IS3110 CHAP 12

Question 1

The maximum amount of acceptable data loss for a system. It can be as short as under one minute or up to the moment of failure. It can be longer, such as a day or a week. It is dependent on the value of the data, and the ability to reproduce it.

Answer 1

Recovery point objectives (RPO)

Question 2

The time in which a system or function must be recovered. It would be equal or less than the maximum acceptable outage (MAO).

Answer 2

Recovery time objectives (RTO)

Question 3

1. The ___ identifies the maximum acceptable downtime for a system.

Answer 3

Maximum acceptable outage (MAO)

Question 4

2. Stakeholders can determine what functions are considered critical business functions.
   TRUE OR FALSE

Answer 4

TRUE

Question 5

3. The BIA is part of the ___.

Answer 5

Business continuity plan (BCP)

Question 6

4. What defines the boundaries of a business impact analysis?
A. MAO
B. BCP
C. Recovery objectives 
D. Scope

Answer 6

Scope

Question 7

5. What are two objectives of a BIA? (Select two)
A. Identify minimum acceptable outage
B. Document new policy
C. Identify critical resources
D. Identify critical business functions

Answer 7

Identify critical resources

Identify critical business functions

Question 8

6. You are working on a BIA. You are calculating costs to determine the impact of an outage for a specific system. When calculating the costs, you should calculate the direct and ___ costs.

Answer 8

Indirect

Question 9

7. You are working on a BIA.  You want to identify the maximum amount of data loss an organization can accept.  What is this called?
A. BIA time
B. Maximum acceptable outage
C. Recovery time objectives
D. Recovery point objectives

Answer 9

Recovery point objectives

Question 10

8. You have identified the MAO for a system.  You now want to specify the time required for a system to be recovered. What is this?
A. BIA time
B. Maximum acceptable outage
C. Recovery time objectives
D. Recovery point objectives

Answer 10

Recovery time objectives

Question 11

9. Which of the following statements is true?
   A. The RPO applies to any systems or functions. However, the RTO only refers to data housed in databases
   B. The RTO applies to any systems or functions. However, the RPO only refers to data housed in databases.
   C. Both the RTO and RPO apply to any systems or functions.
   D. Neither the RTO nor RPO apply to data housed in databases.

Answer 11

The RTO applies to any systems or functions. However, the RPO only refers to data housed in databases.

Question 12

10. You are working on a BIA.  You are calculating costs to determine the impact of an outage for a specific system.  Which one of the following is a direct cost?
A. Loss of customers
B. Loss of public goodwill
C. Loss of sales
D. Lost opportunities

Answer 12

Loss of sales

Question 13

11. What type of approach does a BIA use?
    A. Bottom-up approach where servers or services are examined first
    B. Top-down approach where CBFs are examined first
    C. Middle-tier approach
    D. Best-guess approach

Answer 13

Top-down approach where CBFs are examined first

Question 14

12. Mission-critical business functions are considered vital to an organization.  What are they derived from?
A. Critical success factors
B. Critical IT sources
C. Executive leadership 
D. Employees

Answer 14

Critical success factors

Question 15

13. You are performing a BIA for an organization.  What should you map the critical business functions to?
A. Personnel
B. Revenue
C. Replacement costs
D. IT systems

Answer 15

IT systems

Question 16

14. Of the following choices, what are considered best practices related to a BIA?
A. Start with clear objectives
B. Use different data collection methods
C. Mitigate identified risks
D. A and B only
E. All of the above

Answer 16

Start with clear objectives

Use different data collection methods

Question 17

15. A cost-benefit analysis is an important part of a BIA.

TRUE OR FALSE

Answer 17

FALSE