Business Continuity and Disaster Recovery Planning Flashcards
What is the purpose of a BIA
To determine how time sensitive different business functions are so you can determine how best to prioritize recovery operations.
When analyzing the software you company uses to perform certain functions, what should you consider?
Whether employees can continue to use the software from a different network location
Whether the software is necessary for performing key business functions.
What should you take into account when considering the amount of work that might be lost in a disaster
The amount of work that can tolerably be lost without harming the organization
How quickly work in progress will need to be restored to workstations at an alternate site.
What 2 types of plans are required for an IT organization
BCP - business continuity plan
DRP - disaster recovery plan
What does a BCP do?
designed to mitigate the impact of a disaster by ensuring that critical business operations continue.
What does a DRP do?
outlines how to restore the normal operational state of an enterprise within the minimum possible time.
3 steps involved in developing a BCP
assessing the impact of a potential disaster in terms of operational disturbance and data loss
formulating appropriate plans to ensure the continuous availability of critical systems
planning and implementing regular BCP training, testing, and maintenance
First phase of BCP - Project Initiation
gain support from senior management
defining project scope
defining a timeline for the project
developing a company policy for implementing the plan
Which requirements must the BCPs of the US financial institutions meet?
They should be reassessed annually
the should focus on maintaining and continuing business functions rather than just on technology recovery.
What should the planning team document during the creation of a BCP or DRP?
contact details for critical staff
ways in which the business will be impacted by possible disasters
potential alternative sites for running critical systems and operations
mission critical data or records
3 ways to respond to risk
accept
transfer
mitigate
3 primary goals of a BIA
prioritize systems in terms of their criticality
estimate maximum acceptable down times
determine resource requirements
Which are key considerations when analyzing impact on business applications?
how a new location might impact employees’ ability to use an application
the relationship between applications and business functions, even those that aren’t time sensitive.
What are key considerations when analyzing the impact of incidents on work in progress?
how quickly data must be recovered in the aftermath of a disaster
the percentage of employees current work that can be lost at a given time.
cold site
empty spaces containing no technical equipment
Which phrase best defines a business continuity/disaster recovery plan?
A. a set of plans for preventing a disaster
B. an approved set of preparations and sufficient procedures for responding to a disaster.
C. A set of preparations and procedures for responding to a disaster without management approval
D. The adequate preparations and procedures for the continuation of all organization functions.
D. The adequate preparations and procedures for the continuation of all organization functions.
Regardless of the industry, which element of legal and regulatory requirements are all industries subject to? A. Sarbanes-Oxley B. HIPAA C. Due care D. BS25999
C. Due care
Which of the following statements best describes the extent to which an organization should address business continuity or disaster recovery planing?
A. Continuity planning is a significant organization issue and should include all parts or functions of the company.
B. Continuity planning is a significant technology issue and the recovery of technology should be its primary focus.
C. Continuity planning is required only where there is complexity in voice and data communications.
D. Continuity planning is a significant management issue and should include the primary functions specified by management.
A. Continuity planning is a significant organization issue and should include all parts or functions of the company.
Business impact analysis is performed to best identify
A. The impacts of a threat to the organization operations
B. The exposures to loss to the organization
C. The impacts of a risk on the organization
D. The cost efficient way to eliminate threats
B. The exposures to loss to the organization
During the risk analysis phase of the planning, which of the following actions could best manage threats or mitigate the effects of an event?
A. Modifying the exercise scenario?
B. developing recovery procedures
C. increasing reliance on key individuals
D. Implementing procedural controls.
D. Implementing procedural controls.
The best reason to implement additional controls of safeguards is to A. deter or remove the risk B. identify and eliminate the threat C. reduce the impact of the threat D. identify the risk and the threat
C. reduce the impact of the threat
Which of the following statements best describes business impact analysis?
A. Risk analysis and business impact analysis are two different terms describing the same project effort
B. A business impact analysis calculates the probability of disruptions to the organization.
C. A business impact analysis is critical to development of a business continuity plan.
D. A business impact analysis establishes the effect of disruptions on the organization.
D. A business impact analysis establishes the effect of disruptions on the organization.
The term disaster recovery refers to the recovery of A. organization operations B. technology environment C. manufacturing environment D. personnel environments
B. technology environment
Which of the following terms best describes the effort to determine the consequences of disruptions that could result from a disaster? A. Business impact analysis B. Risk analysis C. Risk assessment D. Project problem definition
A. Business impact analysis
The best advantage of using a cold site as a recovery option is
A. is a less expensive recovery option
B. can be configured and made operational for any organization function
C. is preconfigured for communications and can be customized for organization functions.
D. is the most available option for testing server and communications restorations.
A. is a less expensive recovery option
The elements of risk are as follows
A. natural disasters and man made disasters
B. threats, assets, and mitigating factors
C. risk and business impact analysis
D. business impact analysis and mitigating factors
B. threats, assets, and mitigating factors
The term recovery time objective RTO means
A. The maximum time a service or system can be unavailable
B. The amount of time a disaster recovery should take
C. The time required to switch from a primary site to an alternate.
D. The time which must elapse before enacting a crisis communication plan
A. The maximum time a service or system can be unavailable
The most efficient restore from tape backup is A. full backup B. incremental C. partial D. differential
A. full backup
One of the advantages of a hot site recovery solution is that it A. is less expensive B. is highly available C. does not incur downtime D. no maintenance is required
B. is highly available
Which of the following methods is not acceptable for exercising the business continuity plan?
A. table top exercise
B. call exercise
C. simulated exercise
D. halting a production application or function
D. halting a production application or function
Which of the following is the primary desired result of any well planned business continuity exercise?
A. identifies plan strengths and weaknesses
B. satisfies management requirements
C. complies with auditor’s requirements
D. Maintains shareholder confidence.
A. identifies plan strengths and weaknesses
A business continuity plan is best updated and maintained
A. annually or when requested by auditors
B. only when new versions of software are deployed
C. only when new hardware is deployed
D. During the configuration and change management process
D. During the configuration and change management process
Which of the following is most important for successful business continuity?
A. senior leadership support
B. strong technical support staff
C. extensive wide area network infrastructure
D. an integrated incident response team
A. senior leadership support
Which of the following is the best alternate site approach if the recovery time objective of a service is two months? A. cold site B. reciprocal agreement C. warm site D. hot site
A. cold site
A service's recovery point objective is zero. Which approach best ensures the requirement is met? A. raid 6 with a hot site alternative B. raid 0 with a warm site alternative C. raid 0 with a cold site alternative D. raid 6 with a reciprocal agreement
A. raid 6 with a hot site alternative
The NIST organization has defined best practices for creating continuity plans. Which of the following phases deals with identifying and prioritizing critical functions and systems?
A. Identify preventative controls
B. Develop the continuity planning policy statement
C. Develop recovery strategies
D. Conduct the business impact analysis
D. Conduct the business impact analysis
As his company’s business continuity coordinator, Matthew is responsible for helping recruit members to the business continuity planning committee. Which of the following does not correctly describe this effort?
A. Committee members should be involved with the planning stages, as well as the testing and implementation stages
B. The smaller the team, the better, to keep meetings under control
C. The business continuity coordinator should work with management to appoint committee members
D. The team should consist of people from different departments across the company
B. The smaller the team, the better, to keep meetings under control
A business impact analysis is considered a functional analysis. Which of the following is not carried out during a business impact analysis?
A. A parallel or full-interruption test
B. The application of a classification scheme based on criticality levels
C. The gathering of information via interviews
D. Documentation of business functions
A. A parallel or full-interruption test
Which of the following is the best way to ensure that the company’s backup tapes can be restored and used at a warm site?
A. Ask the offsite vendor to test them and label the one’s that were properly read.
B. Test them on the vendor’s machine
C. Retrieve tapes from the offsite facility and verify that the equipment from the original site can read them.
D. Inventory each tape kept at the vendor’s site twice a month.
C. Retrieve tapes from the offsite facility and verify that the equipment from the original site can read them.
An approach to alternate offsite facilities is to establish a reciprocal agreement. Which of the following describes the pros and cons of a reciprocal agreement?
A. It is fully configured and ready to operate within a few hours, but is the most expensive of the offsite choices.
B. It is an inexpensive option, but takes the most time and effort to get up and running after a disaster.
C. It is a good alternative for companies that depend upon proprietary software, but annual testing is not usually available.
D. It is the cheapest of the offsite choices, but mixing operations could introduce many security issues.
D. It is the cheapest of the offsite choices, but mixing operations could introduce many security issues.
Which of the following steps come first in a business impact analysis?
A. Calculate the risk for each different business function.
B. Identify critical business functions.
C. Create data-gathering techniques
D. Identify vulnerabilities
C. Create data-gathering techniques
The operations team is responsible for defining which data gets backed up and how often. Which type of backup process backs up files that have been modified since the last time all data was backed up? A. Incremental B. Full C. Partial D. Differential
D. Differential
After a disaster occurs, a damage assessment needs to take place. Which of the following steps occurs last in a damage assessment?
A. Determine the cause of the disaster
B. Identify the resources that must be replaced immediately
C. Declare a disaster
D. Determine how long it will take to bring critical functions back online
C. Declare a disaster
Of the following plans, which establishes senior management and a head-quarters after a disaster? A. Continuity of operations plan B. Cyber-incident response plan C. Occupant emergency plan D. IT contingency plan
A. Continuity of operations plan
It is not usual for business continuity plans to become out of date. Which of the following is not a reason why plans become outdated?
A. Changes in hardware, software, and applications
B. Infrastructure and environment changes
C. Personnel turnover
D. That the business continuity process is integrated into the change management process
D. That the business continuity process is integrated into the change management process
Pre-planned business continuity procedures provide organizations a number of benefits. Which of the following is not a capability enabled by business continuity planning?
A. Resuming critical business functions
B. Letting business partners know your company is unprepared
C. Protecting lives and ensuring safety
D. Ensuring survivability of the business
B. Letting business partners know your company is unprepared
Management support is critical to the success of a business continuity plan. Which of the following is the most important to be provided to management to obtain their support? A. Business case B. Business Impact Analysis C. Risk Analysis D. Threat report
A. Business case
Gizmos and Gadgets have restored its original facility after a disaster. What should be moved in first? A. Management B. Most critical systems C. Most critical functions D. Least critical functions
D. Least critical functions
Which of the following is a critical first step in disaster recovery and contingency planning?
A. Plan testing and drills
B. Complete a business impact analysis
C. Determine offsite backup facility alternatives
D. Organize and create relevant documentation
B. Complete a business impact analysis
Which of the following is not a reason to develop and implement a disaster plan?
A. Provide steps for a post disaster recovery
B. Extend backup operations to include more than just backing up data
C. Outline business functions and systems
D. Provide procedures for emergency responses
C. Outline business functions and systems
Business continuity plans can be assessed via a number of tests. Which type of test continues up to the point of actual relocation to an offsite facility and actual shipment of replacement equipment? A. Parallel Test B. Checklist test C. Structured walk through test D. Simulation test
D. Simulation test
With what phase of a business continuity plan does a company proceed when it is ready to move back into its original site or a new site? A. Reconstitution phase B. Recovery phase C. Project initiation phase D. Damage assessment phase
A. Reconstitution phase
Several teams should be involved in carrying out the business continuity plan. Which team is responsible for starting the recovery of the original site? A. Damage assessment team B. BCP team C. Salvage team D. Restoration team
C. Salvage team
ACME paid a software vendor to develop specialized software, and that vendor has gone out of business. ACME does not have access to the code and therefore cannot keep it updated. What mechanism should the company have implemented to prevent this from happening? A. reciprocal agreement B. Software escrow C. Electronic vaulting D. Business interruption insurance
B. Software escrow
Which of the following incorrectly describes the concept of executive succession planning?
A. Predetermined steps protect the company if a senior executive leaves
B. Two or more senior staff cannot be exposed to a particular risk at the same time.
C. It documents the assignment of deputy roles
D. It covers assigning a skeleton crew to resume operations after a disaster.
D. It covers assigning a skeleton crew to resume operations after a disaster.
What ISO/IEC spec pertains to technology readiness for business continuity? A. ISO/IEC 27031 B. ISO/IEC 27005 C. ISO/IEC BS7799 D. ISO/IEC 2899
A. ISO/IEC 27031
What is the Recovery Time Objective?
earliest possible time period and a service level within which a business process must be restored after a disaster to avoid unacceptable consequences.
What is Work Recovery Time?
MTD (Max Tolerable Downtime) - RTO
What is the Recovery Point Objective?
The acceptable amount of data loss measured in time.
