1、CISSP认证考试(业务连续性和灾难恢复)模拟试卷 1及答案与解析 1 The NIST organization has defined best practices for creating continuity plans. Which of the following phases deals with identifying and prioritizing critical functions and systems? ( A) Identify preventive controls. ( B) Develop the continuity planning policy sta
2、tement. ( C) Develop recovery strategies. ( D) Conduct the business impact analysis. 2 As his companys business continuity coordinator, Matthew is responsible for helping recruit members to the business continuity planning (BCP) committee. Which of the following does not correctly describe this effo
3、rt? ( A) Committee members should be involved with the planning stages, as well as the testing and implementation stages. ( B) The smaller the team the better, to keep meetings under control. ( C) The business continuity coordinator should work with management to appoint committee members. ( D) The
4、team should consist of people from different departments across the company. 3 A business impact analysis is considered a functional analysis. Which of the following is not carried out during a business impact analysis? ( A) A parallel or full-interruption test ( B) The application of a classificati
5、on scheme based on criticality levels ( C) The gathering of information via interviews ( D) Documentation of business functions 4 Which of the following is the best way to ensure that the companys backup tapes can be restored and used at a warm site? ( A) Ask the offsite vendor to test them and labe
6、l the ones that were properly read. ( B) Test them on the vendors machine, which wont be used during an emergency. ( C) Retrieve the tapes from the offsite facility and verify that the equipment from the original site can read them. ( D) Inventory each tape kept at the vendors site twice a month. 5
7、An approach to alternate offsite facilities is to establish a reciprocal agreement. Which of the following describes the pros and cons of a reciprocal agreement? ( A) It is fully configured and ready to operate within a few hours, but is the most expensive of the offsite choices. ( B) It is an inexp
8、ensive option, but it takes the most time and effort to get up and running after a disaster. ( C) It is a good alternative for companies that depend upon proprietary software, but annual testing is not usually available. ( D) It is the cheapest of the offsite choices, but mixing operations could int
9、roduce many security issues. 6 Which of the following steps comes first in a business impact analysis? ( A) Calculate the risk for each different business function. ( B) Identify critical business functions. ( C) Create data-gathering techniques. ( D) Identify vulnerabilities and threats to business
10、 functions. 7 The operations team is responsible for defining which data gets backed up and how often. Which type of backup process backs up files that have been modified since the last time all data was backed up? ( A) Incremental process ( B) Full backup ( C) Partial backup ( D) Differential proce
11、ss 8 After a disaster occurs, a damage assessment needs to take place. Which of the following steps occurs last in a damage assessment? ( A) Determine the cause of the disaster. ( B) Identify the resources that must be replaced immediately. ( C) Declare a disaster. ( D) Determine how long it will ta
12、ke to bring critical functions back online. 9 Of the following plans, which establishes senior management and a headquarters after a disaster? ( A) Continuity of operations plan ( B) Cyber-incident response plan ( C) Occupant emergency plan ( D) IT contingency plan 10 It is not unusual for business
13、continuity plans to become out of date. Which of the following is not a reason why plans become outdated? ( A) Changes in hardware, software, and applications ( B) Infrastructure and environment changes ( C) Personnel turnover ( D) That the business continuity process is integrated into the change m
14、anagement process 11 Preplanned business continuity procedures provide organizations a number of benefits. Which of the following is not a capability enabled by business continuity planning? ( A) Resuming critical business functions ( B) Letting business partners know your company is unprepared ( C)
15、 Protecting lives and ensuring safety ( D) Ensuring survivability of the business 12 Management support is critical to the success of a business continuity plan. Which of the following is the most important to be provided to management to obtain their support? ( A) Business case ( B) Business impact
16、 analysis ( C) Risk analysis ( D) Threat report 13 Gizmos and Gadgets has restored its original facility after a disaster. What should be moved in first? ( A) Management ( B) Most critical systems ( C) Most critical functions ( D) Least critical functions 14 Which of the following is a critical firs
17、t step in disaster recovery and contingency planning? ( A) Plan testing and drills. ( B) Complete a business impact analysis. ( C) Determine offsite backup facility alternatives. ( D) Organize and create relevant documentation. 15 Which of the following is not a reason to develop and implement a dis
18、aster recovery plan? ( A) Provide steps for a post-disaster recovery. ( B) Extend backup operations to include more than just backing up data. ( C) Outline business functions and systems. ( D) Provide procedures for emergency responses. 16 Business continuity plans can be assessed via a number of te
19、sts. Which type of test continues up to the point of actual relocation to an offsite facility and actual shipment of replacement equipment? ( A) Parallel test ( B) Checklist test ( C) Structured walk-through test ( D) Simulation test 17 With what phase of a business continuity plan does a company pr
20、oceed when it is ready to move back into its original site or a new site? ( A) Reconstitution phase ( B) Recovery phase ( C) Project initiation phase ( D) Damage assessment phase 18 Several teams should be involved in carrying out the business continuity plan. Which team is responsible for starting
21、the recovery of the original site? ( A) Damage assessment team ( B) BCP team ( C) Salvage team ( D) Restoration team 19 ACME Inc. paid a software vendor to develop specialized software, and that vendor has gone out of business. ACME Inc. does not have access to the code and therefore cannot keep it
22、updated. What mechanism should the company have implemented to prevent this from happening? ( A) Reciprocal agreement ( B) Software escrow ( C) Electronic vaulting ( D) Business interruption insurance 20 Which of the following incorrectly describes the concept of executive succession planning? ( A)
23、Predetermined steps protect the company if a senior executive leaves. ( B) Two or more senior staff cannot be exposed to a particular risk at the same time. ( C) It documents the assignment of deputy roles. ( D) It covers assigning a skeleton crew to resume operations after a disaster. 21 What is th
24、e missing second step in the graphic that follows?( A) Identify continuity coordinator ( B) Business impact analysis ( C) Identify BCP committee ( D) Dependency identification 22 Different threats need to be evaluated and ranked based upon their severity of business risk when developing a BCP. Which
25、 ranking approach is illustrated in the graphic that follows? ( A) Mean time to repair ( B) Mean time between failures ( C) Maximum critical downtime ( D) Maximum tolerable downtime 23 What type of infrastructural setup is illustrated in the graphic that follows?( A) Hot site ( B) Warm site ( C) Col
26、d site ( D) Reciprocal agreement 24 There are several types of redundant technologies that can be put into place. What type of technology is shown in the graphic that follows? ( A) Tape vaulting ( B) Remote journaling ( C) Electronic vaulting ( D) Redundant site 25 Here is a graphic of a business co
27、ntinuity policy. Which component is missing from this graphic? ( A) Damage assessment phase ( B) Reconstitution phase ( C) Business resumption phase ( D) Continuity of operations plan 26 The Recovery Time Objective (RTO) and Maximum Tolerable Downtime (MTD) metrics have similar roles, but their valu
28、es are very different. Which of the following best describes the difference between RTO and MTD metrics? ( A) The RTO is a time period that represents the inability to recover, and the MTD represents an allowable amount of downtime. ( B) The RTO is an allowable amount of downtime, and the MTD repres
29、ents a time period that represents the inability to recover. ( C) The RTO is a metric used in disruptions, and the MTD is a metric used in disasters. ( D) The RTO is a metric pertaining to loss of access to data, and the MTD is a metric pertaining to loss of access to hardware and processing capabil
30、ities. 27 High availability (HA) is a combination of technologies and processes that work together to ensure that specific critical functions are always up and running at the necessary level. To provide this level of high availability, a company has to have a long list of technologies and processes
31、that provide redundancy, fault tolerance, and failover capabilities. Which of the following best describes these characteristics? ( A) Redundancy is the duplication of noncritical components or functions of a system with the intention of decreasing reliability of the system. Fault tolerance is the c
32、apability of a technology to discontinue to operate as expected even if something unexpected takes place. If a technology has a failover capability, this means that if there is a failure that cannot be handled through normal means, then processing is “switched over“ to a working system. ( B) Redunda
33、ncy is the duplication of critical components or functions of a system with the intention of increasing reliability of the system. Fault tolerance is the capability of a technology to continue to operate as expected even if something unexpected takes place. If a technology has a failover capability,
34、 this means that if there is a failure that cannot be handled through normal means, then processing is “switched over“ to a working system. ( C) Redundancy is the duplication of critical components or functions of a system with the intention of increasing reliability of the system. Fault tolerance i
35、s the capability of a technology to continue to operate as expected even if something unexpected tak ( D) Redundancy is the duplication of critical components or functions of a system with the intention of increasing reliability of the system. Fault tolerance is the capability of a technology to con
36、tinue to operate as expected even if something unexpected tak 27 The following scenario will be used to answer questions 28 and 29. Sean has been hired as business continuity coordinator. He has been told by his management that he needed to ensure that the company is in compliance with the ISO/IEC s
37、tandard that pertained to technology readiness for business continuity. He has also been instructed to find a way to transfer the risk of being unable to carry out critical business functions for a period of time because of a disaster. 28 Which of the following is most likely the standard that Sean
38、has been asked to comply with? ( A) ISO/IEC 27031 ( B) ISO/IEC 27005 ( C) ISO/IEC BS7799 ( D) ISO/IEC 2899 29 Which of the following would be best for Sean to implement as it pertains to his companys needs? ( A) Infrastructure cloud computing ( B) Co-location at a multiprocessing center ( C) Busines
39、s interruption insurance ( D) Shared partner extranet with integrated redundancy 29 The following scenario will be used to answer questions 30, 31 and 32. Jeff is leading the business continuity group in his company. They have completed a business impact analysis and have determined that if the comp
40、anys credit card processing functionality was unavailable for 48 hours the company would most likely experience such a large financial hit that it would have to go out of business. The team has calculated that this functionality needs to be up and running within 28 hours after experiencing a disaste
41、r for the company to stay in business. The team has also determined that the restoration steps must be able to restore data that are one hour old or less. 30 In this scenario, which of the following is the Recovery Time Objective (RTO) value? ( A) 48 hours ( B) 28 hours ( C) 20 hours ( D) 1 hour 31
42、In this scenario, which of the following is the Work Recovery Time value? ( A) 48 hours ( B) 28 hours ( C) 20 hours ( D) 1 hour 32 In this scenario, what would the 1-hour time period be referred to as? ( A) Recovery Time Period ( B) Maximum Tolerable Downtime ( C) Recovery Point Objective ( D) Recov
43、ery Point Time Period CISSP认证考试(业务连续性和灾难恢复)模拟试卷 1答案与解析 1 【正确答案】 D 【试题解析】 D正确。尽管创建连续性计划没有具体的科学方程式可以遵循,但某些最佳做法已经经过了时间的考 验,证明了自己的价值。美国国家标准技术研究院 (National Institute of Standards and Technology, NIST)是一家负责开发最佳做法并记录它们从而方便所有人使用的组织。 NIST在它的专门出版物 800-34,Continuity Planning Guide for Information Technology Sy
44、stems中概述了 7个步骤:制定连续性计划说明书、进行业务影响分析、确定预防控制措施、制定恢复战略、制定应急计划、测试应急计划、进行训练和演习,以及维护计划 。进行业务影响分析包括确定关键功能和系统,使组织根据需要对它们进行优先级排列。此外,它还包括确定漏洞和威胁,以及计算风险。 A不正确。因为确定预防控制措施必须在对关键功能和系统的优先级进行了排列、确定了它们的漏洞、威胁和风险 (它是业务影响分析的一部分 )之后进行。进行业务影响分析是创建连续性计划的第 2步,制定预防控制措施是第 3步。 B不正确。因为制定连续性计划政策说明书主要涉及撰写指南,该指南是制定业务连续性计划提供的必备,也用于
45、给必要的角色授权以执行这些任务。它是创建连续性计划的第 1步,因而排在确定和对关键 系统和功能进行优先级排序 (即进行业务影响分析 )步骤之前。 C不正确。因为制定恢复战略涉及制定确保系统和关键功能能够快速上线的方法。在此之前,必须进行业务影响分析,判断哪个系统和功能是关键的,所以应该在恢复时优先考虑。 【知识模块】 业务连续性和灾难恢复 2 【正确答案】 B 【试题解析】 B正确。为了能表示组织内的每一个部门,业务连续性计划(Business ContinuityPlanning, BCP)委员会的规模应该足够大。其成员必须由熟悉公司的不同部门的人组成,因为每个部门都有自己独特 的功能,也面
46、临各自不同的风险和威胁。最好的业务连续性计划是将所有问题和威胁都拿到桌面上来讨论。只由少量熟知一两个部门的人进行讨论的效果肯定不好。这个委员会至少应该由来自下列部门的代表组成:业务部门、高层管理、 IT部门、安全部门、通信部门和法律部门。 A不正确。因为委员会成员应该参与到计划、测试、实施等各阶段的工作中。假如 BCP协调人 Matthew是一个优秀管理者,那么他应该懂得最好让团队成员对他们的任务和角色有一种主人翁的责任感。制定业务连续性计划的人也应该是执行业务连续性计划的人。如果你知道在危急时刻需要 执行一些关键任务,那么你在计划和测试阶段或许会更加注意这一点。 C不正确。因为 BCP协调人
47、应该与管理层一起任命委员会成员,但管理层的参与却不仅限于此。 BCP团队应该与管理层一起制定这个计划的终极目标,确认在灾难发生时首先应该处理的关键业务内容,以及弄清部门和任务的优先级。管理层也需要帮助委员会团队确定项目的范围和特定目标。 D不正确。因为委员会团队应该由来自公司不同部门的人构成。这是团队能够考虑到每个部门所面对的不同风险和威胁的唯一办法。 【知识模块】 业务连续性和灾难恢复 3 【正确答案】 A 【试题解析】 A正确。可以将业务影响分析 (Business Impact Analysis, BIA)看作是一种功能分析。其中,团队通过访谈和文献资源来收集数据:把业务功能、活动和交易
48、文档化;制定业务功能的层级结构,最后用分类模式指明每个功能的临界水平。并行测试和全中断测试不属于 BIA的范畴。这些测试的执行是为了确保业务连续性计划的持续有效,因为环境总是在不断变化。并行测试是为了确保特定系统在候补的异地设施上能够真正地充分运行;而完全中断测试涉及停止主场所的运营活动,并在候补的异地重新开始运行和处理工作 。 B不正确。因为基于临界水平的分类方案的应用程序是在业务影响分析过程期间执行的。这是通过确认该公司的关键资产并考虑它们的下列特点而实现的:最高可承受的停机时间 (maximum tolerable downtime)、运行中断和生产力、财务考虑、监管责任和信誉。 C不正
49、确。因为收集访谈信息是在业务影响分析过程中进行的。 BCP委员不会完全了解所有业务流程、必须采取的步骤,以及这些流程所需的资源和供给。因此,委员会必须从了解它们的人 (即组织中的部门经理和特定员工 )那里收集这些信息。委员会必须确定可以提供这些信息 的人,并确定信息收集方式 (调查、访谈或研习会 )。 D不正确。因为 BCP委员会确实会文档化业务功能,这是业务影响分析的一部分。业务活动和交易也必须文档化。这些信息来自于接受访谈或调查的部门经理或特定员工。一旦信息被文档化, BCP委员会便会对此进行分析,确定哪些流程、设备或者业务活动是最关键的。 【知识模块】 业务连续性和灾难恢复 4 【正确答案】 C 【试题解析】 C正确。基本完备场所 (warm site)是一个未完全配备公司主系统的设备。使用基本完备场所的目的是,如果发生灾难,公司将带上系统 一起搬到这个基本完备场所去。如果这些系统因遭到破坏而不能被带走,那么公司必须购买与原系统一模一样的新系统。因此,要正确测试备份,公司需要通过在它的主场所上恢复数据进行测试。 A不正确。因为基本完备场所是一个租用的设施,因此它通常只配置部分设备,而不是真正的计算机。在一个临时场所重复配备硬件和计算机是极其昂贵的事情,所以,基本完备场所只提供一些外围设备的备用设施。这是最为常见的一种情况。它比完备场所 (hot site)成本低
copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1