Cyber Resilience and Redundancy

Question 1

High Availability

Answer 1

● Aims to keep services continuously available by minimizing downtime
● Achieved through load balancing, clustering, redundancy, and multi-cloud
strategies

Question 2

Uptime

Answer 2

The time a system remains online, typically expressed as a percentage

Question 3

Five nines

Answer 3

Refers to 99.999% uptime, allowing only about 5 minutes of downtime
per year

Question 4

Six nines

Answer 4

Refers to 99.9999% uptime, allows just 31 seconds of downtime per year

Question 5

Load Balancing

Answer 5

Distributes workloads across multiple resources. Incoming requests are directed to capable servers

Question 6

Clustering

Answer 6

Uses multiple computers, storage devices, and network connections as a single system. Can be combined with load balancing for robust solutions

Question 7

Redundancy

Answer 7

Involves duplicating critical components to increase system reliability

Question 8

Multi-Cloud Approach

Answer 8

■ Distributes data, applications, and services across multiple cloud providers
■ Mitigates the risk of a single point of failure
■ Offers flexibility for cost optimization
■ Aids in avoiding vendor lock-in
■ Requires proper data management, unified threat management, and consistent
policy enforcement for security and compliance

Question 9

Strategic Planning

Answer 9

■ Proactive measures reduce the risk of service disruptions and downtime costs
■ Safeguard organizational continuity and reliability in a competitive environment

Question 10

RAID

Answer 10

Redundant Array of Independent Disks

Combines multiple physical storage devices into a single logical storage
device recognized by the operating system

Question 11

RAID 0

Answer 11

■ Provides data striping across multiple disks
■ Used for improved performance but offers no data redundancy
■ Multiple drives increase read and write speeds
■ Suitable for scenarios where performance is essential, and data redundancy is
not a concern

Question 12

RAID 1

Answer 12

■ Provides redundancy by mirroring data identically on two storage devices
■ Ensures data integrity and availability
■ Suitable for critical applications and maintains a complete copy of data on both
devices
■ Only one storage device can fail without data loss or downtime

Question 13

RAID 5

Answer 13

■ Utilizes striping with parity across at least three storage devices
■ Offers fault tolerance by distributing data and parity
■ Can continue operations if one storage device fails
■ Data reconstruction is possible but results in slower access speeds

Question 14

RAID 6

Answer 14

■ Similar to RAID 5 but includes double parity data
■ Requires at least four storage devices
■ Can withstand the failure of two storage devices without data loss

Question 15

RAID 10

Answer 15

■ Combines RAID 1 (mirroring) and RAID 0 (striping)
■ Offers high performance, fault tolerance, and data redundancy
■ Requires an even number of storage devices, with a minimum of four

Question 16

RAID Resilience Categories

Answer 16

■ Failure-resistant
● Resists hardware malfunctions through redundancy (e.g., RAID 1)

■ Fault-tolerant
● Allows continued operation and quick data rebuild in case of failure (e.g.,
RAID 1, RAID 5, RAID 6, RAID 10)

■ Disaster-tolerant
● Safeguards against catastrophic events by maintaining data in
independent zones (e.g., RAID 1, RAID 10)

Question 17

Capacity Planning

Answer 17

Ensures an organization is prepared to meet future demands in a cost-effective
manner

Question 18

Main aspects of Capacity Planning

Answer 18

1. People
2. Technology
3. Infrastructure
4. Processes

Question 19

Surges

Answer 19

Sudden, small increases in voltage beyond the standard level (e.g., 120V
in the US)

Question 20

Spikes

Answer 20

Short-lived voltage increases, often caused by short circuits, tripped
breakers, or lightning

Question 21

Sags

Answer 21

Brief decreases in voltage, usually not severe enough to cause system
shutdown

Question 22

Undervoltage Events (Brownouts)

Answer 22

Prolonged reduction in voltage, leading to system shutdown

Question 23

Power Loss Events (Blackouts)

Answer 23

Complete loss of power for a period, potentially causing data loss and
damage

Question 24

Line Conditioners

Answer 24

● Stabilize voltage supply and filter out fluctuations
● Mitigate surges, sags, and undervoltage events
● Unsuitable for significant undervoltage events or complete power failures

Question 25

UPS

Answer 25

Uninterruptible Power Supply ● Provide emergency power during power source failures ● Offer line conditioning functions ● Include battery backup to maintain power during short-duration failures ● Typically supply 15 to 60 minutes of power during a complete power failure

Question 26

PDC

Answer 26

Power Distribution Centers ● Central hub for power reception and distribution ● Includes circuit protection, monitoring, and load balancing ● Integrates with UPS and backup generators for seamless transitions during power events

Question 27

Onsite Backup

Answer 27

Storing data copies in the same location as the original data

Question 28

Offsite Backup

Answer 28

Storing data copies in a geographically separate location

Question 29

RPO

Answer 29

Recovery Point Objective Ensures that the backup plan will maintain the amount of data required to keep any data loss under the organization’s RPO threshold

Question 30

Snapshots

Answer 30

■ Point-in-time copies capturing a consistent state ■ Records only changes since the previous snapshot, reducing storage requirements ■ Use cases ● Valuable for systems where data consistency is critical, like databases and file servers

Question 31

Replication

Answer 31

Real-time or near-real-time data copying to maintain data continuity

Question 32

Journaling

Answer 32

Maintaining a detailed record of data changes over time

Question 33

COOP

Answer 33

Continuity of Operations Plan Ensures an organization's ability to recover from disruptive events or disasters

Question 34

BC Plan

Answer 34

Business Continuity Planning ● Plans and processes for responding to disruptive events ● Addresses a wide range of threats and disruptive incidents ● Involves preventative actions and recovery steps

Question 35

DRP

Answer 35

Disaster Recovery Plan ● Focuses on plans and processes for disaster response ● Subset of the BC Plan ● Focuses on faster recovery after disasters

Question 36

Business Continuity Committee

Answer 36

Comprises representatives from various departments (IT, Legal, Security, Communications, etc.) Determines recovery priorities for different events Identifies and prioritizes systems critical for business continuity

Question 37

Redundant Site

Answer 37

Backup location or facility that can take over essential functions and operations in case the primary site experiences a failure or disruption

Question 38

Hot Sites

Answer 38

● Up and running continuously, enabling a quick switchover ● Requires duplicating all infrastructure and data ● Expensive, but provides instant availability

Question 39

Warm Sites

Answer 39

● Not fully equipped, but fundamentals in place ● Can be up and running within a few days ● Cheaper than hot sites but with a slight delay

Question 40

Cold Sites

Answer 40

● Fewer facilities than warm sites ● May be just an empty building, ready in 1-2 months ● Cost-effective but adds more recovery time

Question 41

Mobile Sites

Answer 41

● Can be hot, warm, or cold ● Utilizes portable units like trailers or tents ● Offers flexibility and quick deployment (e.g., military DJC2)

Question 42

Platform Diversity

Answer 42

■ Critical for effective virtual redundant sites ■ Diversify operating systems, network equipment, and cloud platforms ■ Reduces the risk of a single point of failure ■ Ensures resilience and adaptability in case of disruptions

Question 43

Virtual Sites

Answer 43

Leveraging cloud-based environments for redundancy

Question 44

Tabletop Exercises

Answer 44

■ Scenario-based discussion among key stakeholders ■ Assess and improve an organization's preparedness and response ■ No deployment of actual resources

Question 45

Failover Tests

Answer 45

■ Controlled experiment for transitioning from primary to backup components ■ Ensures uninterrupted functionality during disasters

Question 46

Simulations

Answer 46

■ Computer-generated representation of a real-world scenario ■ Allows for hands-on response actions in a virtual environment

Question 47

Parallel Processing

Answer 47

Replicates data and system processes onto a secondary system