An international bank is concerned that a cyber-attack could disrupt their primary trading network. They decide to set up an alternate trading site that can be operational immediately if such an attack occurs. Additionally, they want a tertiary site as a fallback option in case the secondary site is compromised. They have also specified that they want to reduce costs for this tertiary site. As the information security manager, what would you recommend for the tertiary site?
Practise this CISM Security Mgr Practice 202 question free, then download the PDF, watch the video walkthrough, or unlock timed mock exams for the full web bank.
✓ Correct answer: C. Cold siteAnswer: Cold site A cold site is an appropriate choice for a bank expecting to rely on an alternative site (in this scenario: the secondary site) and needing a cost-effective tertiary option. If an extreme cyber-attack compromises the primary trading network, they can fail over to the alternate site. Once functional in the secondary site, they can then provision the cold site to become operational as needed. A hot site is not suitable because it does not align with the cost-reduction requirement for the tertiary site. A reciprocal agreement, which involves resource sharing with another entity, typically doesn't fit the banking industry's critical and sensitive operations. A mirror site is expensive and already operational, making it impractical as a backup for the alternate site. However, a bank might find a mirror site suitable as a primary or secondary option due to its real-time capabilities.
Keep practising. Use the free CISM Security Mgr Practice 202 PDF, watch the YouTube walkthrough, or unlock all 10 web questions with timed mock exams.
Free practice here. Timed mocks when you are ready.
Study the CISM Security Mgr Practice 202 free question explanations, download the PDF, then unlock timed mock exams on the web when you want exam-day practice.