CISSP: Business Continuity and Disaster Recovery Planning Flashcards
- The longest period of time that a business can survive without a critical function is called
A. Downtime Tolerability Period
B. Greatest Tolerable Downtime
C. Maximum Survivable Downtime
D. Maximum Tolerable Downtime
D. Maximum Tolerable Downtime
This is the term that describes the maximum period of time that a business function can suspend operations and the company can still survive. Review “Conducting the Business Impact Assessment.”
- Which of the following is not a natural disaster?
A. Avalanche
B. Stock market crash
C. Fire
D. Water supply storage drought
B. Stock market crash
A stock market crash is a man-made (non-natural) disaster. Review “Defining Disastrous Events.”
- The impact of a disaster on business operations is contained in
A. Local newspapers and online media
B. The Business Impact Assessment
C. The Operations Impact Assessment
D. The Vulnerability Assessment
B. Business Impact Assessment
The BIA describes the impact that a disaster will have on business operations. Review “Conducting the Business Impact Assessment.”
- The decision whether to purchase an emergency generator is based on
A. Wholesale electric rates
B. Retail electric rates
C. The duration of a typical outage
D. The income rate of affected systems
C. The duration of a typical outage
The average and worst-case duration of electrical power outages help to determine whether a business should purchase an emergency generator. Review “BCP Recovery Plan Development.”
- The purpose of a UPS is
A. To provide instantaneous power cutover when utility power fails
B. A lower cost for overnight shipping following a disaster
C. The need to steer an unresponsive vehicle after it’s moving again
D. To restore electric power within 24 hours
A. To provide instantaneous power cutover when utility power fails.
A UPS provides continuous electric power to all equipment connected to it. Review “Identifying the Elements of a Business Continuity Plan.”
6 The Business Impact Assessment
A. Describes the impact of disaster recovery planning on the budget
B. Describes the impact of a disaster on business operations
C. Is a prerequisite to the Vulnerability Assessment
D. Is the first official statement produced after a disaster
B. Describes the impact of a disaster on business operations.
A Business Impact Assessment (BIA) contains quantitative and qualitative estimates of the impact of a disaster. Review “Conducting the Business Impact Assessment.”
- To maximize the safety of backup media, it should be stored
A. At a specialized off-site media storage facility
B. At the residences of various senior managers
C. In the operations center in a locked cabinet
D. Between 50°F and 60°F
A. At a specialized off-site media storage facility.
Such a specialized facility is designed to withstand most disastrous events. Review “Identifying the Elements of a Business Continuity Plan.”
- An alternate information-processing facility with all systems, patches, and data mirrored from live production systems is known as a
A. Warm site
B. Hot site
C. Recovery site
D. Mutual Aid Center
B. Hot site
Although a hot site is the most expensive to build and maintain, it provides the greatest possible performance. Review “Identifying the Elements of a Business Continuity Plan.”
- The greatest advantage of a cold site is
A. It can be built nearly anywhere
B. Its high responsiveness
C. Its low cost
D. Its close proximity to airports
C. Its low cost
Cold sites are inexpensive, but they’re the slowest to set up and get running. Review “Identifying the Elements of a Business Continuity Plan.”
- The most extensive test for a Disaster Recovery Plan
A. Has dual failover
B. Is a waste of paper
C. Is known as a parallel test
D. Is known as an interruption test
D. Is known as an interruption test
The interruption test performs an actual failover of applications to the servers. Review “Testing the Disaster Recovery Plan.”
Which of the following is the best type of recovery process?
a. A process that maximizes vulnerabilities and impact
b. A process that identifies vulnerabilities and impact
c. A manually implemented process
d. An automated process
D. Automated processes are more likely to be implemented than a manually implemented recovery process.
Which of the following describes the technology that produces a redundant data set within a single server?
a. Disk shadowing
b. Electronic vaulting
c. Disk mirroring
d. Collocation
C. A disk mirror produces a redundant data copy on a disk in the same computer as the original.
A partition on a disk drive that loses its data due to corruption from a hacker attack is what kind of threat?
a. Natural
b. Technical
c. Human-made
d. Supply system
C. The hacker is the human threat agent that implements this threat.
Which of the following is NOT a reason to review and update the DRP and BCP out of schedule?
a. Changes to the maximum tolerable downtime
b. Change to the insurance provider
c. Discontinued business functions
d. Changes in technologies
B. Simply changing insurance providers does not require an out of schedule review and update of the DRP and BCP.
Which of the following is the primary goal of performing the business impact analysis (BIA)?
a. To identify the threats to the assets
b. To identify the risks to the assets
c. To identify the qualitative value of the business functions
d. To identify the maximum tolerable downtime (MTD)
D. The MTD identifies how long the business can continue operations without the operation of a specific business function. It identifies the required recovery time frame of each business function to sustain the business if it fails.