Chapter 8 - Business Continuity and Diaster Recovery Planning Flashcards Preview

My Notes of CISSP CBK > Chapter 8 - Business Continuity and Diaster Recovery Planning > Flashcards

Flashcards in Chapter 8 - Business Continuity and Diaster Recovery Planning Deck (36)
Loading flashcards...
1

what phrase best defines a business continuity/disaster recovery plan? A. A set of plans for preventing a disaster B. An approved set of preparations and sufficient procedures for responding to a disaster C. A set of preparations and procedures for responding to a disaster without management approval D. The adequate preparations and procedures for the continuation of all organization functions

D. The adequate preparations and procedures for the continuation of all organization functions

2

Regardless of industry, which element of legal and regulatory requirements are all industries subject to? A. Sarbanes-Oxley B. HIPAA C. Due Diligence D. BS25999

C. Due Diligence/Care

3

Which of the following statements BEST describes the extent to which an organization should address business continuity/disaster recovery planning? s A. Continuity planning is a significant organizational issue and should include all parts or functions of the company B. Continuity planning is a significant technology issue and the recovery of technology should be its primary focus C. Continuity planning is required only where there is complexity in voice and data communications D. Continuity planning is a significant management issue and should include the primary functions specified by management

A. Continuity planning is a significant organizational issue and should include all parts or functions of the company

4

business impact analysis is performed to best identify: A. The impacts of a threat to the organization operation B. The exposures to loss to the organization C. The impacts of risk on the organization D. The cost efficient way to eliminate threats

B. The exposures to loss to the organization

5

During the risk analysis phase of planning, which of the following actions could best manage threats or mitigate the effects of an event? A. Modifying the exercise scenario B. Developing recovery procedures C. Increasing reliance on key individuals D. Implementing procedural controls

D. Implementing procedural controls

6

The best reason to implement additional controls or safeguards is to: A. deter or remove the risk B. identify and eliminate the threat C. reduce the impact of the threat D. identify the risk and the threat

C. reduce the impact of the threat

7

Which of the following statements best describes business impact analysis? A. Risk analysis and organization impact analysis are two different terms describing the same project effort B. A business impact analysis calculates the probability of disruptions to the organization C. A business impact analysis is critical to development of a business continuity plan D. A business impact analysis establishes the effect of disruptions on the organization

D. A business impact analysis establishes the effect of disruptions on the organization

8

The term disaster recovery refers to the recovery of: A. organization operations B. technology environment C. manufacturing environment D. personnel environments

B. technology environment

9

Which of the following terms best describes the effort to determine the consequences of disruptions that could result from a disaster? A. Business Impact Analysis B. Risk Analysis C. Risk Assessment D. Project Problem Definition

A. Business Impact Analysis

10

advantage of using a cold site as a recovery option

less expensive option

11

elements of risk

threats, assets, and mitigating controls

12

recovery time objective (RTO)

maximum time a servie or system can be unavailable

13

most efficient restore from tape back up is

full back up

14

advantage of hot recovery site

highly available

15

not acceptable for exercising the bcp

halting a production application or function

16

desired result of a well planned business continuity exercise

identifies strengths and weaknesses

17

bcp is best updated and maintained

during the configuration and change management process

18

most important for successful business continuity

senior leadership support

19

best alternate site approach if rto is two months

cold site

20

rpo is zero, what ensures requirement is met

raid 6 with a hot site alternate

21

Project initiation

Senior Management support; project scope; estimate resources; define timeline and deliverables

22

2 goals for senior leadership

execute mission and protecting organization

23

Risk from disaster

financial; reputation and regulatory

24

what to spend

probability of harm * magnitude = cost of protection

25

Title IX Implementing the 9/11 Commission Recommendation Act of 2007

10 Professional Practice Areas: Project Initiation and Management; Risk Evaluation and Control; Business Impact Analysis; Developing Business Continuity Strategies; Emergency Response and Operations; Developing and Implementing BCP; Awareness and Training Programs; Maintains and Exercises BCP; Public Relations & Crisis Communication; Coordination with Public Authorities

26

HIPAA

Requires data back up plan, a disaster recovery plan, and an emergency mode operations plan regarding privacy and portability of health insurance information

27

Sarbanes Oxley Section 404

Internal Control report for financial reporting - bcp not part of it since its in future

28

BIA

identify and prioritize critical organization functions; determine maximum tolerable downtime and other criteria - recovery time objective

29

Backups

Full; differential (need last full); incremental ( need full and preious incrementals)

30

Internal hot site

site standby ready