A. The disaster-recovery plan deals with site relocation in the event of an emergency, natural disaster, or service outage.

B. Working copies are backups that are usually kept in the computer room for immediate use in recovering a system or lost file.

A. Large-scale database systems usually provide an audit file process that allows transactions to be recovered in the event of a data loss.

B. An incremental backup backs up files that have changed since the last full or partial backup.

C. A differential backup backs up all the files that have changed since the last full backup.

A. The Grandfather, Father, Son backup method is designed to provide a rotating schedule of backup processes. It allows for a minimum usage of backup media, and it still allows for long-term archiving.

B. Warm sites provide some capabilities in the event of a recovery. The organization that wants to use a warm site will need to install, configure, and reestablish operations on systems that may already exist at the warm site.

D. A reciprocal agreement is between two organizations and allows one to use the other's site in an emergency.

C. Fail-over occurs when a system that is developing a malfunction automatically switches processes to another system to continue operations.

A. RAID 0 is a method of spreading data from a single disk over a number of disk drives. It's used primarily for performance purposes.

C. A service-level agreement (SLA) specifies performance requirements for a vendor. This agreement may use MTBF and MTTR as performance measures in the SLA.

A. Code escrow allows customers to access the source code of installed systems under specific conditions, such as the bankruptcy of a vendor.

B. The acceptable-use policy dictates how computers can be used within an organization. This policy should also outline the consequences of misuse.

B. Due-care policies dictate the expected precautions to be used to safeguard client records.

A. A certificate policy dictates how an organization uses, manages, and validates certificates.

C. The third party is responsible for assuring the relying party that the subscriber is genuine.

C. A contingency plan wouldn't normally be part of an incident-response policy. It would be part of a disaster-recovery plan.

A. A security group is used to manage user access to a network or system.

A. An audit is used to inspect and test procedures within an organization to verify that those procedures are working and up-to-date. The result of an audit is a report to management.

A. DAC allows some flexibility in information-sharing capabilities within the network.