第六章灾难恢复与业务连续性计划

第六章：灾难恢复与业务连续性计划C6-1Duringanaudit,anISauditornotesthatanorganization'sbusinesscontinuityplan(BCP)doesnotadequatelyaddressinformationconfidentialityduringarecoveryprocess.TheISauditorshouldrecommendthattheplanbemodifiedtoinclude:A.thelevelofinformationsecurityrequiredwhenbusinessrecoveryproceduresareinvoked.B.informationsecurityrolesandresponsibilitiesinthecrisismanagementstructure.C.informationsecurityresourcerequirements.D.changemanagementproceduresforinformationsecuritythatcouldaffectbusinesscontinuityarrangements.6-1在审计中，一个IS审计师注意到一个组织的业务持续计划不能适当解决恢复过程中的信息机密性。这个IS审计师应该推荐计划被修改：A.当业务恢复进程被启用时信息安全所需要的层次B.在危机管理架构中的信息安全角色和责任C.信息安全资源需求D.信息安全的改变管理进程可能会影响业务持续安排ABusinessshouldconsiderwhetherinformationsecuritylevelsrequiredduringrecoveryshouldbethesame,lowerorhigherthanwhenbusinessisoperatingnormally.Inparticular,anyspecialrulesforaccesstoconfidentialdataduringacrisisneedtobeidentified.Theotherchoicesdonotdirectlyaddresstheinformationconfidentialityissue.答案A解析：.业务应该考虑是否在恢复时需要相同的安全级别，或者比平时的低或者高。特别的是，一些在紧急时候访问加密数据的规则需要被辨识。其他选项并不直接解决信息机密性问题。C6-2Duringadisasterrecoverytest,anISauditorobservesthattheperformanceofthedisasterrecoverysite'sserverisslow.Tofindtherootcauseofthis,theISauditorshouldFIRSTreviewthe:A.eventerrorloggeneratedatthedisasterrecoverysite.B.disasterrecoverytestplan.C.disasterrecoveryplan(DRP).D.configurationsandalignmentoftheprimaryanddisasterrecoverysites.6-2在灾难恢复测试中，一个IS审计师发现灾难恢复站点的服务器缓慢，为了找出根本原因，信息系统审计师应该首先审查：A.灾难备份点的事件错误日志生成B.灾难备份测试计划C.灾难备份计划D.配置并确保主站与和灾难备份点保持一致DSincetheconfigurationofthesystemisthemostprobablecause,theISauditorshouldreviewthatfirst.Iftheissuecannotbeclarified,theISauditorshouldthenreviewtheeventerrorlog.Thedisasterrecoverytestplanandthedisasterrecoveryplan(DRP)wouldnotcontaininformationaboutthesystemconfiguration.答案D解析：.既然系统配置是最可能的原因，IS审计师因为首先检查。如果问题不能被澄清，IS审计师检查事件错误日志。灾备测试计划灾备计划不应该包含系统配置的信息。C6-3WhichofthefollowingistheGREATESTriskwhenstoragegrowthinacriticalfileserverisnotmanagedproperly?A.BackuptimewouldsteadilyincreaseB.BackupoperationalcostwouldsignificantlyincreaseC.StorageoperationalcostwouldsignificantlyincreaseD.Serverrecoveryworkmaynotmeettherecoverytimeobjective(RTO)6-3当一个关键的文件服务器存储量增长没有被合理的管理，哪个是最大的风险？A.备份时间将持续增加B.备份操作成本将会显著增加C.存储操作成本将会显著增加D.服务器恢复将不能满足RTO的要求DIncaseofacrash,recoveringaserverwithanextensiveamountofdatacouldrequireasignificantamountoftime.Iftherecoverycannotmeettherecoverytimeobjective(RTO),therewillbeadiscrepancyinITstrategies.It'simportanttoensurethatserverrestorationcanmeettheRTO.Incrementalbackupwouldonlytakethebackupofthedailydifferential,thusasteadyincreaseinbackuptimeisnotalwaystrue.ThebackupandstoragecostsissuesarenotassignificantasnotmeetingtheRTO.答案D解析：.如果发生故障，恢复具有一些数据的服务器将会需要一个明显的时间点。如果恢复不能满足目标恢复时间，将会在IT策略上产生差异。保证服务器恢复符合RTO非常重要。增量备份将只备份每天的差异，这样一个稳固的备份时间增长是不正确的。备份和存储成本并不象不符合RTO那样重要。C6-4Anorganizationhasarecoverytimeobjective(RTO)equaltozeroandarecoverypointobjective(RPO)closetoIminuteforacriticalsystem.Thisimpliesthatthesystemcantolerate:A.adatalossofupto1minute,buttheprocessingmustbecontinuous.B.a1-minuteprocessinginterruptionbutcannottolerateanydataloss.C.aprocessinginterruptionofIminuteormore.D.bothadatalossandaprocessinginterruptionlongerthanIminute.6-4一个组织有一个目标恢复时间接近于0，一个目标恢复点至于关键系统接近1分站。这暗示系统能承受：A.数据丢失最多1分钟，但是进程是持续的B.1分钟的进程中断，但是不能容忍数据丢失C.一分钟或更多的进程中断D.数据丢失和进程中断都超过1分钟ATherecoverytimeobjective(RTO)measuresanorganization'stolerancefordowntimeandtherecoverypointobjective(RPO)measureshowmuchdatalosscanbeaccepted.ChoicesB,CandDareincorrectsincetheyexceedtheRTOlimitssetbythescenario.答案A解析：.RTO衡量一个组织对宕机时间的容忍度，RPO衡量多少数据丢失可以被接收。选项B，C，D不正确因为他们超过了这个场景的RTO限制。C6-5WhichofthefollowingissuesshouldbetheGREATESTconcerntotheISauditorwhenreviewinganITdisasterrecoverytest?A.Duetothelimitedtesttimewindow,onlythemostessentialsystemsweretested.Theothersystemsweretestedseparatelyduringtherestoftheyear.B.Duringthetestitwasnoticedthatsomeofthebackupsystemsweredefectiveornotworking,causingthetestofthesesystemstofail.C.Theprocedurestoshutdownandsecuretheoriginalproductionsitebeforestartingthebackupsiterequiredfarmoretimethanplanned.D.Everyyear,thesameemployeesperformthetest.Therecoveryplandocumentsarenotusedsinceeverystepiswellknownbyallparticipants.6-5以下哪个问题是IT审计师审计灾备测试时最关注的？A.因为测试时间限制，只对最必要的系统进行测试，其他系统可在年内其他时间进行测试。B.在测试中注意到一些备份系统有缺陷或无法正常工作，导致系统测试失败。C.在开始备份前关闭和保护原站点的程序所需时间远远超过计划所需要的时间。D.每年都是由相同的人员进行测试。因为这些人员了解每一个步骤，所以没有使用恢复计划文档。DAdisasterrecoveryshouldnotrelyonkeystaffsinceadisastercanoccurwhentheyarenotavailable.Itiscommonthatnotallsystemscanbetestedinalimitedtesttimeframe.Itisimportant,however,thatthosesystemswhichareessentialtothebusinessaretested.andthattheothersystemsareeventuallytestedthroughouttheyear.Oneaimofthetestistoidentifyandreplacedefectivedevicessothatallsystemscanbereplacedinthecaseofadisaster.ChoiceBwouldonlybeaconcernifthenumberofdiscoveredproblemsissystematicallyveryhigh.Inarealdisaster,thereisnoneedforacleanshutdownoftheoriginalproductionenvironmentsincethefirstpriorityistobringthebackupsiteup.答案D解析：一个灾备测试应该测试计划，进程，人力和IT系统。所以，如果计划没有被使用，它的准确性和充分性不能被保证