Business Continuity Planning Flashcards Preview

CISSP + Exams > Business Continuity Planning > Flashcards

Flashcards in Business Continuity Planning Deck (66)
Loading flashcards...
1

Which of the following could lead to the conclusion that a disaster recovery plan may not be operational within the timeframe the business needs to recover?
A. )The alternate site is a warm site
B. Critical recovery priority levels are not defined
C. Offsite backups are located away from the alternate site
D. The alternate site is located 70 miles away from the primary site

Answer: B
Explanation:

2

What are the four domains of communication in the disaster planning and recovery process?
A. Plan manual, plan communication, primer for survival, warning and alarms
B. Plan communication, primer for survival, escalation, declaration
C. Plan manual, warning and alarm, declaration, primer for survival
D. Primer for survival, escalation, plan communication, warning and alarm

Answer: C
Explanation:

3

The underlying reason for creating a disaster planning and recover strategy is to
A. Mitigate risks associated with disaster.
B. Enable a business to continue functioning without impact.
C. Protect the organization’s people, place and processes.
D. Minimize financial profile.

Answer: A
Explanation: “Disaster recovery has the goal of minimizing the effects of a disaster and taking the necessary steps to ensure that the resources, personnel, and business processes are able to resume operation in a timely manner.” Pg 550 Shon Harris: All-in-One CISSP Certification

4

Which of the following is not a direct benefit of successful Disaster Recovery Planning?
A. Maintain Nance of Business Continuity
B. Protection of Critical Data
C. Increase in IS performance
D. Minimized Impact of a disaster

Answer: C
Explanation:

5

Organizations should not view disaster recovery as which of the following?
A. committed expense
B. discretionary expense
C. enforcement of legal statues
D. compliance with regulations

Answer: B
Explanation:

6

Which of the following statements pertaining to disaster recovery is incorrect?
A. A recovery team’s primary task is to get the pre-defined critical business functions at the alternate backup processing site.
B. A salvage team’s task is to ensure that the primary site returns to normal processing conditions
C. The disaster recovery plan should include how the company will return from the alternate site to the primary site
D. When returning to the primary site, the most critical applications should be brought back first

Answer: D
Explanation:

7

Which of the following statements pertaining to dealing with the media after a disaster occurred and disturbed the organization’s activities is incorrect?
A. The CEO should always be the spokesperson for the company during a disaster
B. The disaster recovery plan must include how the media is to be handled during the disaster
C. The organization’s spokesperson should report bad news before the press gets ahold of it through another channel
D. An emergency press conference site should be planned ahead

Answer: A
Explanation:

8

What is a disaster recovery plan for a company’s computer system usually focused on?
A. Alternative procedures to process transactions
B. The probability that a disaster will occur C. Strategic long-range planning
D. Availability of compatible equipment at a hot site

Answer: A
Explanation:

9

What is the most critical piece to disaster recovery and continuity planning?
A. Security Policy
B. Management Support
C. Availability of backup information processing facilities
D. Staff training

Answer: B Explanation:

10

Which of the following is the most important consideration in locating an alternate computing facility during the development of a disaster recovery plan?
A. it is unlikely to be affected by the same contingency
B. it is close enough to become operation quickly
C. is it close enough to serve it’s users
D. it is convenient to airports and hotels

Answer: A
Explanation:

11

Which of the following are PRIMARY elements that are required when designing a Disaster Recovery Plan (DRP)?
A. Back-up procedures, off-site storage, and data recover.
B. Steering committee, emergency response team, and reconstruction team.
C. Impact assessment, recover strategy, and testing.
D. Insurance coverage, alternate site, and manual procedures.

Answer: C
Explanation: The most critical piece to disaster recovery and continuity planning is management support. They must be convinced of its necessity. Therefore, a business case must be made to obtain this support. The business case can include current vulnerabilities, regulatory and legal obligations, current status of recovery plans, and recommendations. Management will mostly concerned with cost/benefit issues, so several preliminary numbers will need to be gathered and potential losses estimated. - Shon Harris All-in-one CISSP Certification Guide pg 595 There are four major elements of the BCP process Scope and Plan Initiation - this phase marks the beginning of the BCP process. IT entails creating
ISC CISSP Exam
"Pass Any Exam. Any Time." - www.actualtests.com 468
the scope and other elements needed to define the parameters of the plan. Business Impact Assessment - A BIA is a process used to help business units understand the impact of a disruptive event. This phase includes the execution of a vulnerability assessment Business Continuity Plan Development - This term refers to using the information collection in the BIA to develop the actual business continuity plan. This process includes the areas of plan implementation, plan testing, and ongoing plan maintenance. Plan Approval and Implementation - This process involves getting the final senior management signoff, creating enterprise-wide awareness of the plan, and implementing a maintenance procedure for updating the plan as needed. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 380-381

12

Emergency actions are taken at the incipient stage of a disaster with the objectives of preventing injuries or loss of life and of:
A. determining the extent of property damage
B. protecting evidence
C. preventing looting and further damage
D. mitigating the damage to avoid the need for recovery

Answer: D
Explanation:

13

Who should direct short-term recovery actions immediately following a disaster?
A. Chief Information Officer
B. Chief Operating Officer
C. Disaster Recovery Manager
D. Chief Executive Officer

Answer: C
Explanation:

14

The environment that must be protected includes all personnel, equipment, data, communication devices, power supply and wiring. The necessary level of protection depends on the value of data, the computer systems, and the company assets within the facility. The value of these items can be determined by what type of analysis?
A. Critical-channel analysis
B. Critical-route analysis
C. Critical-path analysis
D. Critical-conduit analysis

Answer: C
Explanation: “The environment that must be protected through physical security controls includes all personnel, equipment, data, communication devices, power supplies, and wiring. The necessary level of protection depends on the value of the data, the computer systems, and the company assets within the facility. The value of these items can be determined by a critical-path analysis, which lists each piece of the infrastructure and what is necessary to keep those pieces healthy and operational.” Pg 255 Shon Harris: All-in-One CISSP Certification

15

Which of the following steps should be performed first in a business impact analysis (BIA)?
A. Identify all business units within the organization
B. Evaluate the impact of the disruptive events
C. Estimate the Recovery Time Objectives (RTO)
D. Evaluate the criticality of business functions

Answer: A
Explanation:

16

Which of the following steps is NOT one of the four steps of a Business Impact Analysis (BIA)?
A. Notifying senior management
B. Gathering the needed assessment materials
C. Performing the vulnerability assessment
D. Analyzing the information compiled

Answer: A
Explanation: “A BIA generally takes the form of these four steps:
Pg. 383 Krutz: CISSP Prep Guide: Gold Edition.

17

What methodology is commonly used in Business Continuity Program?
A. Work Group Recovery
B. Business Impact Analysis
C. Qualitative Risk Analysis
D. Quantitative Risk Analysis

Answer: B
Explanation: A BIA is performed at the beginning of disaster recovery and continuity planning to identify the areas that would suffer the greatest financial or operational loss in the event of a disaster or disruption. It identifies the company's critical systems needed for survival and estimates the outage time that can be tolerated by the company as a result of disaster or disruption. - Shon Harris All-in-one CISSP Certification Guide pg 597

18

Which of the following steps should be performed first in a business impact analysis (BIA)?
A. Identify all business units within an organization
B. Evaluate the impact of disruptive events
C. Estimate the Recovery Time Objectives (RTO)
D. Evaluate the criticality of business functions

Answer: A
Explanation: “The initial step of the BIA is identifying which business units are critical to continuing an acceptable level of operations.” Pg 383 Krutz: CISSP Prep Guide: Gold Edition.

19

Which is not one of the primary goals of BIA?
A. Criticality Prioritization
B. Down time estimation
C. Determining requirements for critical business functions
D. Deciding on various test to be performed to validate Business Continuity Plan

Answer: D
Explanation:

20

Which of the following is used to help business units understand the impact of a disruptive event?
A. A risk analysis
B. A Business Impact assessment
C. A Vulnerability assessment
D. A disaster recovery plan

Answer: B
Reference: “The purpose of a BIA is to create a document to be used to help understand what impact a disruptive event would have on the business.” Pg 383 Krutz : CISSP Prep Guide: Gold Edition

21

A Business Impact Analysis (BIA) does not:
A. Recommend the appropriate recovery solution
B. Determine critical and necessary business functions and their resource dependencies
C. Identify critical computer applications and the associated outage tolerance
D. Estimate the financial and operation impact of a disruption

Answer: A
Explanation:

22

What assesses potential loss that could be caused by a disaster?
A. The Business Assessment (BA)
B. The Business Impact Analysis (BIA)
C. The Risk Assessment (RA)
D. The Business Continuity Plan (BCP)

Answer: B
Explanation:

23

During the course of a Business Impact Analysis (BIA) you will less likely:
A. Estimate the financial and operational impact of a disruption
B. Identify regulatory exposure
C. Determine if functions Recovery Time Objective (RTO)
D. Determine the impact upon the organizations market share and corporate image

Answer: C
Explanation:

24

Which of the following tasks is not usually part of a Business Impact Analysis (BIA)?
A. Identify the type and quantity of resources required for recovery
B. Identify the critical processes and the dependencies between them
C. Identify organizational risks
D. Develop a mission statement

Answer: D
Explanation:

25

Which of the following will a Business Impact Analysis (BIA) NOT identify?
A. Areas that would suffer the greatest financial or operation loss in the event of a disaster
B. Systems critical to the survival of the enterprise
C. The names of individuals to be contacted during a disaster
D. The outage time that can be tolerated by the enterprise as a result of a disaster

Answer: C
Explanation:

26

Which one the following is the primary goal of Business Continuity Planning?
A. Sustain the organization.
B. Recover from a major data center outage.
C. Test the ability to prevent major outages.
D. Satisfy audit requirements.

Answer: A
Explanation: Simply put, business continuity plans are created to prevent interruptions to normal business activity. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 378

27

Most of unplanned downtime of information systems is attributed to which of the following?
A. Hardware failure
B. Natural disaster
C. Human error
D. Software failure

Answer: A
Explanation:

28

System reliability s increased by:
A. A lower MTBF and a lower MTTR
B. A higher MTBF and a lower MTTR
C. A lower MTBF and a higher MTTR
D. A higher MTBF and a higher MTTR

Answer: B
Explanation: One prefers to have a higher MTBF and a lower MTTR.
“Each device has a mean time between failure (MTBF) and a mean time to repair (MTTR). The MTBF estimate is used to determine the expected lifetime of a device or when an element within that device is expected to give out. The MTTR value is used to estimate the time it will take to repair the device and get it back into production.” Pg 267 Shon Harris: All-in-One CISSP Certification

29

Which of the following is NOT a major element of Business Continuity Planning?
A. Creation of a BCP committee
B. Business Impact Assessment (BIA)
C. Business Continuity Plan Development
D. Scope plan initiation

Answer: A
Explanation:

30

Which one of the following is a core infrastructure and service element of Business Continuity Planning (BCP) required to effectively support the business processes of an organization?
A. Internal and external support functions.
B. The change management process.
C. The risk management process.
D. Backup and restoration functions.

Answer: C
Explanation: Pg 383 Krutz Gold Edition. Backup is not BCP.