MTD represents the time it takes to signify severe and irreparable damage to the reputation and bottom line of an organization; RTO values are smaller than MTD values; RTO assumes that there is a period of acceptable downtime.

〇：Declare the impact and consequences of the disaster.

The final step in the damage assessment is to declare the disaster. After the information from the damage assessment has been collected and evaluated, determine if the BCP actually needs to be activated. The BCP coordinator and team should determine the activation criteria before the disaster occurs.

×：Determine the cause of the disaster.

Determining the cause of the disaster is incorrect as it is the first step in the damage assessment process.

×：Identify resources that need to be replaced immediately.

Incorrect because identifying resources that need to be replaced immediately is not the last step in damage assessment.

×：Determine how long it will take to bring critical functions back online.

Incorrect because determining how long it will take to bring critical functions back online is the second-to-last step in damage assessment.

〇：Send a report labeled “No output”.

If there is nothing to report (nothing to report), you need to make sure the manager is aware that the report has no information and is not only to be held accountable.

×：Send an email notifying the manager that there is nothing to report.

It is not appropriate to suddenly keep a record of the report by e-mail, since the report is normally scheduled to be reported in the operation. Realistically, wouldn’t you be more endearing to your manager if you communicated with him or her every step of the way? No, I am not asking you to do that.

×：Re-submit last week’s report and submit the date of last week’s report as this week’s date.

Delivering last week’s report does not express that nothing was reported this week.

×：Nothing.

You are required to report that nothing happened.

〇：Restore the virus unpatched file version from the backup media.

The best practice is to install an unpatched, uninfected version of the file from the backup media. It is important to restore files that are known to be clean, as attempts to remove the files may corrupt them. The most important thing is not to spread the impact, but attempting to unilaterally delete files may make them unavailable for later investigation.

×：Replace the file with the file saved the previous day.

The file saved the previous day may also contain the virus.

×：Delete the file and contact the vendor.

This is an incorrect answer because the condition of this question is that if the file is deleted, the normal file content itself may be damaged.

×：Back up the data and delete the file.

This is an incorrect answer because backing up the data that contains the virus and deleting the file does not result in a clean situation.

〇：A change unanimously approved by the change control committee would be a step that does not require testing of the actual equipment.

This is a false choice question.

For different types of environmental changes, a structured change management process needs to be in place. Depending on the severity of the change requirement, the change and implementation may need to be presented to a change control committee. Change requests approved by the change control committee must be tested to discover any unintended consequences. This helps to demonstrate the purpose, consequences, and possible effects of the change in its various aspects. This means that just because a change has been approved by the change control board does not mean that it does not need to be tested. The change control board has mandated action on the change, and its appropriateness must be ensured by testing. Therefore, the correct answer is: “A change that is unanimously approved by the change control committee is a step that does not require testing on the actual equipment.” The result will be

×：Changes approved by the change control committee should be kept as a log of changes.

This is correct change management.

×：A rough schedule should be created during the planning phase of the change.

This is correct change management.

×：Proposed changes should be prioritized and reviewed.

This is correct change management.

〇：Software Escrow

If you do not have access to the software, but the developer may be out of business, you should plan for what to do after that out-of-business event. Software escrow means that the third party retains the source and compiled code, backup manuals, and other support materials. The agreement between the software vendor, the customer, and the third party would typically be that the customer would only have access to the source code when the vendor goes out of business and in the event of the vendor’s inability to fulfill its stated responsibilities or breach of the original agreement. The customer is protected because they can gain access to the source code and other materials through a third-party escrow agent.

×：Reciprocal Treatment Agreement

Although the term “reciprocal treatment agreement” does not exist, a close concept is mutual assistance agreements. A Mutual Assistance Agreement (MAA) is a promise to support each other in the event of a disaster by sharing facilities. There are times when you want to do something about a disaster, but you don’t have the funds to do it. In such a case, you can find a similar organization and agree to cooperate with each other in the event of a disaster.

×：Electronic Data Vault

Electronic data vaulting (e-vaulting) is the use of a remote backup service to electronically transmit backups off-site at regular intervals or when files are changed.

×：Business interruption insurance

Although the term business interruption insurance does not exist, it can be interpreted as a concept similar to insurance in the event of business interruption. Insurance is typically applied against financial risk. In this issue, software escrow is more appropriate because we want to continue access to the software.

〇：Differential Backup

Backups can be taken in full, differential, or incremental. Most files are not changed daily to save very much time and resources, and it is better to develop a backup plan that does not back up for data that is not continually changing. In backup software, when a file is modified or created, the file system sets the archive bit and the backup software determines if that file should be backed up. A differential backup backs up files that have changed since the last full backup.

×：Incremental Backup

An incremental backup backs up all data that has changed since the last backup.

×：Full Backup

A full backup backs up the entire database or the entire system.

×：Partial Backup

Not in the backup category.

Disasters are classified by cause into natural, human, and environmental categories. Natural disasters are natural, human errors are human, and facilities and equipment are environmental.

〇：Ensure that some systems are executed at the alternate site.

Parallel testing compares how some systems run at the alternate site and how the results are processed at the primary site. This is to assure that systems run at the alternate site and does not affect service productivity.

×：All departments will be sent a copy of the disaster recovery plan for completeness.

This alternative is incorrect because it describes a checklist test.

×：Representatives from each department meet to validate the plan.

This option is incorrect because it describes a structured walk-through test.

×：The normal operation system is taken down.

This option is incorrect because it describes a full interruption test.

〇：Clustering

Clustering is a fault-tolerant server technology in which servers are redundantly analogous. A server cluster is a group of servers that can be logically interpreted by users as one server and managed as a single logical system. Clustering provides availability and scalability. It helps to provide immunity to this group, physically distinct systems and failure and improved performance.

The problem statement is phrased in a difficult sentence. It would be difficult to derive the exact specific words from the phrase “logically coupled with a physically distinct group of systems.” In such questions, it is useful to use a process of elimination to derive options from the words that would be the point of the question. From the latter part, “technology that helps provide immunity to failure while also helping with scalability,” we can see that it is something that is both fault-tolerant and scalable. Fault tolerance alone does not narrow down the choices, but in terms of scalability features, clustering falls into this category. Therefore, the correct answer is “clustering.

×：Disk dupe

There is no such term. When presented with a seemingly incomprehensible sentence, you may consider the possibility that it is a word you probably do not know, given the time limit.

×：RAID

RAID (Redundant Array of Independent/Inexpensive Disks) is a technology for operating multiple hard disks as a single hard disk. It has a mechanism to improve physical redundancy by how the data to be recorded is written to the hard disks. This is not a technology system that ensures scalability.

×：Virtualization

Virtualization is a technology that makes it appear as if multiple operating systems are running on the system. Or, it is an environment that enables the construction of a real environment through simulation-like operations surrounding them. While virtualized environments allow for the construction of environments that provide fault tolerance and scalability, they do not match the operation of logically combining them with physically different groups of systems.

〇：Striping

RAID redundant arrays is a technology used for redundancy and performance. It combines multiple physical disks and aggregates them into a logical array; RAID appears as a single drive to applications and other devices. With striping, data is written to all drives. With this activity, data is split and written to multiple drives. Since multiple heads are reading and writing data at the same time, write and read performance is greatly improved.

×：Parity

Parity is used to reconstruct corrupted data.

×：Mirroring

Writing data to two drives at once is called mirroring.

×：Hot Swap

Hot swap refers to a type of disk found on most RAID systems. A RAID system with hot-swap disks allows the drives to be swapped out while the system is running. When a drive is swapped out or added, parity data is used to rebuild the data on the new disk that was just added.

RPO (Recovery Point Objective) is the target value for recovering data at a point in the past when a failure occurs. When a failure occurs, the data currently handled is lost. The lost data must be recovered from backups, but it is important to know how far in the past the backups are from the current point in time.

RTO (Recovery Time Objective) is a target value that defines when the data should be recovered in the event of a failure. In the event of a failure, the service must not be unavailable indefinitely. Failure response procedures and disaster drills must be implemented to establish a target value for the time from the occurrence of a failure to the startup of service.

〇：Information used to reconstruct data

RAID can improve system performance by providing fault tolerance to the hard drive and the data it holds. Redundancy and speed are provided by splitting the data and writing it to multiple disks, allowing different disk heads to operate simultaneously to retrieve the requested information. Control data is also distributed across each disk. This is called parity, and if one disk fails, the other disks can work together to recover the data.

×：Information used to create new data

This is incorrect because parity information is not used to create new data, but rather as instructions on how to recreate lost or corrupted data.

×：Information used to erase data

Parity information is not used to erase data. This is incorrect because it is used as instructions on how to recreate lost or corrupted data.

×：Information used to construct data

Parity information is not used to create data. Incorrect because it is used as instructions on how to recreate lost or corrupted data.

〇：MTTR

Mean Time to Repair (MTTR) is the average time it takes to repair a device and return it to pre-failure production. Using a redundant array as an example, MTTR is the time it takes to replace the failed drive after the actual failure is noticed and the time the redundant array has completed rewriting the information on the new drive. Therefore, the correct answer is MTTR.

×：SLA

Service Level Agreements (SLA) are agreements on service quality, such as usage volume and failure recovery.

×：Hot Swap

Hot swapping refers to replacing, attaching, or disconnecting parts, cables, etc. while equipment is still in operation.

×：MTBF

Mean Time Between Failures (MTBF) is the average time it takes for a device to fail after repair.

〇：Continuity of Operations Plan

A continuity of operations plan (COOP) establishes senior management and post-disaster headquarters. It also outlines roles and authorities and individual role tasks.Creating a COOP begins with an assessment of how the organization operates to identify mission-critical staff, resources, procedures, and equipment. Suppliers, partners, and contractors identify other companies with whom they routinely interact and create a list of these companies. Therefore, the correct answer is the Continuity of Operations Plan.

×：Cyber Incident Response Plan

Cyber Incident Recovery is a plan for recovery from a cyber attack.

×：Crew Emergency Plan

A Crew Emergency Plan is a plan for the smooth transition of a facility’s staff to a secure environment.

×：IT Contingency Plan

A contingency plan is a plan that outlines the measures to be taken in the event of an accident, disaster, or other emergency.

Disaster Recovery Planning includes the Mitigation, Preparedness, Response, and Recovery life cycles.

• Mitigation: Reduces the impact and likelihood of a disaster.
• Prepare: Create programs, procedures, and tools for response.
• Response: follow procedures and how to respond to a disaster.
• Recovery: re-establish basic functionality and return to a full production environment.

〇：RAID Level 3

RAID redundant arrays provide fault tolerance capability for hard drives and can improve system performance. Redundancy and speed are provided by splitting data and writing it to multiple disks, allowing different disk heads to operate simultaneously to retrieve requested information. At this time, recovery data is also created. This is called parity; if one disk fails, the parity data can be used to reconstruct the corrupted or lost information. Different levels of RAID systems experience different activities that provide fault tolerance or improved performance. RAID level 3 is a method that uses byte-level striping and dedicated parity disks.

×：RAID Level 0

Wrong because only striping occurs at level 0.

×：RAID Level 5

RAID 5 is incorrect because it uses block-level striping and interleaved parity on all disks.

×：RAID Level 10

Level 10 is incorrect because it is associated with striping and mirroring.

Archive bits are those that have been updated since the previous backup point in time. Full backups are full backups, so there is no need to be aware of where changes have occurred. Incremental backups also do not require awareness of change points because the backup portion is predetermined. Therefore, both clear the archive bit. However, differential backups do not clear the archive bit because only the changed part is known to be backed up.

〇：Representatives from each department meet and undergo validation.

Structured walk-through testing allows functional personnel to review the plan as it is fulfilled to ensure its accuracy and validity.

×：Ensures that some systems will run at alternate sites.

This is incorrect because it describes parallel testing.

×：Send a copy of the disaster recovery plan to all departments to verify its completeness.

This is incorrect because it describes a checklist test.

×：Take down the normal operation system.

This is incorrect because it describes a full interruption test.