M3 - Business Resiliency and Continuity Planning

Questions and Answers

What is the main advantage of a full backup?

It requires the least amount of storage space.

It is less time-consuming than other backup types.

It is the quickest way to restore functionality.

It provides an exact copy of the entire database. (correct)

Which disaster recovery site type is immediately operational?

Hot Site (correct)

Warm Site

Cold Site

Remote Site

What differentiates a differential backup from an incremental backup?

It copies all changes since the last full backup. (correct)

It stores only one copy of backup.

It requires less storage space.

It is quicker to restore than incremental backup.

Which step is considered the most important in the disaster recovery planning process?

Test Plan

How does replication differ from mirroring?

Replication can occur at any time while mirroring occurs continuously.

What is the main difference between business continuity plans and disaster recovery?

Business continuity plans are more comprehensive and include non-IT aspects.

Which of the following classifications describes a disruption impact that can operate for an extended time if damaged?

Low

What does the Recovery Point Objective (RPO) represent?

The maximum threshold for data or dollars lost during an outage.

Which step in the Business Impact Analysis (BIA) involves identifying critical resources and processes that are most vulnerable?

Identify critical resources

Which metric assesses the amount of time until services are operational after a disruption?

Agreed Service Time (AST)

What is included in step four of the Business Impact Analysis (BIA)?

Estimate losses.

Which system availability control focuses on ensuring consistent power supply?

Uninterrupted Power Supply

In the context of disaster recovery, what is a long-term outage related to the destruction of resources referred to as?

Disaster Recovery

Study Notes

Business Resiliency

• Business resiliency is the ability for a business to continue operating or quickly return to operations after an event.
• Key components include business continuity plans, systems availability controls, and crisis management. Disaster recovery plans also play a key role.

Business Continuity Plans

• More comprehensive than disaster recovery, encompassing non-IT aspects.
• Key steps involve identifying key business processes, risks, acceptable downtime, and implementing mitigation/contingency plans.

Business Impact Analysis (BIA)

• A critical step in business continuity planning.

• Identifies how quickly business units can recover.

• Key steps include establishing an approach, identifying critical resources, defining disruption impacts, estimating losses, establishing recovery priorities, and creating a report.

• Disruptions are categorized as low, medium, or high impact based on downtime.

• Step 4: Estimating losses uses the following metrics:

  • Annualized Rate of Occurrence (ARO): Number of occurrences per relevant years
  • Exposure Factor (EF): Percentage damage to asset value
  • Single Loss Expectancy (SLE): EF * Asset Value
  • Annualized Loss Expectancy (ALE): SLE * ARO

• Step 5: Establishing Recovery Priorities evaluates system availability metrics, including:

  • Agreed Service Time (AST): Time until services are operational.
  • Minimal Downtime (DT): Time service isn't working.
  • Maximum Tolerable Downtime (MTD): Time without long-term consequences from an outage.
  • Recovery Point Objective (RPO): Max threshold for data/financial loss or inoperability.
  • Recovery Time Objective (RTO): Max time to restore business operations.
  • Mean Time to Repair (MTTR): Average time to restore operations.
  • Recovery Time Actual (RTA): Actual time to restore operations.
  • Recovery Point Actual (RPA): Actual time to recover to pre-event state.

System Availability Controls

• Measures to ensure systems remain operational include redundancy, system backups, uninterrupted power supplies, IT infrastructure controls, and physical security.

Crisis Management Plans

• Address unexpected, large-scale incidents.

Disaster Recovery

• Plans for long-term outages caused by resource destruction with a focus on IT systems.
• Outlines steps to resume operations.
• Example: storing duplicate files offsite.
• Key steps:
  • Assess risks.
  • Identify mission-critical applications/data.
  • Develop a plan for handling mission-critical items.
  • Determine who is responsible.
  • Thoroughly test the disaster recovery plan (most important step).

Disaster Recovery Sites

• Cold Site: No equipment in place. Recovery time: 1-3 days. Cheapest.
• Warm Site: Equipment on-site but not plugged in. Recovery time: 0-3 days. Moderately expensive.
• Hot Site: Equipment and operations in place. Immediately operational. Most expensive.

Backups

• Full Backup: Exact copy of the entire database. Very time-consuming. Fastest restoration. Common weekly practice.
• Incremental Backup: Copies changes since the last backup. Reflects one day of transactions.
• Differential Backup: Copies changes since the last full backup. Slower than incremental but simpler restoration. Stores 2 copies of backup.

Replication vs. Mirroring

• Replication: Transfers data to a secondary DB.
• Mirroring: Copies a database onto a machine at the same site.

Description

This quiz explores the concepts of business resiliency and continuity planning, focusing on the key components such as business continuity plans and business impact analysis (BIA). Understand how businesses can effectively prepare for and respond to disruptions. Test your knowledge on critical elements that support operational resilience and recovery strategies.