Chapter 8 - Business Continuity and Diaster Recovery Planning

Question 1

what phrase best defines a business continuity/disaster recovery plan? A. A set of plans for preventing a disaster B. An approved set of preparations and sufficient procedures for responding to a disaster C. A set of preparations and procedures for responding to a disaster without management approval D. The adequate preparations and procedures for the continuation of all organization functions

Answer 1

D. The adequate preparations and procedures for the continuation of all organization functions

Question 2

Regardless of industry, which element of legal and regulatory requirements are all industries subject to? A. Sarbanes-Oxley B. HIPAA C. Due Diligence D. BS25999

Answer 2

C. Due Diligence/Care

Question 3

Which of the following statements BEST describes the extent to which an organization should address business continuity/disaster recovery planning? s A. Continuity planning is a significant organizational issue and should include all parts or functions of the company B. Continuity planning is a significant technology issue and the recovery of technology should be its primary focus C. Continuity planning is required only where there is complexity in voice and data communications D. Continuity planning is a significant management issue and should include the primary functions specified by management

Answer 3

A. Continuity planning is a significant organizational issue and should include all parts or functions of the company

Question 4

business impact analysis is performed to best identify: A. The impacts of a threat to the organization operation B. The exposures to loss to the organization C. The impacts of risk on the organization D. The cost efficient way to eliminate threats

Answer 4

B. The exposures to loss to the organization

Question 5

During the risk analysis phase of planning, which of the following actions could best manage threats or mitigate the effects of an event? A. Modifying the exercise scenario B. Developing recovery procedures C. Increasing reliance on key individuals D. Implementing procedural controls

Answer 5

D. Implementing procedural controls

Question 6

The best reason to implement additional controls or safeguards is to: A. deter or remove the risk B. identify and eliminate the threat C. reduce the impact of the threat D. identify the risk and the threat

Answer 6

C. reduce the impact of the threat

Question 7

Which of the following statements best describes business impact analysis? A. Risk analysis and organization impact analysis are two different terms describing the same project effort B. A business impact analysis calculates the probability of disruptions to the organization C. A business impact analysis is critical to development of a business continuity plan D. A business impact analysis establishes the effect of disruptions on the organization

Answer 7

D. A business impact analysis establishes the effect of disruptions on the organization

Question 8

The term disaster recovery refers to the recovery of: A. organization operations B. technology environment C. manufacturing environment D. personnel environments

Answer 8

B. technology environment

Question 9

Which of the following terms best describes the effort to determine the consequences of disruptions that could result from a disaster? A. Business Impact Analysis B. Risk Analysis C. Risk Assessment D. Project Problem Definition

Answer 9

A. Business Impact Analysis

Question 10

advantage of using a cold site as a recovery option

Answer 10

less expensive option

Question 11

elements of risk

Answer 11

threats, assets, and mitigating controls

Question 12

recovery time objective (RTO)

Answer 12

maximum time a servie or system can be unavailable

Question 13

most efficient restore from tape back up is

Answer 13

full back up

Question 14

advantage of hot recovery site

Answer 14

highly available

Question 15

not acceptable for exercising the bcp

Answer 15

halting a production application or function

Question 16

desired result of a well planned business continuity exercise

Answer 16

identifies strengths and weaknesses

Question 17

bcp is best updated and maintained

Answer 17

during the configuration and change management process

Question 18

most important for successful business continuity

Answer 18

senior leadership support

Question 19

best alternate site approach if rto is two months

Answer 19

cold site

Question 20

rpo is zero, what ensures requirement is met

Answer 20

raid 6 with a hot site alternate

Question 21

Project initiation

Answer 21

Senior Management support; project scope; estimate resources; define timeline and deliverables

Question 22

2 goals for senior leadership

Answer 22

execute mission and protecting organization

Question 23

Risk from disaster

Answer 23

financial; reputation and regulatory

Question 24

what to spend

Answer 24

probability of harm * magnitude = cost of protection

Question 25

Title IX Implementing the 9/11 Commission Recommendation Act of 2007

Answer 25

10 Professional Practice Areas: Project Initiation and Management; Risk Evaluation and Control; Business Impact Analysis; Developing Business Continuity Strategies; Emergency Response and Operations; Developing and Implementing BCP; Awareness and Training Programs; Maintains and Exercises BCP; Public Relations & Crisis Communication; Coordination with Public Authorities

Question 26

HIPAA

Answer 26

Requires data back up plan, a disaster recovery plan, and an emergency mode operations plan regarding privacy and portability of health insurance information

Question 27

Sarbanes Oxley Section 404

Answer 27

Internal Control report for financial reporting - bcp not part of it since its in future

Question 28

BIA

Answer 28

identify and prioritize critical organization functions; determine maximum tolerable downtime and other criteria - recovery time objective

Question 29

Backups

Answer 29

Full; differential (need last full); incremental ( need full and preious incrementals)

Question 30

Internal hot site

Answer 30

site standby ready

Question 31

external hot site

Answer 31

equipment ready but environment must be rebuilt for recovery

Question 32

warm site

Answer 32

partially configured but not actual computers; has cooling, cabling and networks. computers delivered at time of disaster

Question 33

cold site

Answer 33

empty data center. all technology must be purchased at time of disaster

Question 34

disaster recovery

Answer 34

process of restoring services from a contingency site

Question 35

event management plan

Answer 35

needs to identify who is authorized to declare a disaster, how a declaration is done, and when the decision to declare is made, how it will be communicated to the teams that need to respond

Question 36

procedures

Answer 36

should be reviewed every 3 months and the formal audit annually