Home > Articles > Other IT Certifications > CISSP

  • Print
  • + Share This
This chapter is from the book

This chapter is from the book

Answers to Exam Prep Questions

  1. D. The protection of individual life is the number one priority of security management. Although answer A is important because a damage assessment needs to be made, the most important item is the protection of individual life. Answer B is incorrect because even though the control of critical assets is important, the number one consideration in disaster recovery should be the protection of life. Answer C is incorrect because, again, the protection of life should be your number one concern.
  2. B. Although the other groups listed have responsibilities in the BCP process, senior management is responsible for project initiation, overall approval, support, and is ultimately responsible and held liable. Answer A is incorrect because the functional business units are responsible for implementation, incorporation, and testing. Answer C is incorrect because the BCP team members are responsible for planning, day-to-day management, and implementation and testing of the plan. Answer D is incorrect because middle management is responsible for the identification and prioritization of critical systems.
  3. D. The recovery team plays a critical role in the disaster-recovery process because it is focused on the requirements to get an alternative site up and running. Answer A is incorrect because the salvage team is responsible for assessing the damage and determining what can be recovered after a disaster has occurred. Answer B is incorrect because the management team consists of the individuals in charge of the plan overall. Answer C is incorrect because IT management is responsible for day-to-day operations.
  4. B. The parties to this agreement must place their trust in the reciprocating organization to provide aid in the event of a disaster. However, the nonvictim might be hesitant to follow through if such a disaster occurred. None of the other answers represents a disadvantage because this is a low-cost alternative, it can be documented, and some tests to verify that it would work can be performed.
  5. C. Electronic vaulting makes a copy of data to a backup location. This is a batch process operation that functions to keep a copy of all current records, transactions, or files at an offsite location. Remote journaling is similar to electronic vaulting, except that information is processed continuously in parallel, so answer A is incorrect. Hierarchical storage management provides continuous online backup functionality, so answer B is incorrect. Static management is a distracter and is not a valid choice, so answer D is incorrect.
  6. A. A full interruption is the test most likely to cause its own disaster. All the other answers listed are not as disruptive, so answers B, C, and D are incorrect.
  7. C. A software escrow agreement allows an organization to obtain access to the source code of business critical software if the software vendor goes bankrupt or otherwise fails to perform as required. Answer A is incorrect because an escrow agreement does not provide the vendor with additional assurances that the software will be used per licensing agreements. Answer B is incorrect because an escrow agreement does not specify how much a vendor can charge for updates. Answer D is incorrect because an escrow agreement does not address compatibility issues; it grants access to the source code only under certain conditions.
  8. A. A BIA is a process used to help business units understand the impact of a disruptive event. Part of that process is determining the maximum outage time before the company is permanently crippled. The other answers are part of the BCP process but are not specifically part of the BIA portion, so answers B, C, and D are incorrect.
  9. D. Incremental backups take less time to perform but longer to restore. Answer A is incorrect because a full backup backs up everything and, therefore, takes the longest time to create. Answer B is incorrect because the term structured addresses how a backup is carried out, not the method used. Answer C is incorrect because a differential backup does not reset the archive bit. It takes increasingly longer each night, but would require a shorter period to restore because only two restores would be needed: the last full and the last differential.
  10. A. This tape-rotation scheme is named after a mathematical puzzle. It involves using five sets of tapes, with each set labeled A through E. Set A is used every other day. Set B is used on the first non-A backup day and is used every 4th day. Set C is used on the first non-A or non-B backup day and is used every 8th day. Set D is used on the first non-A, non-B, or non-C day and is used every 16th day. Set E alternates with set D. Answer B is incorrect because Son-father-grandfather is a distracter. Answer C is incorrect because complex does not refer to a specific backup type. Answer D is incorrect because grandfather-father-son includes four tapes for weekly backups, one tape for monthly backups, and four tapes for daily backups and does not match the description described in the question.
  11. D. The RPO is the earliest point at which recovery can occur. If the company has a low RPO, tape backup is acceptable because there is a low need to capture the most current data. If the backup occurs at midnight and the failure is at noon the next day, 12 hours of data has been lost. Answers A, B, and C are incorrect because each of these would be used when a higher RPO, or more current data, is required.
  12. B. The core issue here is that the company is an upstart that may not be around in a few years. If this were to happen, the company must protect itself so that it has access to the code. Escrow agreements allow an organization to obtain access to the source code of business-critical software if the software vendor goes bankrupt or otherwise fails to perform as required. Answers A, C, and D are incorrect because clustering and continuous backup do nothing to provide the company access to the source code should they cease to exist. Insurance is an option, but the expense is not necessary if the organization has rights and access to the code should something occur.
  • + Share This
  • 🔖 Save To Your Account