Chapter 8 - Business Continuity and Diaster Recovery Planning Flashcards

1
Q

what phrase best defines a business continuity/disaster recovery plan? A. A set of plans for preventing a disaster B. An approved set of preparations and sufficient procedures for responding to a disaster C. A set of preparations and procedures for responding to a disaster without management approval D. The adequate preparations and procedures for the continuation of all organization functions

A

D. The adequate preparations and procedures for the continuation of all organization functions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Regardless of industry, which element of legal and regulatory requirements are all industries subject to? A. Sarbanes-Oxley B. HIPAA C. Due Diligence D. BS25999

A

C. Due Diligence/Care

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following statements BEST describes the extent to which an organization should address business continuity/disaster recovery planning? s A. Continuity planning is a significant organizational issue and should include all parts or functions of the company B. Continuity planning is a significant technology issue and the recovery of technology should be its primary focus C. Continuity planning is required only where there is complexity in voice and data communications D. Continuity planning is a significant management issue and should include the primary functions specified by management

A

A. Continuity planning is a significant organizational issue and should include all parts or functions of the company

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

business impact analysis is performed to best identify: A. The impacts of a threat to the organization operation B. The exposures to loss to the organization C. The impacts of risk on the organization D. The cost efficient way to eliminate threats

A

B. The exposures to loss to the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

During the risk analysis phase of planning, which of the following actions could best manage threats or mitigate the effects of an event? A. Modifying the exercise scenario B. Developing recovery procedures C. Increasing reliance on key individuals D. Implementing procedural controls

A

D. Implementing procedural controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The best reason to implement additional controls or safeguards is to: A. deter or remove the risk B. identify and eliminate the threat C. reduce the impact of the threat D. identify the risk and the threat

A

C. reduce the impact of the threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following statements best describes business impact analysis? A. Risk analysis and organization impact analysis are two different terms describing the same project effort B. A business impact analysis calculates the probability of disruptions to the organization C. A business impact analysis is critical to development of a business continuity plan D. A business impact analysis establishes the effect of disruptions on the organization

A

D. A business impact analysis establishes the effect of disruptions on the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The term disaster recovery refers to the recovery of: A. organization operations B. technology environment C. manufacturing environment D. personnel environments

A

B. technology environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following terms best describes the effort to determine the consequences of disruptions that could result from a disaster? A. Business Impact Analysis B. Risk Analysis C. Risk Assessment D. Project Problem Definition

A

A. Business Impact Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

advantage of using a cold site as a recovery option

A

less expensive option

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

elements of risk

A

threats, assets, and mitigating controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

recovery time objective (RTO)

A

maximum time a servie or system can be unavailable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

most efficient restore from tape back up is

A

full back up

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

advantage of hot recovery site

A

highly available

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

not acceptable for exercising the bcp

A

halting a production application or function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

desired result of a well planned business continuity exercise

A

identifies strengths and weaknesses

17
Q

bcp is best updated and maintained

A

during the configuration and change management process

18
Q

most important for successful business continuity

A

senior leadership support

19
Q

best alternate site approach if rto is two months

A

cold site

20
Q

rpo is zero, what ensures requirement is met

A

raid 6 with a hot site alternate

21
Q

Project initiation

A

Senior Management support; project scope; estimate resources; define timeline and deliverables

22
Q

2 goals for senior leadership

A

execute mission and protecting organization

23
Q

Risk from disaster

A

financial; reputation and regulatory

24
Q

what to spend

A

probability of harm * magnitude = cost of protection

25
Q

Title IX Implementing the 9/11 Commission Recommendation Act of 2007

A

10 Professional Practice Areas: Project Initiation and Management; Risk Evaluation and Control; Business Impact Analysis; Developing Business Continuity Strategies; Emergency Response and Operations; Developing and Implementing BCP; Awareness and Training Programs; Maintains and Exercises BCP; Public Relations & Crisis Communication; Coordination with Public Authorities

26
Q

HIPAA

A

Requires data back up plan, a disaster recovery plan, and an emergency mode operations plan regarding privacy and portability of health insurance information

27
Q

Sarbanes Oxley Section 404

A

Internal Control report for financial reporting - bcp not part of it since its in future

28
Q

BIA

A

identify and prioritize critical organization functions; determine maximum tolerable downtime and other criteria - recovery time objective

29
Q

Backups

A

Full; differential (need last full); incremental ( need full and preious incrementals)

30
Q

Internal hot site

A

site standby ready

31
Q

external hot site

A

equipment ready but environment must be rebuilt for recovery

32
Q

warm site

A

partially configured but not actual computers; has cooling, cabling and networks. computers delivered at time of disaster

33
Q

cold site

A

empty data center. all technology must be purchased at time of disaster

34
Q

disaster recovery

A

process of restoring services from a contingency site

35
Q

event management plan

A

needs to identify who is authorized to declare a disaster, how a declaration is done, and when the decision to declare is made, how it will be communicated to the teams that need to respond

36
Q

procedures

A

should be reviewed every 3 months and the formal audit annually