Business Resilience Flashcards

1
Q

What does applying a retention date on a file ensure?

A

That data will not be deleted before that date

i.e. A retention date will ensure that a file cannot be overwritten or deleted before that date has passed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What would be the BEST cost-effective test of the disaster recovery plan (for offices across a wide geographical area)?

A

A Preparedness test

i.e. This is performed by each local office/area to test the adequacy of the preparedness of local operations for disaster recovery.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What type of offsite information processing facility has electrical wiring, air conditioning and flooring, but no computer or communications equipment?

A

A Cold site

Why? - Because it is ready to receive equipment but does not offer any components at the site in advance of the need.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

True or False.

Disaster recovery planning addresses the operational part of business continuity planning (BCP).

A

FALSE.

Disaster recovery planning addresses the technological part of BCP.

i.e. The focus is on IT systems and operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What practice would ensure the availability of transactions in the event of a disaster?

A

Transmitting transactions offsite in real time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the method of routing traffic through split cable or duplicate cable facilities called?

A

Diverse Routing (which routes traffic through split-cable facilities or duplicate-cable facilities)

Note: This type of access is time consuming and costly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What happens if the recovery time objective increases?

A

The disaster tolerance increases (I.e. The longer the recovery time objective (RTO), the higher disaster tolerance)

Note: The disaster tolerance is the amount of time the business can afford to be disrupted before resuming critical operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

True or False.

If the recovery time objective increases, the cost of recovery increases.

A

FALSE.

The longer the RTO, the lower the recovery cost

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the primary objective of a Business Continuity Plan?

A

To identify limitations of the business continuity plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What would be considered an appropriate method of transfer/backup in design of a business continuity plan for an airline reservation system?

A

Shadow file processing

i.e. exact duplicates of the files are maintained at the same site or at a remote site. The two files are processed concurrently.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is considered the most appropriate test method to apply to a business continuity plan?

A

A Paper test (sometimes called a deskcheck)

i.e. It is a walk-through of the entire BCP, or part of the BCP, involving major players in the BCP’s execution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the next step in a business continuity planning process after completing an business impact analysis (BIA)?

A

Developing recovery strategies.

i.e. determining the most appropriate strategy for recovering from a disaster that will meet the time lines and priorities defined through the BIA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What would be considered a continuity plan test that simulates a system crash and uses actual resources to cost-effectively obtain evidence about the plan’s effectiveness?

A

Preparedness Test

This is a localized version of a full test, wherein resources are expended in the simulation of a system crash.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What would be considered an appropriate method for assessing the effectiveness of a business continuity plan?

A

Reviewing the results from previous tests

i.e. Previous test results will provide evidence of the effectiveness of the business continuity plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What frequently updated information is key to the continued effectiveness of a disaster recovery plan?

A

Contact information of key personnel

Why? - Because in the event of a disaster, it is important to have a current updated list of personnel who are key to the operation of the plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What should the activation of an enterprise’s business continuity plan be based on?

A

The predetermined duration of the outage

i.e. the maximum period for which a business function can be disrupted before the disruption threatens the achievement of organizational objectives

17
Q

What should the next step be to verify the adequacy of the new BCP (after a table top test is performed)?

A

A functional test of a scenario with limited IT involvement

NOTE: The full-scale test would be the last step of the verification process before entering into a regular annual testing schedule

18
Q

What is of great concern (i.e. a huge risk) if the storage growth in a critical file server is not managed properly?

A

Server recovery work may not meet the recovery time objective

i.e. If the recovery cannot meet the recovery time objective (RTO), there will be a discrepancy in IT strategies

19
Q

What would integrating the business continuity plan into IT project management do?

A

Aid in the development of a more comprehensive set of requirements

i.e. this ensures complete coverage of the requirements through each phase of the project

20
Q

Why should an IS auditor recommend a business impact analysis to optimize an organization’s business continuity plan?

A

To determine the business processes that must be recovered following a disaster to ensure the organization’s survival