Chapter 9 - Resilience and Physical Security

Question 1

Continuity of Operations

Answer 1

Continuity of Operations means ensuring that operations will continue even if issues ranging from single system failures to wide-scale natural disasters occur.

Question 2

Geographic Dispersion

Answer 2

Geographic Dispersion of systems ensures that a single disaster, attack, or failure cannot disable or destroy them.

Question 3

Load Balancing

Answer 3

Load Balancing makes multiple systems or services appear to be a single resource, allowing both redundancy and increased ability to handle loads by distributing them to more than one system.

Question 4

Clustering

Answer 4

Clustering describes groups of computers connected together to perform the same task. Some examples include providing a front-end for a web application or grouping together worker nodes of a supercomputer.

Question 5

Platform Diversity

Answer 5

Platform Diversity is a means of building resilience into an infrastructure. Using different vendors, cryptographic solutions, platforms, and controls can make it more difficult for a single attack or failure to have system- or organization-wide impacts.

Question 6

Redundant Array of Inexpensive Disks (RAID)

Answer 6

RAID is a common solution to storage resiliency that uses multiple disks with data either striped (spread across disks) or mirrored (completely duplicated), and technology to ensure that data is not corrupted or lost (parity). RAID ensures that an array can handle one or more disk failures without losing data.

Question 7

RAID-0

Answer 7

RAID-0 offers striping, spreading data across all drives in the array. This allows for better I/O performance. This is NOT fault tolerant. All data is lost if a single drive is lost.

Question 8

RAID-1

Answer 8

RAID-1 offers mirroring, duplicating all data to another drive or drives in the array. This uses twice the amount of storage to ensure that data is still available if a drive fails. This solution also offers high read speeds.

Question 9

RAID-5

Answer 9

RAID-5 offers both striping and parity. Data is striped across the drives with one of the drives being used for parity (checksum) of the data. This solution can tolerate only a single drive failure at a time. Drive failures can be rebuilt as long as only a single drive fails. Data reads are fast while data writes are slightly slower.

Question 10

RAID-10

Answer 10

RAID-10 (requires at least four drives) offers both mirroring and striping. This means that data is perfectly duplicated across drives and a drive is also used for parity.

Question 11

Replication

Answer 11

Replication focuses on using either synchronous or asynchronous methods to copy live data to another location or device. Replication is always occurring as changes are made. Replication helps with multisite, multi-system designs, ensuring that changes are carried over to all systems or clusters that are part of an architecture.

Question 12

Journaling

Answer 12

Journaling creates a log of changes that can be reapplied if an issue occurs. Journaling is commonly used for databases and similar technologies that combine frequent changes with an ability to restore to a point in time. Journals should be backed up somewhere else as they are simply maintained on the source system.

Question 13

Snapshot

Answer 13

Snapshots capture the full state of a system or device at the time the backup is completed. Snapshots can be useful to clone systems, to go back in time to a point before a patch or upgrade was installed, or to restore a system state to a point before some other event occurred. Snapshots are common for virtual machines.

Question 14

Off-Site Storage

Answer 14

Off-Site Storage for backup media, either at a self-owned site or at a location provided by a third-party service provider, is a common form of geographic dispersion/diversity.

Question 15

Scalability

Answer 15

Scalability is a common design element and a useful response control for many systems in modern environments, where services are designed to scale across many servers instead of requiring a larger server to handle more workload.

Question 16

What are the two major categories of scalability?

Answer 16

1. Vertical Scalability: Requires a larger or more powerful system or device. This is commonly seen when all tasks or functions need to be handled on the same system or infrastructure. This can be very expensive to increase, particularly if the event that drives the need to scale is not ongoing or frequent, resulting in unused resources.
2. Horizontal Scalability: Uses smaller systems or devices but adds more of them. When designed correctly, a horizontally scaled system can take advantage of the ability to transparently add and remove more resources, allowing it to adjust as needs grow or shrink. This approach also provides opportunities for transparent upgrades, patching, and even incident response.

Question 17

Hot Sites

Answer 17

Hot Sites have all the infrastructure and data needed to operate the organization. Because of this, some organizations operate them full time, splitting traffic and load between multiple sites to ensure that the sites are performing properly.

Question 18

Warm Sites

Answer 18

Warm Sites have some or all of the systems needed to perform the work required by the organization, but the live data is not in place. Warm Sites are expensive to maintain because of the hardware costs, but they can reduce the total time to restoration because systems can be ready to go and mostly configured.

Question 19

Cold Sites

Answer 19

Cold Sites have space, power, and often network connectivity but they are not prepared with systems or data. This means that in a disaster an organization knows they would have a place to go but would have to bring or acquire hardware systems.

Question 20

What are the three main areas for Capacity Planning?

Answer 20

1. People: Where staffing and skillsets are necessary to deal with increased scale and disasters. Organizations typically ensure that they have sufficient staff to ensure that appropriate coverage levels exist.
2. Technology: This capacity planning focuses on understanding the technologies that an organization has deployed and its ability to scaled as needed. Some examples include the capacity capabilities of a web server tool, a load balancer, or a storage device’s throughput and read/write rates.
3. Infrastructure: Where underlying systems and networks may need to scale. This can include network connectivity, throughput, storage, and any other element of infrastructure that may be needed to handle either changing loads or to support disaster recovery and business continuity efforts.

Question 21

Tabletop Exercises

Answer 21

Tabletop Exercises use discussions between personnel assigned roles needed for the plan to validate the plan. This helps to determine if there are missing components or processes.

Question 22

Simulation Exercises

Answer 22

Simulation Exercises are drills or practices in which personnel simulate what they would do in an actual event.

Question 23

Parallel Processing Exercises

Answer 23

Parallel Processing Exercises move processing to a hot site or alternate/backup system or facility to validate that the backup can be performed as expected.

Question 24

Failover Exercises

Answer 24

Failover Exercises test full failover to an alternate site or system, and they have the greatest potential for disruption but also provide the greatest chance to fully test in a real-world scenario.

Question 25

Access Badges

Answer 25

Access Badges are often used for entry access via magnetic stripe and radio frequency ID (RFID) access systems.

Question 26

What are the four most common types of sensors?

Answer 26

1. Infrared: Rely on infrared light, or heat radiation. Inexpensive and good for detecting humans.
2. Pressure: Detect changes in pressure. Good for detecting when an object is moved through an area.
3. Microwave: Use a baseline for a room or space that is generated by detecting normal responses when the space is at a baseline. Typically more expensive and more sensitive than infrared sensors.
4. Ultrasonic: Uncommon in commercial security systems. Can be set off by machinery or other vibrations and can often have environmental effects on human occupants. Often used in situations where proximity detection is required.

Question 27

Radio Frequency Identification (RFID) Cloning

Answer 27

Radio Frequency Identification (RFID) Cloning attacks work by cloning an RFID tag or card. This can be difficult to catch if the RFID is the only identifier used.