1、CISSP 认证考试(业务连续性和灾难恢复)-试卷 1 及答案解析(总分:64.00,做题时间:90 分钟)1.The NIST organization has defined best practices for creating continuity plans. Which of the following phases deals with identifying and prioritizing critical functions and systems?(分数:2.00)A.Identify preventive controls.B.Develop the continuit
2、y planning policy statement.C.Develop recovery strategies.D.Conduct the business impact analysis.2.As his companys business continuity coordinator, Matthew is responsible for helping recruit members to the business continuity planning (BCP) committee. Which of the following does not correctly descri
3、be this effort?(分数:2.00)A.Committee members should be involved with the planning stages, as well as the testing and implementation stages.B.The smaller the team the better, to keep meetings under control.C.The business continuity coordinator should work with management to appoint committee members.D
4、.The team should consist of people from different departments across the company.3.A business impact analysis is considered a functional analysis. Which of the following is not carried out during a business impact analysis?(分数:2.00)A.A parallel or full-interruption testB.The application of a classif
5、ication scheme based on criticality levelsC.The gathering of information via interviewsD.Documentation of business functions4.Which of the following is the best way to ensure that the companys backup tapes can be restored and used at a warm site?(分数:2.00)A.Ask the offsite vendor to test them and lab
6、el the ones that were properly read.B.Test them on the vendors machine, which wont be used during an emergency.C.Retrieve the tapes from the offsite facility and verify that the equipment from the original site can read them.D.Inventory each tape kept at the vendors site twice a month.5.An approach
7、to alternate offsite facilities is to establish a reciprocal agreement. Which of the following describes the pros and cons of a reciprocal agreement?(分数:2.00)A.It is fully configured and ready to operate within a few hours, but is the most expensive of the offsite choices.B.It is an inexpensive opti
8、on, but it takes the most time and effort to get up and running after a disaster.C.It is a good alternative for companies that depend upon proprietary software, but annual testing is not usually available.D.It is the cheapest of the offsite choices, but mixing operations could introduce many securit
9、y issues.6.Which of the following steps comes first in a business impact analysis?(分数:2.00)A.Calculate the risk for each different business function.B.Identify critical business functions.C.Create data-gathering techniques.D.Identify vulnerabilities and threats to business functions.7.The operations
10、 team is responsible for defining which data gets backed up and how often. Which type of backup process backs up files that have been modified since the last time all data was backed up?(分数:2.00)A.Incremental processB.Full backupC.Partial backupD.Differential process8.After a disaster occurs, a dama
11、ge assessment needs to take place. Which of the following steps occurs last in a damage assessment?(分数:2.00)A.Determine the cause of the disaster.B.Identify the resources that must be replaced immediately.C.Declare a disaster.D.Determine how long it will take to bring critical functions back online.
12、9.Of the following plans, which establishes senior management and a headquarters after a disaster?(分数:2.00)A.Continuity of operations planB.Cyber-incident response planC.Occupant emergency planD.IT contingency plan10.It is not unusual for business continuity plans to become out of date. Which of the
13、 following is not a reason why plans become outdated?(分数:2.00)A.Changes in hardware, software, and applicationsB.Infrastructure and environment changesC.Personnel turnoverD.That the business continuity process is integrated into the change management process11.Preplanned business continuity procedur
14、es provide organizations a number of benefits. Which of the following is not a capability enabled by business continuity planning?(分数:2.00)A.Resuming critical business functionsB.Letting business partners know your company is unpreparedC.Protecting lives and ensuring safetyD.Ensuring survivability o
15、f the business12.Management support is critical to the success of a business continuity plan. Which of the following is the most important to be provided to management to obtain their support?(分数:2.00)A.Business caseB.Business impact analysisC.Risk analysisD.Threat report13.Gizmos and Gadgets has re
16、stored its original facility after a disaster. What should be moved in first?(分数:2.00)A.ManagementB.Most critical systemsC.Most critical functionsD.Least critical functions14.Which of the following is a critical first step in disaster recovery and contingency planning?(分数:2.00)A.Plan testing and dri
17、lls.B.Complete a business impact analysis.C.Determine offsite backup facility alternatives.D.Organize and create relevant documentation.15.Which of the following is not a reason to develop and implement a disaster recovery plan?(分数:2.00)A.Provide steps for a post-disaster recovery.B.Extend backup op
18、erations to include more than just backing up data.C.Outline business functions and systems.D.Provide procedures for emergency responses.16.Business continuity plans can be assessed via a number of tests. Which type of test continues up to the point of actual relocation to an offsite facility and ac
19、tual shipment of replacement equipment?(分数:2.00)A.Parallel testB.Checklist testC.Structured walk-through testD.Simulation test17.With what phase of a business continuity plan does a company proceed when it is ready to move back into its original site or a new site?(分数:2.00)A.Reconstitution phaseB.Re
20、covery phaseC.Project initiation phaseD.Damage assessment phase18.Several teams should be involved in carrying out the business continuity plan. Which team is responsible for starting the recovery of the original site?(分数:2.00)A.Damage assessment teamB.BCP teamC.Salvage teamD.Restoration team19.ACME
21、 Inc. paid a software vendor to develop specialized software, and that vendor has gone out of business. ACME Inc. does not have access to the code and therefore cannot keep it updated. What mechanism should the company have implemented to prevent this from happening?(分数:2.00)A.Reciprocal agreementB.
22、Software escrowC.Electronic vaultingD.Business interruption insurance20.Which of the following incorrectly describes the concept of executive succession planning?(分数:2.00)A.Predetermined steps protect the company if a senior executive leaves.B.Two or more senior staff cannot be exposed to a particul
23、ar risk at the same time.C.It documents the assignment of deputy roles.D.It covers assigning a skeleton crew to resume operations after a disaster.21.What is the missing second step in the graphic that follows? (分数:2.00)A.Identify continuity coordinatorB.Business impact analysisC.Identify BCP commit
24、teeD.Dependency identification22.Different threats need to be evaluated and ranked based upon their severity of business risk when developing a BCP. Which ranking approach is illustrated in the graphic that follows? (分数:2.00)A.Mean time to repairB.Mean time between failuresC.Maximum critical downtim
25、eD.Maximum tolerable downtime23.What type of infrastructural setup is illustrated in the graphic that follows? (分数:2.00)A.Hot siteB.Warm siteC.Cold siteD.Reciprocal agreement24.There are several types of redundant technologies that can be put into place. What type of technology is shown in the graph
26、ic that follows? (分数:2.00)A.Tape vaultingB.Remote journalingC.Electronic vaultingD.Redundant site25.Here is a graphic of a business continuity policy. Which component is missing from this graphic? (分数:2.00)A.Damage assessment phaseB.Reconstitution phaseC.Business resumption phaseD.Continuity of oper
27、ations plan26.The Recovery Time Objective (RTO) and Maximum Tolerable Downtime (MTD) metrics have similar roles, but their values are very different. Which of the following best describes the difference between RTO and MTD metrics?(分数:2.00)A.The RTO is a time period that represents the inability to
28、recover, and the MTD represents an allowable amount of downtime.B.The RTO is an allowable amount of downtime, and the MTD represents a time period that represents the inability to recover.C.The RTO is a metric used in disruptions, and the MTD is a metric used in disasters.D.The RTO is a metric perta
29、ining to loss of access to data, and the MTD is a metric pertaining to loss of access to hardware and processing capabilities.27.High availability (HA) is a combination of technologies and processes that work together to ensure that specific critical functions are always up and running at the necess
30、ary level. To provide this level of high availability, a company has to have a long list of technologies and processes that provide redundancy, fault tolerance, and failover capabilities. Which of the following best describes these characteristics?(分数:2.00)A.Redundancy is the duplication of noncriti
31、cal components or functions of a system with the intention of decreasing reliability of the system. Fault tolerance is the capability of a technology to discontinue to operate as expected even if something unexpected takes place. If a technology has a failover capability, this means that if there is
32、 a failure that cannot be handled through normal means, then processing is “switched over“ to a working system.B.Redundancy is the duplication of critical components or functions of a system with the intention of increasing reliability of the system. Fault tolerance is the capability of a technology
33、 to continue to operate as expected even if something unexpected takes place. If a technology has a failover capability, this means that if there is a failure that cannot be handled through normal means, then processing is “switched over“ to a working system.C.Redundancy is the duplication of critic
34、al components or functions of a system with the intention of increasing reliability of the system. Fault tolerance is the capability of a technology to continue to operate as expected even if something unexpected takD.Redundancy is the duplication of critical components or functions of a system with
35、 the intention of increasing reliability of the system. Fault tolerance is the capability of a technology to continue to operate as expected even if something unexpected takThe following scenario will be used to answer questions 28 and 29.Sean has been hired as business continuity coordinator. He ha
36、s been told by his management that he needed to ensure that the company is in compliance with the ISO/IEC standard that pertained to technology readiness for business continuity. He has also been instructed to find a way to transfer the risk of being unable to carry out critical business functions f
37、or a period of time because of a disaster.(分数:4.00)(1).Which of the following is most likely the standard that Sean has been asked to comply with?(分数:2.00)A.ISO/IEC 27031B.ISO/IEC 27005C.ISO/IEC BS7799D.ISO/IEC 2899(2).Which of the following would be best for Sean to implement as it pertains to his
38、companys needs?(分数:2.00)A.Infrastructure cloud computingB.Co-location at a multiprocessing centerC.Business interruption insuranceD.Shared partner extranet with integrated redundancyThe following scenario will be used to answer questions 30, 31 and 32. Jeff is leading the business continuity group i
39、n his company. They have completed a business impact analysis and have determined that if the companys credit card processing functionality was unavailable for 48 hours the company would most likely experience such a large financial hit that it would have to go out of business. The team has calculat
40、ed that this functionality needs to be up and running within 28 hours after experiencing a disaster for the company to stay in business. The team has also determined that the restoration steps must be able to restore data that are one hour old or less.(分数:6.00)(1).In this scenario, which of the foll
41、owing is the Recovery Time Objective (RTO) value?(分数:2.00)A.48 hoursB.28 hoursC.20 hoursD.1 hour(2).In this scenario, which of the following is the Work Recovery Time value?(分数:2.00)A.48 hoursB.28 hoursC.20 hoursD.1 hour(3).In this scenario, what would the 1-hour time period be referred to as?(分数:2.
42、00)A.Recovery Time PeriodB.Maximum Tolerable DowntimeC.Recovery Point ObjectiveD.Recovery Point Time PeriodCISSP 认证考试(业务连续性和灾难恢复)-试卷 1 答案解析(总分:64.00,做题时间:90 分钟)1.The NIST organization has defined best practices for creating continuity plans. Which of the following phases deals with identifying and p
43、rioritizing critical functions and systems?(分数:2.00)A.Identify preventive controls.B.Develop the continuity planning policy statement.C.Develop recovery strategies.D.Conduct the business impact analysis. 解析:解析:D 正确。尽管创建连续性计划没有具体的科学方程式可以遵循,但某些最佳做法已经经过了时间的考验,证明了自己的价值。美国国家标准技术研究院(National Institute of
44、Standards and Technology,NIST)是一家负责开发最佳做法并记录它们从而方便所有人使用的组织。NIST 在它的专门出版物 800-34,Continuity Planning Guide for Information Technology Systems 中概述了 7 个步骤:制定连续性计划说明书、进行业务影响分析、确定预防控制措施、制定恢复战略、制定应急计划、测试应急计划、进行训练和演习,以及维护计划。进行业务影响分析包括确定关键功能和系统,使组织根据需要对它们进行优先级排列。此外,它还包括确定漏洞和威胁,以及计算风险。 A 不正确。因为确定预防控制措施必须在对关键
45、功能和系统的优先级进行了排列、确定了它们的漏洞、威胁和风险(它是业务影响分析的一部分)之后进行。进行业务影响分析是创建连续性计划的第 2 步,制定预防控制措施是第 3 步。 B不正确。因为制定连续性计划政策说明书主要涉及撰写指南,该指南是制定业务连续性计划提供的必备,也用于给必要的角色授权以执行这些任务。它是创建连续性计划的第 1 步,因而排在确定和对关键系统和功能进行优先级排序(即进行业务影响分析)步骤之前。 C 不正确。因为制定恢复战略涉及制定确保系统和关键功能能够快速上线的方法。在此之前,必须进行业务影响分析,判断哪个系统和功能是关键的,所以应该在恢复时优先考虑。2.As his com
46、panys business continuity coordinator, Matthew is responsible for helping recruit members to the business continuity planning (BCP) committee. Which of the following does not correctly describe this effort?(分数:2.00)A.Committee members should be involved with the planning stages, as well as the testi
47、ng and implementation stages.B.The smaller the team the better, to keep meetings under control. C.The business continuity coordinator should work with management to appoint committee members.D.The team should consist of people from different departments across the company.解析:解析:B 正确。为了能表示组织内的每一个部门,业
48、务连续性计划(Business ContinuityPlanning,BCP)委员会的规模应该足够大。其成员必须由熟悉公司的不同部门的人组成,因为每个部门都有自己独特的功能,也面临各自不同的风险和威胁。最好的业务连续性计划是将所有问题和威胁都拿到桌面上来讨论。只由少量熟知一两个部门的人进行讨论的效果肯定不好。这个委员会至少应该由来自下列部门的代表组成:业务部门、高层管理、IT 部门、安全部门、通信部门和法律部门。 A 不正确。因为委员会成员应该参与到计划、测试、实施等各阶段的工作中。假如 BCP 协调人 Matthew 是一个优秀管理者,那么他应该懂得最好让团队成员对他们的任务和角色有一种主人
49、翁的责任感。制定业务连续性计划的人也应该是执行业务连续性计划的人。如果你知道在危急时刻需要执行一些关键任务,那么你在计划和测试阶段或许会更加注意这一点。 C 不正确。因为 BCP 协调人应该与管理层一起任命委员会成员,但管理层的参与却不仅限于此。BCP 团队应该与管理层一起制定这个计划的终极目标,确认在灾难发生时首先应该处理的关键业务内容,以及弄清部门和任务的优先级。管理层也需要帮助委员会团队确定项目的范围和特定目标。 D 不正确。因为委员会团队应该由来自公司不同部门的人构成。这是团队能够考虑到每个部门所面对的不同风险和威胁的唯一办法。3.A business impact analysis is considered a functional analysis. Which of the following is not carried out during a business impact analysis?(分数:2.00)A.A parallel or full-interruption test B.The application of a classification scheme based on criticality levelsC.The gathering of information via interviewsD.Documenta
