02- Disaster Recovery and Risk Management QUIZ Flashcards

1
Q
An effective risk management plan will not include which of the following?
A. Risk avoidance
B. Risk response planning
C. Risk monitoring
D. Priority
A

Answer: D

Priority is a Disaster Recovery strategy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Identify the method not used for performing a qualitative project risk analysis.
A. Risk tolerance
B. Probability impact matrix
C. Historic records

A

Answer: A

It is the measure of willingness of a stakeholder to avoid risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
Choose the one that does not belong to the four points of main studies used in order to
manage a given risk.
A. Strength
B. Weakness
C. Threats
D. DMZ
A

Answer: D

It is an example of risk domain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
Which one is not a Risk domain?
A. DMZ
B. Private network
C. DRP
D. Mobile Users
A

Answer: C
The DRP (disaster recovery plan) is a policy that defines how an organization will recover from a disaster, whether it is natural
or manmade disaster.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

“Loss of data availability” helps determine which of the following:
A. The impact of a given risk
B. The likelihood of a risk

A

Answer: A

Loss of data availability is one set of questions to help determine the impact of a given risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

______ includes a list of responsible people who will perform the steps for recovery, inventory
for the hardware and software, and steps to recover from a disaster.
A. Mitigation
B. DRP
C. Transference
D. Response strategy

A

Answer: B
The DRP (disaster recovery plan) includes a list of responsible people who will perform the steps for recovery, inventory for the
hardware and software, and steps to recover from a disaster.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following can function like the primary site within minutes?
A. Hot Site
B. Warm Site
C. Cold Site

A

Answer: A
Hot site is an identical site to the primary site equipped with systems and services just like the primary. Data is duplicated to the
hot site and can function just like the primary one in just a few minutes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In simple terms, Disaster Recovery Plan is:
A. A plan used when the main computer systems fails
B. Prepared to deal with natural disasters only
C. For backup data only
D. Plan for business continuity only

A

Answer: A
Disaster Recovery Plan’s first objective is to ensure the security of the people at all cost. The DRP is a policy that defines how an
organization will recover from a disaster.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

After a disaster, _____ is the maximum duration of time and a service level within which the
recovery procedure must be completed in order to avoid unacceptable consequences
associated with a break in business continuity.
A. MTD
B. RTO
C. BCP

A

Answer: B
Recovery Time Objective is the maximum duration of time and a service level within which the recovery procedure must be
completed in order to avoid undesirable consequences associated with a break in business continuity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
Identify the standards in DRP to backup data.
A. Journaling
B. Electronic vaulting
C. Mitigation
D. Likelihood
A

Answer: A and B
Journalling is a less expensive method used to protect data. When a disaster strikes, Journaling is used to write the transactions
that were missing in the full backup tape. Electronic vaulting is an alternate location to preserve backed up data. In case of a
disaster, the backup data stored in the electronic vault is restored.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The switching process is very fast in:
A. Warm site
B. Hot site
C. Cold site

A

Answer: B
Hot site has all the services and systems as that of the primary location and can switch to a full functional one within minutes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
DRP ranks a given disaster and acts based on its rank. Which one of the following is of the
highest priority?
A. Short term
B. Mid term
C. Long term
A

Answer: A

DRP assigns high rank, when a line of service is fully affected, and requires immediate action to recover.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

_________ decides which services are sensitive for the regular operations to continue.
A. BCP
B. DRP
C. RTO

A

Answer: A

Business continuity plan (BCP) decides which services are sensitive for the regular operations to continue.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The risk formula is Risk = Likelihood x Weakness.
True
False

A

Answer: False

Risk = Likelihood x Impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Identification of risk domains and risk exposure are done in the Analysis of Security Risk.
True
False

A

Answer: True
Analyze Security Risk involves identification of risk domains and risk exposure, SWOT analysis list and rank of the risks.
LearnSmart |

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Business, cost, technology, and process should be the main focus while planning Software risk
impact assessment.
True
False

A

Answer: False
Performance, support, cost of protective measure, and schedules are the primary things that need to be taken care of while
planning for risk management.

17
Q

Risk monitoring involves only watching the risk indicators defined for the project.
True
False

A

Answer: False
Risk monitoring involves not only watching the risk indicators defined for the project, but also determining the effectiveness of
the risk mitigation steps themselves.

18
Q

Risk management refers to the various techniques that minimize the risk and mitigating it.
True
False

A

Answer: True
Risk Management is the process of identifying and mitigating the risks that can make a negative impact on a project or daily
operations.

19
Q

Qualitative risk analysis is done at the later stages of the project.
True
False

A

Answer: False

Qualitative risk analysis is done at the earlier project stages.

20
Q

Likelihood and impact are measured with numbers, from 1 to 9.
True
False

A
Answer: False
Likelihood and impact are measured with numbers, from 0 to 9, where:
0 -3 is low
3-6 is medium
6-9 is high
21
Q

Response planning phase starts after identifying the risks and ranking them.
True
False

A

Answer: True

Response planning phase starts after Qualitative analysis, which identifies the risks and ranks them.

22
Q

Qualitative analysis use only ranks to measure the impact of identified risk.
True
False

A

Answer: False

Qualitative analysis use words or ranks to measure the impact of identified risk.

23
Q

DRP needs maintenance and evaluation on a timely basis, at least twice a year.
True
False

A

Answer: False
DRP needs maintenance and evaluation on a timely basis, at least once a year DRP plan should be re-evaluated to make sure of
its effectiveness.

24
Q

Drills when performed should focus on equipment only.
True
False

A

Answer: False
Drills when performed should focus not only on equipment, but also on personnel, as the operations cannot continue with one
of them missing.

25
Q

Which of the following defines risk management? Choose all that apply.
A. Understands how security measures are implemented in your environment
B. Gives an idea of threats your system is exposed to
C. Can increase the occurrence of negative events
D. Calculates the risk

A

Answer: A, B, and D
Every new technology and software comes with a new risk, making risk management a necessity for the proper working of the
business. Risk management understands the business procedures and risks involved in it. Risk management can reduce the
occurrence of negative events and increase the positive ones. The primary objective of risk management is to calculate the risk
involved while using new software to improve the daily business operations.

26
Q

Which is not involved in the strategy of Risk Management?
A. Test new products before deployment
B. Risk Response planning
C. Perform vulnerability assessment
D. Evaluate change against your risk policy

A

Answer: B

Risk Response planning is a method in the risk analysis strategy.

27
Q
Which is not a part of response strategy?
A. SWOT analysis
B. Acceptance
C. Avoidance
D. Mitigation
A

Answer: A

SWOT analysis comes under the analysis of security risks.

28
Q

The two ways used to rate risk projection attempts are likelihood and:
A. Mitigation
B. Transference
C. Impact

A

Answer: C

As per the risk formula, Risk = Likelihood x Impact

29
Q

To determine the impact of a given risk, ask the following, except:
A. What are the benefits and/or motivation for the attacker?
B. Is there an exploit already for this vulnerability?
C. Is there loss of data integrity?
D. Is there sensitive data in risk to be exposed?

A

Answer: A and B

These are both questions used to find out the likelihood of a risk.

30
Q

Risk management can increase the occurrence of negative events and reduce the positive ones.
True
False

A

Answer: False

Risk management can reduce the occurrence of negative events and increase the positive ones.

31
Q

Risk Monitoring is a step in risk analysis.
True
False

A

Answer: True
Risk Identification, Qualitative risk analysis, Quantitative Risk Analysis, Risk Response Planning and Risk Monitoring are the different steps involved in risk analysis.