Читаем CISSP Practice полностью

40. Contingency planning for local-area networks should consider all the following except:

a. Incident response

b. Remote computing

c. Backup operations

d. Recovery plans

40. b. Remote computing is not applicable to a local-area network (LAN) because the scope of a LAN is limited to local area only such as a building or group of buildings. Wide-area networks or metropolitan-area networks are good for remote computing. A contingency plan should consider three things: incident response, backup operations, and recovery.

The purpose of incident response is to mitigate the potentially serious effects of a severe LAN security-related problem. It requires not only the capability to react to incidents but also the resources to alert and inform the users if necessary.

Backup operation plans are prepared to ensure that essential tasks can be completed subsequent to disruption of the LAN environment and can continue until the LAN is sufficiently restored. Recovery plans are made to permit smooth, rapid restoration of the LAN environment following interruption of LAN usage. Supporting documents should be developed and maintained that minimize the time required for recovery. Priority should be given to those applications and services that are deemed critical to the functioning of the organization. Backup operation procedures should ensure that these critical services and applications are available to users.

41. Rank the following objectives of a disaster recovery plan (DRP) from most to least important:

1. Minimize the disaster’s financial impact on the organization.

2. Reduce physical damage to the organization’s property, equipment, and data.

3. Limit the extent of the damage and thus prevent the escalation of the disaster.

4. Protect the organization’s employees and the general public.

a. 1, 2, 3, and 4

b. 3, 2, 1, and 4

c. 4, 1, 3, and 2

d. 4, 2, 1, and 3

41. c. The health and safety of employees and general public should be the first concern during a disaster situation. The second concern should be to minimize the disaster’s economic impact on the organization in terms of revenues and sales. The third concern should be to limit or contain the disaster. The fourth concern should be to reduce physical damage to property, equipment, and data.

42. Rank the following benefits to be realized from a comprehensive disaster recovery plan (DRP) from most to least important:

1. Reduce insurance costs.

2. Enhance physical and data security.

3. Provide continuity of organization’s operations.

4. Improve protection of the organization’s assets.

a. 1, 2, 3, and 4

b. 3, 2, 1, and 4

c. 3, 4, 2, and 1

d. 4, 2, 3, and 1

42. c. The most important benefit of a comprehensive disaster recovery plan is to provide continuity of operations followed by protection of assets, increased security, and reduced insurance costs. Assets can be acquired if the business is operating and profitable. There is no such thing as 100 percent security. A company can assume self-insurance.

43. What is the inherent limitation of a disaster recovery planning exercise?

a. Inability to include all possible types of disasters

b. Assembling disaster management and recovery teams

c. Developing early warning monitors that trigger alerts and responses

d. Conducting periodic drills

43. a. Because there are many types of disasters that can occur, it is not practical to consider all such disasters. Doing so is cost-prohibitive. Hence, disaster recovery planning exercises should focus on major types of disasters that occur frequently. One approach is to perform risk analysis to determine the annual loss expectancy (ALE), which is calculated from the frequency of occurrence of a possible loss multiplied by the expected dollar loss per occurrence.

44. Which of the following items is usually not considered when a new application system is brought into the production environment?

a. Assigning a contingency processing priority code

b. Training computer operators

c. Developing computer operations documentation

d. Training functional users