Section 4: Quiz 38 - Business Impact Analysis
Which of the following is primarily influenced by the BIA? A. A recovery strategy B. An alternate site C. The responsibilities of the crisis management team D. The responsibilities of the disaster recovery team
Answer: A. A recovery strategy. Explanation: An appropriate recovery strategy can be designed on the basis of the BIA. The other options should be considered once the recovery strategy is in place.
Which of the following is the best method for determining the criticality of application systems? A. To conduct a BIA. B. To interview developers C. To perform an audit D. To conduct a gap analysis
Answer: A. To conduct a BIA. Explanation: A BIA determines the impact arising from the non-availability of each system. The higher the impact, the more critical the system. A BIA is conducted on the basis of input from the business process owner. The other options will not assist directly in determining the criticality of application systems.
Which of the following is the main objective of the BIA? A. To define a recovery strategy B. To identify an alternate site C. To define a testing methodology D. To determine loss expectancy
Answer: A. To define a recovery strategy. Explanation: The main objective of the BIA is to determine critical processes and define their recovery strategy. Once a recovery strategy has been identified, the other options can be considered to support the recovery strategy.
Which of the following is the next step once the BIA has been completed? A. To develop a business continuity strategy B. To develop testing procedures C. To develop a user training schedule D. To develop a BCP
Answer: A. To develop a business continuity strategy. Explanation: Once the critical applications are identified through the BIA, the next step is to develop a strategy to recover the critical assets as soon as possible for the continuity of the business. The BCP is the next step once the strategy is developed. Testing procedures and training schedules can be designed following development of the BCP.
As part of a BIA, which of the following is identified first? A. The risk applicable to critical business processes B. A. The critical business processes to prioritize recovery C. The resources required for recovery D. Threats applicable to critical business processes
Answer: B. A critical business process to prioritize recovery. Explanation: The identification of a critical business process is the first step to determining the priority of recovery. Once critical processes have been identified, the recovery strategy and process can be defined.
Which of the following is the primary criterion for determining the severity of service disruption? A. The amount of recovery B. The period of downtime C. The nature of the disruption D. Negative market impact
Answer: B. Period of downtime. Explanation: Severity depends on the period of system unavailability. The higher the period of unavailability, the greater the severity of disruption. The other options do not directly impact the severity of disruption. Although a negative impact is a symptom of the incident, it is not as important as determining the severity of the disruption to service.
The BIA determines: A. processes that generate the most financial value B. processes that should be recovered on priority to ensure an organization's survival. C. processes that are aligned with the business strategy D. processes that have a direct impact on customer service
Answer: B. Processes that should be recovered on priority to ensure the organization's survival. Explanation: The BIA determines the most critical processes that will impact on an organization's survival. The other options are not the direct objective of the BIA.
Priority in terms of the recovery of IT assets during a disaster can be determined by: A. a crisis management plan B. an incident management plan C. a BIA D. a vulnerability analysis
Answer: C. A BIA. Explanation: The BIA determines those critical assets that need to be recovered on priority during disaster recovery of these critical assets and that are very important for the organization's survival. The other options do not prioritize the assets for recovery.
In regards to BIA, which of the following is the best source for determining system criticality: A. IT senior management B. Industry practices C. Business process owner D. Audit reports
Answer: C. Business process owner. Explanation: The most critical source is the business process owner, who possesses the most relevant information to determine system criticality. Recovery timelines can be determined on the basis of inputs from business process owners.
Which of the following factors differentiates a BIA from a risk assessment? A. The availability of an asset inventory B. A vulnerability analysis C. A threat analysis D. A System downtime analysis.
Answer: D. System downtime analysis. Explanation: Downtime analysis, which determines the acceptable downtime, is conducted only in the BIA. The other options are determined in both the risk assessment and the BIA.
