02- Disaster Recovery and Risk Management QUIZ

Question 1

An effective risk management plan will not include which of the following?
A. Risk avoidance
B. Risk response planning
C. Risk monitoring
D. Priority

Answer 1

Answer: D

Priority is a Disaster Recovery strategy.

Question 2

Identify the method not used for performing a qualitative project risk analysis.
A. Risk tolerance
B. Probability impact matrix
C. Historic records

Answer 2

Answer: A

It is the measure of willingness of a stakeholder to avoid risk.

Question 3

Choose the one that does not belong to the four points of main studies used in order to
manage a given risk.
A. Strength
B. Weakness
C. Threats
D. DMZ

Answer 3

Answer: D

It is an example of risk domain.

Question 4

Which one is not a Risk domain?
A. DMZ
B. Private network
C. DRP
D. Mobile Users

Answer 4

Answer: C
The DRP (disaster recovery plan) is a policy that defines how an organization will recover from a disaster, whether it is natural
or manmade disaster.

Question 5

“Loss of data availability” helps determine which of the following:
A. The impact of a given risk
B. The likelihood of a risk

Answer 5

Answer: A

Loss of data availability is one set of questions to help determine the impact of a given risk.

Question 6

______ includes a list of responsible people who will perform the steps for recovery, inventory
for the hardware and software, and steps to recover from a disaster.
A. Mitigation
B. DRP
C. Transference
D. Response strategy

Answer 6

Answer: B
The DRP (disaster recovery plan) includes a list of responsible people who will perform the steps for recovery, inventory for the
hardware and software, and steps to recover from a disaster.

Question 7

Which of the following can function like the primary site within minutes?
A. Hot Site
B. Warm Site
C. Cold Site

Answer 7

Answer: A
Hot site is an identical site to the primary site equipped with systems and services just like the primary. Data is duplicated to the
hot site and can function just like the primary one in just a few minutes.

Question 8

In simple terms, Disaster Recovery Plan is:
A. A plan used when the main computer systems fails
B. Prepared to deal with natural disasters only
C. For backup data only
D. Plan for business continuity only

Answer 8

Answer: A
Disaster Recovery Plan’s first objective is to ensure the security of the people at all cost. The DRP is a policy that defines how an
organization will recover from a disaster.

Question 9

After a disaster, _____ is the maximum duration of time and a service level within which the
recovery procedure must be completed in order to avoid unacceptable consequences
associated with a break in business continuity.
A. MTD
B. RTO
C. BCP

Answer 9

Answer: B
Recovery Time Objective is the maximum duration of time and a service level within which the recovery procedure must be
completed in order to avoid undesirable consequences associated with a break in business continuity.

Question 10

Identify the standards in DRP to backup data.
A. Journaling
B. Electronic vaulting
C. Mitigation
D. Likelihood

Answer 10

Answer: A and B
Journalling is a less expensive method used to protect data. When a disaster strikes, Journaling is used to write the transactions
that were missing in the full backup tape. Electronic vaulting is an alternate location to preserve backed up data. In case of a
disaster, the backup data stored in the electronic vault is restored.

Question 11

The switching process is very fast in:
A. Warm site
B. Hot site
C. Cold site

Answer 11

Answer: B
Hot site has all the services and systems as that of the primary location and can switch to a full functional one within minutes.

Question 12

DRP ranks a given disaster and acts based on its rank. Which one of the following is of the
highest priority?
A. Short term
B. Mid term
C. Long term

Answer 12

Answer: A

DRP assigns high rank, when a line of service is fully affected, and requires immediate action to recover.

Question 13

_________ decides which services are sensitive for the regular operations to continue.
A. BCP
B. DRP
C. RTO

Answer 13

Answer: A

Business continuity plan (BCP) decides which services are sensitive for the regular operations to continue.

Question 14

The risk formula is Risk = Likelihood x Weakness.
True
False

Answer 14

Answer: False

Risk = Likelihood x Impact

Question 15

Identification of risk domains and risk exposure are done in the Analysis of Security Risk.
True
False

Answer 15

Answer: True
Analyze Security Risk involves identification of risk domains and risk exposure, SWOT analysis list and rank of the risks.
LearnSmart |

Question 16

Business, cost, technology, and process should be the main focus while planning Software risk
impact assessment.
True
False

Answer 16

Answer: False
Performance, support, cost of protective measure, and schedules are the primary things that need to be taken care of while
planning for risk management.

Question 17

Risk monitoring involves only watching the risk indicators defined for the project.
True
False

Answer 17

Answer: False
Risk monitoring involves not only watching the risk indicators defined for the project, but also determining the effectiveness of
the risk mitigation steps themselves.

Question 18

Risk management refers to the various techniques that minimize the risk and mitigating it.
True
False

Answer 18

Answer: True
Risk Management is the process of identifying and mitigating the risks that can make a negative impact on a project or daily
operations.

Question 19

Qualitative risk analysis is done at the later stages of the project.
True
False

Answer 19

Answer: False

Qualitative risk analysis is done at the earlier project stages.

Question 20

Likelihood and impact are measured with numbers, from 1 to 9.
True
False

Answer 20

Answer: False
Likelihood and impact are measured with numbers, from 0 to 9, where:
0 -3 is low
3-6 is medium
6-9 is high

Question 21

Response planning phase starts after identifying the risks and ranking them.
True
False

Answer 21

Answer: True

Response planning phase starts after Qualitative analysis, which identifies the risks and ranks them.

Question 22

Qualitative analysis use only ranks to measure the impact of identified risk.
True
False

Answer 22

Answer: False

Qualitative analysis use words or ranks to measure the impact of identified risk.

Question 23

DRP needs maintenance and evaluation on a timely basis, at least twice a year.
True
False

Answer 23

Answer: False
DRP needs maintenance and evaluation on a timely basis, at least once a year DRP plan should be re-evaluated to make sure of
its effectiveness.

Question 24

Drills when performed should focus on equipment only.
True
False

Answer 24

Answer: False
Drills when performed should focus not only on equipment, but also on personnel, as the operations cannot continue with one
of them missing.

Question 25

Which of the following defines risk management? Choose all that apply.
A. Understands how security measures are implemented in your environment
B. Gives an idea of threats your system is exposed to
C. Can increase the occurrence of negative events
D. Calculates the risk

Answer 25

Answer: A, B, and D
Every new technology and software comes with a new risk, making risk management a necessity for the proper working of the
business. Risk management understands the business procedures and risks involved in it. Risk management can reduce the
occurrence of negative events and increase the positive ones. The primary objective of risk management is to calculate the risk
involved while using new software to improve the daily business operations.

Question 26

Which is not involved in the strategy of Risk Management?
A. Test new products before deployment
B. Risk Response planning
C. Perform vulnerability assessment
D. Evaluate change against your risk policy

Answer 26

Answer: B

Risk Response planning is a method in the risk analysis strategy.

Question 27

Which is not a part of response strategy?
A. SWOT analysis
B. Acceptance
C. Avoidance
D. Mitigation

Answer 27

Answer: A

SWOT analysis comes under the analysis of security risks.

Question 28

The two ways used to rate risk projection attempts are likelihood and:
A. Mitigation
B. Transference
C. Impact

Answer 28

Answer: C

As per the risk formula, Risk = Likelihood x Impact

Question 29

To determine the impact of a given risk, ask the following, except:
A. What are the benefits and/or motivation for the attacker?
B. Is there an exploit already for this vulnerability?
C. Is there loss of data integrity?
D. Is there sensitive data in risk to be exposed?

Answer 29

Answer: A and B

These are both questions used to find out the likelihood of a risk.

Question 30

Risk management can increase the occurrence of negative events and reduce the positive ones.
True
False

Answer 30

Answer: False

Risk management can reduce the occurrence of negative events and increase the positive ones.

Question 31

Risk Monitoring is a step in risk analysis.
True
False

Answer 31

Answer: True
Risk Identification, Qualitative risk analysis, Quantitative Risk Analysis, Risk Response Planning and Risk Monitoring are the different steps involved in risk analysis.