.Online monitor B.Downtime report The objective of business continuity and disaster recovery plans should be to: A.safeguard critical IS assets. E. All of the Above These are network diagnostic tools that monitor and record network information from packets traveling in the link to which the analyzer is attached. A.Online monitor D. Protocol analyzer Recovery procedures for an information processing facility are BEST based on: A. recovery time objective. Which of the following should an incident response team address FIRST after a major incident in an information processing facility? A. Restoration at
the facility C. Containment at the facility is correct. The first priority (after addressing life safety) is the containment of the incident at the facility so that spread of the damage is minimized. The incident team must gain control of the situation. An IS auditor observed that multiple applications are hosted on the same server. The recovery time objective (RTO) for the server will be: A. based on the application with the longest RTO. B. based on the application with the shortest RTO. C. based on the mean of each application's RTO. D.independent of the RTO and based on the criticality of the application. B. based on the application with the shortest RTO. when several applications are hosted on a server, the server's RTO must be determined by taking the RTO of the most critical application, which is the shortest RTO. When developing a business continuity plan, which of the following tools should be used to gain an understanding of the organization's business processes? A. Business continuity self-audit C. Risk assessment Risk assessment is correct. This, along with business impact assessment, are tools for understanding the business as a part of a business continuity plan (BCP). Business continuity self-audit is incorrect. This is a tool for evaluating the adequacy of the BCP but not for gaining an understanding of the business. Resource recovery analysis is incorrect. This is a tool for identifying the components necessary for a business resumption strategy but not for gaining an understanding of the business. Gap analysis is incorrect. The role gap analysis can play in BCP is to identify deficiencies in a plan but not for gaining an understanding of the business. An IS auditor is reviewing a monthly accounts payable transaction register using audit software. For what purpose would the auditor be interested in using a check digit? A. To detect data transposition errors B. To ensure that transactions do not exceed predetermined amounts C.To ensure that data entered are within reasonable limits D.To ensure that data entered are within a predetermined range of values A. To detect data transposition errors To ensure that transactions do not exceed predetermined amounts A. Check Digit C. Limit Check ____is a numeric value added to data to ensure that original data are correct and have not been altered. A. Check Digit A. Check Digit ensuring that data entered are within a predetermined range of values is a A. Check Digit B. Range Check Ensuring that data entered are within predetermined reasonable limits ____ A. Check Digit D. Reasonableness check What would be the MOST effective control for enforcing accountability among database users accessing sensitive information? A. Implement a log management process. B. Implement a two-factor authentication. C.Use table views to access sensitive data. D.Separate database and application servers. A. Implement a log management process. Implement a log management process is correct. Accountability means knowing what is being done by whom. The best way to enforce the principle is to implement a log management process that would create and store logs with pertinent information such as user name, type of transaction and hour. The PRIMARY objective of business continuity and disaster recovery plans should be to: A.safeguard critical IS assets. D. protect human life. Hardware Monitoring Procedures: ___ These reports indicate the time periods
during which the computer is in operation and viable for use by users or other process. A Key concern addressed by this report is excessive IS unavailability, referred to as downtime. A. Utilization Reports D. Availability reports Hardware Monitoring Procedures: ___ These reports identify CPU, I/O, power and storage failures. These reports should be reviewed by IS operations management to ensure that equipment is functioning properly, to detect failures and to initiate corrective actions. A. Utilization Reports B. Hardware Error Reports Hardware Monitoring Procedures: ____ These reports provide an inventory of network-connected equipment, such as PCs, servers, Routers and other devices. A. Utilization Reports C. Asset Management Reports Hardware Monitoring Procedures: ____these automated repots document the use of the machine and peripherals. Software monitors are used to capture ____ measurements for processors, Channels, and secondary storage media such as disk and disk tape. Used by IS management to predict whether more or fewer processing resources are required. A. Utilization Reports A. Utilization Reports Steps for IT Asset Management (4) 1. Process of identifying and creating an inventory of IT asset Data Management The Extent to which data values are in conformance with actual or true values? A. Contextual B. Intrinsic Data Management The extent to which information is applicable tot he task of the information user and is presented in an intelligible, clear manner, recognizing that information quality depends not he context of use. A. Contextual A. Contextual Data Management The extent to which information is available or obtainable A. Contextual C. Security/Accessibility _____ are the important in determine how a system runs because they allow a standard piece of software to be customized to diverse environments. Parameters The most effective means of determining how controls are functioning within an OS is to review the ____ and ____ Software Control features _____ software is designed to prevent unauthorized access to data, authorized use of system function and programs and unauthorized updates/changes to data, and to detect or prevent unauthorized attempts to computer resources. Access control Software Source Code should be managed using ___or ___. These maintain a central repository, which allow programmers to check out a program source to make changes to it. Version Control Systems(VCS) or Revision Control Software (RCS) ____ provides the ability to synchronize source changes with changes from other developers, including conflict of resolution when changes been made to the same section of the source. A. Capacity Managment C. Version Control Systems Capacity Management should be updated at least Annually ____Is the planning and monitoring of computer and network resources to ensure that available resources are used efficiently and effectively. Capacity Management Problem Management Steps 1. Identify a problem _____ objective is to reduce the number and/or severity of incidents A.
Problem Management A. Problem Management ___ objective is to return the affected business process back to its normal state as quickly as possible, minimizing the impacts on the business. A. Problem Management B. Incident Management The ability to add to the error log should ___ be restricted. The ability to update the error log, ___ be restricted. Not True or False. There are many reasons why a problem may remain outstanding for a long period of time, it should not be acceptable for a problem to remain unresolved indefinitely. True Network Management Tools: Identify the time necessary for command entered by a users at terminal to be answered by the host system. These reports typically identify average, worst and best time for interval telecommunication lines or system. A. Online Monitors D. Response Time reports
Network Management Tools Track the availability of telecommunication lines and circuits. Interruptions due to power/line failure, traffic overload, operator error or other anomalous conditions. A. Online Monitors B.Down Time Reports
Network Management Tools Reports are prepared by _____, which is staffed supported by IT technicians whoa re trained to handle problems occurring during normal IS usage. Help provide a history of the problems and their resolutions. A. Online Monitors C. Help Desk Reports Network Management Tools A. Online Monitors A. Online Monitors Network Management Tools ___ provide a real time display of network Nodes and Status F. Network Monitors Network Management Tools A. Online Monitors ... Network Management Tools ___ are diagnostic tools attached to a network link that use network protocols intelligence for monitoring the packets flowing along the link and produce network usage report. ____ are typically hardware based and operate at the data link and or network level A.
Online Monitors G. Network (Protocol) Analyzers Network Management Tools ___ is a TCP/IP based protocol that monitors and controls variable throughout the network, manages configurations and collects statistics on performance and security. A. Online Monitors E.Simple Network Protocol (SNMP) ____ management is the process whereby all changes go through a robust testing and approval process A. Release Management B. Change Management ____ management is the process of putting the software changes into production A. Release Management A. Release Management Tools used to monitor efficiency and effectiveness of services provided by IT personnel. These automated reports identify all applications that did not successfully complete or otherwise malfunctioned. A. Operator Problem reports D. Exception Reports Tools used to monitor efficiency and effectiveness of services provided by IT personnel. ___ logs generated from various systems and applications should be reviewed to identify all application problems. A. Operator Problem reports C. System and application Logs Tools used to monitor efficiency and effectiveness of services provided by IT personnel. These manual reports are used by operators to log computer operations problems and their resolution. Operator responses should be revised by IS management to determine whether operation actions were appropriate or whether additional training should be provided to operators A. Operator Problem reports A. Operator Problem reports Tools used to monitor efficiency and effectiveness of services provided by IT personnel. ___ These schedules are generally maintained by manually by IS management to assist in human resource planning By ensuring proper staffing of operation support personnel, IS management is assured that service requirements of end users will be met. A. Operator Problem reports B. Operator Work schedules ____ are often tied to chargeback systems, in which a certain % of the cost is apportioned from end-user department to the IT department. SLA ____ helps define and store source and object forms of all data definitions for external, conceptual and internal schemas and all associated mappings. Data Dictionary or Directory System Database Structures: In this model there is: Parent and child data segments Create links between them, this model uses parent-child relationships these are 1:N (1 to many) mappings between record types presented by logical trees A Child Segment to have only one parent segment. No data duplication to express relationship to multiple parents Reverse Pointers are not allowed DB easy to implement, modify and search A. Relational DB B. Hierarchical DB Database Structures: Basic data model construct is called a set multi owner relationship is allowed Usually 1:N and 1:1 relationships Extremely complex and difficult to comprehend, modify, reconstruct in caesura of failure. does not support high-level queries A. Relational DB C. Network DB DB Structures Set on the set theory and relational calculations allows the definition of data structures, storage/retrieval, operations and integrity constraints data and relationships among these data re organized in tables DB is dynamic Key Feature us the use if normalization A. Relational DB A. Relational DB ____ is a critical step in developing the business continuity strategy A. Business impact Analysis A. BIA ____ is used to evaluate the critical process and to determine time frames, priorities, resources and interdependencies. A. Business impact Analysis A. Business impact Analysis Downtime cost ____ with
time Ib summary, the sum of all costs, downtime and recovery time, should be ____ Increases with time Decreases with Time Minimized What are the two metrics that help determine recovery strategies RPO Recovery point objective Backup Schemas This type of backup scheme copies all files and folders to the backup media, creating one backup set. The main advantage is having a unique repository in case of restoration, but it requires more time and media capacity. A. Differential B. Full Backup Backup Schemas This type of schema copies the files and folders that changed or are new since the last backup. Faster method and requires less media capacity. Requires backup sets restore all changes since a full backup, and restoration will take more time. A. Differential C. Incremental Backup Backup Schemas This type of schema copies all files and folders that have been added or changed since a full backup was performed. Faster and requires less media capacity than full backup and requires only the last and ____ backup sets to make a full restoration. < time than incremental but slower Backups are cumulative A. Differential A. Differential Backup Schemas AKA Grandfather-Father-Son Method Backups are made over the course of the week The final back up taken during the week becomes the backup for that week Earlier daily backup media are then rested for backup media for the second week ate the end of the month the final weekly backup is retained as the backup for the month A. Differential D. Method Rotation The purpose of ___/____ recovery is to enable a business to continue offering critical services in the event of a disruption and to serve a disastrous interruption to activities BCP/DRP Business continuity Plan BCP Steps 1) Identify Key business process of strategic importance, BCP is the primarily the responsibility of the ___, as they are entrusted with safeguarding the assets and viability. Senior Management If IT plan is separate plan, it must be consistent with and support the corporate BCP. True After the ____ identifies the importance of the IS components tot he organization, and the threats and vulnerabilities of those components, a remedial action plan can be developed for established appropriate method to protect the components. Risk Assessment _____ determine the maximum downtime possible for a particular application and how much data could be lost. ____ also allows the organization to quantify the losses as they grow after the distribution, thus allowing the organization to decide on the technology used for protection and recovery of its key information assets. BIA Business impact analysis ___ identifies what the business will do in the event of a disaster BIA BIA, apart from RTO and RPO, is a way to group information systems according to their recovery time. True Many Disruptions start as minor incidents. Normally, if the organization has help desk, it would act as the early warning system to recognize the first signs of an upcoming disruption. True the ___ or ___ is the most critical corrective control.
BCP or IT DRP ____ walk-through of the plan, involving major players in the plans execution who reason out what might happen in a particular type of service disruption. They may walkthrough the entire plan or just a portion. Usually precedes the preparedness test. A. Desk-based evaluation/Paper test A. Desk-Based Evaluation/Paper test ____usually a localized version of a full test, where actual resources are expended in the simulation of a system crash. This test is performed regularly on different aspect of the plan and can be a cost-effective way to gradually obtain evidence about how good the plan is. it also provides a means to improve the plan in increments. A. Desk-based evaluation/Paper test C. Preparedness Test ____ this is one step away from an actual service disruption. The organization should have tested the plan well on paper and locally before endeavoring to completely shut down operations. For purposes of the BCP testing, This is the disaster A. Desk-based evaluation/Paper test B. Full Operational Test True or false: During every phase of the test, detailed documentation of observation, problems and resolutions should be maintained. True Summary of BC BCP should be written Process of Developing and maintaining the DRP/BCP (9) Conduct Risk Assessment Identify and prioritize the system and other resources required to support critical business process in the event of disruption Identify and prioritize threats and vulnerabilities Prepare BIA of the effect of the loss of critical business process and their support components Choose appropriate controls and measure for recovering IT components to support critical business process Develop the detailed plan for removing IS facilities (DRP) Develop a detailed plan for the critical business functions to continue to operate at acceptable level (BCP) Test the plan Maintain the plans as business changes and system develops ____ is determined based on the acceptable data loss RPO Recovery Point Objective The ___ is determined based on the acceptable downtime in case of disruption. It indicates the earliest point in time at which the business operations must resume after disaster RTO Recovery Time Objective The nearer the time requirements are to the center 0-1 hour, the higher the cost of the recovery strategy True IF RPO is in minutes (Lowest possible acceptable data loss) then ___ or ____ should be implemented as the recovery strategy. Data Mirroring or If RTO is in minutes (lowest acceptable time down), then ____, dedicated spare servers and closeting must be used. A. Hot Site Hot Site ____ is the time gap within which business can accept the unavailability of IT critical services therefore, the lower the RTO, the lower the disaster tolerance. A. Interruption Window B. Disaster Tolerance RTO affects the technology used to make applications/IT systems available Warm Site True RPO usually affects data protection solutions ( backup and recovery, Synchronous, asysnchronus data replication True RTO - Recovery Time Objective 0-1 HR: 1-4HRS: 4-24 HRS: 0-1HR: Active-Active cluttering
1-4 HRS: Active-Passive clustering 4-24 HRS Cold Standby RPO- Recovery Point Objective 0-1 HR: 1-4HRS: 4-24 HRS: 0-1 HR: Mirroring / Real-Time replication 1-4HRS: 4-24 HRS: In addition to RTO and RPO, there are some additional parameters that are important in defining the recovery straggles: Level of service to be reached during the alternate process mode until normal situation is restored. This is directly related to business needs. A. Interruption Window C. Service Delivery objectives (SDO) In addition to RTO and RPO, there are some additional parameters that are important in defining the recovery straggles: ____ the maximum period of time the organization can wait form the point of failure to the critical service/application restoration. After this time, the progressive losses caused by interruption are unaffordable. A. Interruption Window A. Interruption Window In addition to RTO and RPO, there are some additional parameters that are important in defining the recovery straggles: ____ time the organization can support business processing in alternate mode. After this point, different problems may arise, especially if the alternate DO is lower than the usual SDO, and the information pending to be updated can become unmanageable. A. Interruption Window D. Maximum tolerable outages(MTO) ____ should elect the most appropriate strategies from the alternatives provided and accept the inherent residual risk. A. IT Steering Committee C. Senior Management ____ are facilities with the space and basic infrastructure adequate to support resumption of operations, but lacking any IT or communication equipment, programs, data or office support. Substitute on the bench ready to be called. A. Mirrored Site C. Warm Site ____ are packaged, modular processing facilities mounted on transportable vehicles and kept ready to be delivered and set up at location that may be specified upon activation. A. Mirrored Site B. Mobile Site ____ are completely infrastructures but are partially configured in terms of IT, usually with network connections and essential peripheral equipment such as disk drives, tape drives and controllers. The equipment may be less capable than normal production equipment yet still be adequate to sustain critical applications on an interim basis. Typically key employees would transfer to site and current versions of programs and data would need to be loaded before operations could resume at the warm site. is a substitute warming up, getting ready to enter the game A. Mirrored Site C. Warm Site Facilities with space and basic infrastructure and all of the IT and communications equipment required to support the critical applications, along with he office furniture and equipment use by staff. Typically maintain installed versions of the programs required to support critical applications. Data may also be duplicated to the hot site in real or near real time. A. Mirrored Site G. Hot Site ___ are fully redundant sites with real time data replication from production site. They are fully equipped and staffed and can assume critical processing with no interruption perceived by the users. A. Mirrored Site A. Mirrored Site ___ are agreements between separate but similar, companies, to temporarily share their IT facilities in the event that one company loses processing capability. ____ are not considered a viable option due to the constraining burden of maintaining hardwire and software compatibility between the companies, the complications of maintaining security and privacy compliance during shared operations. A. Mirrored Site F. Reciprocal agreement Less frequent method used, are agreements between two or more organizations with unique equipment or applications. Under the typical agreement, participants promise to provide assistance to each other when an emergency arises. A. Mirrored Site D. Reciprocal agreements with other organiations Types of disaster recover test include This preliminary step to a real test. ____ are distributed to all members of a revery team to review and ensure the ___ is current. A. Full Interruption Test D. Check List review Types of disaster recover test include The recovery team role play a prepared sister scenario without activating processing at recovery site. A. Full Interruption Test E. Simulation Test Types of disaster recover test include Team members physically implement the plans on paper and review each step to asses its effectiveness, identify enhancements, constraints and deficiencies. A. Full Interruption Test B. Structured Walk-Through Types of disaster recover test include Operations are shut down at the primary site and shifted to recovery site in a accordance with the revery plan. This the most rigors form of testing but is expensive and potentially disruptive A. Full Interruption Test A. Full Interruption Test Types of disaster recover test include The recovery site is brought to a state of operation readiness, but operations at the primary site continue normally. A. Full Interruption Test C.Parallel test Which of the following is referred to as the maximum tolerable period of disruption?Maximum Tolerable Period of Disruption or MTPD is the maximum allowable time that the organization's key products or services is made unavailable or cannot be delivered before its impact is deemed as unacceptable.
What is meant by maximum tolerable downtime quizlet?what is meant by maximum tolerable downtime (MTD)? The length of time a system can be down before the business cannot recover.
What organizational policy defines how your enterprise will maintain normal day to day business operations in the event of a disruption or crisis?A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue operating during an unplanned event. The BCP states the essential functions of the business, identifies which systems and processes must be sustained, and details how to maintain them.
|
Which of the following is referred to as the maximum tolerable period of disruption quizlet
zusammenhängende Posts
Urheberrechte © © 2024 decemle Inc.
