Master network defense planning and business continuity strategies. Learn to balance operational recovery requirements with organizational constraints to maintain network resilience.

CND (312-38) Network Defense Simulation

Network Scenario

You have been contracted as a Network Security Analyst to conduct a Business Continuity and Disaster Recovery (BCP/DR) assessment for the Greenfield Public School District. The district's main IT data center currently houses all core routing infrastructure, redundant firewalls, student information system (SIS) databases, and the primary domain controllers.


The district is located in a flood-prone region. The Superintendent has mandated the creation of an alternate processing facility to restore network operations if the primary data center is destroyed. However, during the kickoff meeting, the CFO explicitly stated that the district is facing severe funding cuts and the budget for this initiative is extremely limited. An extended Recovery Time Objective (RTO) of several days is considered acceptable by the administration as long as costs remain minimal.

Traffic & Logs

Review the excerpt from the BCP/DR Requirements Matrix provided by the school board committee:

[SYS_REQ_01] Primary Objective: Secure secondary location for network operations.
[SYS_REQ_02] Physical Security: Must include basic HVAC, raised floors, power routing, and biometric access control.
[SYS_REQ_03] Hardware Availability: No existing redundant hardware available. Hardware will be leased/purchased ONLY at the time of disaster declaration.
[SYS_REQ_04] Data Replication: Data is backed up to offline tape/cloud storage weekly. No real-time site-to-site VPN replication required.
[SYS_REQ_05] Financial Constraint: Maximum CAPEX/OPEX reduction prioritized over Recovery Time Objective (RTO). RTO target set to 7-10 days.

Question

You are advising a school district on disaster recovery plans. In case a disaster affects the main IT centers for the district they will need to be able to work from an alternate location. However, budget is an issue. Which of the following is most appropriate for this client?

DR Planning Hint: Focus on the financial constraints and the lack of pre-staged hardware mentioned in the logs. Which disaster recovery facility provides physical space, power, and cooling, but no actual IT hardware or network equipment until a disaster occurs?

Expert Analysis

1. What is happening in the network planning phase?

The organization is conducting Business Continuity Planning (BCP). They are analyzing requirements for an alternate processing facility to ensure network resilience against environmental threats (flooding). The primary operational constraint governing the defensive strategy is a highly restricted budget.

2. Identify the DR Control Requirement

The logs explicitly state that hardware will only be procured at the time of disaster, real-time network replication is not required, and cost savings take priority over rapid recovery (RTO of 7-10 days is acceptable).

3. Why the correct answer is correct (B. Cold site)

A Cold site is the most cost-effective disaster recovery solution. It provides the physical environment (building, power, HVAC, and basic communications lines) but no IT hardware or active network configurations. Because the school district has severe budget constraints and an acceptable RTO of several days (enough time to order and rack new firewalls, switches, and servers), a cold site perfectly aligns with their risk appetite and financial limitations.

4. Why the others are wrong

  • A. Warm site: Contains some pre-configured hardware and network links but requires data restoration and final configurations. It is moderately expensive and exceeds the budget constraints detailed in the scenario.
  • C. Hot site: A fully operational, continuously running mirror of the primary network environment. It utilizes real-time synchronous replication and allows for near-zero downtime. This is vastly too expensive for a budget-constrained school district.
  • D. Off site: This is a generic term usually referring to backup storage locations (e.g., storing tapes off-site). It is not a formal classification for a disaster recovery processing facility.

5. Defensive Action

The Network Defender should draft the DR proposal recommending a Cold Site lease. Additionally, they must create rigorous, documented Incident Response and Network Restoration procedures to ensure that when hardware does arrive, the network baseline, firewall rulesets, and routing tables can be rebuilt swiftly and securely from offline configuration backups.

MINI LESSON: Disaster Recovery Sites in Network Defense

Network availability is a core pillar of the CIA triad. Understanding facility types is essential for maintaining operational continuity during catastrophic events:

  • Hot Site (Hours to failover): Full network replication. Highest cost. Used by financial institutions and critical infrastructure. Requires continuous network monitoring of synchronization links.
  • Warm Site (Days to failover): Partial infrastructure. Moderate cost. Base network infrastructure (racks, core switches) is present, but servers may need to be brought in or updated from backups.
  • Cold Site (Weeks to failover): Empty room with power/cooling. Lowest cost. Network engineers must rack, stack, cable, and configure everything from scratch during a disaster declaration.

Ready to advance your defensive capabilities?

Explore more realistic network defense scenarios and master the CND domain.

Explore more CND simulations