CISSP Certification Prep Test- Business Continuity

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Cindymurray
C
Cindymurray
Community Contributor
Quizzes Created: 8 | Total Attempts: 14,955
Questions: 17 | Attempts: 1,107

SettingsSettingsSettings
CISSP Certification Prep Test- Business Continuity - Quiz

MAW- BCP Prep


Questions and Answers
  • 1. 

    Which phrase best defines a business continuity/disaster recovery plan?

    • A.

      A set of plans for preventing a disaster.

    • B.

      An approved set of preparations and sufficient procedures for responding to a disaster.

    • C.

      A set of preparations and procedures for responding to a disaster without management approval.

    • D.

      Adequate preparations and procedures for the continuation of all business functions.

    Correct Answer
    D. Adequate preparations and procedures for the continuation of all business functions.
    Explanation
    d. Business continuity planning (BCP) and Disaster recovery planning (DRP) address the preparation, processes, and practices required to ensure the preservation of the business in the face of major disruptions to normal business operations.

    Rate this question:

  • 2. 

    Regardless of industry, which element of legal and regulatory requirements are all industries subject to?

    • A.

      Sarbanes–Oxley

    • B.

      HIPAA

    • C.

      Prudent man rule

    • D.

      BS25999

    Correct Answer
    C. Prudent man rule
    Explanation
    Regulatory risk is clearly defined by the industry the organization is a part of. However, no matter what industry the planner is in, what is commonly referred to as the prudent man rule applies: exercise the same care in managing company affairs as in managing one’s own affairs.

    Rate this question:

  • 3. 

    Which of the following statements best describe the extent to which an organization should address business continuity or disaster recovery planning?

    • A.

      Continuity planning is a significant corporate issue and should include all parts or functions of the company.

    • B.

      Continuity planning is a significant technology issue and the recovery of technology should be its primary focus.

    • C.

      Continuity planning is required only where there is complexity in voice and data communications.

    • D.

      Continuity planning is a significant management issue and should include prudent processes and specific actions necessary to protect critical business processes from the effects of major system and network disruptions and to ensure the timely restoration of business operations if significant disruptions occur.

    Correct Answer
    A. Continuity planning is a significant corporate issue and should include all parts or functions of the company.
    Explanation
    Business continuity planning and Disaster recovery planning
    involve the identifi cation, selection, implementation, testing, and updating of

    Rate this question:

  • 4. 

    Business impact analysis is performed to identify:

    • A.

      The impacts of a threat to business operations.

    • B.

      The exposures to loss to the organization.

    • C.

      The impacts of a risk on the company.

    • D.

      The way to eliminate threats.

    Correct Answer
    B. The exposures to loss to the organization.
    Explanation
    The business impact analysis is what is going to help the company decide what needs to be recovered and how quickly it needs to be recovered.

    Rate this question:

  • 5. 

    During the risk analysis phase of the planning, which of the following actions could manage threats or mitigate the effects of an event?

    • A.

      Modifying the exercise scenario.

    • B.

      Developing recovery procedures.

    • C.

      Increasing reliance on key individuals

    • D.

      Implementing procedural controls.

    Correct Answer
    D. Implementing procedural controls.
    Explanation
    The third element of risk is mitigating factors. Mitigating factors are the controls or safeguards the planner will put in place to reduce the impact of a threat.

    Rate this question:

  • 6. 

    The reason to implement additional controls or safeguards is to:

    • A.

      Deter or remove the risk.

    • B.

      Remove the risk and eliminate the threat.

    • C.

      Reduce the impact of the threat.

    • D.

      Identify the risk and the threat.

    Correct Answer
    C. Reduce the impact of the threat.
    Explanation
    Preventing a disaster is always better than trying to recover from one. If the planner can recommend controls to be put in place to prevent the most likely risks from having an impact on the organization’s ability to do business, then the planner will have fewer actual events to recover from.

    Rate this question:

  • 7. 

    Which of the following statements most accurately describes business impact?

    • A.

      Risk analysis and business impact analysis are two different terms describing the same project effort.

    • B.

      A business impact analysis calculates the probability of disruptions to the organization.

    • C.

      A business impact analysis is critical to the development of a business continuity plan.

    • D.

      A business impact analysis establishes the effect of disruptions on the organization.

    Correct Answer
    D. A business impact analysis establishes the effect of disruptions on the organization.
    Explanation
    All business functions and the technology that supports them need to be classified based on their recovery priority. Recovery time frames for business operations are driven by the consequences of not performing the function. The consequences may be the result of business lost during the down period; contractual commitments not met resulting in fines or lawsuits, lost goodwill with customers, etc.

    Rate this question:

  • 8. 

    The term disaster recovery commonly refers to:

    • A.

      The recovery of the business operations

    • B.

      The recovery of the technology environment

    • C.

      The recovery of the manufacturing environment

    • D.

      Th e recovery of the business and technology environments

    Correct Answer
    B. The recovery of the technology environment
    Explanation
    Once computers became part of the business landscape, it quickly became clear that we could not return to our manual processes if our computers failed. If those computer systems failed, there were not enough people to do the work nor did the people in the business still have the skill to do it manually anymore. This was the start of the disaster recovery industry. Still today, the term “disaster recovery” or “DR” commonly means the recovery of the technology environment.

    Rate this question:

  • 9. 

    Which of the following terms best describes the effort to determine the consequence of disruptions that could result from a disaster?

    • A.

      Business impact analysis.

    • B.

      Risk analysis.

    • C.

      Risk assessment.

    • D.

      Project problem defi nition

    Correct Answer
    A. Business impact analysis.
    Explanation
    The BIA is what is going to help the company decide what needs to be recovered and how quickly it needs to be recovered.

    Rate this question:

  • 10. 

    A key advantage of using a cold site as a recovery option is that it_______________________.

    • A.

      Is a less expensive recovery option.

    • B.

      Can be configured and made operational for any business function.

    • C.

      Is preconfigured for communications and can be customized for business functions.

    • D.

      Is the most available option for testing server and communications restorations.

    Correct Answer
    A. Is a less expensive recovery option.
    Explanation
    Among the advantages of warm and cold sites are that they are less expensive and available for longer recoveries.

    Rate this question:

  • 11. 

    The elements of risk are as follows:

    • A.

      Natural disasters and man made disasters

    • B.

      Threats, assets and mitigating controls

    • C.

      Risk and business impact analysis

    Correct Answer
    B. Threats, assets and mitigating controls
    Explanation
    There are three elements of risk: threats, assets, and mitigating factors.

    Rate this question:

  • 12. 

    The term RTO means:

    • A.

      Return to order

    • B.

      Resumption time order

    • C.

      Recovery time objective

    Correct Answer
    C. Recovery time objective
    Explanation
    All applications need to be classified as to their time sensitivity for recovery even if those applications do not support business functions that are time-sensitive. For applications, this is commonly referred to as recovery time objective (RTO) or maximum tolerable downtime (MTD).

    Rate this question:

  • 13. 

    If a company wants the most efficient restore from tape backup:

    • A.

      Full backup

    • B.

      Incremental backup

    • C.

      Partial backup

    • D.

      Partial backup

    Correct Answer
    A. Full backup
    Explanation
    If a company wants the backup and recovery strategy to be as simple as possible, then it should only use full backups. They take more time and hard drive space to perform but they are the most efficient in recovery.

    Rate this question:

  • 14. 

    One of the advantages of a hot site recovery solution is:

    • A.

      Less expensive

    • B.

      Highly available

    • C.

      No downtime

    • D.

      No maintenance required

    Correct Answer
    B. Highly available
    Explanation
    Among the advantages of internal or external hot sites are allows recovery to be tested, highly available, and the site can be operational within hours.

    Rate this question:

  • 15. 

    Which of the following methods is not acceptable for exercising the business continuity plan?

    • A.

      Table-top exercise.

    • B.

      Call exercise.

    • C.

      Simulated exercise.

    • D.

      Halting a production application or function.

    Correct Answer
    D. Halting a production application or function.
    Explanation
    Th e only difference between a simulated and an actual exercise is that the first rule of testing is the planner will never create a disaster by testing for one. The planner must make every effort to make certain that what is being tested will not impact the production environment whether business or technical.

    Rate this question:

  • 16. 

    Which of the following is the primary desired result of any well-planned business continuity exercise?

    • A.

      Identifies plan strengths and weaknesses.

    • B.

      Satisfies management requirements.

    • C.

      Complies with auditor’s requirements.

    • D.

      Maintains shareholder confidence

    Correct Answer
    A. Identifies plan strengths and weaknesses.
    Explanation
    After every exercise the planner conducts, the exercise results need to be published and action items identified to address the issues that were uncovered by the exercise. Action items should be tracked until they have been resolved and, where appropriate, the plan updated. It is very unfortunate when an organization has the same issue in subsequent tests simply because someone did not update the plan.

    Rate this question:

  • 17. 

    A business continuity plan should be updated and maintained:

    • A.

      Immediately following an exercise.

    • B.

      Following a major change in personnel.

    • C.

      After installing new software.

    • D.

      All of the above.

    Correct Answer
    D. All of the above.
    Explanation
    The plan document and all related procedures will need to be updated after each exercise and after each material change to the production, IT, or business environment. The procedures should be reviewed every three months and the formal audit of the procedures should be conducted annually.

    Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 21, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Dec 21, 2012
    Quiz Created by
    Cindymurray
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.