312-76 EC-Council Disaster Recovery Professional v3 (EDRP) Questions and Answers

“Resume” refers to restarting or recommencing business operations post-disaster as systems become available, aligning with business continuity goals.

Option A (Return):Too vague, not a specific DR term.

Option C (Reduce):Unrelated to restarting operations.

Option D (Recover):Focuses on data/system restoration, not operational resumption.

EDRP v3 uses “resume” to describe the phase of restoring business functions after recovery (Module: Business Continuity Management).

Risk response strategies include Acceptance (tolerating risk), Mitigation (reducing risk), and Sharing (transferring risk, e.g., insurance). Safety is a goal or outcome, not a risk response strategy.

Option A/B/D:Standard risk responses.

Option C (Safety):Not a recognized strategy.

“Risk response strategies—acceptance, mitigation, and sharing—address identified risks; safety is an objective, not a strategy” (Module: Risk Management, Section: Risk Response Strategies).

Updating the NIC driver can resolve VMQ issues by improving how the NIC handles virtual machine data queues, addressing slow transmission due to restrictions.

Option A:Storage performance doesn’t directly fix VMQ/NIC issues.

Option B:Bandwidth increase helps but doesn’t target the root VMQ problem.

Option D:Incorrect, as updating the driver is a valid fix.

“Updating NIC drivers resolves VMQ bottlenecks, enhancing data transmission speed between virtual machines by optimizing hardware handling” (Module: Virtualization and Recovery, Section: VM Performance).

A Mobile Recovery Center is a portable, transportable unit that can be deployed anywhere as a temporary operating environment post-disaster.

Option B (Crisis Command):Centralized coordination, not mobile.

Option C (Cold Site):Fixed, basic facility.

Option D (Colocation):Shared fixed data center.

“Mobile Recovery Centers provide a movable operating environment, deployable on transportable units for flexible recovery” (Module: Alternate Sites, Section: Mobile Solutions).

RAID 0 splits data across drives (striping) for performance but offers no redundancy, requiring a minimum of two drives.

Option B:RAID 5 minimum, not RAID 0.

Option C/D:Higher RAID levels, not RAID 0.

“RAID 0 uses striping across at least two drives for speed, sacrificing redundancy for performance” (Module: Storage Technologies, Section: RAID Levels).

On-Premise Disk-Based Archiving uses local disk systems with tools for access and cataloging, incurring cooling and maintenance costs, as described.

Option A (Optical):Low cost, no cooling needs.

Option C (Legacy):Outdated systems, not specified here.

Option D (Cloud-Based):Offsite, minimal local maintenance costs.

“On-Premise Disk-Based Archiving offers accessible data cataloging with recurring costs for cooling and upkeep” (Module: Data Archiving, Section: Archiving Methods).

Terminal Objectives are the specific milestones or end goals of a training program, ensuring the BC training aim is met.

Option A (Time-Related):Time-focused, not milestones.

Option B (Development):Process-oriented, not end goals.

Option C (Routine):Daily tasks, not training-specific.

“Terminal Objectives define the key milestones to achieve BC training goals, ensuring preparedness aligns with program aims” (Module: Training and Awareness, Section: Training Objectives).

Bootrec /RebuildBCD repairs the Boot Configuration Data (BCD) store, fixing boot manager corruption, as Matt needs for Windows Server 2012.

Option A (sfc /scannow):Scans system files, not boot-specific.

Option B (ntdsutil):Active Directory tool, not boot repair.

Option D (repadmin):Replication diagnostics, not boot-related.

“Bootrec /RebuildBCD in Windows recovery rebuilds the BCD store, resolving boot manager issues post-update” (Module: System Recovery, Section: Windows Recovery Commands).

Scalability refers to a system’s ability to handle increased demand by adding resources, such as Joan’s addition of virtual memory to accommodate traffic spikes and reduce delays.

Option A (Transparency):Hides system complexity, not resource expansion.

Option B (Openness):Relates to system accessibility, not capacity.

Option D (Monotonicity):A mathematical property, irrelevant here.

“Scalability enhances system performance by adding resources like memory or nodes to manage increased loads, critical for maintaining service levels” (Module: System Resilience, Section: Scalability Concepts).

Recovery Time Objective (RTO) is the target time to restore a system (primary server) after a disruption, here four hours, to avoid exceeding the secondary server’s capacity.

Option A (WRT):Time to resume work post-recovery, not restoration time.

Option C (MTD):Maximum tolerable downtime, broader than RTO.

Option D (RPO):Data loss window, not recovery time.

“RTO defines the acceptable time to restore systems post-disaster, ensuring operations resume before secondary capacity is exceeded” (Module: Recovery Metrics, Section: RTO Definition).

Server Clustering connects multiple servers into a unified resource, improving scalability and protecting against failures, as Jack implemented.

Option A (Mirroring):Data duplication, not scalability-focused.

Option B (Deduplication):Storage optimization, not clustering.

Option C (Failover):Backup switching, not unified resource.

“Server Clustering unifies computing resources, enhancing scalability and resilience against application and site failures” (Module: Clustering Technologies, Section: Clustering Benefits).

NFPA 1600 (National Fire Protection Association Standard on Disaster/Emergency Management and Business Continuity Programs) is a widely recognized standard that provides a comprehensiveframework for managing disasters and ensuring business continuity. It covers all phases—prevention, mitigation, preparedness, response, continuity, and recovery—and defines disasters explicitly.

Option B (ISO 27005):This is an information security risk management standard, not specific to disaster or business continuity programs.

Option C (INCITS 483-2012):This standard relates to virtualization security, not disaster management or business continuity.

Option D (ISO 27031):This focuses on ICT readiness for business continuity, a narrower scope than NFPA 1600.

EDRP v3 references NFPA 1600 as a key standard for disaster recovery and business continuity planning, emphasizing its holistic approach (Module: Business Continuity Management).

Tier 6 in DR tier models (e.g., SHARE) provides automated recovery of data and applications with near-zero downtime and data loss, fitting Phil’s scenario.

Option A (Tier 4):Point-in-time copies, less automated.

Option B (Tier 7):Fully mirrored, zero loss, more than needed here.

Option D (Tier 2):Basic offsite backup, not automated.

“Tier 6 offers automated recovery of data and applications, minimizing manual intervention and downtime” (Module: Disaster Recovery Tiers, Section: Tier Definitions).

A Storage Cluster ensures a consistent file system image across servers, enabling simultaneous read/write access to shared storage, as described.

Option A (High-Performance):Focuses on computation, not file consistency.

Option B (High-Availability):Ensures uptime, not shared file systems.

Option C (Failover):Switches to backups, not simultaneous access.

“Storage Clusters maintain a unified file system across nodes, supporting simultaneous access for data consistency and availability” (Module: Clustering Technologies, Section: Cluster Types).

RMAN (Recovery Manager) is Oracle’s tool for backing up, restoring, and recovering database files using server sessions, matching Joanna’s description.

Option A (Virtuozzo):Virtualization platform, not database-specific.

Option B (Disk Drill):General data recovery, not database-focused.

Option C (Recuva):File recovery, not server-session-based.

“RMAN leverages database server sessions to manage backup, restoration, and recovery of Oracle databases efficiently” (Module: Database Recovery, Section: Recovery Tools).

A Cold Backup is performed when the database is offline, ensuring data consistency by avoiding changes during the process, as described.

Option A (Online Data Backup):Implies active system backup, not offline.

Option B (Hot Backup):Taken while the system is online.

Option C (Full System Backup):Broad term, not offline-specific.

“Cold Backup occurs with the database offline, ensuring a consistent snapshot without transaction interference” (Module: Data Backup and Recovery, Section: Backup Types).

Detailed Awareness Training targets key BCP execution staff, providing in-depth knowledge of framework, processes, and strategies, as described.

Option B (Simulation):Hands-on practice, not framework-focused.

Option C (Scenario):Scenario-based, not comprehensive training.

Option D (Introductory):Basic overview, not detailed.

“Detailed Awareness Training equips key BCP personnel with deep understanding of processes and strategies for effective execution” (Module: Training and Awareness, Section: Training Types).

Data Archiving selects records for long-term retention and reference, as described.

Option B (Data Backup):Short-term protection, not long-term.

Option C (Data Restore):Recovery process, not retention.

Option D (Data Deletion):Opposite of retention.

“Data Archiving preserves historical records for long-term storage and future use, distinct from temporary backups” (Module: Data Archiving, Section: Archiving Definition).

Load Balancing distributes web traffic across multiple servers (Zoe’s three) to optimize performance and prevent overload, as described.

Option A (Point in Time Recovery):Restores data, not traffic management.

Option C (Clustering):Groups servers for redundancy, not load distribution alone.

Option D (High-Availability):Ensures uptime, not necessarily load balancing.

“Load Balancing evenly distributes traffic across servers, enhancing efficiency and preventing crashes under high demand” (Module: System Resilience, Section: Traffic Management).

Snapshot Replication copies the entire dataset (or changes) at a specific point in time to a replica, ideal for infrequent updates like ABC Inc.’s annual database refresh. It’s simple and suits low-frequency synchronization.

Option A (Merge Replication):Combines changes from multiple sources, complex for this case.

Option B (Transactional Replication):Tracks incremental changes in real time, overkill here.

Option C (SQL Server Replication):A general category, not a specific method.

“Snapshot Replication provides a point-in-time copy of data, efficient for infrequent updates where full synchronization is needed annually” (Module: Data Replication, Section: Replication Types).

Colocation facilities provide shared infrastructure like cooling, power, and space (economic advantages) and support backups, but “recovery of servers” is not an inherent advantage—they don’t actively recover servers; that’s the tenant’s responsibility.

Option B (Backup):Supported via infrastructure for backup systems.

Option C (Cooling):A key feature of colocation.

Option D (Economic Advantages):Cost-sharing reduces expenses.

EDRP v3 notes colocation benefits like cooling and cost savings but excludes active server recovery as a facility-provided service (Module: Alternate Sites).

Electronic Vaulting transfers data electronically (e.g., via FTP) to a remote backup site, as Jennifer is doing.

Option B (Disk Duplexing):RAID technique, not remote transfer.

Option C (Disk Shadowing):Mirroring, not offsite transfer.

Option D:Manual process, not electronic via FTP.

“Electronic Vaulting uses electronic means, such as FTP, to transfer critical data to a remote backup site for protection” (Module: Data Backup and Recovery, Section: Remote Backup Methods).

Cost Benefit Analysis (CBA) compares the costs of an investment (e.g., food truck) with its expected financial benefits to determine profitability, matching Jill’s goal.

Option A (Risk Analysis):Focuses on risks, not profitability.

Option C (Cost Analysis):Examines costs only, not benefits.

Option D (BIA):Assesses disruption impacts, not investment feasibility.

“Cost Benefit Analysis evaluates the financial viability of projects by weighing costs against benefits, aiding investment decisions” (Module: Risk Management, Section: Financial Analysis).

Colocation Facilities involve renting space and infrastructure (e.g., cooling, power) in a shared data center, offering a cost-effective backup site solution, as Jack chose.

Option A (Hot Sites):Fully operational, expensive, not cost-focused.

Option B (Cold Sites):Basic space, no pre-installed infrastructure like cooling.

Option C (Warm Sites):Partially equipped, more costly than colocation.

“Colocation Facilities provide cost-efficient backup by renting shared data center resources, including cooling and security, ideal for budget-conscious organizations” (Module: Alternate Sites, Section: Site Types).

Crisis Management involves strategies to handle sudden, significant events (e.g., disasters), focusing on immediate response and mitigation, as described.

Option A (Risk Assessment):Identifies risks, not manages events.

Option B (Application Recovery):Restores applications, not a broad strategy.

Option D (BIA):Analyzes impacts, not event handling.

“Crisis Management applies strategies to address sudden, disruptive events, ensuring organizational stability during emergencies” (Module: Crisis Management, Section: Overview).

A Business Continuity Plan (BCP) is the detailed blueprint outlining specific tactics and procedures for ensuring continuity and recovery post-disaster.

Option A (BCM):The overarching process, not the plan itself.

Option B (Crisis Management):Focuses on immediate response, not continuity.

Option D (Strategy):High-level approach, not the detailed plan.

“The Business Continuity Plan (BCP) is the tactical blueprint detailing steps for continuity and recovery, operationalizing BCM goals” (Module: Business Continuity Planning, Section: BCP Definition).

The Review Phase of scenario training occurs after execution and involves a debrief with participants to gather feedback, assess performance, and identify improvements. This aligns with the question’s focus on obtaining feedback post-training.

Option A (Execution Phase):The active running of the scenario, no debrief yet.

Option C (Warning Phase):Not a standard phase; implies pre-event alerts.

Option D (Planning Phase):Prepares the scenario, not for feedback collection.

“The Review Phase follows scenario execution, involving a debrief to collect participant feedback and refine the training process” (Module: Training and Awareness, Section: Training Phases).

Reparability refers to how easily technicians can fix or replace failing components, as described.

Option B (Recoverability):Ability to restore systems, not repair ease.

Option C (Robustness):Resilience, not repair-related.

Option D (Redundancy):Backup components, not repair ease.

“Reparability measures the ease of resolving or replacing failed components, critical for rapid system restoration” (Module: System Resilience, Section: Maintenance Concepts).

 RAID 1:Mirroring. Requires a minimum of 2 drives. Provides high redundancy but doesn't inherently increase read/write speed significantly on its own.

 RAID 5:Striping with parity. Requires a minimum of 3 drives. Offers a balance of performance and fault tolerance. Not high fault tolerance as asked.

 RAID 10 (RAID 1+0):A combination of mirroring and striping. Requires a minimum of 4 drives. Provides high performance and good fault tolerance.

 RAID 50 (RAID 5+0):A combination of RAID 5 striping with parity and RAID 0 striping. Requires a minimum of 6 drives. Provides high performance and higher fault tolerance than RAID 5.

A Functional Test mobilizes resources to test specific BCP components in a live setting, as Archie did.

Option B (Simulation):Mimics scenarios, not resource mobilization.

Option C (Checklist):Reviews steps, not active testing.

Option D (Orientation):Introduces plan, not resource-based.

“Functional Tests activate resources to validate BCP components, ensuring operational readiness” (Module: Testing Disaster Recovery Plans, Section: Test Types).

Virtualization creates multiple logical servers on one physical server, as Matt did to maximize resources.

Option A (Mirroring):Data duplication, not server creation.

Option C (Deduplication):Reduces redundancy, not server-related.

Option D (Snapshot):Point-in-time copies, not logical servers.

“Virtualization enables multiple logical servers on a single physical host, optimizing resource use for cost-effective operations” (Module: Virtualization and Recovery, Section: Virtualization Basics).

A Hot Backup occurs while systems are online and active, suitable for Matt’s real-time, no-downtime requirement.

Option A (Incremental):Fast but not inherently downtime-free.

Option B (Cold Backup):Requires downtime, offline systems.

Option D (Online Data Backup):Similar, but less specific than “Hot Backup.”

“Hot Backups enable data protection without downtime, critical for real-time systems like financial platforms” (Module: Data Backup and Recovery, Section: Backup Techniques).

The Disaster Recovery Coordinator manages the daily execution and maintenance of the DR program, making option B the most accurate responsibility. It reflects operational oversight, a core coordinator role.

Option A:More aligned with an auditor or compliance role.

Option C:Technical design, typically a technology team task.

Option D:Executive authority belongs to higher management, not the coordinator.

“The Disaster Recovery Coordinator handles day-to-day management, execution, and maintenance of the DR program, ensuring operational readiness” (Module: Disaster Recovery Teams, Section: Coordinator Roles).

In Hyper-V, Checkpoint Backup (formerly called snapshots in earlier versions) creates point-in-time copies of virtual machines, allowing quick backups without the time overhead of a full backup, as Jack’s manager suggested.

Option A (System Backup):Not a Hyper-V-specific feature.

Option C (Snapshots Backup):Older term, replaced by “Checkpoint” in newer Hyper-V versions.

Option D (Hyper-V Replication):Replicates VMs for DR, not a backup method.

“Hyper-V’s Checkpoint Backup feature enables rapid point-in-time VM backups, reducing backup time compared to full system copies” (Module: Virtualization and Recovery, Section: Hyper-V Backup Options).

An Emergency Operations Center (EOC) is a centralized facility that coordinates disaster response, recovery actions, and resource allocation, ensuring operational coherence during a crisis.

Option A (Crisis Command Center):Similar but less formal/standardized than an EOC.

Option B (Colocation Facilities):Physical data centers, not command hubs.

Option C (Mobile Recovery Center):A portable recovery site, not a coordination center.

“The Emergency Operations Center (EOC) serves as the nerve center for disaster management, orchestrating recovery efforts and resource deployment” (Module: Disaster Recovery Planning, Section: Command and Control).

Disaster Recovery (DR) encompasses restoring data, applications, and infrastructure post-disaster, ensuring business operations resume, aligning with the question’s broad scope.

Option A (Data Recovery):Limited to data, not applications or infrastructure.

Option C (Application Recovery):Focuses only on applications.

Option D (Recovery Management):A process, not the ability itself.

“Disaster Recovery restores data, applications, and infrastructure after a disaster, enabling business continuity” (Module: Disaster Recovery Planning, Section: DR Definition).

An IIS Server (Internet Information Services) hosts websites on Windows, so corrupted hosting files indicate Fred needs to restore this server.

Option A (Application):Runs apps, not web hosting-specific.

Option C (Database):Stores data, not hosting files.

Option D (Catalog):Not a standard web hosting server.

“IIS Servers host web content; restoring them resolves issues with corrupted hosting files to restore site access” (Module: Server Management, Section: Web Server Recovery).

PASIS (Pittsburgh Advanced Survivable Information Storage) integrates Decentralized Storage Systems, Data Redundancy and Encoding, and Dynamic Self-Maintenance for survivable storage, as Matt researched.

Option A:Centralized, not PASIS’s decentralized focus.

Option B:Distributed computing is broader than storage-specific.

Option D:Centralized, contradicts PASIS principles.

“PASIS architecture combines decentralized storage, redundancy with encoding, and self-maintenance for robust, survivable data systems” (Module: Survivable Storage Systems, Section: PASIS Components).

The Disaster Management Executive Committee oversees high-level planning, research, development, and implementation of the disaster recovery plan across the organization, fitting the described role.

Option A:General team, not specific to development/implementation.

Option C:Chairpersons lead, not execute development.

Option D:Coordinators manage execution, not full development.

“The Disaster Management Executive Committee directs research, development, and organization-wide implementation of the DR plan” (Module: Disaster Recovery Teams, Section: Team Roles).

Qualitative Impact assesses non-measurable effects, such as morale, productivity, and reputation, which align with the scenario’s focus on slowed progress and team morale.

Option A (Semi-Qualitative):A hybrid term, less precise here.

Option C (Quantitative):Measurable losses (e.g., financial), not the primary focus.

Option D (Industrial):Too broad, not specific to impact type.

“Qualitative Impact evaluates intangible consequences like morale and operational delays following a breach, critical for BIA” (Module: Business Impact Analysis, Section: Impact Types).

Overall Program Governance in a BCP audit evaluates the plan’s alignment with resilience and continuity goals, including funding adequacy, ensuring it supports organizational objectives effectively.

Option A (Ongoing Program Management):Focuses on day-to-day execution, not funding review.

Option C (Management of Process Changes):Tracks updates, not resilience or funding.

Option D (Overall Testing of the Plan):Validates functionality, not governance.

“Overall Program Governance assesses BCP effectiveness, resilience promotion, and funding balance to ensure sustainable continuity” (Module: Business Continuity Planning, Section: BCP Audit Phases).

In disaster recovery (DR) tier classifications, often based on frameworks like theShare GrouporIBM’s DR tier model, the tiers represent increasing levels of recovery capability. Here’s a brief overview to explain:

Tier 1: Basic backup with offsite storage (e.g., tape backups), no real-time replication, and long recovery times.

Tier 2: Offsite backups with some improvements (e.g., electronic vaulting), but still no immediate recovery capability.

Tier 4: Point-in-time copies with more advanced backup solutions (e.g., disk-based replication), but typically lacks a fully operational hot site.

Tier 5: Transaction integrity with ahot site—a fully operational, mirrored site that can take over almost immediately with minimal data loss and downtime. Data is actively backed up and synchronized in real-time or near real-time.

Ahot siteis a fully equipped, operational duplicate of the primary site, ready to assume operations with little to no downtime. This capability aligns withTier 5, where data is backed up continuously or frequently, and the hot site ensures rapid recovery. Higher tiers (e.g., Tier 6 or 7) might involve zero data loss and instantaneous failover, but Tier 5 specifically fits the description of having a hot site with robust backup.