More on this book
Community
Kindle Notes & Highlights
Load-balancing software distributes traffic equally among all the servers in the web farm, typically located in a DMZ.
Some load balancers simply send new requests to the servers in a round-robin fashion. The load balancer sends the first request to Server 1, the second request to Server 2, and so on.
Some load balancers use source address affinity to direct the requests. Source affinity sends requests to the same server based on the requestor’s IP address.
Remember this Failover clusters are one method of server redundancy and they provide high availability for servers. They can remove a server as a single point of failure. Load balancing increases the overall processing power of a service by sharing the load among multiple servers. Configurations can be active-passive, or active-active. Scheduling methods include round-robin and source IP address affinity. Source IP address affinity scheduling ensures clients are redirected to the same server for an entire session.
Full backup. A full (or normal backup) backs up all the selected data. •Differential backup. This backs up all the data that has changed or is different since the last full backup. •Incremental backup. This backs up all the data that has changed since the last full or incremental backup. •Snapshots. A snapshot backup captures the data at a point in time. It is sometimes referred to as an image backup.
A full backup backs up all data specified in the backup.
A differential backup strategy starts with a full backup. After the full backup, differential backups back up data that has changed or is different since the last full backup.
An incremental backup strategy also starts with a full backup. After the full backup, incremental backups then back up data that has changed since the last backup. This includes either the last full backup, or the last incremental backup.
Remember this If you have unlimited time and money, the full backup alone provides the fastest recovery time. Full/incremental strategies reduce the amount of time needed to perform backups. Full/differential strategies reduce the amount of time needed to restore backups.
A snapshot backup captures the data at a moment in time. It is commonly used with virtual machines and sometimes referred to as a checkpoint.
Remember this Test restores are the best way to test the integrity of a company’s backup data. Backup media should be protected with the same level of protection as the data on the backup. Geographic considerations for backups include storing backups off-site, choosing the best location, and considering legal implications and data sovereignty.
a business continuity plan (BCP).
A business impact analysis (BIA) is an important part of a BCP. It helps an organization identify critical systems and components that are essential to the organization’s success.
Remember this The BIA identifies mission-essential functions and critical systems that are essential to the organization’s success. It also identifies maximum downtime limits for these systems and components, various scenarios that can impact these systems and components, and the potential losses from an incident.
Two tools that organizations can use when completing a BIA are a privacy threshold assessment and a privacy impact assessment.
The primary purpose of the privacy threshold assessment is to help the organization identify PII within a system.
If the system holds PII, then the next step is to conduct a privacy impact assessment. The impact assessment attempts to identify potential risks related to the PII by reviewing how the information is handled.
Remember this A privacy threshold assessment is typically a simple questionnaire completed by system or data owners. It helps identify if a system processes data that exceeds the threshold for PII. If the system processes PII, a privacy impact assessment helps identify and reduce risks related to potential loss of the PII.
The recovery time objective (RTO) identifies the maximum amount of time it can take to restore a system after an outage.
A recovery point objective (RPO) identifies a point in time where data loss is acceptable.
Remember this The recovery time objective (RTO) identifies the maximum amount of time it should take to restore a system after an outage. It is derived from the maximum allowable outage time identified in the BIA. The recovery point objective (RPO) refers to the amount of data you can afford to lose.
Mean time between failures (MTBF). The mean time between failures (MTBF) provides a measure of a system’s reliability and is usually represented in hours.
Mean time to recover (MTTR). The mean time to recover (MTTR) identifies the average (the arithmetic mean) time it takes to restore a failed system.
Continuity of operations planning focuses on restoring mission-essential functions at a recovery site after a critical outage.
A recovery site is an alternate processing site that an organization can use after a disaster. The three primary types of recovery sites are hot sites, cold sites, and warm sites.
A hot site would be up and operational 24 hours a day, seven days a week and would be able to take over functionality from the primary site quickly after a primary site failure.
Remember this A hot site includes personnel, equipment, software, and communication capabilities of the primary site with all the data up to date. A hot site provides the shortest recovery time compared with warm and cold sites. It is the most effective disaster recovery solution, but it is also the most expensive to maintain.
A cold site requires power and connectivity but not much else.
You can think of a warm site as the Goldilocks solution—not too hot and not too cold, but just right.
Remember this A cold site will have power and connectivity needed for a recovery site, but little else. Cold sites are the least expensive and the hardest to test. A warm site is a compromise between a hot site and a cold site. Mobile sites do not have dedicated locations, but can provide temporary support during a disaster.
and disaster recovery plans
Remember this A disaster recovery plan (DRP) includes a hierarchical list of critical systems and often prioritizes services to restore after an outage. Testing validates the plan. The final phase of disaster recovery includes a review to identify any lessons learned and may include an update of the plan.
A tabletop exercise (also called a desktop exercise or a structured walk-through) is discussion-based. A coordinator gathers participants in a classroom or conference room, and leads them through one or more scenarios.
Remember this You can validate business continuity plans through testing. Tabletop exercises are discussion-based only and are typically performed in a classroom or conference setting. Functional exercises are hands-on exercises.
B.
A.
B.
D.
A.
B.
A.
B.
B.
D.
A.
B.
D.
B.
C.
4.
