1.没有考虑到可能会破坏基础设施和数据运行的所有可能性。除了显而易见的病毒，木马，蠕虫等威胁，还需要想到您所处的地理位置发生自然灾害的可能性，比如是否处于地震断层或是在洪水区，风暴多发区，或拉闸限电等等。在制定灾备计划时，一定要把这些看似与IT无关的因素也考虑进去，如果自然条件实在太恶劣，劝您可以考虑换个地方建设数据中心。
　　
　　2.灾备计划过于依赖很少的某几个员工。常常看到有些企业的灾难恢复计划依赖于某几个甚至一个IT员工，这很危险。万一如果该人由于某种原因无法工作或者刚好找不到他/她怎么办？您需要确定员工也得有“备份”，矩阵式结构的雇员组织形式会更好的做出应急响应。而且负责灾备的员工分布的地理位置最好是分散的，以防某一地区发生重大灾害。
　　
　　3.故障或灾难来临时，依靠手工流程通知工作人员。假设您的设备由于停电而终断运行，可是现场又没有人，负责灾备的IT人员怎么会知道机房停电了？您需要建立一套自动化的系统，发生灾难或者服务终断时它可以自动的通知您的IT员工。你还可以选择第三方服务，请服务商来监控您的设施并且指派受过灾备培训的专业人员来帮你执行你的灾难恢复计划。
　　
　　4。未能提供充足的后备电源。如果您的机房所在地常受到断电影响，一定要购买寿命最长的、最不易受干扰而间断的电力供应。还要准备好额外的备用电池以保证业务的持续能力。
　　
　　5。忘记安排哪些资源需要优先恢复。您的IT应用中，哪些是最重要的？是否有一些可以等待一两天也不会影响到业务？你需要事先安排好应用与服务的恢复顺序。比如，你可以选择首先重启您公司的电子邮件应用，然后再恢复部门文件服务器。在安排这个顺序时，你需要考虑到相关的法规遵从要求。
　　
　　6。未制定规范灾难恢复计划流程文档。在制订了一套灾备计划之后，您一定要把如何执行恢复计划的步骤写下来，要详细到每一个进程以及记录，描述所有系统资源的位置。这个灾备恢复步骤手册一定要多印几份，并且存储在多个不同的地方，并确保所有关键恢复人员人手一份。
　　
　　7。忘记测试灾难恢复计划。确保恢复计划在有紧急状况时真的可以恢复出来!虽然这似乎是显而易见的事，但是许多企业都忽视了这一点，没有充分测试他们的灾备恢复计划。应该定期进行灾难演习，测试每种可能发生的情况，从基本的电力故障到可能导致持续几个月的重大灾难性事件。
　　
　　8。密码也很难找到。虽然密码保护是数据安全的重要环节，不过还是建议您最好至少在两个不同的、安全的地方保存您的系统密码。确保一个以上的IT工作人员的人有机会进入那里，并能获得所有密码。并且，如果这些关键人员辞职了，一定要及时更改密码。
　　
　　9。未能保持恢复计划的更新。您需要不断更新您的灾难恢复计划，至少一个季度要再看一次。确定调用该计划的触发点，如人员、设备、地点或应用的改变等等。这不仅有利于IT工作人员的技能保持更新，还将让你有机会发现灾备计划程序中的漏洞并优化之。

为何需要灾备？主要有三个原因：第一个原因就是天灾难以控制；第二个原因就是人祸不可避免；第三个原因就是信息系统本身的脆弱性。这些原因直接决定了在未来的生活中，灾备将会越来越更深入到我们的生活。

什么是灾备？从字面上理解，灾备是灾难备份的缩略语。但是实际上，从更严格意义上说，信息系统的灾备应当是指信息系统的灾难备份与恢复，这实际上包含两层含义：灾难前的备份与灾难后的恢复。

信息系统有可能面对哪些类型的灾难？灾难的主要类型包括：自然灾难、人为灾难、技术灾难等。从灾难的类型，可以看出，应对信息系统灾难涉及到诸多相关研究领域和研究方向。总的来说，灾备是容错计算、信息安全和系统管理三个研究领域的综合。

灾备有哪些核心技术？一提到灾备核心技术，首先离不开的就是存储技术。数据在灾难过后保存下来，这是否就足够了呢？答案是否定的。这就需要第二项关键技术，信息系统评估和系统重构技术，这是体系结构需要研究的内容。当前的信息系统都是运行在网络环境中的，恶意入侵、病毒、数据通路、用户身份识别都有可能引起安全事故，这就需要第三项关键技术：信息安全技术。除了上述三个关键技术之外，还需要系统管理技术进行系统的协调与管理，这就是第四项关键技术。

灾备存储技术：当前灾备存储技术可以与应用相关（主要采用软件方式实现，可以定制关键信息，实现起来也比较灵活）、也可以无关（主要基于数据卷或者块，全信息复制，实现自动化不需要用户干预）。在灾备存储技术中主要包括：虚拟化存储技术、多存储版本的管理、删除重复数据技术、集群并行存储技术、高效能存储技术等。

灾备体系结构技术：其核心包括容错系统结构、数据恢复技术、系统恢复技术、业务连续性服务。

灾备信息安全技术主要用于保障数据在存储与传输过程中的安全性问题、网络系统的可靠和安全连接问题、计算机系统的安全性问题、使用用户的身份安全问题和系统操作的不可抵赖性问题等。其核心包括：数据安全性技术、网络安全技术、系统安全技术、身份安全技术、安全审计技术。

灾备系统管理技术是灾备的关键支撑技术，它包括如下内容：数据信息管理、灾难应急管理、、系统恢复管理、灾难影响评估与决策支持。

灾备技术未来发展方向可以概括为：（1）从围绕着数据存储向围绕着应用服务转变；存储技术由集中式向分布式、虚拟化发展；从孤立专用系统向综合服务系统转变。（2）围绕服务的灾备技术发展方向：保障业务连续性方向发展，要求数据完整而可用、系统快速重建、应用快速部署。（3）新型容灾体系结构研究。（4）灾备存储未来方向包括虚拟化灾备存储技术、重复数据删除与压缩技术、分布式灾备存储技术。（5）灾备综合服务系统建设，即，建立第三方中立机构形式的外包灾备系统，重点解决的问题包括：公信力问题、数据的安全性、维护的便捷性、可扩展性、可共享性等。

一个灾备系统怎么说它好？还是不好？怎么来评价呢？那么主要有四个指标来评价：分别是RTO、RPO、DOO、和NRO。

RTO是恢复时间目标，这个指标就是容灾恢复的时间指标。它的含义就是说从灾难发生造成的业务中断，一直到使业务能够以继续恢复所需要的这段时间。因此可以看出，如果RTO越短就意味着这个容灾系统的容灾能力越强。

RPO就是所谓的恢复点目标。什么是恢复点？恢复点是宕机以后后数据开始恢复的时间点，RPO所对应的灾难，所造成数据丢失情况，我们可以这样来看，如果RPO等于零，换句话来说，也就相当于没有造成数据丢失。因为我从什么地方跌倒，就什么地方爬起来，就没有造成数据本身的丢失，当然对其他可能还是有损失的。否则的话就需要对业务进行恢复处理，需要对丢失数据进行修复。

第三个指标DOO，就是降级操作指标，这个时候它主要考虑宕机恢复以后到第二次故障的灾难以后的时间。

第四个目标NRO，就是网络恢复的目标，主要是考虑网络恢复的时间。那么一个信息系统的灾备，它的结构怎么来描述呢？那么在信息领域里面，灾备系统可以描述为四大块：那么哪四大块呢？它其实是一个以存储系统作为基本的支撑，以网络作为基本的传输，以容错的软件、硬件技术作为直接的技术手段，以管理技术作为重要的辅助手段，这么四大块所组成的一个综合系统。

第二篇：第六章 灾难恢复与业务连续性计划

第六章：灾难恢复与业务连续性计划

C6-1 During an audit, an IS auditor notes that an organization's business continuity plan (BCP) does not adequately address information confidentiality during a recovery process. The IS auditor should recommend that the plan be modified to include:

A .the level of information security required when business recovery procedures are invoked.

B. information security roles and responsibilities in the crisis management structure.

C. information security resource requirements.

D. change management procedures for information security that could affect business continuity arrangements.

6-1 在审计中，一个IS审计师注意到一个组织的业务持续计划不能适当解决恢复过程中的信息机密性。这个IS审计师应该推荐计划被修改：

A.当业务恢复进程被启用时信息安全所需要的层次

B.在危机管理架构中的信息安全角色和责任

C.信息安全资源需求

D.信息安全的改变管理进程可能会影响业务持续安排

A Business should consider whether information security levels required during recovery should be the same, lower or higher than when business is operating normally. In particular, any special rules for access to confidential data during a crisis need to be identified. The other choices do not directly address the information confidentiality issue.

答案A解析：.业务应该考虑是否在恢复时需要相同的安全级别，或者比平时的低或者高。特别的是，一些在紧急时候访问加密数据的规则需要被辨识。其他选项并不直接解决信息机密性问题。

C6-2 During a disaster recovery test, an IS auditor observes that the performance of the disaster recovery site's server is slow. To find the root cause of this, the IS auditor should FIRST review the:

A. event error log generated at the disaster recovery site.

B. disaster recovery test plan.

C. disaster recovery plan (DRP).

D. configurations and alignment of the primary and disaster recovery sites.

6-2 在灾难恢复测试中，一个IS审计师发现灾难恢复站点的服务器缓慢，为了找出根本原因，信息系统审计师应该首先审查：

A.灾难备份点的事件错误日志生成

B.灾难备份测试计划

C.灾难备份计划

D.配置并确保主站与和灾难备份点保持一致

D Since the configuration of the system is the most probable cause, the IS auditor should review that first. If the issue cannot be clarified, the IS auditor should then review the event error log. The disaster recovery test plan and the disaster recovery plan (DRP) would not contain information about the system configuration.

答案D 解析：.既然系统配置是最可能的原因，IS审计师因为首先检查。如果问题不能被澄清，IS审计师检查事件错误日志。灾备测试计划灾备计划不应该包含系统配置的信息。

C6-3 Which of the following is the GREATEST risk when storage growth in a critical file server is not managed properly?

A. Backup time would steadily increase

B. Backup operational cost would significantly increase

C. Storage operational cost would significantly increase

D. Server recovery work may not meet the recovery time objective (RTO)

6-3 当一个关键的文件服务器存储量增长没有被合理的管理，哪个是最大的风险？

A.备份时间将持续增加

B.备份操作成本将会显著增加

C.存储操作成本将会显著增加

D.服务器恢复将不能满足RTO的要求

D In case of a crash, recovering a server with an extensive amount of data could require a significant amount of time. If the recovery cannot meet the recovery time objective (RTO), there will be a discrepancy in IT strategies. It's important to ensure that server restoration can meet the RTO. Incremental backup would only take the backup of the daily differential, thus a steady increase in backup time is not always true. The backup and storage costs issues are not as significant as not meeting the RTO.

答案D解析：.如果发生故障，恢复具有一些数据的服务器将会需要一个明显的时间点。如果恢复不能满足目标恢复时间，将会在IT策略上产生差异。保证服务器恢复符合RTO非常重要。增量备份将只备份每天的差异，这样一个稳固的备份时间增长是不正确的。备份和存储成本并不象不符合RTO那样重要。

C6-4 An organization has a recovery time objective (RTO) equal to zero and a recovery point objective (RPO) close to I minute for a critical system. This implies that the system can tolerate:

A. a data loss of up to 1 minute, but the processing must be continuous.

B. a 1-minute processing interruption but cannot tolerate any data loss.

C. a processing interruption of I minute or more.

D. both a data loss and a processing interruption longer than I minute.

6-4 一个组织有一个目标恢复时间接近于0，一个目标恢复点至于关键系统接近1分站。这暗示系统能承受：

A.数据丢失最多1分钟，但是进程是持续的

B.1分钟的进程中断，但是不能容忍数据丢失

C.一分钟或更多的进程中断

D.数据丢失和进程中断都超过1分钟

A The recovery time objective (RTO) measures an organization's tolerance for downtime and the recovery point objective (RPO) mea sures how much data loss can be accepted. Choices B, C and D are incorrect since they exceed the RTO limits set by the scenario.

答案A解析：.RTO衡量一个组织对宕机时间的容忍度，RPO衡量多少数据丢失可以被接收。选项B，C，D不正确因为他们超过了这个场景的RTO限制。

C6-5 Which of the following issues should be the GREATEST concern to the IS auditor when reviewing an IT disaster recovery test?

A. Due to the limited test time window, only the most essential systems were tested. The other systems were tested separately during the rest of the year.

B. During the test it was noticed that some of the backup systems were defective or not working, causing the test of these systems to fail.

C. The procedures to shut down and secure the original production site before starting the backup site required far more time than planned.

D. Every year, the same employees perform the test. The recovery plan documents are not used since every step is well known by all participants.

6-5 以下哪个问题是IT审计师审计灾备测试时最关注的？

A.因为测试时间限制，只对最必要的系统进行测试，其他系统可在年内其他时间进行测试。

B.在测试中注意到一些备份系统有缺陷或无法正常工作，导致系统测试失败。

C.在开始备份前关闭和保护原站点的程序所需时间远远超过计划所需要的时间。

D.每年都是由相同的人员进行测试。因为这些人员了解每一个步骤，所以没有使用恢复计划文档。

D A disaster recovery should not rely on key staff since a disaster can occur when they are not available. It is common that not all systems can be tested in a limited test time frame. It is important, however, that those systems which are essential to the business are tested. and that the other systems are eventually tested throughout the year. One aim of the test is to identify and replace defective devices so that all systems can be replaced in the case of a disaster. Choice B would only be a concern if the number of discovered problems is systematically very high. In a real disaster, there is no need for a clean shutdown of the original production environment since the first priority is to bring the backup site up.

答案D 解析： 一个灾备测试应该测试计划，进程，人力和IT系统。所以，如果计划没有被使用，它的准确性和充分性不能被保证。灾备计划不能只依靠关键的职工，因为灾难发生时，可能他们不在。普遍的是并不是所有系统可以在一个限制的时间点内被测试。重要的是那些系统被在年内被完全测试。测试的目标是辨识和替代有缺陷的设备，所有的系统在发生灾难时被替换。B 只关注发现问题的系统比较高。在一个真的灾难中，没有需要关闭初始点，因为第一步是启用备份点。

C6-6 The frequent updating of which of the following is key to the continued effectiveness of a disaster recovery plan (DRP)?

A. Contact information of key personnel

B. Server inventory documentation

C. Individual roles and responsibilities

D. Procedures for declaring a disaster

6-6维护一个持续有效的灾备计划，需要对以下哪项信息进行持续更新？

A.主要负责人的联系信息

B.服务器库存文件

C.个人角色与责任

D.宣告灾难的进程

A In the event of a disaster, it is important to have a current updated list of ersonnel who are key to the operation of the plan. Choices B. C and D would be more likely to remain stable overtime.

答案A解析：.万一发生灾难，重要的是有更新的主要负责操作计划的人。B，C，D将更维持稳固的超时。

C6-7 An organization has outsourced its wide area network (WAN) lo a third-parly service provider. Under these circumstances, which of the Ibllovving is the PRIMARY task the IS auditor should perform during an audit of business continuity (BCP) and disaster recovery planning (DRP)?

A. Review whether the service providers BCP process is aligned with the organization's BCP and contractual obligations.

B. Review whether the service level agreement (SLA) contains a penalty clause in case of failure to meet the level of service in case of a disaster.

C. Review the methodology adopted by the organization in choosing the service rovider.

D. Review the accreditation of the third-party service provider's staff.

6-7 一个组织把它的广域网服务外包给第三方服务商。在这样的情况下，哪个是IS审计师在审计BCP和DRP时的主要职责？

A.检查服务提供的BCP是否符合公司的BCP和合同责任

B.检查是否SLA包含惩罚如果发生灾难时没有达成服务级别承诺

C.检查组织选择服务提供商的方法

D.检查第三方服务提供商职工的资质

A Reviewing whether the service provider's business continuity plan (BCP) process is aligned with the organization's BCP and contractual obligations is the correct answer since an adverse effect or disruption to the business of the service provider has a direct bearing on the organization and its customers. Reviewing whether the service level agreement (SLA) contains a penalty clause in case of failure to meet the level of service in case of a disaster is not the correct answer since the presence of penalty clauses, although an essential element of a SLA, is not a primary concern. Choices C and D are possible concerns, but of lesser importance.

答案A解析：检查是否服务提供的BCP符合公司的BCP和合同责任是正确的，因为服务提供商的反作用和中断会给组织和客户有很直接的影响。检查SLA是否有惩罚条款并不是正确的，因为惩罚条款是SLA的必要因素，并不是主要的考虑。C和D不重要。

C6-8 An IS auditor can verify that an organization's business continuity plan (BCP) is effective by reviewing the:

A．alignment of the BCP with industry best practices.

B．results of business continuity tests performed by IS and end-user personnel.

C．off-site facility, its contents, security and environmental controls.

D．annual financial cost of the BCP activities versus the expected benefit of implementation of the plan.

6-8 一个IS审计师可以通过以下哪一种方式验证组织的BCP有效？

A.BCP符合行业最佳实践

B.IS审计师和终端用户对业务持续性进行测试的结果

C.离线备份设施、相关内容、安全和环境控制

D.每年的BCP财务成本对比实施计划的预期收益

B The effectiveness of the business continuity plan (BCP) can best be evaluated by reviewing the results from previous business continuity tests for thoroughness and accuracy in accomplishing their stated objectives. All other choices do not provide the assurance of the effectiveness of the

答案B解析：BCP的有效性可以通过以前业务持续测试的结果于他们声明的目标之间的检查来评估。所有其他的都不提供BCP有效性的保证。

C6-9 A live test of a mutual agreement for IT system recovery has been carried out. including a four-hour test of intensive usage by the business units. The test has been successful, but gives only partial assurance that the:

A. system and the IT operations team can sustain operations in the emergency environment.

B. resources and the environment could sustain the transaction load.

C. connectivity to the applications at the remote site meets response time requirements.。

D. workflow of actual business operations can use the emergency system in case of a disaster.

6-9 一个在线测试It系统恢复的相互协定被执行。包括一个4小时的业务单元密集使用的测试。测试成功了，但是只给了部分保证：

A.系统和IT操作队伍在紧急环境下的持续操作

B.资源和环境支撑交易符合。

C.远程站点的应用链接符合响应时间需求

D.实际业务操作流程可以在发生灾难时使用紧急系统。

A The applications have been intensively operated, therefore choices B, C and D have been actually tested, but the capability of the system and the IT operations team to sustain and support this environment (ancillary operations, batch closing, errorcorrections, output distribution, etc) is only partially tested.

答案A解析：.应用是集中的操作，所以B，C，D都已经被实际测试，但是系统的能力和IT操作队伍支撑环境只是被部分的测试。

C6-10 To optimize an organization's business contingency plan (BCP), an IS auditor should recommend conducting a business impact analysis (BIA) in order to determine:

A. the business processes that generate the most financial value for the organization and therefore must be recovered first.

B. the priorities and order for recovery to ensure alignment with the organization's business strategy.

C. the business processes that must be recovered following a disaster to ensure the organization's survival.

D. the priorities and order of recovery which will recover the greatest number of systems in the shortest time frame.

6-10为优化一个组织的业务应急计划，一个信息系统审计师应该推荐使用业务影响分析的方法来决定：

A.产生组织的最大经济价值的业务流程应该首先被恢复。

B.恢复的优先权和顺序，以保证与组织的业务战略调整一致。

C.必须在灾难后恢复的事关组织的生存业务流程。

D.恢复的优先权和顺序，以尽可能地在最短的时间内恢复更多的系统。

C To ensure the organization's survival following a disaster, it is important to recover the most critical business processes first. It is a common mistake to overemphasize value (A) rather than urgency. For example, while the processing of incoming mortgage loan payments is important from a financial perspective, it could be delayed for a few days in the event of a disaster. On the other hand, wiring funds to close on a loan, while not generating direct revenue, is far more critical because of the possibility of regulatory problems, customer complaints and reputation issues. Choices B and D are not correct because neither the long-term business strategy nor the mere number of recovered systems has a direct impact at this point in time.

答案C 解析： 保证灾难后组织的生存，重要的是恢复最关键的商业流程。这是个普遍的错误过分强调价值（A)凌驾于紧要度。举例，财务方面抵押借款的收入是很重要的，如果有灾难它可以被延迟几天。另一方面，在线的现金支付，并不产生直接的收入，但是它因为法规，客户投诉和名誉问题而非常关键。选项（B）和（D）并不正确，因为长期商业策略和纯粹的恢复系统都没有直接的影响。

C6-11 A financial services organization is developing and documenting business continuity measures. In which of the following cases would an IS auditor MOST likely raise an issue?

A. The organization uses good practice guidelines instead of industry standards and relies on external advisors to ensure the adequacy of the methodology.

B. The business continuity capabilities are planned around a carefully selected set of scenarios which describe events that might happen with a reasonable probability.

C. The recovery time objectives (RTOs) do not take IT disaster recovery constraints into account, such as personnel or system dependencies during the recovery phase.

D. The organization plans to rent a shared alternate site with emergency workplaces which has only enough room for half of the normal staff.

6-11一个金融服务机构正在开发并记录业务持续措施。下面哪一个选项是信息系统审计师最有可能提出问题的？

A.该机构用良好的实践指南来代替行业标准，并依赖外部顾问来保证方法的适用性。

B.业务持续能力根据一套经仔细选择的方案计划，该方案描述了事件可能发生的合理可能性。

C.恢复时间目标并不考虑信息灾难恢复的限制，像恢复阶段个人与系统的向关性。

D.该机构计划租用一个共享交替的场地，那里有应急工作场所，刚好可以容纳一半的普通员工。

B It is a common mistake to use scenario planning for business continuity. The problem is that it is impossible to plan and document actions for every possible scenario. Planning for just selected scenarios denies the fact that even improbable events can cause an organization to break down. Best practice planning addresses the four possible areas of impact in a disaster: premises, people, systems, suppliers and other dependencies. All scenarios can be reduced to these four categories and can be handled simultaneously. There are very few special scenarios which justify an additional separate analysis. It is a good idea to use best practices and external advice for such an important topic, especially since knowledge of the right level of preparedness and the judgment about adequacy of the measures taken is not available in every organization. The recovery time objectives (RTOs) are based on the essential business processes required to ensure the organization's survival, therefore it would be inappropriate for them to be based on IT capabilities. Best practice guidelines recommend having 20-40% of normal capacity available at an emergency site: therefore, a value of 50% would not be a problem if (here arc no additional factors.

答案B 解析： 这是个普遍的错误用远景规划去应对业务持续。问题是不可能为每个可能的情况做计划和记录步骤。最佳实践是四个可能被灾难影响的方面：设备，人，系统，给养和其他。所有的情况都可以被缩减到这四个类别并且被同时处理。有一些极少数的特别情况被证明特别的分析。这是个好主义去用最佳实践和外部建议为如此重要的话题，特别因为正确的知识准备层次和对于措施的判断并不是每个组织都具备。恢复时间目标是基于企业生存的必须业务流程，所以并不适合基于IT能力。最佳实践推荐正常能力的20%-40%做紧急备份，所以50%并不是个问题。

C6-12 A medium-sized organization, whose IT disaster recovery measures have been in place and regularly tested for years, has just developed a formal business continuity plan (BCP). A basic BCP tabletop exercise has been performed successfully. Which testing should an IS auditor recommend be performed NEXT to verify the adequacy of the new BCP?

A. Full-scale test with relocation of all departments, including IT, to the contingency site

B. Walk-through test of a series of predefined scenarios with all critical personnel involved

C. IT disaster recovery test with business departments involved in testing the critical applications

D. Functional test of a scenario with limited IT involvement

C6-12 一个中等组织，它的灾难恢复措施已经就绪并在数年中经过了有规律的测试，该组织刚刚开发了一个正式的业务持续性计划，并成功进行了基本的桌上模拟演练（沙盘推演），IS 审计师应该建议下一步采用什么测试来验证新的业务持续性计划的有效性？

A. 全面测试，将所有部门包括IT部门重新部署到应急场所

B. 在所有关键人员参与下穿行测试（走查）一系列事先定义的场景

C. 在业务部门的参与下的IT 灾难恢复测试以测试关键程序

D. 在IT部门有限的参与下的某一场景的功能测试

D After a tabletop exercise has been performed, the next step would be a functional test, which includes the mobilization of staff to exercise the administrative and organizational functions of a recovery. Since the IT part of the recovery has been tested for years, it would be more efficient to verify and optimize the business continuity plan (BCP) before actually involving IT in a full-scale test. The full-scale test would be the last step of the verification process before entering into a regular annual testing schedule. A full-scale test in the situation described might fail because it would be the first time that the plan is actually exercised, and a number of resources (including IT) and time would be wasted. The walk-through test is the most basic type of testing. Its intention is to make key staff familiar with the plan and discuss critical plan elements, rather than verifying its adequacy. The recovery of applications should always be verified and approved by the business instead of being purely IT-driven. A disaster recovery test would not help in verifying the administrative and organizational parts of the BCP which are not IT-related.

答案D解析： 在完成桌上模拟演练（沙盘推演）之后，下一步应该是功能测试， 包括动员员工演习恢复计划的行政和组织功能。由于恢复计划的IT部分已经经过了多年的测试，因此在真正包含IT的全面测试之前验证并优化业务持续性计划会更有效。在上面描述的情况下实施全面测试可能会失败，因为这是该计划第一次被实际演练，并且会造成一定的资源（包括IT资源）和时间的浪费。穿行测试（走查）是测试最基本的类型，它的目的是使关键员工熟悉计划并讨论计划的关键环节，而不是验证计划的有效性。程序的恢复应当被业务部门验证和批准而不是纯粹IT部门驱动。灾难恢复测试不能不能帮助验证业务恢复计划（BCP）的行政和组织部分，这部分是与IT无关的。

C6-13 Which of the following is the MOST important consideration when defining recovery point objectives (RPOs).

A. Minimum operating requirements

B. Acceptable date loss

C. Mean time between failures

D. Acceptable time for recovery

C6-13 下面哪一项是确定恢复点目标（RPO）时最重要的考虑？

A 最小操作需求

B 可接受的数据丢失

C 宕机之间的平均时间

D 可接受的恢复时间

B Recovery time objectives (RTOs) are the acceptable time delay in availability of business operations, while recovery point objectives (RPOs) are the level of data loss/reworking an organization is willing to accept. Mean time between failures and minimum operating requirements help in defining recovery strategies.

答案B解析： 恢复时间目标（RTO）是可接受的业务操作宕机的时间，而恢复点目标是组织能够接受的数据丢失的水平。宕机之间的平均时间和最小操作需求对于确定恢复策略有所帮助。

C6-14 To address an organization’s disaster recovery requirements. Backup intervals should not exceed the:

A. service level objective (SLO).

B. Recovery time objective (RTO).

C. Recovery point objective (RPO).

D. Maximum acceptable outage (MAO).

C6-14 为了强调组织的灾难恢复需求，备份间隔不应该超过：

A. 服务水平目标（SLO）

B. 恢复时间目标（RTO）

C. 恢复点目标（RPO）

D. 最大可接受损耗（MAO）

C The recovery point objective (RPO) defines the point in time to which data must be restored after a disaster so as to resume processing transactions. Backups should be performed in a way that the latest backup is no older than this maximum time frame. If service levels are not met, the usual consequences are penalty payments, not cessation of business. Organizations will try to set service level objectives (SLOs) so as to meet established targets. The resulting time for the service level agreement (SLA) will usually be longer than the RPO. The recovery time objective (RTO) defines the time period after the disaster in which normal business functionality needs to be restored. The maximum acceptable outage (MAO) is the maximum amount of system downtime that is tolerable. It can be used as a synonym for RTO. However, the RTO denotes an objective/target, while the MAO constitutes a vital necessity for an organization’s survival.

答案C解析： 恢复点目标以时间的形式定义了灾难发生后为了继续处理交易所必须修复的数据点。备份应该以最新的备份的时间不大于这个最大时间段的方式进行。如果服务水平没有达到，最通常的结果是罚金，不是业务的停止。组织应该努力建立服务水平目标以满足已制定的目标。服务水平协议（SLA）的效果时间通常比恢复点目标（RPO）要长。恢复时间目标定义了灾难发生后普通业务功能被恢复所需要的时间段。最大可接受损耗（MAO）是可接受的系统宕机时间的最大值，它可以恢复点目标（RTO）通用，但是，RTO表示一个目标，而MAO组成了系统幸存的关键必要性。