After a production outage, which of the following documents contains detailed information on the order in which the system should be restored to service?
A. Succession planning
B. Disaster recovery plan
C. Information security plan
D. Business impact analysis
Correct Answer: B
A disaster-recovery plan, or scheme, helps an organization respond effectively when a disaster occurs. Disasters may include system failure, network failure, infrastructure failure, and natural disaster. The primary emphasis of such a plan is reestablishing services and minimizing losses.
Incorrect Answers:
A: Succession planning outlines those internal to the organization that has the ability to step into positions when they open. By identifying key roles that cannot be left unfilled and associating internal employees who can step into these roles, you can groom those employees to make sure that they are up to speed when it comes time for them to fill those positions.
C: Information security plan focusses on the integrity and confidentiality of documents.
D: A business impact analysis is part of the business continuity planning and focuses on evaluating the processes.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 29, 433-434, 454
Question 382:
When a communications plan is developed for disaster recovery and business continuity plans, the MOST relevant items to include would be: (Select TWO).
A. Methods and templates to respond to press requests, institutional and regulatory reporting requirements.
B. Methods to exchange essential information to and from all response team members, employees, suppliers, and customers.
C. Developed recovery strategies, test plans, post-test evaluation and update processes.
D. Defined scenarios by type and scope of impact and dependencies, with quantification of loss potential.
E. Methods to review and report on system logs, incident response, and incident handling.
Correct Answer: AB
A: External emergency communications that should fit into your business continuity plan include notifying family members of an injury or death, discussing the disaster with the media, and providing status information to key clients and stakeholders. Each message needs to be prepared with the audience (e.g., employees, media, families, government regulators) in mind; broad general announcements may be acceptable in the initial aftermath of an incident, but these will need to be tailored to the audiences in subsequent releases.
B: A typical emergency communications plan should be extensive in detail and properly planned by a business continuity planner. Internal alerts are sent using either email, overhead building paging systems, voice messages or text messages to cell/smartphones with instructions to evacuate the building and relocate at assembly points, updates on the status of the situation, and notification of when it's safe to return to work.
Incorrect Answers:
C: Recovery strategies are not included in the communications plan.
D: Analysis of impact, dependencies and loss potential are not included in the communications plan.
E: System logs, incident response, and incident handling are not included in the communications plan.
Ann is starting a disaster recovery program. She has gathered specifics and team members for a meeting on site. Which of the following types of tests is this?
A. Structured walkthrough
B. Full Interruption test
C. Checklist test
D. Tabletop exercise
Correct Answer: A
A structured walkthrough test of a recovery plan involves representatives from each of the functional areas coming together to review the plan to determine if the plan pertaining to their area is accurate and complete and can be implemented when required.
Incorrect Answers:
B: In a full interruption test, operations are shut down at the primary site and shifted to the recovery site in accordance with the disaster recovery plan.
C: In a checklist test disaster recovery checklists are distributed to all members of a disaster recovery team. The members are asked to review the checklist. This ensures that the checklist is still current, and that the assigned members of disaster recovery teams are still working for the company.
D: A tabletop exercise is a simulation of a disaster. A Tabletop Test is a test of the recovery plan in which actions are not actually performed.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 454-455
Question 384:
Pete, the system administrator, is reviewing his disaster recovery plans. He wishes to limit the downtime in the event of a disaster, but does not have the budget approval to implement or maintain an offsite location that ensures 99.99% availability. Which of the following would be Pete's BEST option?
A. Use hardware already at an offsite location and configure it to be quickly utilized.
B. Move the servers and data to another part of the company's main campus from the server room.
C. Retain data back-ups on the main campus and establish redundant servers in a virtual environment.
D. Move the data back-ups to the offsite location, but retain the hardware on the main campus for redundancy.
Correct Answer: A
A warm site provides some of the capabilities of a hot site, but it requires the customer to do more work to become operational. Warm sites provide computer systems and compatible media capabilities. If a warm site is used, administrators and other staff will need to install and configure systems to resume operations. For most organizations, a warm site could be a remote office, a leased facility, or another organization with which yours has a reciprocal agreement. Warm sites may be for your exclusive use, but they don't have to be. A warm site requires more advanced planning, testing, and access to media for system recovery. Warm sites represent a compromise between a hot site, which is very expensive, and a cold site, which isn't preconfigured.
Incorrect Answers:
B: Moving the servers from the server room is not a viable option.
C: The data backups should also be available away from the main campus.
D: This will result in just having the data backups and no hardware on which to work not 99.9% availability.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 36
Question 385:
A security administrator is reviewing the company's continuity plan. The plan specifies an RTO of six hours and RPO of two days. Which of the following is the plan describing?
A. Systems should be restored within six hours and no later than two days after the incident.
B. Systems should be restored within two days and should remain operational for at least six hours.
C. Systems should be restored within six hours with a minimum of two days worth of data.
D. Systems should be restored within two days with a minimum of six hours worth of data.
Correct Answer: C
The recovery time objective (RTO) is the maximum amount of time that a process or service is allowed to be down and the consequences still to be considered acceptable. Beyond this time, the break in business continuity is considered to
affect the business negatively. The RTO is agreed on during the business impact analysis (BIA) creation.
The recovery point objective (RPO) is similar to RTO, but it defines the point at which the system needs to be restored. This could be where the system was two days before it crashed (whip out the old backup tapes) or five minutes before it
crashed (requiring complete redundancy). As a general rule, the closer the RPO matches the item of the crash, the more expensive it is to obtain.
Incorrect Answers:
A: An RTO is six hours and not 2 days after the incident happened.
B: This implies an RTO of 2 days and an RPO of 6 hours.
D: Two days for a system restore should be an RTO of two days and not six hours as mentioned in the question.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 9, 456
Question 386:
Which of the following is being tested when a company's payroll server is powered off for eight hours?
A. Succession plan
B. Business impact document
C. Continuity of operations plan
D. Risk assessment plan
Correct Answer: C
Continuity of operations plan is the effort to ensure the continued performance of critical business functions during a wide range of potential emergencies.
Incorrect Answers:
A: Succession planning outlines those internal to the organization who have the ability to step into positions when they open. By identifying key roles that cannot be left unfilled and associating internal employees who can step into these roles, you can groom those employees to make sure that they are up to speed when it comes time for them to fill those positions.
B: A business impact analysis/document is part of the business continuity planning and focuses on evaluating the processes.
D: A risk assessment plan, like a business impact analysis forms part of the Business continuity plan and provides a company with an accurate picture of the situation it faces.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 432-434, 454 http://www.cio.com/article/2381021/best-practices/how-to-create-an-effective-business- continuity-plan.html
Question 387:
Corporate IM presents multiple concerns to enterprise IT. Which of the following concerns should Jane, the IT security manager, ensure are under control? (Select THREE).
A. Authentication
B. Data leakage
C. Compliance
D. Malware
E. Non-repudiation
F. Network loading
Correct Answer: BCD
In a joint enterprise, data may be combined from both organizations. It must be determined, in advance, who is responsible for that data and how the data backups will be managed. Data leakage, compliance and Malware issues are all issues
concerning data ownership and backup which are both impacted on by corporate IM.
Incorrect Answers:
A: Authentication is more concerned with legitimate, authorized access
E: Nonrepudiation prevents one party from denying actions that they carried out and in the electronic world nonrepudiation measures can be a two-key cryptographic system and the involvement of a third party to verify the validity. This
respected third party `vouches' for the individuals in the two-key system.
F: Networking loading would be a load balancing/ redundancy concern.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 262, 397
Question 388:
Upper management decides which risk to mitigate based on cost. This is an example of:
A. Qualitative risk assessment
B. Business impact analysis
C. Risk management framework
D. Quantitative risk assessment
Correct Answer: D
Quantitative analysis / assessment is used to the show the logic and cost savings in replacing a server for example before it fails rather than after the failure. Quantitative assessments assign a dollar amount.
Incorrect Answers:
A: Risk can also be calculated qualitatively and are subjective in nature.
B: A business impact analysis is the process of evaluating all of the critical systems in an organization to define impact and recovery plans. BIA isn't concerned with external threats or vulnerabilities; the analysis focuses on the impact a loss would have on the organization. A BIA comprises the following: identifying critical functions, prioritizing critical business functions, calculating a timeframe for critical systems loss, and estimating the tangible impact on the organization.
C: A risk management framework is an umbrella term that concerns all risk management best practices.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 17, 28-29
Question 389:
Which of the following risk concepts requires an organization to determine the number of failures per year?
A. SLE
B. ALE
C. MTBF
D. Quantitative analysis
Correct Answer: B
ALE is the annual loss expectancy value. This is a monetary measure of how much loss you could expect in a year.
Incorrect Answers:
A: SLE is a monetary value, and it represents how much you expect to lose at any one time: the single loss expectancy. SLE can be divided into two components: AV (asset value) and the EF (exposure factor).
C: The mean time between failures (MTBF) is the measure of the anticipated incidence of failure for a system or component. This measurement determines the component's anticipated lifetime.
D: Quantitative analysis is used to the show the logic and cost savings in replacing a server for example before it fails rather than after the failure.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 5, 8, 17 http://www.ciscopress.com/articles/article.asp?p=1998559andseqNum=2
Question 390:
Which of the following risks could IT management be mitigating by removing an all-in-one device?
A. Continuity of operations
B. Input validation
C. Single point of failure
D. Single sign on
Correct Answer: C
The major disadvantage of combining everything into one, although you do this to save costs, is to include a potential single point of failure and the reliance/ dependence on a single vendor.
Incorrect Answers:
A: Continuity of operation plan refers to policies, processes and methods that an organization has to follow to minimize the impact of failure of the key components needed for operations.
B: Input validation refers to secure coding and removing an all-in-one device is not mitigating an input validation problem. Rather you are mitigating a single point of failure problem.
D: Single sign-on is an authentication issue.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 30, 136, 432
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your JK0-022 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.