Question | Answer |
business continuity | ability of an organization to maintain its operation and services in the face of a disruptive event |
bia | business impact analysis |
bia | analyzes the most important mission critical business functions |
bia | identifying threats thru a risk assessment |
disaster recovery plan | IT contingency planning |
mttr | mean time to restore |
mttr | average time needed to reestablish services to their previous condition |
drp | disaster recovery plan |
drp | written document that details the process for restoring IT resources following an event that causes a significant disruption in service |
unit 1 | purpose and scope |
unit 2 | recovery team |
unit 3 | preparing for a disaster |
unit 4 | emergency procedures |
unit 5 | restoration procedures |
backout contingency option | the plan is put into place but does not appear to be working properly |
single point of failure | a component in a system,if no longer functions,will disable the entire system |
high availability | a system that can function for an extended period of time with little downtime |
sla | service level agreement |
redundant servers | refers to the practice of having a secondary computer system or network device that will take over when the primary server fails. |
server cluster | a combination of two or more servers that appear to be as one |
symmetric server cluster | every server in the cluster performs useful work and if one server fails the remaining servers continue to perform their normal work |
asymmetric server cluster | a technology exists in which a standby server exits only to take over for another server in event of a failure |
two types of server clusters | asymmetric symmetric |
asymmetric server cluster | are used to provide high availability applications that require a high level of read and write action |
symmetric cluster | every server in the cluster performs useful work |
mtbf | mean time between failures |
mtbf | refers to the average time until a component fails cannot be repaired and must be replaced |
total time measured divided by the total number of failures observed | calculating the mtbf |
mtbf rating | used to determine the number of spare hard drives that should be stored |
raid | redundant array of independent disks |
raid level 0 | striped disk array withoutr fault tolerance |
raid level 1 | mirroring |
raid level 5 | independent disks with distributed parity |
raid level 0+1 | high data transfer |
raid level 0 | minimum number of drives needed 2 |
raid level 1 | minimum number of drives needed 2 |
raid level 5 | minimum number of drives needed 3 |
raid level 0+1 | minimum number of drives needed 4 |
raid level 1 | data written twice to seperate drives |
raid level 0+1 | a mirrored array whose segments are riad 0 arrays |
raid level 0 | uses a striped disk array so that data is broken down into blocks and each block is written to a seperate disk drive |
raid level 5 | each entire data block is written on a data disk and parity for blocks in the same rank is generated and recorded on a seperate disk |
hot site | a duplicate of the production site and has all the equipment needed for an organization to continue running |
cold site | provides office space but the customer must provide equipment to continue running |
warm site | has equipment installed but not have active internet does not keep backups |
data backup | copying info to another medium and storing it offsite |
backup software | can internally designate which software needs to be backed up |
archive bit | any time the backup file is changed the bit is set to one |
full backup | starting point for all backups |
differential backup | back up any data that has changed since last backup |
incremental backup | back up any data that has changed since last full or incremental backup |
rto | recovery time objective |
rto | maximum length of time a that an organization can tolerate between backups |
rto | recovery time objective |
rto | length of time it takes to recover the data that has been backed up |
d2d2t | disk to disk disk to tape |
d2d2t | uses the magnetic disk as a tempoary storage area |
cdp | continuous data protection |
cdp | performs continuous data backups that can be restored immediately |
cdp | maintains a historical record of all the changes made to data by constantly monitoring all writes to the hard drive |
block level cdp | entire volume protected |
file level cdp | individual files protected |
application level cdp | individual application changes protected |
magnetic tape | good for high capacity backups |
disk to disk | hard drive may be subject to failure |
disk to disk to tape | good compromise of tape and disk to disk |
continuous data protection | for organizations that can not afford down time |
in order to a fire to occur you need | fuel |
in order to a fire to occur you need | oxygen |
in order to a fire to occur you need | heat |
in order to a fire to occur you need | chemical reaction |
fires are divided into five categories | class a |
fires are divided into five categories | class b |
fires are divided into five categories | class c |
fires are divided into five categories | class d |
fires are divided into five categories | class k |
water sprinkler systems | spray the area with pressurized water |
dry chemical systems | disperse a fine powder over the fire |
clean agent systems | do not harm people,documents or electrical equipment in the room |
van eck phreaking | form of eavesdropping in which special equipment is used to pick up telecommunication signals or data whichin a computer device by monitoring electromagnetic fields |
faraday cage | metallic enclosure that prevents the entry or escape of an electromagnetic field |
hot aisle cold aisle layout | server racks are lined up in alternating rows with cold air intakes facing one direction and hot air exhausts facing another |
plenums | air handling space above drop ceilings |
incident response procedures | include using forensic science and properly responding to a computer forensics event by using forensics procedures |
computer forensics | uses technology to search for computer evidence of a crime |
importance of computer forensics | amount of digital evidence |
importance of computer forensics | increased scruntiny by the legal profession |
importance of computer forensics | higher level of computer skills by criminals |
four basic steps in forensics | secure the crime scene |
four basic steps in forensics | collect the evidence |
four basic steps in forensics | establish a chain of custody |
four basic steps in forensics | examine the evidence |
order of volatility | different data sources have different degrees of preservation |
system image | snapshot of the current state of the computer that contains all current setings and data |
mirror image | bitstream backup |
mirror image | replicates all sectors of a computer hard drive,including all files and any hidden data storage area |
chain of custody | documents that the evidence was under strict control at all times and no one messed with it |
page file | a reserved portion of a hard disk that is used as an extension of random access memory (RAM) for data in RAM that hasn't been used recently. |
page file | used by Windows to hold temporary data which is swapped in and out of physical memory in order to provide a larger virtual memory set. |
slack | The space between the end of a file and the end of the disk cluster it is stored in |
ram slack | can contain any information that has been creaed,viewed,modified,downloaded,or copied since the computer was last booted |
file slack | it occurs naturally because data rarely fill fixed storage locations exactly, and residual data occur when a smaller file is written into the same cluster as a previous larger file. |
metadata | |