CompTIA Sec+ CH.9 - Resilience and Physical Security

continuity of operations

The ability of a business to continue to function in the event of a disaster.

geographic dispersion

ensures that a single disaster, attack, or failure cannot disable or destroy the organization

separation of servers

commonly used to avoid a single server rack being a point of failure

Multipath Networking

ensures that a severed cable or failed device will not cause a loss of connectivity

load balancing

makes multiple systems or services appear to be a single resource, allowing both redundancy and increased ability to handle loads by distributing them to more than one system.

clustering

describes groups of computers connected together to perform the same task

uninterruptible power supply (UPS)

an alternative power supply device that protects against the loss of power and fluctuations in the power level by using battery power to enable the system to operate long enough to back up critical data and safely shut down

Managed power distribution units (PDUS)

used to provide intelligent power management and remote control of power delivered inside server racks and other environments

redundant arrays of inexpensive disks (RAID)

An organization of disks that uses an array of small and inexpensive disks so as to increase both performance and reliability.

RAID 0 - striping

data is spread across all drives in the array; but not fault tolerant - all data is lost if drive is lost

RAID 1 - mirroring

all data is duplicated to another drive or drives; but uses twice the storage for the same amount of data

RAID 5 - striping with parity

Data is striped across drives, with one drive used for parity (checksum) of the data. Parity is spread across drives as well as data. At least 3 storage devices; can tolerate only a single drive failure at a time

RAID 10 - mirroring and striping

requires at least four drives, with drives added in pairs. data is mirrored, then striped across drives; combines advantages and disadvantages of both RAID 0 and RAID 1. Sometimes written as RAID 1+0

replication

focuses on either synchronous or asynchronous methods to copy live data to another location or device. Unlike backups that occur periodically in most designs, is always occurring as changes are made

recovery point objectives (RPOs)

The point in time at which a system's data must be restored after an outage

recovery time objectives (RTOs)

the target time set for resumption of information systems functions after an incident

snapshot

captures the full state of a system or device at the time the backup is completed

Virtual Desktop Infrastructure (VDI)

A presentation of a virtual desktop made to a client computer by a server that is serving up a virtual machine.

off-site storage

Alternate facility, other than the primary production site, where duplicated vital records and documentation may be stored for use during disaster recovery.

vertical scalability

requires a larger or more powerful system/device. can help when all tasks or functions need to be handled on the same system or infrastructure

horizontal scaling

uses smaller systems or devices but adds more of them

site considerations

the factors that must be taken into account when assessing a site to design an organization

hot sites

have all the infrastructure and data needed to operate the organization

warm sites

have some or all of the systems needed to perform the work required by the organization

cold sites

sites that have space, power, and often network connectivity but they are not prepared with systems or data

people, technology, infrastructure

three areas for capacity planning covered by the exam

tabletop exercises

Exercises that simulate an emergency situation but in an informal and stress-free environment.

simulation exercises

drills or practices in which personnel simulate what they would do in an actual event

parallel processing exercises

Move processing to a hot site or alternate/backup system or facility to validate that the backup can perform as expected.

failover exercises

test full failover to an alternate site or system, and they have the greatest potential for disruption but also provide the greatest chance to fully test in a real-world scenario

bollards

Short vertical posts that act as a barricade. Bollards block vehicles but not people.

mantrap

An entrance to a building or an area that requires people to pass through two doors with only one door opened at a time.

infrared sensors

Detect changes in infrared radiation that is often emitted by warm bodies like humans or animals.

pressure sensors

Activated whenever a specified minimum amount of weight is detected on the sensor that is embedded into the floor or a mat

microwave sensors

Detect movement in an area by emitting microwave pulses and measuring their reflection off moving objects

ultrasonic sensors

a device that can measure the distance to an object by using sound waves; used most commonly in applications where proximity detection is required

brute-force physical attack

includes breaking down doors, cutting off lock, or other examples of the simple application of force or determination to physical entry

RFID cloning attacks

work by cloning and RFID tag or card. Without physical observation these attacks are difficult to detect

environmental attacks

include attacks like targeting an organization's heating and cooling systems, maliciously activating a sprinkler system, and other similar actions