Key here is "the site". If surge hits and nothing is protecting the hardware the entire site could be down and PSU fried. DR site would be elsewhere and be unaffected.
A compensating control is a control that reduces risk when the primary control (in this case, surge protectors) is not in place. Since surge protectors help protect equipment from power surges or electrical events, the closest compensating control is having a hot DR site
sorry guys option B after rethinking this. Generator does not help with surges, it restores power. In case there is a surge and the servers are toast, there is no business continuity at which time the DR comes handy. Though expensive than a generator from a compensating control DR makes sense
A hot disaster recovery (DR) site is designed to take over operations in the event of a major failure or disaster, ensuring business continuity. However, it doesn't specifically address the issue of electrical surges at the primary site. Electrical surge protectors are meant to protect equipment from voltage spikes that can cause immediate damage or degrade the performance of electronic components over time12.
Backup diesel generators, on the other hand, can provide a continuous power supply during electrical disturbances, including surges, thereby directly mitigating the risk associated with not having surge protectors
The CISSP Official Study Guide, Domain 7 (Security Operations), discusses compensating controls as alternative measures designed to mitigate risks when primary controls are absent. Backup power solutions, like diesel generators, are commonly cited as compensating controls for electrical power risks, including surges and outages.
The answers would make a little more sense if it were worded you do not have a backup generator what would be a compensating control. or you do not have UPS what would be a compensating control.
You walk up to the director of IT and say we do not ahve surge protection, but dont worry we have an hot site avialable. You are looking for a job becuse you are too stupid to requisition surrge protectors .
HOT site is better than having diesel generators? i mean thats not a realistic implementation of this. Having backup ANY kind of generators would be suffice generally and is a more realistic answer to such scenario.
I have to go against the grain. D
A big electrical surge without protection can cause damaged to electrical infrastructure... so, it doesn't matter if you have 1 Diesel generator or fifty, you will be down anyway.
interesting that literally every question here seems wrong. The question isnt about loss of power. Does literally no one know what a surge protector does? Surge protector is not a control protecting the entire building. Therefore a DR hot site and a backup generator is overkill. A generator would be a compensating control for UPS but not a surge protector.
Surge protectors are controls that protect a piece of equipment. Therefore a valid compensating control would be having redundancy for that system. AKA active/active clusters ---> network equipment can apply to servers as well
I don't think B is a correct answer.
Imagine you are a manager, you come to the director of the company and he said "Look, we don't have surge protectors. What are we going to do when a surge happens?" You say "No worries, we will just move to another buillding!" :)
If we think as a Manager, and the main problem is power failures, a "compensatory control" that is, not the best solution but something that helps when the best option which is a DR site is not viable, is having "backup diesel generators ". I go with D
Agree the question does not make a lot of sense.. but thinking for cost effective and considering that no surge protectors... it is very expensive to have hot disaster recovery DR...
looking at C. active-active to clusters... can ensure data protection and integrity and availability considering that clusters are connected to different power sources..
I think C. can be a good answer as well.
In the event of electrical surges that could potentially damage systems, a hot DR environment provides redundancy by replicating critical systems and data in a separate location. This ensures that essential services can quickly fail over to the DR environment, minimizing downtime and data loss.
If an electrical surge occurs, the systems themselves could be fried. An alternate source of power like a diesel generator will not help. They only solution to frying your actual systems from these options is an alternate DR site.
This section is not available anymore. Please use the main Exam Page.CISSP Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Bhuraw
Highly Voted 2 years, 5 months agoJ_Ko
1 week, 3 days agocysec_4_lyfe
1 month, 1 week agoklarak
11 months, 3 weeks agoMann0302
2 years, 4 months agoHumongous1593
Highly Voted 2 years, 5 months agoBigITGuy
Most Recent 1 week, 2 days agoTuhaar
3 months, 3 weeks agoTuhaar
3 months, 3 weeks agoTuhaar
4 months, 1 week agostack120566
4 months, 1 week agostack120566
4 months, 1 week agoCCNPWILL
10 months, 1 week agoZapepelele
3 months, 4 weeks agoeboehm
12 months agoVasyamba1
1 year ago629f731
1 year, 3 months agomaawar83
1 year, 3 months agoSoleandheel
1 year, 3 months agoSoleandheel
1 year, 3 months agoZonas
1 year, 4 months agohomeysl
1 year, 5 months agoDam0s
1 year, 6 months ago