312-76 EC-Council Disaster Recovery Professional v3 (EDRP) Questions and Answers

Durability in PASIS (Pittsburgh Advanced Survivable Information Storage) ensures data remains recoverable despite node failures, using redundancy and encoding, enabling James to retrieve data post-earthquake.

Option B (Availability):Ensures access, not recovery after loss.

Option C (Reaction):Not a PASIS feature.

Option D (Integrity):Ensures data accuracy, not recovery.

“Durability in PASIS architecture guarantees data recovery from failed nodes through redundancy and encoding, enhancing survivability” (Module: Survivable Storage Systems, Section: PASIS Features).

Bootrec /RebuildBCD repairs the Boot Configuration Data (BCD) store, fixing boot manager corruption, as Matt needs for Windows Server 2012.

Option A (sfc /scannow):Scans system files, not boot-specific.

Option B (ntdsutil):Active Directory tool, not boot repair.

Option D (repadmin):Replication diagnostics, not boot-related.

“Bootrec /RebuildBCD in Windows recovery rebuilds the BCD store, resolving boot manager issues post-update” (Module: System Recovery, Section: Windows Recovery Commands).

Disaster Recovery Management refers to the processes, policies, and procedures an organization uses to restore systems, applications, and data to normal operating conditions after a disruptive event, within a prescribed and acceptable time frame.

Business Continuity Management (BCM)focuses on ensuring the overall continuation of business operations during and after a disruption, which includes but is not limited to IT recovery.

Risk Managementinvolves identifying, assessing, and mitigating risks but does not specifically address the restoration process.

Recovery Managementis a vague term and not a standard industry-specific term for this context.

Replication copies data from one server to another, ensuring consistency and availability, as described.

Option A (Failover Cluster):Switches to backups, not data copying.

Option B (Snapshots):Point-in-time copies, not server-to-server.

Option D (Cloud Storage):Storage method, not replication tech.

“Replication duplicates data across servers, supporting redundancy and recovery in distributed environments” (Module: Data Replication, Section: Replication Overview).

Recovery Time Objective (RTO) is the target time to restore a system (primary server) after a disruption, here four hours, to avoid exceeding the secondary server’s capacity.

Option A (WRT):Time to resume work post-recovery, not restoration time.

Option C (MTD):Maximum tolerable downtime, broader than RTO.

Option D (RPO):Data loss window, not recovery time.

“RTO defines the acceptable time to restore systems post-disaster, ensuring operations resume before secondary capacity is exceeded” (Module: Recovery Metrics, Section: RTO Definition).

Continuous Data Protection (CDP) is a technology that continuously captures and saves data changes in real time or near real time, allowing for granular restore points. Unlike traditional backups that occur at scheduled intervals, CDP tracks every change to data, enabling recovery to any point in time before a failure. In this context, CDP is the best fit as it facilitates real-time data capture and recovery.

Option B (Mirroring):Mirroring duplicates data across two or more storage devices for redundancy but doesn’t inherently capture real-time changes for multiple restore points.

Option C (Virtual Tape Library):A VTL emulates tape storage using disk-based systems, primarily for backup, not real-time change capture.

Option D (Disk-to-Disk):D2D refers to backing up data from one disk to another, typically at scheduled intervals, not in real time.

EDRP v3 discusses CDP as an advanced backup technology under data protection strategies, highlighting its role in minimizing data loss by providing continuous recovery points (Module: Data Backup and Recovery).

Qualitative Risk Assessment evaluates risks based on subjective likelihood (e.g., “high,” “low”) and impact, without precise numerical values, fitting Seth’s high-level probability approach.

Option A (Quantitative):Uses numerical data (e.g., percentages), not applicable here.

Option C (Semi-Qualitative):A hybrid, but Seth’s method is fully qualitative.

Option D (Semi-Quantitative):Combines numbers with qualitative, not evident here.

“Qualitative Risk Assessment prioritizes risks using descriptive scales (e.g., high, low) for probability and impact, ideal for resource-constrained planning” (Module: Risk Management, Section: Assessment Types).

Confidentiality in PASIS ensures data is protected from unauthorized access, using encryption and access controls, aligning with Jessie’s goal of restricting access to authorized employees.

Option A (Reaction):Not a PASIS feature.

Option C (Availability):Ensures access, not restriction.

Option D (Maintenance):Not a security feature.

“Confidentiality in PASIS architecture secures data against unauthorized access, employing encryption and controls to safeguard critical information” (Module: Survivable Storage Systems, Section: PASIS Features).

Global Load Balancing routes traffic across geographically distributed servers (e.g., London to Mumbai) to optimize performance and handle server loss, as described.

Option A (High-Availability):Ensures uptime, not geographic routing.

Option C (Failover):Switches to a backup, not load distribution.

Option D (Network Load Balancing):Local load sharing, not global.

“Global Load Balancing distributes traffic across global servers, mitigating slowdowns from server loss by rerouting effectively” (Module: System Resilience, Section: Traffic Management).

PASIS (Pittsburgh Advanced Survivable Information Storage) integrates Decentralized Storage Systems, Data Redundancy and Encoding, and Dynamic Self-Maintenance for survivable storage, as Matt researched.

Option A:Centralized, not PASIS’s decentralized focus.

Option B:Distributed computing is broader than storage-specific.

Option D:Centralized, contradicts PASIS principles.

“PASIS architecture combines decentralized storage, redundancy with encoding, and self-maintenance for robust, survivable data systems” (Module: Survivable Storage Systems, Section: PASIS Components).

Detailed Awareness Training targets key BCP execution staff, providing in-depth knowledge of framework, processes, and strategies, as described.

Option B (Simulation):Hands-on practice, not framework-focused.

Option C (Scenario):Scenario-based, not comprehensive training.

Option D (Introductory):Basic overview, not detailed.

“Detailed Awareness Training equips key BCP personnel with deep understanding of processes and strategies for effective execution” (Module: Training and Awareness, Section: Training Types).

Network Attached Storage (NAS) is a centralized storage solution connected to a network, allowing multiple users and devices to access and back up data efficiently. It’s ideal for Tom’s needs across multiple branches, offering centralized storage and simplified backup/recovery processes.

Option A (DAS):Direct Attached Storage is local to a single server, not centralized across a network.

Option C (PAS):This appears to be a typo; no such standard technology exists (possibly meant SAN or similar).

Option D (RAID):Redundant Array of Independent Disks enhances reliability but isn’t a centralized network solution.

EDRP v3 discusses NAS as a scalable, centralized storage option for backup and recovery in distributed environments (Module: Storage Technologies).

Risk Mitigation involves implementing measures (e.g., generator, malware protection) to reduce identified risks’ impact or likelihood, as Fred did.

Option A (Assessment):Evaluating risks, not acting.

Option B (Management):Broader process including mitigation.

Option C (Identification):Naming risks, not mitigating.

“Risk Mitigation applies specific actions to lessen the impact or probability of identified risks, such as power or email threats” (Module: Risk Management, Section: Mitigation Strategies).

Domain Controller Servers manage user accounts and security policies within a domain (e.g., Active Directory).

Option B (IIS):Web servers, not domain management.

Option C (File Servers):Store files, not security policies.

Option D (Global Catalog):Directory subset, not policy enforcement.

“Domain Controller Servers store account data and enforce domain security policies, central to network management” (Module: Server Management, Section: Server Roles).

Qualitative Risk Assessment uses descriptive scales (e.g., Very High to Very Low) based on subjective judgment and interaction, as Jonathan did.

Option A (Quantitative):Numeric values, not descriptive.

Option B (Semi-Quantitative):Combines numbers and descriptions, not purely qualitative.

Option C (Semi-Qualitative):Not a standard term, likely a typo.

“Qualitative Risk Assessment ranks risks using descriptive categories like ‘Very High’ to ‘Very Low’ based on observation and input” (Module: Risk Management, Section: Assessment Methods).

On-Premise Disk-Based Archiving uses local disk systems with tools for access and cataloging, incurring cooling and maintenance costs, as described.

Option A (Optical):Low cost, no cooling needs.

Option C (Legacy):Outdated systems, not specified here.

Option D (Cloud-Based):Offsite, minimal local maintenance costs.

“On-Premise Disk-Based Archiving offers accessible data cataloging with recurring costs for cooling and upkeep” (Module: Data Archiving, Section: Archiving Methods).

In the 3DR (Data Protection, Disaster Recovery, Doomsday Recovery) model, Remote Backup of Data Protection is termed the “doomsday recovery level,” representing the ultimate offsite safeguard against catastrophic loss.

Option A:Basic local protection, not doomsday-level.

Option B:Long-term storage, not recovery-focused.

Option C:General backup, not remote-specific.

“Remote Backup of Data Protection, dubbed the doomsday recovery level in 3DR, ensures data survival through offsite replication” (Module: Data Protection Strategies, Section: 3DR Model).

Risk Assessment evaluates risk factors and their interrelationships to understand potential threats, as described.

Option A (Risk Models):Tools for assessment, not the process.

Option B (Risk Management):Broader process including assessment.

Option C (Risk Mitigation):Reducing risks, not assessing them.

“Risk Assessment analyzes risk factors and their relationships to identify and prioritize threats for DR planning” (Module: Risk Management, Section: Assessment Definition).

Physical data loss occurs due to physical damage to storage media (e.g., James damaging the hard drive), making data unreadable, as described.

Option A (Logical):Software or file system issues, not physical damage.

Option B (Natural Disaster):Environmental events (e.g., flood), not accidental damage.

Option D (Data Corruption):Data alteration, not physical inaccessibility.

“Physical data loss results from hardware damage, such as a broken hard drive, rendering data inaccessible due to physical failure” (Module: Data Backup and Recovery, Section: Types of Data Loss).

Backup Integrity Testing is the process of verifying that backed-up data remains safe, secure, andreadable after operations such as updates, restores, or retrievals. This involves checking for corruption, ensuring data consistency, and confirming that the backup can be successfully restored. In disaster recovery, this is a critical step to ensure that backups are reliable when needed.

Option A (Database Authentication):Refers to verifying user access, not data integrity.

Option B (Database Consolidation):Involves merging databases, not testing backup integrity.

Option C (Database Integrity Testing):Focuses on database consistency, not specifically backup verification.

“Backup Integrity Testing ensures that data backups remain uncorrupted and usable post-operation. This process includes validation checks after updates or restores to guarantee recoverability, a key component of data protection strategies” (Module: Data Backup and Recovery, Section: Backup Validation Techniques).

An IIS Server (Internet Information Services) hosts websites on Windows, so corrupted hosting files indicate Fred needs to restore this server.

Option A (Application):Runs apps, not web hosting-specific.

Option C (Database):Stores data, not hosting files.

Option D (Catalog):Not a standard web hosting server.

“IIS Servers host web content; restoring them resolves issues with corrupted hosting files to restore site access” (Module: Server Management, Section: Web Server Recovery).

Latency is the time delay between a request and the system’s response, directly matching the question’s description.

Option A (Reaction):Not a technical term for delay.

Option B (Durability):Refers to data persistence, not response time.

Option C (Nonrepudiation):Ensures actions can’t be denied, unrelated to delay.

“Latency measures the delay in system response to requests, a critical factor in assessing recovery and performance” (Module: System Resilience, Section: Performance Metrics).

The Disaster Management Executive Committee oversees high-level planning, research, development, and implementation of the disaster recovery plan across the organization, fitting the described role.

Option A:General team, not specific to development/implementation.

Option C:Chairpersons lead, not execute development.

Option D:Coordinators manage execution, not full development.

“The Disaster Management Executive Committee directs research, development, and organization-wide implementation of the DR plan” (Module: Disaster Recovery Teams, Section: Team Roles).

A Team-wide BIA (Business Impact Analysis) evaluates interruptions specific to a department or team due to internal system failures, as described.

Option B (Organization-wide):Covers the entire organization, not department-specific.

Option C (Country-wide):Too broad, not system-focused.

Option D (Branch-wide):Branch-level, not necessarily team/department.

“Team-wide BIA assesses the impact of internal system failures on a specific department, tailoring continuity plans to team needs” (Module: Business Impact Analysis, Section: BIA Scope).

Grid Computing clusters computers in a distributed, parallel manner to solve large-scale problems, matching the question’s description.

Option A (Decentralized):Broad term, not specific to clustering.

Option C (Cloud Computing):Service-based, not necessarily parallel clustering.

Option D (Centralized):Opposite of distributed.

“Grid Computing leverages distributed, parallel clusters to process tasks collaboratively, enhancing computational resilience” (Module: Computing Models, Section: Grid Computing).

Risk Valuation assesses risk likelihood and impact (e.g., failure percentages), as Remy did by evaluating fire safety’s effect on investment risk.

Option A (RORAC):Financial return metric, not risk evaluation.

Option B (Value at Risk):Quantifies loss potential, not likelihood shift.

Option C (RAROC):Adjusts returns for risk, not direct evaluation.

“Risk Valuation estimates the probability and impact of risks, such as facility vulnerabilities, to inform investment decisions” (Module: Risk Management, Section: Risk Evaluation Methods).

RAID 0 splits data across drives (striping) for performance but offers no redundancy, requiring a minimum of two drives.

Option B:RAID 5 minimum, not RAID 0.

Option C/D:Higher RAID levels, not RAID 0.

“RAID 0 uses striping across at least two drives for speed, sacrificing redundancy for performance” (Module: Storage Technologies, Section: RAID Levels).

Load Balancing distributes web traffic across multiple servers (Zoe’s three) to optimize performance and prevent overload, as described.

Option A (Point in Time Recovery):Restores data, not traffic management.

Option C (Clustering):Groups servers for redundancy, not load distribution alone.

Option D (High-Availability):Ensures uptime, not necessarily load balancing.

“Load Balancing evenly distributes traffic across servers, enhancing efficiency and preventing crashes under high demand” (Module: System Resilience, Section: Traffic Management).

ISO 22301 is the standard for societal security in Business Continuity Management Systems (BCMS), ensuring resilience against disasters, as Jess desires.

Option A (ISO 27031):ICT continuity, not societal focus.

Option C (NFPA 1600):Disaster management, broader than BCMS.

Option D (ISO 27005):Risk management, not continuity-specific.

“ISO 22301, the societal security standard for BCMS, ensures robust continuity planning for disaster resilience” (Module: Business Continuity Management, Section: Standards).

Server Virtualization consolidates multiple physical servers into virtual machines on fewer hosts, reducing costs, optimizing resources, and lowering cooling needs, as Lisa requires.

Option A (VDI):Desktop-focused, not server optimization.

Option B (OS Virtualization):Container-based, less broad than server virtualization.

Option C (Replication):Duplicates servers, not cost-saving.

“Server Virtualization reduces physical server count, cutting maintenance and cooling costs while optimizing resource use” (Module: Virtualization and Recovery, Section: Server Virtualization Benefits).

A Mobile Recovery Center is a portable, transportable unit that can be deployed anywhere as a temporary operating environment post-disaster.

Option B (Crisis Command):Centralized coordination, not mobile.

Option C (Cold Site):Fixed, basic facility.

Option D (Colocation):Shared fixed data center.

“Mobile Recovery Centers provide a movable operating environment, deployable on transportable units for flexible recovery” (Module: Alternate Sites, Section: Mobile Solutions).

A vulnerability assessment follows a logical sequence:

d) List the threats that may occur– Identify potential threats first.

b) Estimate the probability of occurrence of each threat– Assess likelihood next.

a) Assess the potential impact of the threat on the organization– Evaluate impact after probability.

c) Assess the internal and external resources available to mitigate the identified threats– Finally, review mitigation resources.This order (d, b, a, c) ensures threats are identified before analyzing their likelihood, impact, and mitigation, aligning with standard risk assessment practices.

Option A (c, a, d, b):Starts with resources, illogical without threats.

Option C (b, d, c, a):Probability before listing threats is premature.

Option D (b, c, d, a):Probability and resources before threats is out of sequence.

“Vulnerability assessment begins with listing threats, followed by estimating probability, assessing impact, and evaluating mitigation resources in that order (d, b, a, c)” (Module: Risk Management, Section: Vulnerability Assessment Steps).

A Synthetic Backup combines a full backup with subsequent incremental backups to create an updated full backup, as described.

Option A (Incremental):Only changes, not combined with full.

Option B (Differential):Changes since last full, not synthesized.

Option D (Incremental Forever):Continuous incrementals, not full synthesis.

“Synthetic Backup merges a full backup with incrementals, creating an efficient, updated full copy for recovery” (Module: Data Backup and Recovery, Section: Backup Techniques).

Opportunity Cost is the value of the next best alternative forgone when choosing one option over others, directly matching the question’s definition.

Option A (BIA):Assesses disruption impacts, not alternatives.

Option C (Fixed Cost):A static expense, unrelated to choices.

Option D (Cost Benefit Analysis):Compares costs and benefits, not forgone gains.

“Opportunity Cost represents the potential benefit lost by choosing one recovery strategy over another, a key consideration in resource allocation” (Module: Risk Management, Section: Cost Analysis).

Offsite Backup stores data at a separate location (e.g., home or bunker) to protect against site-specific disasters, as described.

Option A (Near-line):Intermediate storage, not offsite-specific.

Option B (Onsite):Local, vulnerable to site issues.

Option C (Online):Cloud-based, not necessarily physical offsite.

“Offsite Backup safeguards data at remote locations, from simple offices to secure bunkers, against site-specific disasters” (Module: Data Backup and Recovery, Section: Backup Locations).

Network Attached Storage (NAS) is a dedicated server designed for file storage and sharing over a network, perfectly matching the question’s description.

Option A (Data Virtualization):Abstracts data access, not a server.

Option B (Cloud Storage):Offsite storage service, not a dedicated server.

Option C (SAN):Block-level storage network, not file-focused.

“NAS is a dedicated file storage and sharing server, accessible over networks, ideal for centralized data management” (Module: Storage Technologies, Section: NAS Overview).

Scalability refers to a system’s ability to handle increased demand by adding resources, such as Joan’s addition of virtual memory to accommodate traffic spikes and reduce delays.

Option A (Transparency):Hides system complexity, not resource expansion.

Option B (Openness):Relates to system accessibility, not capacity.

Option D (Monotonicity):A mathematical property, irrelevant here.

“Scalability enhances system performance by adding resources like memory or nodes to manage increased loads, critical for maintaining service levels” (Module: System Resilience, Section: Scalability Concepts).

Virtualization creates multiple logical servers on one physical server, as Matt did to maximize resources.

Option A (Mirroring):Data duplication, not server creation.

Option C (Deduplication):Reduces redundancy, not server-related.

Option D (Snapshot):Point-in-time copies, not logical servers.

“Virtualization enables multiple logical servers on a single physical host, optimizing resource use for cost-effective operations” (Module: Virtualization and Recovery, Section: Virtualization Basics).

The main objective of a Business Continuity (BC) test plan is to ensure the plan’s accuracy and relevance under adverse conditions, validating its effectiveness.

Option A:Secondary, not the primary goal.

Option C:Unplanned events may occur, but not the objective.

Option D:A consideration, not the main purpose.

“The primary objective of a BC test plan is to confirm its accuracy and relevance, ensuring it performs under disaster conditions” (Module: Testing Disaster Recovery Plans, Section: BC Testing Goals).

Distributed File System Replication (DFSR) synchronizes the SYSVOL folder across domain controllers in a Windows domain, ensuring consistency. The document’s answer (D) is incorrect; backups don’t synchronize live data.

Option A (Load Balancing):Distributes traffic, not file sync.

Option B (Failover):Switches to backups, not synchronization.

Option D (Data Backup):Copies data, not real-time sync.

“DFSR ensures SYSVOL synchronization across domain servers, maintaining uniform policy and file access” (Module: Server Management, Section: Domain Synchronization).

TheSYSVOL folderin a Windows domain environment contains critical data such as Group Policy objects and logon scripts, and it must be kept synchronized across multiple domain controllers within the same domain.Distributed File System Replication (DFSR)is the technology used in modern Windows Server environments (since Windows Server 2008 and later) to replicate and synchronize the SYSVOL folder across these servers. DFSR ensures that changes made to SYSVOL on one domain controller are efficiently replicated to others, maintaining consistency.

A. Load Balancing: This method distributes network or application traffic across multiple servers to optimize resource use and availability, but it does not handle file synchronization.

B. Failover: This refers to switching to a backup system in case of failure, not synchronizing data between servers.

D. Data Backup: This involves creating copies of data for recovery purposes, not real-time synchronization across servers.

Thus,Distributed File System Replication (DFSR)is the method that keeps the SYSVOL folder synchronized across multiple servers in the same domain.

The Protection Technologies Layer in a Recovery Management Model manages tools like replication and backup, ensuring hassle-free system recovery, as described.

Option B (Testing Simulation):Validates plans, not recovery execution.

Option C (Common Management):Coordinates, not tech-specific.

Option D (Analytics):Monitors, not recovery-focused.

“The Protection Technologies Layer controls replication and backup, enabling seamless system recovery post-disaster” (Module: Recovery Processes, Section: Recovery Management Model).