CISSP: Business Continuity and Disaster Recovery Planning Flashcards

0
Q
  1. The longest period of time that a business can survive without a critical function is called

A. Downtime Tolerability Period
B. Greatest Tolerable Downtime
C. Maximum Survivable Downtime
D. Maximum Tolerable Downtime

A

D. Maximum Tolerable Downtime

This is the term that describes the maximum period of time that a business function can suspend operations and the company can still survive. Review “Conducting the Business Impact Assessment.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q
  1. Which of the following is not a natural disaster?

A. Avalanche
B. Stock market crash
C. Fire
D. Water supply storage drought

A

B. Stock market crash

A stock market crash is a man-made (non-natural) disaster. Review “Defining Disastrous Events.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. The impact of a disaster on business operations is contained in

A. Local newspapers and online media
B. The Business Impact Assessment
C. The Operations Impact Assessment
D. The Vulnerability Assessment

A

B. Business Impact Assessment

The BIA describes the impact that a disaster will have on business operations. Review “Conducting the Business Impact Assessment.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. The decision whether to purchase an emergency generator is based on

A. Wholesale electric rates
B. Retail electric rates
C. The duration of a typical outage
D. The income rate of affected systems

A

C. The duration of a typical outage

The average and worst-case duration of electrical power outages help to determine whether a business should purchase an emergency generator. Review “BCP Recovery Plan Development.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. The purpose of a UPS is

A. To provide instantaneous power cutover when utility power fails
B. A lower cost for overnight shipping following a disaster
C. The need to steer an unresponsive vehicle after it’s moving again
D. To restore electric power within 24 hours

A

A. To provide instantaneous power cutover when utility power fails.

A UPS provides continuous electric power to all equipment connected to it. Review “Identifying the Elements of a Business Continuity Plan.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

6 The Business Impact Assessment

A. Describes the impact of disaster recovery planning on the budget
B. Describes the impact of a disaster on business operations
C. Is a prerequisite to the Vulnerability Assessment
D. Is the first official statement produced after a disaster

A

B. Describes the impact of a disaster on business operations.

A Business Impact Assessment (BIA) contains quantitative and qualitative estimates of the impact of a disaster. Review “Conducting the Business Impact Assessment.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. To maximize the safety of backup media, it should be stored

A. At a specialized off-site media storage facility
B. At the residences of various senior managers
C. In the operations center in a locked cabinet
D. Between 50°F and 60°F

A

A. At a specialized off-site media storage facility.

Such a specialized facility is designed to withstand most disastrous events. Review “Identifying the Elements of a Business Continuity Plan.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. An alternate information-processing facility with all systems, patches, and data mirrored from live production systems is known as a

A. Warm site
B. Hot site
C. Recovery site
D. Mutual Aid Center

A

B. Hot site

Although a hot site is the most expensive to build and maintain, it provides the greatest possible performance. Review “Identifying the Elements of a Business Continuity Plan.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. The greatest advantage of a cold site is

A. It can be built nearly anywhere
B. Its high responsiveness
C. Its low cost
D. Its close proximity to airports

A

C. Its low cost

Cold sites are inexpensive, but they’re the slowest to set up and get running. Review “Identifying the Elements of a Business Continuity Plan.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. The most extensive test for a Disaster Recovery Plan

A. Has dual failover
B. Is a waste of paper
C. Is known as a parallel test
D. Is known as an interruption test

A

D. Is known as an interruption test

The interruption test performs an actual failover of applications to the servers. Review “Testing the Disaster Recovery Plan.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following is the best type of recovery process?

a. A process that maximizes vulnerabilities and impact
b. A process that identifies vulnerabilities and impact
c. A manually implemented process
d. An automated process

A

D. Automated processes are more likely to be implemented than a manually implemented recovery process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following describes the technology that produces a redundant data set within a single server?

a. Disk shadowing
b. Electronic vaulting
c. Disk mirroring
d. Collocation

A

C. A disk mirror produces a redundant data copy on a disk in the same computer as the original.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A partition on a disk drive that loses its data due to corruption from a hacker attack is what kind of threat?

a. Natural
b. Technical
c. Human-made
d. Supply system

A

C. The hacker is the human threat agent that implements this threat.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following is NOT a reason to review and update the DRP and BCP out of schedule?

a. Changes to the maximum tolerable downtime
b. Change to the insurance provider
c. Discontinued business functions
d. Changes in technologies

A

B. Simply changing insurance providers does not require an out of schedule review and update of the DRP and BCP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following is the primary goal of performing the business impact analysis (BIA)?

a. To identify the threats to the assets
b. To identify the risks to the assets
c. To identify the qualitative value of the business functions
d. To identify the maximum tolerable downtime (MTD)

A

D. The MTD identifies how long the business can continue operations without the operation of a specific business function. It identifies the required recovery time frame of each business function to sustain the business if it fails.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following describes the technology that produces a redundant data set at the file level in real time on a remote server?

a. Disk shadowing
b. Electronic vaulting
c. Disk mirroring
d. Remote journaling

A

A. A disk shadow produces a real-time, redundant data copy on a different computer.

16
Q

What must be done if management is unable to reduce to an acceptable level by using the proposed countermeasures?

a. Identify the threats and threat agents
b. Identify and propose additional countermeasures
c. Fortify the facility
d. Acquire a hot site as a secondary location

A

B. Additional countermeasures must be identified and proposed to satisfy management’s need to reduce risk to an acceptable level.

17
Q

Which of the following is the most telling of the testing plan?

a. Structured walkthrough
b. Parallel
c. Full interruption
d. Simulation

A

C. The full interruption test performs full load testing of transactions with the primary site shut down. This is the most telling test. In ascending order of usefulness, the tests are the checklist, the structured walkthrough, the simulation, the parallel, and finally, the full interruption test.