Business Continuity and Disaster Recovery Planning Flashcards
What does the acronym BCP stand for?
BCP (Business Continuity Planning)
What does the acronym DRP stand for?
DCP (Disaster Recovery Planning)
In terms of Business Continuity and Disaster Recovery Planning, what is the the last line of defense when all other controls have failed?
BCP/DRP is the last line of defense when all other controls have failed; the final control that may prevent drastic events like injury or loss of life or failure of an organizations.
In terms of Business Continuity and Disaster Recovery Planning,
characterize the difference between BCP and DRP.
BCP is an umbrella plan which includes multiple specific plans; most importantly the Disaster recovery Plan (DRP)
DRP is IT centric.
In terms of Business Continuity and Disaster Recovery Planning,
What is the definition of BCP?
BCP: Business Continuity Planning: ensuring the business will continue to operate before, throughout and after a disaster; a long term strategic business oriented plan; long term plan to ensure the continuity of the business.
In terms of Business Continuity and Disaster Recovery Planning,
What is the definition of DRP?
Disaster Recovery Plan (DRP): A short term plan to recover from a disruptive event.
In terms of Business Continuity and Disaster Recovery Planning,
What is the definition of COOP?
Continuity of Operations Plan (COOP): A plan to maintain operations during a disaster.
In terms of Business Continuity and Disaster Recovery Planning,
What is the definition of Disaster?
Disaster: Any disruptive event that interrupts normal systems operations.
In terms of Business Continuity and Disaster Recovery Planning,
What is the definition of the Mean Time Between Failures?
Mean Time Between Failures (MTBF): Quantifies how long a new or repaired system will run on average before failing
In terms of Business Continuity and Disaster Recovery Planning,
What dos the acronym MTBF stand for?
Mean Time Between Failures (MTBF): Quantifies how long a new or repaired system will run on average before failing
In terms of Business Continuity and Disaster Recovery Planning,
What dos the acronym MTTR stand for?
Mean Time To Repair (MTTR): Describes how long it will take to recover a failed system.
In terms of Business Continuity and Disaster Recovery Planning,
What is the definition of Mean Time To Repair?
Mean Time To Repair (MTTR): Describes how long it will take to recover a failed system.
In terms of Disaster Types
What is the likelihood of a Natural Diasaster?
Low likelihood but depends on where you are.
In terms of Disaster Types
Technical disastgers (Cyber warfare, espionage, crime, hactivism) are a subset of whct kind of Disaster?
Human Disaster
In terms of Disaster Types
What is the most common kind of Disaster?
Human Unintentional is the most common disaster.
In terms of Disaster Types
What is the most easily avoided kind of Disaster?
Human Unintentional is the most common disaster.
In terms of Disaster Types
What type of disaster are Personnel Shortages?
Human Disaster.
In terms of Disaster Types
What are the trhee kinds of Personnel Shortages?
1: Pandemic & Disease
2: Strikes
3: Availability
In terms of Disaster Types
Is weather a natural disaster or an environmental disaster?
natural disaster
In terms of Disaster Types
What is an environmental disaster?
Environmental pertains to information systems: Power outages or hardware and/or software failures.
In terms of Disaster Types
What is the most common disaster in a datacenter?
Power is the most common that will affect a datacenter.
In terms of the Disaster Recovery Process
What is the most most important issue?
Personnel safety is the most important issue
What is are the five steps to the Disaster Recovery Process
1: Response
2: Recovery Team Activation
3: Tactical Communication
4: Damage Assessment
5: Critical Asset recovery (Reconstitution)
In terms of the Disaster Recovery Process
What is is th epurpose of the Response Phase?
Initial Damage Assessment; Speed is key
Are people safe?
Is it a disaster?
Do we need to engage the alternate processing center?
In terms of the Disaster Recovery Process
What are three considerations to Tactical Communication?
1: Quick and frequent updates about the situation
2: May have to be done out of band
3: May have to communicate to the public
What are the six steps when Developing the BCP/ DRP
1: Project Initiation
2: Project Scope
3: Business Impact Analysis
4: Preventive Controls Identification
5: Recovery Strategy
6: Plan Design and Development
In terms of Developing the BCP/ DRP
What are the seven steps to Project Initiation?
1: Develop the contingency planning policy statement: provides authority to develop plan
2: Conduct Business Impact Analysis (BIA): ID critical IT systems
3: ID Preventative controls:
4: Develop recovery strategies
5: Develop IT Contingency plan
6: Plan testing, exercises and training
7: Plan maintenance
In terms of Developing the BCP/ DRP
What are the five steps to Project Scope?
1: Define exactly which assets to protect
2: Define which emergency events the plan will address
3: Get C-Level approval
4: Determine objectives and deliverables in if-then format (If hurricane – enact Plan H)
5: Assess Critical State by creating a Critical State IT Asset list
In terms of Developing the BCP/ DRP
During Project Scope, What are three considerations when getting C-Level approval?
1: Support for initiating the plan
2: Final Approval
3: Demonstrate due care and due diligence or be held liable under law
In terms of Developing the BCP/ DRP
During Project Scope, when assessing the Critical State, does the PM us a qualitative approach or a a quantitative approach ?
The PM uses a qualitative approach when documenting assets; during the BIA later, he will use a the quantitative method.
In terms of Developing the BCP/ DRP
What is a Business Impact Analysis?
A formal method for determining how a disruption to the IT systems will impact the organization with respect to the mission.
It is an analysis to identify and prioritize critical IT systems and components.
It aims to quantify the consequence of a disruption
In terms of Developing the BCP/ DRP
What is the primary goal of a Business Impact Analysis?
Determine the Maximum Tolerable Downtime (MTD) for a specific asset
In terms of Developing the BCP/ DRP
What does the Maximum Tolerable Downtime (MTD) mean
MTD is the total time a system can be inoperable before an organization is severely impacted.
It is the max time it takes the reconstitution phase.
In terms of Developing the BCP/ DRP
What does the acronym (MTD) stand for
Maximum Tolerable Downtime (MTD)
In terms of Developing the BCP/ DRP
What are the two metrics that comprise the Maximum Tolerable Downtime (MTD) ?
1: Recovery Time Objective (RTO)
2: Work recovery Time (WRT)
In terms of Developing the BCP/ DRP
What are the three alternative names to Maximum Tolerable Downtime (MTD) ?
1: Maximum Allowable Downtime (MAD)
2: Maximum Tolerable Outage (MTO)
3: Maximum Acceptable Outage (MAO)
In terms of Developing the BCP/ DRP and determining the Maximum Tolerable Downtime (MTD)
What does the Recovery Time Objective (RTO) mean?
Recovery Time objective (RTO) is the maximum desired length of time allowed between a disaster and the resumption of normal operations.
The RTO defines the point in time after a disaster at which the consequences of the interruption become unacceptable.
MTD = RTO + WRT
In terms of Developing the BCP/ DRP and determining the Maximum Tolerable Downtime (MTD)
What does the acronym (RTO) stand for?
Recovery Time objective (RTO)
In terms of Developing the BCP/ DRP and determining the Maximum Tolerable Downtime (MTD)
What does the acronym (WRT) stand for?
Work Recovery Time (WRT)
In terms of Developing the BCP/ DRP and determining the Maximum Tolerable Downtime (MTD)
What does Work Recovery Time (WRT) mean?
The time it takes to get business processes up and running after the systems have been restored.
MTD = RTO + WRT
In terms of Developing the BCP/ DRP and determining the Maximum Tolerable Downtime (MTD)
What is the general rule MTD time and revoery cost?
As a general rule, the shorter the MTD, the more expensive the recovery solution.
In terms of conducting the Business Impact Analysis
What is the Reconstitution Phase?
Reconstitution Phase is the process of moving an organization from disaster recovery to business operations.
In terms of conducting the Business Impact Analysis
What is a significant side benefit?
Side benefit: If there are inefficiencies in the business process, the BIA will identify them.
In terms of Developing the BCP/ DRP
What does the acronym BIA stand for?
Business Impact Analysis
In terms of Business Impact Analysis
What are the six common metrics used
1: Recovery Point Objective (RPO)
2: Recovery Time Objective (RTO):
3: Work Recovery Time (WRT):
4: Mean Time Between Failures (MTBF)
5: Mean Time To Repair (MTTR):
6: Minimum Operating requirements (MOR):
In terms of Business Impact Analysis
What is the Recovery Point Objective (RPO)?
The amount of data loss or system inaccessibility (measured in time) that an organization can withstand.
Defined by specific actions like the point in time when users are allowed to deliver payroll checks again.
In terms of Business Impact Analysis
What does the acronym (RPO) stand for?
Recovery Point Objective
In terms of Business Impact Analysis
What is the Mean Time Between Failures (MTBF)?
Mean Time Between Failures (MTBF): Quantifies how long a new or repaired system will run before failing.
In terms of Business Impact Analysis
What is Mean Time To Repair (MTTR)?
Mean Time To Repair (MTTR): Quantifies how long it will take to recover a failed system. It is a best estimate.
In terms of Business Impact Analysis
What are the Minimum Operating Requirements (MOR)?
Minimum Operating requirements (MOR): Describes the minimum environmental and connectivity requirements in order to operate computer equipment.
In terms of Business Impact Analysis
What does the acronym (MOR) stand for?
Minimum Operating requirements (MOR): Describes the minimum environmental and connectivity requirements in order to operate computer equipment.
In terms of Business Impact Analysis
Name the two processes that make up the BIA?
The BIA is comprised of two processes:
1: Identify Critical assets
2: Conduct a comprehensive risk assessment.
In terms of Business Impact Analysis during the Recovery Strategy
Name the five kinds of alternate sites listed in order for cost to implement and degree of availability
1: No Plan
2: Cold Site: A datacenter with raised floor, and utilities. No equipment or data.
3: Warm Site: A datacenter with raised floor, utilities, fully configured computers but no data.
4: Hot Site: A datacenter with raised floor, utilities, fully configured computers and data. The idea is to switch over in a small amount of time.
5: Redundant Site: An exact production duplicate.
In terms of Business Impact Analysis during the Recovery Strategy
Are you restricted to use any specific kind of control?
No - Always use the three kinds of controls: technical, physical and administrative. Just because you are in t a tent after a hurricane does not obviate the need for physical security.
In terms of Business Impact Analysis during the Recovery Strategy
What is Supply Chain Management?
Supply Chain Management: Manage supplies by considering local disasters that only affect your organization or regional disasters that affect all businesses in the area that will compete for resources.
In terms of Business Impact Analysis during the Recovery Strategy
What is Telecommunication Management?
Telecommunication Management: Ensures the availability of electronics communications during a disaster.
In terms of Business Impact Analysis during the Recovery Strategy
What is Utility Management?
Utility Management: addresses the availability of power, water, gas, erc during the disaster.
In terms of Business Impact Analysis during the Recovery Strategy
What is a Reciprocal Agreement or Mutual Aid Agreement?
Reciprocal Agreement (Also called Mutual Aid Agreements): a bi-directional agreement between two organizations that agree to allow the other to move into their spaces during a disaster.
In terms of Business Impact Analysis during the Recovery Strategy
What is a Mobile Site?
Mobile Site: Datacenters on wheels.
In terms of Business Impact Analysis during the Recovery Strategy
What are Subscription Services?
Subscription Services: Outsource your BCP/ DRP to another company.
In terms of Business Impact Analysis during the Plan Design and Development Phase
What are the 7 Related Plans?
1: Continuity of Operations Plan (COOP):
2: Business Recovery Plan (BRP): .
3: Continuity of Support Plan
4: Cyber Incident Response Plan:
5: Occupant Emergency Plan (OEP):
6: Crisis Management Plan (CMP):
7: Crisis Communications Plan:
In terms of Business Impact Analysis during the Plan Design and Development Phase
What is Continuity of Operations Plan (COOP)?
Continuity of Operations Plan (COOP): Describes procedures required to maintain operations during a disaster to include transfer of personnel to alternate site and the operation of that site.
In terms of Business Impact Analysis during the Plan Design and Development Phase
What is the Business Recovery Plan (BRP):?
Business Recovery Plan (BRP): Also known as the Business Resumption Plan details the steps required to restore the business operation after the disaster. Picks up when the COOP is complete.
In terms of Business Impact Analysis during the Plan Design and Development Phase
What is the Continuity of Support Plan?
Continuity of Support Plan focuses narrowly on specific IT systems. Also called the IT Contingency Plan.
In terms of Business Impact Analysis during the Plan Design and Development Phase
What is the Cyber Incident Response Plan?
Cyber Incident Response Plan: Designed to respond to disruptive cyber events including network attacks, worms, viruses, etc.
In terms of Business Impact Analysis during the Plan Design and Development Phase
What is the Occupant Emergency Plan (OEP):?
Occupant Emergency Plan (OEP): response procedures for facility occupants in the even to f a situation posing a potential threat to health and safety of personnel. It is facilities focused and not business focused. Should include safety drills.
In terms of Business Impact Analysis during the Plan Design and Development Phase
What is the Crisis Management Plan (CMP)?
Crisis Management Plan (CMP): provide effective coordination between managers in the event of an emergency.
In terms of Business Impact Analysis during the Plan Design and Development Phase
What does the acronym COOP stand for?
Continuity of Operations Plan (COOP): Describes procedures required to maintain operations during a disaster to include transfer of personnel to alternate site and the operation of that site.
In terms of Business Impact Analysis during the Plan Design and Development Phase
What does the acronym BRP stand for?
Business Recovery Plan (BRP): Also known as the Business Resumption Plan details the steps required to restore the business operation after the disaster. Picks up when the COOP is complete.
In terms of Business Impact Analysis during the Plan Design and Development Phase
What idoes the acronym OEP stand for?
Occupant Emergency Plan (OEP): response procedures for facility occupants in the even to f a situation posing a potential threat to health and safety of personnel. It is facilities focused and not business focused. Should include safety drills.
In terms of Business Impact Analysis during the Plan Design and Development Phase
What does the acronym CMP stand for?
Crisis Management Plan (CMP): provide effective coordination between managers in the event of an emergency.
In terms of Business Impact Analysis during the Plan Design and Development Phase and part of the Crisis Management Plan (CMP)
What is the Crisis Communications Plan?
Crisis Communications Plan: The plan to communicate to the staff and public during a disaster.
In terms of Business Impact Analysis during the Plan Design and Development Phase and part of the Crisis Management Plan (CMP) and the Crisis Communications Plan
What is a Call Tree
Call Trees: used to quickly communicate news throughout an organization.
In terms of Business Impact Analysis during the Plan Design and Development Phase and part of the Crisis Management Plan (CMP) and the Crisis Communications Plan
What are two charateristice to an effective Call Tree
1: Most effective when there is two-way reporting (message down and verification up that all has received the info.
2: Must be drilled.
In terms of Business Impact Analysis during the Plan Design and Development Phase and part of the Crisis Management Plan (CMP) and the Crisis Communications Plan
What are is a Automated Call Trees
Call Trees Hosted by offsite third parties.
In terms of Business Impact Analysis during the Plan Design and Development Phase and part of the Crisis Management Plan (CMP)
What are is the Emergency Operations Center (EOC)
Emergency Operations Center (EOC): The command post
In terms of Business Impact Analysis during the Plan Design and Development Phase and part of the Crisis Management Plan (CMP)
What does the acronym EOC stand for?
Emergency Operations Center (EOC): The command post
In terms of Business Impact Analysis during the Plan Design and Development Phase and part of the Crisis Management Plan (CMP)
Where should Vital records be stored?
Vital records: Should be stored offsite.
Best practice is to have hard copies and electronic copies.
In terms of Business Impact Analysis during the Plan Design and Development Phase and part of the Crisis Management Plan (CMP)
What is the best practice dor storing Vital records?
Vital records: Should be stored offsite.
Best practice is to have hard copies and electronic copies.
In terms of Business Impact Analysis during the Plan Design and Development Phase and part of the Crisis Management Plan (CMP)
What is Executive Succession Planning?
Executive Succession Planning: Ensure that there is always an executive available to make a decision.
In terms of Business Impact Analysis during the Plan Design and Development Phase and part of the Crisis Management Plan (CMP)
What is a common mistake with Executive Succession Planning?
A common mistake is to have the entire executive team travel together.
In terms of Business Impact Analysis during the Plan Design and Development Phase and part of the Crisis Management Plan (CMP)
What are two of the simplest executive powers that are vital during a crisis?
1: Sign checks
2: Procure money.
In terms of Backups and Availability
Where do you store Critical backup media ?
Critical backup media must be stored offsite.
In terms of Backups and Availability
What is an important design decision to consider whem storing Critical backup media ?
Situate the backup location so that an organization can efficiently access the media with the purpose of taking it to the primary or secondary recovery operation.
In terms of Backups and Availability
What is an important design decision to consider when using backup software to store Critical backup media ?
Be sure to address software licensing issues
In terms of Backups and Availability for COOP
What is one element that you should consider in regards to hardcopy data?
Hardcopy data: Consider operating only on hard copies
In terms of Backups and Availability for COOP
What are the three types of Electronic Backup?
1: Full: Every piece of data is copied.
2: Incremental: Only changes since the last full or incremental backup.
3: Differential: Only changes since the last full;
In terms of Backups and Availability
What is Electronic vaulting?
Electronic vaulting: Electronically transmitting data to a location for backup.
In terms of Backups and Availability
What is Remote journaling?
A log of all database transactions to backup and restore a database.
Takes a snapshot of the data (checkpoint) at regular intervals.
Recover data to a checkpoint and then use the journal to restore the rest.
Saves the database checkpoints and journaling to an offsite location.
In terms of Backups and Availability
What is Database Shadowing?
Uses two or more databases that are update simultaneously. The shadow can exist locally but it is best practice to host one shadow offsite.
Allows faster recover time compared to remote journaling.
In terms of Backups and Availability
What is High Availability?
Requirements of zero downtime and MTD (Max Tolerable Downtime) of zero.
In terms of Backups and Availability
What is the difference between an Active – Active Cluster and a Active – Passive Cluster?
Active – Active Cluster:
1: Multiple Systems all of which are online and actively processing traffic or data.
2: Commonly referred to as Load Balancing
3: Especially common with public facing systems like web front ends.
Active – Passive Cluster:
1: Devices that are already in place, configured, powered-on and ready to start processing if a failure occurs.
2: Any configuration change on the active system is automatically done on the passive system
Also referred to as a hot spare, standby, and failover cluster configuration.
In terms of Backups and Availability
What is another name for an Active - Active Cluster?
Load Balancing
In terms of Backups and Availability
What is Software Escrow?
Software Escrow: Neutral third party holds the source code in case the development company goes out of business.
In terms of DRP Testing, Training and Awareness
What are the five types of Testing?
1: Checklist (Consistency) Testing:
2: Structured Walk-thru Tabletop:
3: Simulation Test / Walkthrough Drill (Not to be confused with walkthrough tabletop) :
4: Parallel Processing:
5: Partial and Complete Business Interruption:
In terms of DRP Testing, Training and Awareness
What is the Checklist Test?
Lists all necessary components for a successful recovery.
Often performed concurrently with a structured walkthrough or tabletop exercise.
Focused on ensuring that the organization has, or can acquire in a timely fashion, sufficient resources to recover.
In terms of DRP Testing, Training and Awareness
What is the Structured Walk-thru Tabletop Test?
Allow all personnel knowledgeable about the systems to thoroughly review the approach.
In terms of DRP Testing, Training and Awareness
What is the Simulation Test / Walkthrough Drill Test?
Goes beyond just talking and has teams execute recovery processes by responding to a simulated disaster.
Tactical goal: determine if the team can recover the systems impacted by the simulated disaster.
Strategic goal: Prepare the team to recover from any disaster.
In terms of DRP Testing, Training and Awareness
What is the difference between the Simulation Test / Walkthrough Drill Test and the Structured Walk-thru Tabletop Test
Structured Walk-thru Tabletop: Allow all personnel knowledgeable about the systems to thoroughly review the approach.
Simulation Test / Walkthrough Drill: Goes beyond just talking and has teams execute recovery processes by responding to a simulated disaster.
In terms of DRP Testing, Training and Awareness
What is the Parallel Processing: Test?
Recover critical assets at a alternate site.
Organizations that are highly dependent on mainframes and midrange systems will employ these tests.
In terms of DRP Testing, Training and Awareness
What is the Partial and Complete Business Interruption Test?
Partial and Complete Business Interruption
In terms of DRP Testing, Training and Awareness
What six compnents must the Training Plan address
1: There is an element of training when conducting tests
2: First Aid / CPR
3: Starting Emergency Power:
4: Calling Tree Test
5: Awareness
6: Must address events that pose a threat to human safety.
In terms of Continued BRP /DCP Maintenance
What is Change Management?
Process designed to ensure that security is not affected as systems are introduced, changed, and updated.
Includes tracking and documenting all planned changes.
In terms of Continued BRP /DCP Maintenance
What is the key design characteristic of Change Management?
All changes must be auditable.
In terms of Continued BRP /DCP Maintenance
What group focuses on Change Management for an organization?
The Change Control Board Manages this process. The BCP Team should be a member of the Board.
In terms of Organization BCP / DRP Planning Process
Who develops the POlicy Statement?
1: C-Level Managers Develop the Policy Statement
In terms of Organization BCP / DRP Planning Process
Who Conducts the BIA (Business Impact Assessment)?
BCP/DRP Stakeholders and Project PM Conduct the BIA
In terms of Organization BCP / DRP Planning Process
Who identifies preventative controls?
Stakeholders and PM identify the preventative controls
In terms of Organization BCP / DRP Planning Process
Who develops recovery strategies?
C-Level managers develop recovery strategies.
In terms of Organization BCP / DRP Planning Process
What are 10 common Mistakes?
1: lack of Management Support
2: Lack of BU involvement
3: Lack of prioritization of critical staff
4: Improper (often too narrow) scope.
5: Inadequate telecommunications management
6: Inadequate supply chain mgt
7: Inadequate crisis management plan
8: Lack of Testing
9: Lack of training and awareness
10: Failure to maintain
In terms of Specific BRP / DCP Frameworks
Name four common frameworks
1: NIST SP 800-34
2: ISO/IEC-27031
3: BS-2599
4: BCI (Business Continuity Institute) six steps for Business Continuity Management
In terms of Specific BRP / DCP Frameworks
What are the two key characteristic of the NIST SP 800-34 framework?
1: High Quality
2: In the public domain.
In terms of Specific BRP / DCP Frameworks
In the ISO/IEC-27031 framework, what does the acronym ICT mean?
ICT: Information and Communication Technology
In terms of Specific BRP / DCP Frameworks
In the ISO/IEC-27031 framework, what does the acronym ISMS mean?
ISMS: Information Security Management Systems
In terms of Specific BRP / DCP Frameworks
Who wrote the BS-2599 Framework?
British Standards Institute (BSI)
In terms of Specific BRP / DCP Frameworks
What are the two parts to the BS-2599 Framework?
Part 1: Guidance on best practices for continuity management
Part 2: A Specification for a Business Continuity Management System (BCMS)
In terms of Specific BRP / DCP Frameworks
In the BS-2599 Framework, what does the acronym BCMS mean?
Business Continuity Management System (BCMS)
In terms of Specific BRP / DCP Frameworks
In the BCI (Business Continuity Institute) six steps for Business Continuity Management, what are the six steps?
1: Policy and Program Mgt
2: Understanding the Organization
3: Determining BCM strategy
4: Developing and Implementing BCM response
5: Exercising, Maintaining and reviewing BCM response
6: Embedding BCm in Culture
In terms of Specific BRP / DCP Frameworks
In the BCI Six Steps for Business Continuity Management, what does the acronym BCO stand for?
BCI (Business Continuity Institute)
1: Maximum Tolerable Downtime (MTD) is also known as what?
A: Maximum Allowable Downtime (MAD)
B: Mean Time Between Failure (MTBF)
C: Mean Time To Repair (MTTR)
D: Minimum Operating Requirements (MOR)
A: Maximum Allowable Downtime (MAD)
2: What is the Primary goal of DRP?
A: Integrity of Data
B: Preservation of Business Capital
C: Restoration of Business processes.
D: Safety of Personnel
D: Safety of Personnel
3: What business process can be used to determine the outer band of Max Tolerable Downtime?
A: Accounts receivable
B: Invoicing
C: Payroll
D: Shipment of Goods
C: Payroll
4: Your Max Tolerable Downtime is 48 Hours. What is the most cost effective alternate site choice.
A: Cold
B: Hot
C: redundant
D: Warm
D: Warm
5: A Structured Walkthrough test is also known as what kind of test
A: Checklist
B: Simulation
C: Tabletop Exercise
D: walkthrough Drill
C: Tabletop Exercise
6: Which plan provides the response procedures for occupants of a facility in the event a situation poses a threat to the health and safety of personnel?
A: BRP (Business recovery Plan)
B: COOP (Continuity of Operation Plan)
C: CMP (Crisis Management Plan)
D: OEP (Occupant Emergency Plan)
D: OEP (Occupant Emergency Plan)
7: Which type of backup requires a maximum of two tapes to perform restoration.
A: Differential Backup
B: Electronic Vaulting
C: Full backup
D: Incremental Backup
A: Differential Backup
8: What statement regarding the Business Continuity Plan is true?
A: BCP and DRP are separate, equal plans
B: BCP is an overarching umbrella that includes other focused plans such as DRP
C: DRP is an overarching umbrella that includes other focused plans such as BCP
D: COOP is an overarching umbrella that includes other focused plans such as BCP
B: BCP is an overarching umbrella that includes other focused plans such as DRP
9: Which High Availabilty solution involves multiple systems which are online and actively processing traffic and data
A: Active – Active cluster
B: Active-Passive Cluster
C: database Shadowing
D: remote Journaling
A: Active – Active cluster
10: What plan is designed to promote effective coordination among the managers of the organization in the event of an emergency or disruptive event?
A: Call tree
B: Continuity of Support Plan
C: Crisis management Plan
D: Crisis Communications Plan
C: Crisis management Plan
11: Which plan details the steps required to restore normal business operations after recovering from a disruptive event?
A: Business Continuity Plan (BCP)
B: Business Resumption Planning (BRP)
C: Continuity of Operations Plan (COOP)
D: occupant Emergency Plan (OEP)
B: Business Resumption Planning (BRP)
12: What metric describes how long it will take to recover a failed system?
A: Minimum Operating Requirements (MOR)
B: mean Time Between Failures (MTBF)
C: the Mean Time to repair (MTTR)
D: recovery Point Objective (RPO)
C: the Mean Time to repair (MTTR)
13: What metric describes the moment in time in which data must be recovered and made available to users in order to resume business operations
A: Mean Time Between Failures (MTBF)
B: the Mean Time to repair (MTTR)
C: Recovery Point Objective (RPO)
D: Recovery Time Objective (RTO)
C: Recovery Point Objective (RPO)
15: Which draft business continuity guideline ensures business continuity of the Information Communications Technology (ICT) as part of the organization’s Information Security Management Systems (ISMS)?
A: BCI
B: BS-7799
C: ISO/IEC-27031
D: NIST 800-34
C: ISO/IEC-27031
