CISSP DOMAIN 7: Security Operations

What is a BCP?

Long-term plan to ensure business continuity during disasters

What is Disaster Recovery (DR)?

Processes to recover from disasters

What is a DRP?

Short-term recovery plan (part of BCP)

What is COOP?

Plan to maintain operations during a disaster

What is Collusion?

Two or more people working together to bypass security

What is MTBF?

Average time between failures

What is MTTR?

Time required to repair a system

What is RAID?

Redundant disks for performance and fault tolerance

What is Disk Mirroring?

Exact copy of data across disks

What is Disk Striping?

Data spread across multiple disks for performance

What is RAID 0?

Striping, no fault tolerance

What is RAID 1?

Mirroring

What is RAID 5?

Striping with parity

What is Digital Forensics?

Identify, acquire, analyze, report evidence

What is Real Evidence?

Physical evidence

What is Evidence Integrity?

Ensuring evidence is unchanged (hashing)

What is Allocated Space?

Disk space actively holding data

What is Unallocated Space?

Disk space not actively used

What is Slack Space?

Residual space that may contain old data

What are Bad Blocks?

Damaged disk sectors

What is Network Forensics?

Monitoring and analyzing network traffic

What is Software Forensics?

Reverse engineering software

What is Egress Monitoring?

Monitoring outbound traffic to prevent data exfiltration

What is Electronic Discovery (eDiscovery)?

Legal discovery of digital evidence

What is an Event?

Observable change in state

What is an Alert?

Notification triggered by events

What are Incident Response phases?

Preparation, Detection, Response, Mitigation, Reporting, Recovery, Remediation, Lessons Learned

What is Signature-Based Detection?

Matches known attack patterns

What is Heuristic Detection?

Detects anomalies

What is SIEM?

Centralized logging and analysis system

What is SOAR?

Automated incident response platform

What is Application Whitelisting?

Only approved apps can run

What are Removable Media Controls?

Restrict external devices

What is a Honeypot?

Decoy system to attract attackers

What is a Honeynet?

Network of honeypots

What is Change Management?

Formal process for handling changes

What is an Incremental Backup?

Backs up changes since last backup

What is a Differential Backup?

Backs up changes since last full backup

What is Database Shadowing?

Real-time duplicate database

What is Electronic Vaulting?

Scheduled remote backups

What is Remote Journaling?

Sends transaction logs only

What is the DRP Lifecycle?

Mitigation, Preparation, Response, Recovery

What is a Redundant Site?

Fully duplicated environment

What is a Hot Site?

Ready-to-go site with near real-time data

What is a Warm Site?

Partially ready site (hours to restore)

What is a Cold Site?

Empty site (days/weeks to restore)

What is a Reciprocal Agreement Site?

Shared agreement between organizations

What is a Mobile Site?

Portable data center

What is a Cloud DR Site?

Cloud-based disaster recovery

What is a DRP Review?

Reviewing DR plan for gaps

What is a Read-Through?

Checklist review of DRP

What is a Simulation Test?

Simulated disaster exercise

What is Parallel Processing?

Running systems at primary and backup simultaneously

What is Partial Interruption?

Failover of one system

What is Full Interruption?

Full failover to backup site