1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 229
Выбрать главу

3. Regarding contingency planning, which of the following IT platforms requires vendor service-level agreements?

a. Desktop computers

b. Servers

c. Distributed systems

d. Wide-area networks

3. d. A wide-area network (WAN) is a data communications network that consists of two or more local-area networks (LANs) that are dispersed over a wide geographical area. WAN communication links, usually provided by a public carrier, enable one LAN to interact with other LANs. Service-level agreements (SLAs) can facilitate prompt recovery following software or hardware problems associated with the network. An SLA also may be developed with the network service provider (NSP) or the Internet service provider (ISP) to guarantee the desired network availability and establish tariffs if the vendor’s network is unavailable. Desktop computers, servers, and distributed system are not as complicated as WANs requiring SLAs.

4. Regarding business continuity planning (BCP) and disaster recovery planning (DRP), which of the following contingency solutions for wide-area networks (WANs) increases vulnerability to hackers?

a. Redundant communication links

b. Multiple network service providers

c. Multiple Internet connections

d. Redundant network connecting devices

4. c. It is true that multiple Internet connections increase a network’s vulnerability to hackers. But at the same time, multiple Internet connections provide redundancy, meaning that if one connection were to fail, Internet traffic could be routed through the remaining connection. So, there is a trade-off between security and availability.

The other three choices are not vulnerable to hackers. Redundant communication links can include two T-1 connections or the backup link. Multiple network service providers (NSPs) and the Internet service providers (ISPs) providing a robust and reliable service from their core networks. Redundant network connecting devices such as routers, switches, and firewalls can create high availability.

5. Regarding BCP and DRP, which of the following IT platforms typically provide some inherent level of redundancy?

a. Mainframe systems

b. Distributed systems

c. Desktop computers

d. Websites

5. b. Distributed systems use the client-server relationship model to make the application more accessible to users in different locations, and they rely extensively on LAN and WAN connectivity. Because all data resides at a company’s headquarters location and is replicated to the local sites, the distributed system provides some inherent level of redundancy. The other three choices cannot provide that kind of redundancy.

6. Which of the following IT contingency solutions provides recovery time objectives (RTOs) ranging from minutes to several hours?

a. Synchronous mirroring

b. Asynchronous shadowing

c. Single location disk replication

d. Multiple location disk replication

6. a. Disk replication can be implemented locally or between different locations. Disk replication techniques are classified as synchronous or asynchronous. With synchronous mirroring, the recovery time objectives (RTOs) can be minutes to several hours (for shorter time periods), and hence should be used for applications that can accept little or no data loss. With asynchronous shadowing, the RTO can range from several hours to a day (for longer time periods), depending on the time that is required to implement the changes in the unapplied logs. Disk replication involves two different disks to ensure that two valid copies of the data are always available.

7. The IT operations management of KPQ Corporation is concerned about the reliability and availability data for its four major, mission-critical information systems that are used by business end-users. The KPQ corporate management’s goal is to improve the reliability and availability of these four systems in order to increase customer satisfaction both internally and externally. The IT operations management collected the following data on downtime hours that include scheduled maintenance hours and uptime hours for all these systems. Assume 365 operating days per year and 24 hours per day for all these systems. The KPQ functional management thinks that the security goal of availability is more important in ensuring the continuity of business operations than the confidentiality and integrity goals. This is because the availability goal will ensure timely and reliable access to and use of system-related data and information, as it is an indicator of quantity of service. System Downtime, hours Uptime, hours 1 200 8,560 2 150 8,610 3 250 8,510 4 100 8,660

Which of the following systems has the highest availability in a year expressed in percentages and rounded up?

a. System 1

b. System 2

c. System 3

d. System 4

7. d. System 4 has the highest availability percentage. Theoretically speaking, the lower the downtime for a system, the higher the availability of that system, and higher the reliability of that system, and vice versa. In fact, this question does not require any calculations to perform because one can find out the correct answer just by looking at the downtime and uptime data given in that the lower the downtime hours, the higher the uptime hours, and the higher the availability of the system, and vice versa. System Availability, percent Reliability, percent 1 97.7 97.7 2 98.3 98.3 3 97.1 97.1 4 98.9 98.9

Calculations for System 1 are shown below and calculations for other systems follow the System 1 calculations.

Availability for System 1 =

[Uptime/(Uptime + Downtime)] × 100 = [(8,560/8,760)] × 100 = 97.7%

Reliability for System 1 =

[1 − (Downtime/Downtime + Uptime)] × 100 = [1 − (200/8,760)] × 100 = 97.7%

Check: Reliability for System 1 =

100 − (100 − Availability percent) = 100 − (100 − 97.7) = 97.7%

This goes to say that the availability and reliability goals are intrinsically related to each other, where the former is a component of the latter.

8. Regarding BCP and DRP, redundant array of independent disk (RAID) does not do which of the following?

a. Provide disk redundancy

b. Provide power redundancy

c. Decrease mean-time-between-failures

d. Provide fault tolerance for data storage

8. b. Redundant array of independent disk (RAID) does not provide power redundancy and should be acquired through an uninterruptible power supply system. However, RAID provides the other three choices.

~ 229 ~