CISSP Certification Prep Test- Business Continuity

17 Questions | Total Attempts: 347

SettingsSettingsSettings
CISSP Certification Prep Test- Business Continuity

MAW- BCP Prep


Questions and Answers
  • 1. 
    Which phrase best defines a business continuity/disaster recovery plan?
    • A. 

      A set of plans for preventing a disaster.

    • B. 

      An approved set of preparations and sufficient procedures for responding to a disaster.

    • C. 

      A set of preparations and procedures for responding to a disaster without management approval.

    • D. 

      Adequate preparations and procedures for the continuation of all business functions.

  • 2. 
    Regardless of industry, which element of legal and regulatory requirements are all industries subject to?
    • A. 

      Sarbanes–Oxley

    • B. 

      HIPAA

    • C. 

      Prudent man rule

    • D. 

      BS25999

  • 3. 
    Which of the following statements best describe the extent to which an organization should address business continuity or disaster recovery planning?
    • A. 

      Continuity planning is a significant corporate issue and should include all parts or functions of the company.

    • B. 

      Continuity planning is a significant technology issue and the recovery of technology should be its primary focus.

    • C. 

      Continuity planning is required only where there is complexity in voice and data communications.

    • D. 

      Continuity planning is a significant management issue and should include prudent processes and specific actions necessary to protect critical business processes from the effects of major system and network disruptions and to ensure the timely restoration of business operations if significant disruptions occur.

  • 4. 
    Business impact analysis is performed to identify:
    • A. 

      The impacts of a threat to business operations.

    • B. 

      The exposures to loss to the organization.

    • C. 

      The impacts of a risk on the company.

    • D. 

      The way to eliminate threats.

  • 5. 
    During the risk analysis phase of the planning, which of the following actions could manage threats or mitigate the effects of an event?
    • A. 

      Modifying the exercise scenario.

    • B. 

      Developing recovery procedures.

    • C. 

      Increasing reliance on key individuals

    • D. 

      Implementing procedural controls.

  • 6. 
    The reason to implement additional controls or safeguards is to:
    • A. 

      Deter or remove the risk.

    • B. 

      Remove the risk and eliminate the threat.

    • C. 

      Reduce the impact of the threat.

    • D. 

      Identify the risk and the threat.

  • 7. 
    • A. 

      Risk analysis and business impact analysis are two different terms describing the same project effort.

    • B. 

      A business impact analysis calculates the probability of disruptions to the organization.

    • C. 

      A business impact analysis is critical to the development of a business continuity plan.

    • D. 

      A business impact analysis establishes the effect of disruptions on the organization.

  • 8. 
    The term disaster recovery commonly refers to:
    • A. 

      The recovery of the business operations

    • B. 

      The recovery of the technology environment

    • C. 

      The recovery of the manufacturing environment

    • D. 

      Th e recovery of the business and technology environments

  • 9. 
    Which of the following terms best describes the effort to determine the consequence of disruptions that could result from a disaster?
    • A. 

      Business impact analysis.

    • B. 

      Risk analysis.

    • C. 

      Risk assessment.

    • D. 

      Project problem defi nition

  • 10. 
    A key advantage of using a cold site as a recovery option is that it_______________________.
    • A. 

      Is a less expensive recovery option.

    • B. 

      Can be configured and made operational for any business function.

    • C. 

      Is preconfigured for communications and can be customized for business functions.

    • D. 

      Is the most available option for testing server and communications restorations.

  • 11. 
    The elements of risk are as follows:
    • A. 

      Natural disasters and man made disasters

    • B. 

      Threats, assets and mitigating controls

    • C. 

      Risk and business impact analysis

  • 12. 
    The term RTO means:
    • A. 

      Return to order

    • B. 

      Resumption time order

    • C. 

      Recovery time objective

  • 13. 
    If a company wants the most efficient restore from tape backup:
    • A. 

      Full backup

    • B. 

      Incremental backup

    • C. 

      Partial backup

    • D. 

      Partial backup

  • 14. 
    One of the advantages of a hot site recovery solution is:
    • A. 

      Less expensive

    • B. 

      Highly available

    • C. 

      No downtime

    • D. 

      No maintenance required

  • 15. 
    Which of the following methods is not acceptable for exercising the business continuity plan?
    • A. 

      Table-top exercise.

    • B. 

      Call exercise.

    • C. 

      Simulated exercise.

    • D. 

      Halting a production application or function.

  • 16. 
    Which of the following is the primary desired result of any well-planned business continuity exercise?
    • A. 

      Identifies plan strengths and weaknesses.

    • B. 

      Satisfies management requirements.

    • C. 

      Complies with auditor’s requirements.

    • D. 

      Maintains shareholder confidence

  • 17. 
    A business continuity plan should be updated and maintained:
    • A. 

      Immediately following an exercise.

    • B. 

      Following a major change in personnel.

    • C. 

      After installing new software.

    • D. 

      All of the above.