Academy Central
----
Weather

CCSP LearnZApp Custom Test 2 — Weakness Analysis & Patch Plan

Source: zapp_2.zip extracted screenshots from isc2.learnzapp.com / sc2.learnzapp.com Custom Test
Extracted evidence: 26 PNG files: 1 score summary + 25 review screenshots
Test type: Custom Test, heavily concentrated on weak domains


1. Executive Summary

Test Result

MetricValue
Total Questions50
Correct25
Incorrect25
Unanswered0
Test Score50%
Average Time / Question34 seconds
Readiness Score45% → 42%

Domain-wise Performance from Result Screen

DomainScoreCorrect / TotalDiagnosis
D1 — Cloud Concepts, Architecture and Design56%10 / 18Weak but recoverable
D2 — Cloud Data Security63%12 / 19Improved versus prior weak baseline, but still not stable
D6 — Legal, Risk and Compliance23%3 / 13Critical weakness

Only D1, D2, and D6 appeared in the score summary. The test was therefore not a balanced CCSP mock. It was effectively a targeted weak-domain stress test.


2. Progress Assessment

Short Answer

There is partial progress, but not broad stability yet.

Compared with the Previous Custom Test

Previous Custom Test baseline:

DomainPrevious Custom TestCurrent Custom TestDirection
D169%56%Down
D254%63%Up
D655%23%Down sharply
Overall62%50%Down

Interpretation

The score drop should not be interpreted as simple regression only. This test was much more concentrated in weak legal/compliance and conceptual edge cases.

However:

  • D2 shows visible improvement from 54% to 63%.
  • D1 is not stable under governance / architecture wording.
  • D6 is the dominant risk and needs immediate repair.
  • Average speed remains very fast at 34 seconds/question, which likely contributes to keyword-driven errors.

Current Readiness Interpretation

AreaStatus
D2 patchingIn progress, improving
D1 architecture / governance conceptsBorderline
D6 legal / audit / privacy vocabularyCritical weakness
Mixed custom test stabilityNot ready yet
Full mock readinessShould pause until D6 is patched

3. Core Weakness Pattern

The main weakness is not pure technical ignorance. The dominant pattern is taxonomy failure:

  1. Standard vs report
  2. Legal principle vs regulatory right
  3. Lifecycle phase vs control mechanism
  4. Cloud model vs security control
  5. Provider/vendor risk vs customer technical control
  6. Data archival usability vs encryption-only thinking
  7. Privacy law vocabulary and OECD principles

4. Wrong Question Analysis

The following list paraphrases the 25 incorrect review screenshots. It avoids copying full vendor text, but preserves the tested concept, selected mistake, correct concept, and patch rule.


Q1. Internal Threat Countermeasures

ItemAnalysis
DomainD1
Wrong reasoningTreated background checks as the exception
Correct conceptHardened perimeter devices mainly reduce external attacks, not internal threats
Patch ruleInternal threat controls = background checks, training, skills testing, monitoring. Perimeter hardening = external threat control.

Q2. ISO 31000 vs HIPAA / ISO 27017 / NIST 800-92

ItemAnalysis
DomainD6
Wrong reasoningSelected NIST 800-92
Correct conceptISO 31000 is the risk management framework focused on design, implementation, and management
Patch ruleISO 31000 = risk management. ISO 27017 = cloud security controls. NIST 800-92 = log management. HIPAA = healthcare privacy.

Q3. OECD Use Limitation Principle

ItemAnalysis
DomainD6
Wrong reasoningChose meaningless distractor principle
Correct conceptUse limitation principle restricts PII use to disclosed / permitted purposes
Patch ruleOECD use limitation = collected PII may only be used for the stated purpose / permitted use.

Q4. Long-Term Data Archiving Security Concern

ItemAnalysis
DomainD2
Wrong reasoningTreated cryptographic-key retention as not a concern
Correct conceptKey retention, data format, and media are all archiving concerns; underground depth is not the core data-security concern
Patch ruleArchive security = key availability + readable format + usable media. Physical depth is not the key concern.

Q5. Cloud Secure Data Life Cycle Is Not Truly a Cycle

ItemAnalysis
DomainD2
Wrong reasoningFocused on whether phases happen in cloud
Correct conceptCreate → Store → Use → Share → Archive → Destroy is not truly cyclical because destroyed data does not loop back
Patch ruleCSU-SAD ends at Destroy; the same data does not return to Create.

Q6. Data Labels

ItemAnalysis
DomainD2
Wrong reasoningTreated confidentiality level as invalid label content
Correct conceptMFA is an authentication procedure, not a data label
Patch ruleData labels may include classification, distribution limits, access restrictions. MFA is an access-control process, not label metadata.

Q7. Why Use NIST SP 800-Series

ItemAnalysis
DomainD1
Wrong reasoningSelected international acceptance
Correct conceptNIST publications are publicly available and cost-effective; they are not necessarily internationally mandated or easy
Patch ruleNIST SP 800 = strong U.S. public-sector guidance, public-domain access; not primarily international acceptance.

Q8. OECD Privacy Principles vs Right to Be Forgotten

ItemAnalysis
DomainD6
Wrong reasoningTreated refusal to share as not OECD-related
Correct conceptPurge / right to be forgotten is GDPR-style, not one of the original OECD principles
Patch ruleOECD principles include collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, accountability. Right to be forgotten = GDPR-era concept.

Q9. Patent Application Agency

ItemAnalysis
DomainD2 / D6 IP
Wrong reasoningSelected USDA
Correct conceptUSPTO handles patent and trademark applications
Patch rulePatent / trademark application in U.S. = USPTO. USDA = agriculture. OSHA = workplace safety. SEC = securities/public companies.

Q10. Cloud BC/DR Model

ItemAnalysis
DomainD1
Wrong reasoningMisread normal cloud backup patterns
Correct conceptCloud provider backed up by private provider is not a typical BC/DR model
Patch ruleBC/DR cloud models usually involve private architecture + cloud backup, same-provider cloud backup, or another cloud provider. “Cloud provider backup from private provider” is not the normal pattern.

Q11. DMCA / Public Domain

ItemAnalysis
DomainD6 / D2 IP
Wrong reasoningAssumed permissions are required for very old content
Correct conceptVery old copyrighted material may have entered public domain
Patch ruleCopyright expires; public-domain works can be used without seeking permission.

Q12. Diffie-Hellman vs RSA

ItemAnalysis
DomainD2 cryptography
Wrong reasoningChose RSA for session-key creation
Correct conceptDiffie-Hellman enables creation of a shared symmetric secret over an untrusted channel
Patch ruleDiffie-Hellman = key exchange/shared secret. RSA = encryption/signature scheme.

Q13. Most Important Archiving Policy Element

ItemAnalysis
DomainD2
Wrong reasoningPrioritized encryption over recoverability
Correct conceptData format and type are most critical to archive usability and recovery
Patch ruleArchive value depends on future recoverability. Wrong format can equal data loss.

Q14. Escalation of Privilege Mitigation

ItemAnalysis
DomainD1 / D3
Wrong reasoningSelected access control as exception
Correct conceptCryptographic sanitization reduces data remanence risk, not privilege escalation
Patch rulePrivilege escalation controls = access control, authentication, monitoring, log analysis, SIEM. Cryptographic sanitization = data remanence/destruction control.

Q15. Privileged User Access

ItemAnalysis
DomainD1
Wrong reasoningSelected granular
Correct conceptPrivileged access should be temporary / time-bound
Patch rulePrivileged access = just-in-time, temporary, least privilege, monitored.

Q16. Vendor M&A Risk

ItemAnalysis
DomainD6
Wrong reasoningSelected an unrelated vendor-risk item
Correct conceptPending acquisition or merger may lead to vendor lockout or service discontinuation
Patch ruleVendor acquisition/merger risk = service discontinuity / vendor lockout / contract instability.

Q17. OECD Data Quality Principle

ItemAnalysis
DomainD6
Wrong reasoningChose meaningless privacy-principle distractor
Correct conceptData quality principle requires personal data to remain valid, accurate, and correctable
Patch ruleOECD data quality = accurate, complete, current, and correctable.

Q18. PaaS Data Storage Type

ItemAnalysis
DomainD2 / D1
Wrong reasoningDid not map PaaS to provider-managed database services
Correct conceptPaaS commonly uses database storage administered by the provider but accessed by customer applications
Patch rulePaaS = customer builds/runs applications; provider manages platform and often database services.

Q19. Two-Person Integrity

ItemAnalysis
DomainD1 / D5
Wrong reasoningInterpreted it as two IAM matrices
Correct conceptTwo-person integrity forces collusion for unauthorized access
Patch ruleTwo-person integrity = no single person can perform sensitive action alone. It reduces insider risk by requiring collusion.

Q20. SaaS Model

ItemAnalysis
DomainD1
Wrong reasoningMisidentified vendor-hosted application solution
Correct conceptSaaS provides an application running on provider/vendor infrastructure
Patch ruleSaaS = use provider’s application. PaaS = build/deploy application. IaaS = manage OS/application/data over rented infrastructure.

Q21. CSA CCM Companion Tool

ItemAnalysis
DomainD6
Wrong reasoningSelected NIST FIPS 140-2
Correct conceptCAIQ is the CSA questionnaire used with CCM
Patch ruleCSA CCM = control matrix. CAIQ = questionnaire. FIPS 140-2 = cryptographic module validation. OWASP Top 10 = web app risk list.

Q22. ISO 27001 Technology Preference

ItemAnalysis
DomainD1 / D6
Wrong reasoningThought ISO 27001 favors a technology type
Correct conceptISO 27001 is product/technology agnostic
Patch ruleISO 27001 = ISMS framework; it does not favor open source, PC, cloud, vendor, or product type.

Q23. EU Personal Data Transfer / Country Adequacy

ItemAnalysis
DomainD6
Wrong reasoningChose wrong country based on privacy-law adequacy
Correct concept in app itemThe item treats South Korea as not conforming to EU-style privacy adequacy
Critical noteThis item is legally time-sensitive and may be outdated. Current EU adequacy lists include the Republic of Korea.
Patch ruleFor exam prep: identify adequacy / cross-border transfer logic. For real-world facts: verify current official adequacy lists.

Q24. Cloud Feature That Supports Audit

ItemAnalysis
DomainD6
Wrong reasoningSelected a generic cloud feature
Correct conceptUbiquitous baseline configuration in virtualized environments supports auditability
Patch ruleAudit support = standardized baseline, configuration evidence, repeatability, versioned artifacts.

Q25. Transparent Database Encryption Engine

ItemAnalysis
DomainD2
Wrong reasoningPlaced engine outside the DB
Correct conceptTransparent database encryption engine resides in the database/DBMS layer
Patch ruleTDE = database-level transparent encryption. KMS manages keys; HSM protects keys; neither is the TDE engine.

5. Weakness Clusters

Cluster A — D6 Legal / Privacy / Audit Taxonomy

Symptoms

  • OECD principles confused with GDPR rights.
  • ISO, NIST, SOC, CSA, FIPS are mixed together.
  • Vendor management and audit artifacts are not classified correctly.
  • Legal facts are treated like memorized trivia rather than taxonomy.

High-Risk Items

ConceptMust Know
ISO 31000Risk management
ISO 27001ISMS; technology agnostic
ISO 27017Cloud security controls
NIST 800-92Log management
CSA CCMCloud Controls Matrix
CAIQCSA questionnaire
SOC 1/2/3Reports
SSAE 18Attestation standard
FIPS 140-2Crypto module validation
OECD Use LimitationUse only for stated/permitted purpose
OECD Data QualityAccurate, complete, current, correctable

Patch

Daily for 3 days:

  • 15 minutes: legal/audit taxonomy table
  • 10 minutes: OECD principles
  • 10 minutes: CSA / SOC / ISO / NIST drill
  • 15 questions D6 drill

Gate:

  • D6 mini-test >= 75%
  • No confusion between standard, report, questionnaire, control matrix, and law

Cluster B — D2 Data Lifecycle / Archiving / Cryptography

Symptoms

  • Encryption is over-selected even when recoverability is the real issue.
  • Data labels are confused with access procedures.
  • TDE/KMS/HSM roles are not fully separated.
  • PaaS storage model and data lifecycle phases need reinforcement.

High-Risk Items

ConceptMust Know
Archive policyFormat/type and recoverability matter most
Long-term archiveKeys, format, and media must remain usable
Data labelsClassification/access/distribution metadata
MFAAuthentication procedure, not label
TDEDB/DBMS encryption engine
KMSKey lifecycle management
HSMHardware key protection
Diffie-HellmanKey exchange
RSAEncryption/signature
CSU-SADCreate, Store, Use, Share, Archive, Destroy

Patch

Daily for 3 days:

  • 15 minutes: lifecycle table
  • 15 minutes: TDE/KMS/HSM/DH/RSA
  • 15 minutes: archive and label scenario drill
  • 15 questions D2 drill

Gate:

  • D2 mini-test >= 80%
  • Can explain archive recoverability vs encryption

Cluster C — D1 Cloud Models / Governance Controls

Symptoms

  • SaaS/PaaS/IaaS mapping is not always automatic.
  • NIST / ISO framework purpose is confused.
  • Internal vs external threat controls are mixed.
  • Privilege-management controls are mixed with unrelated data controls.

High-Risk Items

ConceptMust Know
SaaSUse provider’s application
PaaSBuild/run apps on provider platform
IaaSCustomer manages OS/app/data
NIST SP 800Public-domain U.S. guidance
ISO 31000Risk management
Two-person integrityRequires collusion
Privileged accessTemporary / just-in-time
Perimeter hardeningExternal attack control
Background checks/trainingInternal threat mitigation

Patch

Daily for 3 days:

  • 10 minutes: SaaS/PaaS/IaaS contrast
  • 10 minutes: threat-control mapping
  • 10 minutes: privileged access / two-person integrity
  • 15 questions D1 drill

Gate:

  • D1 mini-test >= 75–80%
  • Can separate cloud model, framework, and control category

6. One-Hour Immediate Patch Plan

0–5 min — Reset and Classification

Write three columns:

D6 = law / audit / privacy / vendor / evidence
D2 = data lifecycle / crypto / archive / label / storage
D1 = cloud model / risk framework / privileged control

5–20 min — D6 Legal / Audit Patch

Memorize and recite:

ISO 31000 = risk management
ISO 27001 = ISMS, technology agnostic
ISO 27017 = cloud security controls
NIST 800-92 = log management
CSA CCM = control matrix
CAIQ = questionnaire
FIPS 140-2 = cryptographic module validation
SSAE 18 = attestation standard
SOC 1/2/3 = reports
SOC 3 = public summary
OECD use limitation = use only for stated purpose
OECD data quality = accurate and correctable

Do 5 D6 questions.


20–35 min — D2 Data Security Patch

Memorize and recite:

Archive policy: recoverability and data format/type matter first.
Long-term archive: keys, format, and media are all security/availability concerns.
Data label: classification, distribution, access metadata.
MFA: authentication process, not data label.
TDE: DB/DBMS encryption engine.
KMS: manages keys.
HSM: protects keys in hardware.
Diffie-Hellman: key exchange.
RSA: encryption/signature.

Do 5 D2 questions.


35–50 min — D1 Cloud Model / Control Patch

Memorize and recite:

SaaS = use provider application.
PaaS = build/run application on provider platform.
IaaS = manage OS/app/data on provider infrastructure.
Internal threat controls = background checks, training, monitoring.
External attack controls = hardened perimeter devices.
Privileged access = temporary / just-in-time.
Two-person integrity = forces collusion.

Do 5 D1 questions.


50–60 min — 10-Question Oral Gate

Answer without looking:

  1. ISO 31000 is for what?
  2. NIST 800-92 is for what?
  3. CSA CCM and CAIQ differ how?
  4. SSAE 18 differs from SOC reports how?
  5. OECD use limitation means what?
  6. TDE engine is located where?
  7. MFA belongs to data label or authentication?
  8. Diffie-Hellman does what?
  9. SaaS vs PaaS difference?
  10. Two-person integrity reduces what risk?

Gate:

  • 8/10 correct = continue to drill
  • 6–7/10 = repeat the weak cluster
  • <=5/10 = no mock test next day

7. Three-Day Recovery Plan

Day 1 — D6 Priority

  • 30 min D6 taxonomy
  • 20 D6 questions
  • 10 D6 wrong-question reviews
  • 5 one-line rules

Day 2 — D2 Priority

  • 30 min D2 lifecycle + crypto
  • 20 D2 questions
  • 10 D2 wrong-question reviews
  • 5 one-line rules

Day 3 — D1 Priority + Mixed Drill

  • 20 min D1 models and control mapping
  • 15 D1 questions
  • 20 mixed D1/D2/D6 questions
  • Gate: mixed >= 75%

8. When to Resume Full Practice Tests

Do not resume full mixed practice tests until:

RequirementTarget
D1 mini-test>=75%
D2 mini-test>=80%
D6 mini-test>=75%
Mixed D1/D2/D6 mini-test>=75%
Average time45–75 sec/question

Current 34 sec/question is too fast for legal/audit wording. Slow down on D6 and long scenario questions.


9. Final Diagnosis

This Custom Test is not evidence that the full preparation plan has failed. It shows that the known weak domains are still fragile when tested directly.

Progress Exists

  • D2 improved compared with the prior custom-test weak-domain score.
  • Wrong questions are no longer random; they cluster around identifiable taxonomies.
  • The patch path is clear.

Risk Remains

  • D6 legal/audit/privacy remains below safe level.
  • D1 framework/control mapping is unstable.
  • D2 archiving and crypto-role boundaries still need consolidation.

Correct Next Move

Do not chase full mock tests immediately.

First:

D6 taxonomy
D2 lifecycle / crypto / archiving
D1 cloud model / controls

Then:

D1/D2/D6 mixed mini-test >= 75%

Only after that should full Practice Tests resume.

PriorityDomainScoreWeightWeighted Risk結論
P0D354%17%最高第一優先補
P1D161%17%第二優先
P1D560%16%第二優先
P2D667%13%第三優先
MaintainD282%20%維持即可
MaintainD486%17%維持即可

1. 電力系統的三劍客 (Power Supply)

當市電突然中斷時,資料中心是怎麼活下來的?

  • UPS (不斷電系統, Uninterruptible Power Supply): 它是「短跑選手」。停電的瞬間,UPS 會立刻接手供電,但它的電池只能撐幾分鐘。它的主要任務是爭取時間,讓發電機有時間啟動,並吸收電壓突波。

  • Transfer Switch (切換開關): 它是「指揮官」。負責偵測市電中斷,並自動將電源從市電切換到發電機,確保無縫接軌。

  • Generator (發電機) 與燃料 (Fuel): 它是「馬拉松選手」。通常需要幾十秒來啟動,但只要有燃料就能一直發電。

    • Diesel (柴油): 最常見,但放久了會變質(degrade),所以必須定期抽樣檢測和試運轉。

    • LP Gas (液化石油氣/丙烷): 不會像柴油那樣變質,但有較高的爆炸風險,且儲存槽受嚴格法規限制。

2. 環境控制與 ASHRAE 標準

伺服器非常嬌貴,太冷、太熱、太乾、太濕都不行。CCSP 常考 ASHRAE (美國冷凍空調學會) 的標準:

  • 溫度 (Temperature): 建議範圍大約在 18°C 到 27°C (64.4°F - 80.6°F) 之間。

  • 濕度 (Humidity): 建議維持在 40% 到 60% 之間。

    • ⚠️ 太乾 (Low Humidity): 如果空氣太乾燥,極容易產生靜電釋放 (Static Discharge)。就像冬天穿毛衣被電到一樣,微小的靜電就能瞬間擊穿昂貴的伺服器主機板!

    • ⚠️ 太濕 (High Humidity): 如果空氣太潮濕,金屬零件容易生鏽腐蝕,冷氣也容易產生結露 (Condensation) 滴水,導致短路。

💡 有趣的小知識:以前資料中心都冷得像冰箱,但現在像 Google 這樣的雲端巨頭會稍微調高溫度以節省冷卻成本,只要控制在 ASHRAE 的容許範圍內即可!


情境測驗 1: 某雲端服務供應商 (CSP) 的資料中心遭遇了突發性的市電中斷。不斷電系統 (UPS) 立刻接手供電,但過了三分鐘後,備用發電機卻因為燃料存放過久產生變質(degrade)而無法順利啟動,最終導致 UPS 電池耗盡,伺服器全面斷電。

問題: 根據上述情境,該發電機最可能使用的是哪種燃料?且在正常架構下,UPS 的「首要任務」應該是什麼?

  • A. 液化石油氣 (LP Gas) / 確保資料中心冷卻系統能持續運作至少 48 小時。

  • B. 柴油 (Diesel) / 在發電機啟動並穩定供電前的這段「空窗期」提供短期電力。

  • C. 柴油 (Diesel) / 吸收電壓突波,並作為市電恢復前的長時間主要電力來源。

  • D. 液化石油氣 (LP Gas) / 在發電機啟動前的空窗期提供短期電力。

ans ** B.** 柴油 (Diesel) / 在發電機啟動並穩定供電前的這段「空窗期」提供短期電力。

柴油(Diesel)最容易產生質變(degrade),因此需要定期維護與循環測試;而 UPS 的首要任務確實就是「爭取時間」,彌補發電機啟動前的電力空窗期,而不是當作長期的電力來源。


CCSP 非常喜歡考這四個等級的「關鍵字對應」。你可以把它想像成資料中心的「裝甲等級」,等級越高、砸的錢越多,系統就越不容易因為單一故障或例行維護而斷線。

等級核心概念 (Exam Keyword)備援架構電力與冷卻迴路停機維護影響
Tier IBasic Capacity (基本容量)N (無備援)單一迴路遇到維護或故障,一定會斷線
Tier IIRedundant Components (備援元件)N+1單一迴路設備有備胎,但迴路只有一條。維護時仍可能斷線
Tier IIIConcurrently Maintainable (可並行維護)N+1多條迴路 (一條活躍)可以在不中斷系統的情況下進行維護
Tier IVFault Tolerant (完全容錯)2(N+1)多條迴路 (同時活躍)
考題最常考的辨識點是:只要題目提到 "maintenance without downtime" (維護不停機),答案就是 Tier III;如果提到 "survive a single failure" (承受單一故障)"Fault Tolerant",答案就是 Tier IV

情境測驗 2: 您的企業正在規劃將部分關鍵業務遷移至某雲端服務供應商 (CSP)。業務單位的要求(Business Requirement)是:「我們必須能夠在進行任何例行性的基礎設施維護(如更換冷卻系統或進行電力迴路保養)時,系統依然保持在線且不中斷服務。然而,我們的預算有限,無法負擔防禦『任何單一不可預期之嚴重設備故障』的最高級別架構。」

問題: 根據上述業務要求與預算限制,您應該在服務層級協議 (SLA) 中要求該 CSP 至少達到 Uptime Institute 的哪一個等級?

  • A. Tier I (Basic Capacity)

  • B. Tier II (Redundant Components)

  • C. Tier III (Concurrently Maintainable)

  • D. Tier IV (Fault Tolerant)

請提供您的解答,並簡述您的判斷邏輯。

C. Tier III (Concurrently Maintainable) - 1.能夠在進行任何例行性的基礎設施維護 2.系統依然保持在線且不中斷服務(比單純n+1B. Tier II (Redundant Components)更符合) 3.法負擔防禦『任何單一不可預期之嚴重設備故障』的最高級別架構->無法負擔2(n+1) D. Tier IV (Fault Tolerant)

考題設計的陷阱:

  1. Tier III 的靈魂就是「Concurrently Maintainable(可並行維護)」,也就是維護不停機。

  2. 你也沒有被騙去選最高級的 Tier IV,因為題目明確限制了預算,且不需要「容錯 (Fault Tolerant,防禦單一突發故障)」。 這種「根據業務需求 (Business Requirements) 選擇最適當的控制措施 (Controls),而不是盲目選擇最貴的」,正是 CCSP 考試最核心的考點精神!


A. 外部連線韌性 (External Connectivity)

資料中心必須確保對外網路不會因為「怪手挖斷馬路邊的電纜」就全面癱瘓。CCSP 常考的兩個關鍵字是:

  • Multiple Carriers (多間電信服務商): 不要把雞蛋放在同一個 ISP 籃子裡。

  • Diverse Routing (多樣化路由/實體路徑分離): 這非常重要!即使你買了兩家電信的線路,如果它們的實體光纖都埋在「同一條地下管道」裡,怪手一挖還是會同時斷線。因此,實體線路必須從建築物的不同方向(例如東門和西門)進入資料中心。

B. BC/DR 執行四大階段 (BC/DR Execution)

當真正的災難(例如地震、火災)發生時,應變是有嚴格順序的。請記住這四個 "R" 的順序:

  1. Respond (應變/反應): 災難發生的當下。🚨 最高指導原則:保護人員生命安全 (Human safety first)! 接著才是評估損害程度、宣告災難發生。

  2. Recover (復原): 在備援站點 (Alternate site / DR site) 將「最關鍵的業務系統」啟動,讓公司能繼續做生意。這時候主要站點還是壞的。

  3. Restore (還原): 災後重建。派人回到「原本的主要站點 (Primary site)」去修復硬體、清理積水、重新安裝設備。

  4. Resume (恢復/復歸): 主要站點修好後,將業務從備援站點「切換回 (Failback)」主要站點,全面恢復正常營運。 情境測驗 3: 某個位於地震帶的雲端資料中心遭遇了規模 7.0 的強震。建築物部分受損,市電完全中斷,且兩家不同電信商的外部網路線路也因為橋樑斷裂而同時中斷。災難應變小組 (Incident Response Team) 剛剛抵達現場。

問題: 根據 BC/DR(業務連續性與災難復原)的最佳實踐原則,該小組抵達現場後的「第一優先行動」應該是什麼?另外,當未來這座主要資料中心完全修復後,將業務從備援站點「切換回 (Failback)」主要站點的過程,屬於哪一個執行階段?

  • A. 立即評估硬體設備的受損程度 (Assess damage) / 屬於 Restore (還原) 階段

  • B. 確保現場所有人員的生命安全 (Ensure human safety) / 屬於 Resume (恢復/復歸) 階段

  • C. 立刻將關鍵業務系統切換至備援站點 (Failover) / 屬於 Recover (復原) 階段

  • D. 確保現場人員安全 (Ensure human safety) / 屬於 Restore (還原) 階段

B. 確保現場所有人員的生命安全 (Ensure human safety) / 屬於 Resume (恢復/復歸) 階段

p0永遠是保護人命![[]],![[]]p1是恢復resume (恢復/復歸) 階段,接著才是restore-> 恢復提供服務

推論邏輯做一個非常關鍵的「微調」,這在考試中很容易變成陷阱: 你提到「先 Resume,接著才是 Restore」,但其實這兩個階段的順序是相反的喔!

再複習一次災難發生後的時間軸(4 個 R):

  1. Respond (應變): 疏散人群、保護人命、評估災情。

  2. Recover (復原): 在「備援站點 (DR site)」把關鍵系統開起來,先讓公司能繼續運作 (Failover)。

  3. Restore (還原): 派工程師回到災區的「主要站點」,把毀損的建築物修好、伺服器換新(先修復場地)。

  4. Resume (復歸): 主要站點修好後,把系統從備援站點「切換回家 (Failback)」,全面恢復正常營運(最後才回家)。

所以是先 Restore (把家修好),然後才能 Resume (搬回家)