ELITE FRAMEWORK
🧩 1️⃣ Nature of the Disaster
| Concept | Technical Definition | Purpose / Big Picture | Simple Example | Root-of-Question Pattern |
|---|---|---|---|---|
| Natural Disasters | Events caused by nature that disrupt operations and infrastructure. | Test organizational resilience and ability to recover physical and digital assets. | Earthquakes, floods, hurricanes, pandemics. | “Which of the following disasters would MOST likely require geographic redundancy?” |
| Earthquakes | Sudden ground movement causing physical destruction. | Threatens data centers and on-prem assets; demands seismic-safe design and offsite backups. | Regional DC in California with offsite DR in Texas. | “Which mitigation strategy BEST protects from regional seismic events?” |
| Floods | Water damage from natural or accidental causes. | Threatens power and cabling; highlights need for raised floors and waterproofing. | Server room flooded due to heavy rain. | “Which control is MOST effective against flood damage?” |
| Storms / Fires / Pandemics / Other Events | Environmental or health-related disruptions affecting availability or workforce. | Ensure BCP covers alternate facilities and remote workforce continuity. | COVID-19 remote work strategy; fire suppression systems. | “Which control ensures operational continuity during pandemic-scale disruptions?” |
| Human-Made Disasters | Disruptions caused by human error or intent. | Covers everything from malicious acts to accidental damage; emphasizes layered controls and incident response. | Power outage, vandalism, cyberattack. | “Which incident type requires both physical and logical access review?” |
| Acts of Terrorism / Bombings | Intentional physical attacks to disrupt operations. | Necessitates geographic separation of critical systems and personnel. | DC in one region, backup in another country. | “Which control MOST directly mitigates simultaneous loss of personnel and systems?” |
| Power Outages / Infrastructure Failures | Failure of supporting systems (electricity, network). | Drives need for UPS, generators, redundant ISPs. | Data center backup power generator activation. | “Which component ensures continuity during short-term utility loss?” |
| Hardware/Software Failures | Component or OS failures leading to downtime. | Motivates use of redundancy, clustering, backups, and patch management. | RAID array rebuild; hot-swappable disk. | “Which strategy provides fault tolerance against hardware failure?” |
| Strikes, Theft, Vandalism | Human factors that interrupt services or cause damage. | Necessitates HR policies, physical access control, insurance, and incident response plans. | Labor strike or equipment theft. | “Which is the MOST effective nontechnical mitigation for vandalism risk?” |
⚙️ 2️⃣ System Resilience, Fault Tolerance, and High Availability
| Concept | Technical Definition | Purpose / Big Picture | Simple Example | Root-of-Question Pattern |
|---|---|---|---|---|
| Single Point of Failure (SPOF) | A component whose failure causes entire system failure. | Identifying SPOFs is essential for designing fault-tolerant architectures. | One database with no replication. | “Which of the following eliminates a single point of failure?” |
| System Resilience | System’s ability to continue operations under stress or failure. | Balances redundancy, recovery, and adaptability to ensure uptime. | Auto-failover for load-balanced web apps. | “Which feature MOST contributes to system resilience?” |
| Fault Tolerance | The capability to continue operation even when components fail. | Key for mission-critical services requiring zero downtime. | Dual power supplies; RAID-1 mirror. | “Which design provides the HIGHEST fault tolerance?” |
| High Availability (HA) | System design minimizing downtime through redundancy and monitoring. | Ensures uptime and service continuity as per SLA. | Active-passive web servers with heartbeat monitoring. | “What is the PRIMARY objective of high availability architecture?” |
💽 3️⃣ Protecting Hard Drives — RAID Configurations
| Concept | Technical Definition | Purpose / Big Picture | Simple Example | Root-of-Question Pattern |
|---|---|---|---|---|
| RAID (Redundant Array of Independent Disks) | Method of combining multiple disks for redundancy or performance. | Balances availability, performance, and cost for critical data. | RAID-5 parity array in file server. | “Which RAID level provides fault tolerance with parity?” |
| RAID-0 | Striping across disks, no redundancy. | Maximizes performance, no fault tolerance. | Used for temporary or noncritical data. | “Which RAID offers the BEST performance but NO fault tolerance?” |
| RAID-1 | Disk mirroring (exact copies). | Full redundancy, simple recovery. | Two disks with identical content. | “Which RAID provides COMPLETE redundancy?” |
| RAID-5 | Striping with distributed parity. | Balances speed, cost, and fault tolerance. | Three or more disks, one disk failure tolerated. | “Which RAID tolerates single disk failure and uses parity?” |
| RAID-6 | Striping with dual parity. | Survives two disk failures. | Database server needing high resilience. | “Which RAID allows TWO simultaneous disk failures?” |
| RAID-10 | Stripe of mirrors (RAID-1 + RAID-0). | Combines high speed and redundancy, expensive. | Four-disk enterprise array. | “Which RAID provides both mirroring and striping for maximum performance and fault tolerance?” |
| Software vs Hardware RAID | Software managed via OS; hardware managed via dedicated controller. | Hardware RAID faster, more reliable; software cheaper but CPU intensive. | OS-based RAID on Linux vs hardware RAID controller. | “Which RAID type consumes host CPU resources?” |
🖥️ 4️⃣ Protecting Servers — Failover and Clustering
| Concept | Technical Definition | Purpose / Big Picture | Simple Example | Root-of-Question Pattern |
|---|---|---|---|---|
| Failover Cluster | Group of servers configured so one automatically takes over if another fails. | Provides redundancy for critical services and zero-downtime failover. | SQL Always-On cluster. | “Which design MOST enhances fault tolerance for critical servers?” |
| Automatic Failover | Seamless transition of workload upon failure. | Minimizes downtime and manual intervention. | Load balancer detects node failure and redirects traffic. | “What is the PRIMARY benefit of automatic failover in clusters?” |
⚡ 5️⃣ Protecting Power Sources
| Concept | Technical Definition | Purpose / Big Picture | Simple Example | Root-of-Question Pattern |
|---|---|---|---|---|
| UPS (Uninterruptible Power Supply) | Battery system providing short-term power backup. | Prevents data loss and graceful shutdown during power outages. | UPS giving 15 minutes runtime for critical servers. | “Which device provides immediate, short-term power continuity?” |
| Generators | Fuel-powered systems providing long-term power backup. | Support extended outages beyond UPS capacity. | Diesel generator powering data center for 12 hours. | “Which backup system maintains operations during prolonged utility failures?” |
🔒 6️⃣ Trusted Recovery
| Concept | Technical Definition | Purpose / Big Picture | Simple Example | Root-of-Question Pattern |
|---|---|---|---|---|
| Fail-Secure | System maintains security controls during failure (may deny access). | Prioritizes confidentiality/integrity over availability. | Door lock stays locked when power fails. | “Which failure mode maintains security at the expense of availability?” |
| Fail-Open | System allows access to maintain availability during failure. | Prioritizes availability (may weaken security). | Firewall defaults to allow traffic after crash. | “Which mode maintains availability at expense of security?” |
| Manual Recovery | Admin intervention needed to restore system. | Control and verification before resuming operations. | Admin restarts service after audit check. | “Which recovery type requires human action?” |
| Automated Recovery | System restarts itself after failure. | Restores service quickly, reduces downtime. | OS auto-restart after crash. | “Which recovery type resumes service automatically?” |
| Automated Recovery Without Undue Loss | Recovery ensures no security compromise or data loss. | Ensures system returns to known secure state. | Checkpoint-based recovery ensuring integrity. | “Which recovery ensures restoration without compromising security state?” |
| Function Recovery | Restores critical system functions after major failure. | Supports business continuity beyond basic restart. | Rebuilding cluster function after crash. | “Which recovery type restores system functions post-catastrophic failure?” |
🌐 7️⃣ Quality of Service (QoS) and Network Reliability
| Concept | Technical Definition | Purpose / Big Picture | Simple Example | Root-of-Question Pattern |
|---|---|---|---|---|
| Bandwidth | Maximum data transfer rate of a network path. | Determines capacity and throughput. | 100 Mbps internet link. | “Which metric measures network capacity?” |
| Latency | Time delay in data transmission. | Impacts responsiveness of applications. | 200 ms ping to remote DC. | “Which factor MOST affects perceived responsiveness?” |
| Jitter | Variation in packet delay over time. | Affects voice/video quality. | Choppy VoIP calls. | “Which parameter MOST affects real-time communications?” |
| Packet Loss | Dropped packets during transmission. | Degrades reliability and throughput. | 2% packet loss causing streaming issues. | “Which metric indicates reliability of data delivery?” |
| Interference | Disruption from external signals. | Affects wireless communications and integrity. | Microwave causing Wi-Fi drops. | “Which phenomenon is MOST associated with wireless reliability degradation?” |
🔁 Quick Integration Summary
- Disaster categories → identify threats and match continuity plans.
- System resilience / HA / RAID / power / recovery → mitigate availability risk in CIA triad.
- QoS → ensures performance and service reliability, critical for availability in networked systems.
🧭 1️⃣ Recovery Strategy
| Concept | Technical Definition | Purpose / Big Picture | Simple Example | Root-of-Question Pattern |
|---|---|---|---|---|
| Business Unit & Functional Priorities | Ranking of processes by criticality and maximum tolerable downtime (MTD). | Guides recovery sequencing—what to bring up FIRST. | Finance > HR > R&D based on BIA. | “Which function should be restored FIRST after a disruption?” |
| Crisis Management | Command-and-control structure for emergency decision-making. | Protects life and coordinates initial response before DRP activates. | Emergency team evacuates staff, contacts authorities. | “What is the PRIMARY goal of crisis management?” |
| Emergency Communications | Pre-defined channels and contacts for incident updates. | Prevents misinformation, supports stakeholder coordination. | Mass SMS to staff during outage. | “Which plan section details how to contact personnel during crisis?” |
| Workgroup Recovery | Procedures to re-establish departmental operations. | Bridges enterprise DRP with local functional tasks. | Accounting resumes from alternate site. | “Which plan MOST focuses on restoring department-level operations?” |
| Alternate Processing Sites | Secondary facilities to continue business operations. | Provides continuity when primary site unavailable. | Cold, warm, hot, or mobile sites. | “Which site type provides the SHORTEST recovery time objective (RTO)?” |
| • Cold Site | Empty facility with power and HVAC only. | Cheapest; longest setup time. | Leased warehouse, no hardware. | “Which alternate site requires the LONGEST setup time?” |
| • Warm Site | Equipped with basic IT infrastructure but no live data. | Balance cost vs speed. | Pre-installed servers awaiting restore. | “Which site offers moderate cost and recovery speed?” |
| • Hot Site | Fully equipped, live-replicated facility. | Immediate continuity for critical systems. | Secondary data center mirroring production. | “Which site provides NEAR-ZERO downtime?” |
| • Mobile Site | Transportable data center facility. | Adds geographic flexibility for temporary ops. | Trailer-mounted mini DC. | “Which recovery option provides portable infrastructure?” |
| Cloud Computing for DR | Use of cloud platforms as backup/restore or failover environment. | Reduces physical dependency, enables rapid scaling. | AWS DR region failover. | “Which strategy provides elastic recovery capacity with minimal capital cost?” |
| Mutual Assistance Agreements (MAA) | Reciprocal arrangement to share recovery facilities. | Cost-effective for low-criticality workloads. | Two firms agree to host each other temporarily. | “What is a MAJOR DRAWBACK of MAAs?” |
| • Drawbacks | Limited capacity, conflicting disaster timing, untested resources. | Risk if both parties impacted or unprepared. | Same city sites both hit by flood. | “Which limitation MOST reduces reliability of MAA?” |
| Database Recovery Techniques | Methods to replicate or back up DB changes. | Preserve transactional integrity and minimize data loss. | Electronic Vaulting, Remote Journaling, Remote Mirroring. | “Which database recovery method provides near-real-time replication?” |
| • Electronic Vaulting | Periodic bulk transfer of backups to offsite. | Reduces data-loss window vs tape shipping. | Nightly transfer of backup files. | “Which technique periodically transmits bulk data backups?” |
| • Remote Journaling | Transmission of transaction logs in near real time. | Enables point-in-time restore. | Log streaming to remote DB. | “Which technique sends transaction logs as they’re created?” |
| • Remote Mirroring | Synchronous replication of active data. | Zero data-loss (RPO≈0). | SAN-to-SAN mirror between DCs. | “Which approach offers the LEAST data loss in outage?” |
🧾 2️⃣ Recovery Plan Development
| Concept | Technical Definition | Purpose / Big Picture | Simple Example | Root-of-Question Pattern |
|---|---|---|---|---|
| Disaster Recovery Plan (DRP) Documents | Formal artifacts detailing recovery procedures and responsibilities. | Ensure clarity, accountability, and repeatability during crisis. | Executive Summary + Dept Plans + Checklists + Guides. | “Which section of DRP should management review FIRST?” |
| • Executive Summary | High-level overview for leadership. | Provides quick situational understanding. | Two-page brief for executives. | “Which DRP component is tailored for senior management?” |
| • Department-Specific Plans | Tailored operational steps per business unit. | Aligns DR actions with BIA priorities. | Finance plan covers payroll continuity. | “Which DRP portion outlines actions for each department?” |
| • Technical Guides for IT | Step-by-step restoration for tech staff. | Ensures consistency and prevents missteps. | Rebuild sequence for hypervisors. | “Which DRP element is MOST useful to system administrators?” |
| • Team Checklists & Full Copies | Individual task lists and distributed copies. | Guarantees team readiness when systems down. | Printed DR binders for key staff. | “Why are hard copies critical in DR situations?” |
| Emergency Response | Immediate procedures to protect life and assets. | First phase before business recovery. | Fire suppression, evacuation. | “Which plan activates FIRST in a disaster?” |
| Personnel & Communications | Roles, call trees, and contact info. | Ensures coordination and role clarity. | On-call roster with alternates. | “Which document lists contact info for DR team members?” |
| Damage Assessment | Evaluation of impact and recovery scope. | Determines which plans to invoke. | Post-fire facility inspection. | “Which activity identifies which systems require restoration?” |
| Backups and Storage Strategies | Methods for data protection and restore sequencing. | Foundation of system recovery. | Full, Incremental, Differential. | “Which backup type captures only files changed since LAST backup?” |
| • Full Backup | Entire dataset copy. | Simplest restore, longest time to run. | Sunday night backup. | “Which backup offers fastest restoration?” |
| • Incremental Backup | Copies data changed since last backup (any type). | Minimizes storage/time, complex restore chain. | Nightly incrementals. | “Which backup requires all prior incrementals to restore?” |
| • Differential Backup | Copies data changed since last FULL backup. | Easier restore, more storage than incremental. | Daily differentials. | “Which backup grows larger each day until next full backup?” |
| Backup Usage Combinations | How multiple backup types are combined or delivered. | Optimizes RTO/RPO and cost. | Full + Incremental or Full + Differential. | “Which scheme minimizes restore time while saving storage?” |
| • Disk-to-Disk / Cloud Storage | Electronic backup to local/remote disk or cloud. | Enables faster, offsite, scalable recovery. | Azure Backup Vault. | “Which backup solution eliminates physical media handling?” |
| • Backup Best Practices | Labeling, encryption, rotation (Grandfather-Father-Son), offsite storage, periodic test restores. | Ensures reliability and security of backups. | Quarterly restore validation. | “Which control BEST ensures backup integrity?” |
| Software Escrow Arrangements | Third-party holds source code for critical vendor apps. | Protects continuity if vendor fails or support ceases. | Escrow agent releases code upon vendor bankruptcy. | “Which agreement ensures access to source code if vendor unavailable?” |
| Utilities and Logistics | Dependency planning for power, water, gas, and supplies. | Prevents secondary disruption during recovery. | Backup water tanks; fuel contracts. | “Which element of DR planning addresses non-IT dependencies?” |
| Recovery vs Restoration | Recovery = resume business operations; Restoration = rebuild physical environment. | Clarifies sequencing and objectives. | Temporary office → permanent rebuild later. | “Which activity is performed AFTER recovery to re-establish normalcy?” |
🧪 3️⃣ Testing and Maintenance of Plans
| Concept | Technical Definition | Purpose / Big Picture | Simple Example | Root-of-Question Pattern |
|---|---|---|---|---|
| Read-Through Test | Team reviews plan documents only. | Quick validation of content accuracy. | Email review of DRP binder. | “Which test type provides the LEAST disruption?” |
| Tabletop Exercise | Discussion-based scenario walk-through. | Evaluates coordination and decision-making. | Meeting simulating fire event. | “Which test involves discussion without moving equipment?” |
| Walk-Through Test | Step-by-step verbal or light practical review. | Checks procedures and dependencies. | Team visits alternate site. | “Which test validates process flow through rehearsal?” |
| Simulation Test | Partial activation simulating actual disaster. | Tests readiness without full interruption. | Network failover drill. | “Which test mimics disaster conditions without shutting production?” |
| Parallel Test | DR systems run concurrently with production. | Verifies DR systems can handle workload. | DR payroll run vs live payroll. | “Which test runs both systems simultaneously to compare results?” |
| Full-Interruption Test | Complete shutdown of primary systems. | Ultimate validation of full recovery capability. | Production intentionally failed over. | “Which DR test provides the HIGHEST assurance but greatest risk?” |
| Lessons Learned | Post-test review to capture improvements. | Continuous improvement of plan effectiveness. | After-action report updates plan. | “Which activity follows a DR test to refine procedures?” |
| Maintenance | Periodic review and update of DR/BCP. | Keeps documentation accurate amid change. | Annual DRP refresh after system upgrades. | “Which process ensures DRP reflects current environment?” |
| Test Communications | Verification of contact methods and escalation paths. | Ensures reachability during emergencies. | Quarterly call-tree drill. | “Which test confirms ability to contact DR personnel?” |
🔁 Quick Integration Summary
- Recovery Strategy → focuses on where and how business resumes.
- Plan Development → defines who does what and with which data.
- Testing & Maintenance → validates how well it actually works.
🧭RECALL GRID
(Availability | Resilience | Recovery | Restoration)
🌋 1️⃣ Nature of Disasters
| Concept | Trigger Cue | Root-of-Question Pattern |
|---|---|---|
| Natural Disasters | Earthquake / Flood / Pandemic | “Which threat REQUIRES geographic redundancy?” |
| Human-Made Disasters | Power Outage / Vandalism / Theft | “Which control BEST mitigates human-caused disruption?” |
| Hardware / Software Failure | Device crash, patch flaw | “Which measure prevents SPOF in servers?” |
⚙️ 2️⃣ System Resilience & Fault Tolerance
| Concept | Trigger Cue | Root-of-Question Pattern |
|---|---|---|
| Single Point of Failure | One component break = downtime | “Which design eliminates a SPOF?” |
| High Availability | Redundant paths / automatic failover | “What’s the PRIMARY goal of HA?” |
| Fault Tolerance | Continue despite failure | “Which design offers CONTINUITY after failure?” |
| System Resilience | Adapt + recover gracefully | “Which feature ensures SERVICE STABILITY?” |
💽 3️⃣ RAID & Disk Protection
| RAID Level | Trigger Cue | Root-of-Question Pattern |
|---|---|---|
| RAID-0 | Stripe / Speed / No redundancy | “BEST performance, NO fault tolerance?” |
| RAID-1 | Mirror / Duplicate | “Which RAID provides FULL redundancy?” |
| RAID-5 | Striping + Parity (1 disk) | “Parity fault tolerance (1 disk fail)?” |
| RAID-6 | Dual Parity (2 disk fail) | “Which RAID tolerates TWO disk failures?” |
| RAID-10 | Stripe of Mirrors (Perf + FT) | “Which RAID combines striping and mirroring?” |
🖥️ 4️⃣ Server & Power Protection
| Concept | Trigger Cue | Root-of-Question Pattern |
|---|---|---|
| Failover Cluster | Auto switch to standby | “Which design provides AUTO failover?” |
| UPS | Short-term battery power | “Which ensures IMMEDIATE power continuity?” |
| Generator | Long-term backup | “Which sustains operations during PROLONGED outage?” |
🔒 5️⃣ Trusted Recovery
| Mode / Type | Trigger Cue | Root-of-Question Pattern |
|---|---|---|
| Fail-Secure | Lock on failure | “Maintains security over availability?” |
| Fail-Open | Allow on failure | “Maintains availability over security?” |
| Manual Recovery | Human intervention | “Which recovery needs admin action?” |
| Automated Recovery | Self-restart | “Which resumes service automatically?” |
| Auto w/o Undue Loss | Secure state restore | “Which recovery avoids integrity loss?” |
| Function Recovery | Restore system roles | “Which restores capabilities post-crash?” |
🌐 6️⃣ Quality of Service (QoS)
| Metric | Trigger Cue | Root-of-Question Pattern |
|---|---|---|
| Bandwidth | Capacity (Mbps) | “Which metric measures network capacity?” |
| Latency | Delay (ms) | “Which MOST affects responsiveness?” |
| Jitter | Variation in delay | “Which MOST affects VoIP quality?” |
| Packet Loss | Dropped frames | “Which metric indicates reliability?” |
| Interference | Wireless noise | “Which factor degrades signal integrity?” |
🧭 7️⃣ Recovery Strategy & Alternate Sites
| Concept | Trigger Cue | Root-of-Question Pattern |
|---|---|---|
| Business Unit Priority | BIA → MTD | “Which process restores FIRST?” |
| Crisis Mgmt | Life safety + control | “PRIMARY goal of crisis management?” |
| Emergency Comms | Call trees / alerts | “Which ensures contact during incident?” |
| Workgroup Recovery | Dept-level continuity | “Which plan restores department ops?” |
| Cold Site | Empty facility | “LONGEST setup time?” |
| Warm Site | Partial ready infra | “MODERATE cost + speed?” |
| Hot Site | Fully live replica | “SHORTEST RTO?” |
| Mobile Site | Portable data center | “Which provides on-the-go recovery?” |
| Cloud DR | Elastic failover | “Which offers scalable DR at low CAPEX?” |
| Mutual Aid Agreement | Shared sites between firms | “MAJOR drawback of MAA?” |
💾 8️⃣ Data & Database Recovery Techniques
| Technique | Trigger Cue | Root-of-Question Pattern |
|---|---|---|
| Electronic Vaulting | Periodic bulk transfer | “Which sends bulk data offsite periodically?” |
| Remote Journaling | Near real-time logs | “Which sends txn logs as created?” |
| Remote Mirroring | Synchronous replication | “Which yields ZERO data loss?” |
🧱 9️⃣ Plan Development & Documents
| Document / Activity | Trigger Cue | Root-of-Question Pattern |
|---|---|---|
| DRP Executive Summary | Mgmt overview | “Which DRP section is for executives?” |
| Department Plans | Functional steps | “Which plan aligns with BIA priorities?” |
| Technical Guides | IT rebuild steps | “Which guide used by admins during restore?” |
| Team Checklists | Individual tasks | “Why hard copies of plans matter?” |
| Emergency Response | Life & asset protection | “Which plan activates FIRST?” |
| Assessment / Damage | Impact evaluation | “Which activity determines scope of recovery?” |
| Personnel Comms | Roles & contacts | “Which plan lists contact info for DR teams?” |
💿 🔁 10️⃣ Backup & Storage Strategies
| Type | Trigger Cue | Root-of-Question Pattern |
|---|---|---|
| Full | Entire dataset | “Which backup fastest to restore?” |
| Incremental | Since last backup (any type) | “Which needs ALL previous sets to restore?” |
| Differential | Since last full backup | “Which grows larger each day till full?” |
| Disk-to-Disk / Cloud | Electronic copy | “Which removes need for tape media?” |
| Best Practices | Encrypt, rotate, test restore | “Which ensures backup integrity?” |
⚙️ 11️⃣ Continuity Agreements & Dependencies
| Concept | Trigger Cue | Root-of-Question Pattern |
|---|---|---|
| Software Escrow | Vendor code held by 3rd party | “Ensures source if vendor fails?” |
| Utilities & Logistics | Power, water, fuel contracts | “Which addresses non-IT dependencies?” |
| Recovery vs Restoration | Business vs Facility return | “Which occurs AFTER recovery?” |
🧪 12️⃣ Testing & Maintenance
| Test Type | Trigger Cue | Root-of-Question Pattern |
|---|---|---|
| Read-Through | Paper review only | “LEAST disruptive test?” |
| Tabletop | Discussion only | “Which uses scenario discussion?” |
| Walk-Through | Step rehearsal | “Which validates process flow?” |
| Simulation | Partial activation | “Which mimics disaster conditions?” |
| Parallel | Run DR + Prod simultaneously | “Which verifies DR load handling?” |
| Full-Interruption | Stop Prod entirely | “Which test gives HIGHEST assurance + risk?” |
| Lessons Learned | Post-test review | “Which improves plan after testing?” |
| Maintenance | Annual updates | “Which keeps plan current with env changes?” |
| Communication Test | Call-tree drill | “Which verifies contact reachability?” |
🧠 Rapid-Recall Clusters
- Availability Pillars: HA + FT + Redundancy + Power Protection
- Recovery Pillars: Sites + Backups + People + Communication
- Testing Pillars: Tabletop → Simulation → Full Interruption
⚡ How to Use This
- Daily Flash: Glance at each table, read the trigger, recall the question stem.
- Weekly Drill: Hide the “Concept” column and guess it from the question pattern.
- Exam Simulation: When a stem says “MOST effective…”, instantly map to these cues.
SUMMARY
🧭 1. Domain Objective & Why This Matters
Goal: Preserve availability and resilience of business operations when disruptions strike.
Why it matters: CISSP tests whether you think like management—protecting mission-critical processes, not merely restoring servers. A true professional designs continuity for people, process, and technology to survive disaster without panic or chaos.
🧩 2. Exam Mindset & Traps
Mindset:
- The question isn’t “what’s technically cool?” but “what keeps business running safely.”
- Always triage answers by Life Safety → Critical Functions → Assets → Normalcy.
Common traps
| Trap | How It Appears | Correct Approach |
|---|---|---|
| Tech bias | Choosing RAID or UPS before addressing life safety | Human safety always first |
| Confusing Recovery vs Restoration | Treating facility rebuild as “recovery” | Recovery = business up again; Restoration = facility rebuilt |
| BEST vs FIRST vs MOST | “FIRST action?” → life safety; “BEST control?” → long-term governance; “MOST effective?” → depends on RTO/RPO context | Read adjective carefully |
| Hot vs Warm Site RTO | Assuming “warm” = cheaper only | Compare RTO vs cost matrix |
🎯 3. Exam Importance
- One of the top-three weighted topics in Domain 7.
- At least 8–12 items in a 150-question test involve availability, DR sites, backup types, or testing.
- Every management-style stem about resilience lives here.
⚖️ 4. Comparison Table (Exam Favourites)
| Area | Options | Key Difference | RTO | Cost |
|---|---|---|---|---|
| Alternate Sites | Cold / Warm / Hot / Mobile / Cloud | Infrastructure + Data Readiness | Long → Short | Low → High |
| Backups | Full / Incremental / Differential | What’s captured since when | Short → Long restore | High → Low cost |
| Tests | Read-Through → Full-Interruption | Scope & risk | Low → High | Low → High |
| Recovery Methods | Vaulting / Journaling / Mirroring | Data loss window (RPO) | Minutes → Seconds | Medium → High |
🧠 5. Quick Visual / Diagram
(Picture this as a vertical flow)
Disruption → Crisis Mgmt (Life Safety) → Damage Assessment → DR Activation → Site/Backup Recovery → Testing → Lessons Learned → Plan Update
Arrows labelled with RTO/RPO along the recovery arc; side boxes show RAID, UPS, Failover Clusters maintaining availability.
🔎 6. Likely Gaps if You Struggled
- Treating BCP as an IT project instead of org-wide program.
- Memorizing RAID numbers but forgetting RPO/RTO logic.
- Mixing up test types.
- Ignoring people and communications plans.
- Forgetting that “Fail-Secure” ≠ “Fail-Safe.”
🔗 7. Cross-Links (See Also)
- Domain 1 → Risk Management & Governance
- Domain 3 → Availability in Security Architecture
- Domain 5 → Incident Response Integration
- Domain 8 → Secure Software Recovery Processes
🎯 8. Trapfinder
| Keyword in Stem | Real Target |
|---|---|
| “Primary goal of BCP” | Maintain business operations (availability) |
| “First step in DRP” | Protect human life |
| “Most effective alternate site” | Compare RTO/RPO vs budget not location |
| “Parallel test purpose” | Verify capacity without impacting production |
| “Maintenance phase” | Keep plan current post-change |
🧩 9. Spaced Repetition Pack
- Day 1: RAID levels + failover logic
- Day 3: Backups (Full / Diff / Inc)
- Day 5: Site types and RTO/RPO matrix
- Day 7: Testing methods + sequence
- Day 10: Trusted Recovery modes
- Day 14: Full mock BCP/DR scenario
Cycle again weekly; recall grid only for days 10-14.
⚡ 10. Mnemonic / 30-Sec Lightning Recap
“SAFE PATH”
S – Safety first (Crisis Mgmt)
A – Availability via redundancy (HA/FT/RAID)
F – Failover and power backup
E – Evaluate damage → activate plan
P – Plan type (Cold/Warm/Hot)
A – Archives and backups
T – Testing continuum (Read → Full)
H – Human update / Maintenance
📊 11. Summary Table
| Pillar | Focus | Example Concepts |
|---|---|---|
| Resilience | Prevent downtime | RAID, Clusters, UPS |
| Recovery | Resume ops quickly | Hot/Warm Sites, Vaulting |
| Continuity Planning | People & process | BIA, Communication trees |
| Testing & Improvement | Validate & update | Tabletop, Lessons Learned |
🧩 12. Acronym / Term Reference Table
| Acronym | Meaning | Context |
|---|---|---|
| BCP | Business Continuity Plan | Organization-wide continuity |
| DRP | Disaster Recovery Plan | IT systems recovery |
| RTO | Recovery Time Objective | Max downtime allowed |
| RPO | Recovery Point Objective | Max data loss allowed |
| MTD | Maximum Tolerable Downtime | BIA priority metric |
| UPS | Uninterruptible Power Supply | Short-term power |
| MAA | Mutual Assistance Agreement | Reciprocal site use |
| QoS | Quality of Service | Network availability |
| RAID | Redundant Array of Independent Disks | Fault tolerance |
✍️ 13. Blog Seed (Outline)
Title: “When the Office Catches Fire—Can Your Business Still Breathe?”
Hook: Everyone tests smoke alarms. Few test their business breathing apparatus.
Big Ideas:
- BCP = oxygen for operations.
- Disaster recovery is not just servers—it’s people and process.
- Testing keeps plans alive.
Mini-Example: Parallel test that saved a payroll run.
Visual: Flow chart of Disaster → Response → Recovery → Restoration.
CTA: Run a tabletop this week—prove your plan can breathe.
🧾 14. Brief Summary
Domain 7 teaches how to keep an organization alive through chaos. You identify critical functions, design redundancy, back up data, choose recovery sites, and test plans continuously.
Success in this domain proves you think like management protecting mission continuity, not just servers.
🎓 15. Exam Tips
- RTO vs RPO → memorize matrix; they’re always tested.
- Human safety FIRST—if asked “FIRST action,” it’s never tech.
- Parallel vs Simulation vs Full—associate risk and impact levels.
- BCP scope > DRP scope—BCP is business-wide.
- Expect questions asking for “BEST test type,” “PRIMARY goal,” or “MOST effective control” → read qualifier carefully.
- Think management intent: continuity, not reboot.
Related reading: Explore our related CISSP study guide
Disaster recovery is a component of business continuity, which is part of risk management covered in Security Risk Management Explained: CISSP Domain 1 Study Guide. Incident response that precedes disaster recovery activation is in 17 CISSP: Preventing and Responding to Incidents. Managing security operations during a disaster is covered in 16 CISSP: Managing Security Operations. The complete Domain 7 guide that includes continuity operations is at CISSP Domain 7: Security Operations Complete Guide.
For official resources, visit (ISC)² CISSP Certification.
Related reading: Explore more in-depth coverage across the CISSP Study Guide and other resources listed below.
- CISSP Study Guide — the complete roadmap for all 8 CISSP domains
- CISSP Elite Framework — exam-focused revision content
By profession, a CloudSecurity Consultant; by passion, a storyteller. Through SunExplains, I explain security in simple, relatable terms — connecting technology, trust, and everyday life.
Leave a Reply