Any event that stops, prevents, or interrupts an organization’s ability to perform its work task.
Diasater
Anything caused by nature, this could be earthquakes, floods, snow, tornados.
Natural Disaster
Anything caused by humans, they can be intentional or unintentional
Human Disaster
Anything in our environment, could be power outage/spikes, hardware failures, provider issues
Environmental Disaster
An observable change in state, is neither negative nor positive. Examples- system powered on or an application started
Event
Triggers warning if certain event happens.. Examples - traffic utilization above 75% or Memory usage at 90% for more than 2 minutes.
Alert
Multiple adverse events happening on a system or network
Incident
CISSP Incident Management Steps
Detection
Response
Mitigation
Reporting
Recovery
Remediation
Lesson Learned
DRMRRRL
Is one of the simplest tests to conduct. Managers and functional areas go through the plan to check a list of components needed for the recovery process
Read-Through (Checklist)
Members of the disaster recovery team gather and role play a disaster scenario. Also called tabletop exercise
Structured Walk-Through
The disaster recovery team is presented with a scenario and asked to develop an appropriate response. Some of the responses may be tested.
Simulation Test
Critical components are brought up at a secondary site using backups while the same systems are up at the primary site.
Parallel Test
All operations are interrupted at the primary site and shifted to the recovery site.
Full Interruption Test
Called Striping. It uses 2 or more disks and improves the disk subsystem performance, doesn’t provide fault tolerance
RAID -0
Called Mirroring. It uses 2 disks, which both hold the same data. If one disk fails, the other disk includes the data so that the system can continue to operate.
RAID-1
Called Striping with parity. It uses 3 or more disks with the equivalent of one disk holding parity information which allows the reconstruction of data through calculations if a single disk is lost.
RAID-5
Called stripe of mirrors. It is configured as two or more mirrors with each mirror configured in a striped configuration. It uses at least 4 disks. There has to be an even number of disks.
RAID-10
Database backups are moved to a remote site using bulk transfers.
Electronic Vaulting
Data transfers are performed in a more expeditious manner. Data transfers still occur in a bulk transfer mode but they occur on a more frequent basis usually once every hour.
Remote Journaling
a live database server is maintained at the backup site. The remote server receives copies of the database modifications at the same time they are applied to the production server at the primary site
Remote Mirroring
Backups everything regardless of the setting of the archive bit. The archive bit is reset, turned off, or set to 0
Full Backup
Backups only those files that have been modified since the time of the most recent full or incremental backup. The archive bit is reset, turned off, or set to 0 after this backup runs. Faster to backup but need more tapes to restore.
Incremental Backup
Backup all files that have been modified since the time of the more recent full backup. Don’t clear the archive bit. Backups take more time to run but require less tapes to restore.
Differential Backup
A full backup that doesn’t clear the archive bit. Often performed before system updates, patches, etc
Copy Backup
-
Domain 7 Flash Cards55
-
Domain 7 Practice Test Question38
-
Key Concepts 7.1 Understand and comply with investigations38
-
Key Concepts 7.2 Conduct logging and monitoring activities30
-
Key Concepts 7.3 Perform configuration management6
-
Key Concepts 7.4 Apply foundational security operations concepts13
-
Key Concepts 7.5 Applying resource protection13
-
Key Concepts 7.6 Conduct incident management17
-
Key Concepts 7.7 Operate and maintain detection and preventative measures47
-
Key Concepts 7.8 Implement and support patch and vulnerability management1
-
Key Concepts 7.9 Understand and participate in change management processes2
-
Key Concepts 7.10 and 7.11 Implement recovery strategies/Implement disaster recovery processes36
-
7.12/7.13 Test disaster recovery plan (DRP)/Participate in Business Continuity (BC) planning and exercises18
-
7.14/7.15 Implement and manage physical security/Addressing personnel safety and security concerns12
-
Domain 7 Test Notes33
-
Domain 7 NTK42
