Business Continuity And Disaster Recovery

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

How can a Business Continuity Management team gain senior management support during project initiation?

Detailing a need for a Business Continuity Plan

A lack of control or an unmitigated risk can be referred as:

A vulnerability

A common formula for risk assessment is:

ALE=SLE*ARO

When activating a plan following an incident, what is the priority for operational recovery?

Activate most critical systems first

Who is the target audience of BCP / DRP training?

All personnel

A threat can be either natural or:

An accident

A ________ is a calamitous event, especially one occurring suddenly and causing great loss of life, damage, or hardship.

Disaster

________ is a small subset of business continuity:

Disaster Recovery

BCP testing is a(n) "________" of the process, and not meant to pass or fail the exercise, but to help identify gaps and areas for improvement.

Audit

___ is tasked with organizing, managing, and coordinating program policies and procedures through control management and Control Configuration Management (CCM) software.

BC Management

What is the second phase of the Business Continuity Plan?

BIA, Risk Analysis

When operating at a backup site following a disaster the organization must

Backup data regularly and store offsite

When operating at a backup site following a disaster the organization must:

Backup data regularly and store offsite

BCP stands for:

Business Continuity Planning

Important parts of the functional requirements phase include:

Business Impact Analysis and Risk Analysis

Operational changes may be required to enable or support recovery capabilities. What procedure, if not well maintained, will render the BCP obsolete?

Change control (Change Management)

________ and ________ tests validate written procedures with each business unit. There is no physical walking or evacuation or recoveries.

Checklist and Table-top

Of the individuals listed, who would provide the best endorsement for a business continuity plan's statement of importance.

Chief Executive Officer

Once an incident has been detected and the safety of personnel has been assured, the next step is:

Contain the incident

What is the third phase of the BCP?

Continuity Strategy

What is the third phase of the Business Continuity Plan?

Continuity Strategy

The BC and DR ________ has the responsibility to facilitate activities between management, business units, and IT.

Coordinator

Which one of the following items is a characteristic of hot sites but not a characteristic of warm sites?

Current data

Recovery Point Objective (RPO) is related to:

Data loss

_____ (are) is essential to recovery of processes and services.

Documentation

What is an organization's coordinated response to a disaster in an effective and timely manner?

Emergency Response

The communication tactic must:

Ensure that the goals of the program are consistently promoted Help to develop allies Help to assess people's experience that would be beneficial in the program Help to demonstrate the program's value to the business

A BC program structure commensurate with corporate governance is not essential to establish clear lines of authority and accountability as well as responsibility.

False

Not all employees involved in disaster response and recovery need training to implement documented procedures or address unanticipated problems

False

Once the test is complete, the facilitator should meet with only certain participants for comments regarding the exercise.

False

Training is knowing or reality and awareness is a formal process or method.

False

If a company wants the most efficient restore from tape-backup

Full Backup

When a warm site is used for recovery the organization needs to:

Have arrangements with vendors for equipment procurement

One of the advantages of a hot site recovery solution is

Highly available

A business continuity plan should be updated and maintained

Immediately following an exercise After install new software Following a major change in personnel

What is the sixth phase of the BCP?

Implement

What phase provides for the infrastructure of continuity and recovery for an organization? For example, contracts are executed to procure or build recovery site facilities, contract recovery site services, order network services and equipment, order server and storage equipment, schedule installations, and purchase business managed solutions for process recovery?

Implementation Phase

During the risk analysis phase of the planning, which of the following actions could manage threats or mitigate the effects of an event?

Implementing procedural controls

Collecting data for the BIA is often done through:

Interviews

A disadvantage of using a cold site is that:

It cannot be tested

Backing up data to tape has the following characteristic:

It takes more time to recover than disk

What is a significant control risk caused by reduced staffing during a disaster and recovery effort?

Lack of separation of duties

Choosing a recovery site should consider:

Likelihood to be affected by the same disaster as the primary site

The selection of the ideal business recovery strategy is dependent on:

Maximum Tolerable Downtime (MTD)

Electronic vaulting is:

Method of backing up data

A DR plan has objectives to

Minimize interruptions to the business's ability to provide products and services. Minimize quantitative loss to business Resume critical operations within a specified time after a disasters. Execute the recovery strategy and steps to recover critical services in the order of priority assigned to them.

A DR Plan has objectives to:

Minimize quantitative and qualitative loss to business Resume critical operations within a specified time after a disaster Minimize interruptions to the business's ability to provide products and services Execute the recovery strategy and steps to recover critical services in the order of priority assigned to them.

Disaster recovery training and raising awareness occur at what level of an organization?

Organization-wide

The best recovery strategy for a manufacturing organization using uncommon equipment may be:

Outsourcing

Documenting recovery procedures is NOT for:

Outsourcing disaster recovery system development

________ tests are the most common test. This type of test requires an isolated DR network / facility recovery capabilities be built. There should be no interruption to production.

Parallel

Which of the following is NOT one of the implementation tasks of the BCP?

Perform a Business Impact Analysis

Which of the following is an example of a man-made disaster?

Power outage

A fire suppression system is which type of control?

Preventative

A primary objective of a risk assessment is to:

Prioritize risk

What is the first phase of the BCP?

Project Initiation

A method of evaluating risk is to create scenarios. This is commonly associated with what type of risk assessment?

Qualitative

What is the fourth phase of the BCP?

Recovery

What is the fourth phase of the Business Continuity Plan?

Recovery Plan

_____ is the allotted amount of time given to recover a critical business activity.

Recovery Time Objective

An important part of a Business Continuity Management Policy is:

Roles and Responsibilities

_____ take detailed notes throughout the test. They record actions that went well and those that did not.

Scribes

________ is responsible for organizational commitment and management concerns (obstacles, budgets, etc.).

Senior Management

____should be present at every test. It shows commitment, not only to the test but to the BC/DR program.

Senior Management

Who should declare a disaster?

Senior management

When determining the BIA for a department that supports other areas of the business it is important to document:

Service Level Agreements (SLAs)

The best way to handle an incident or disaster is through:

Specialized teams that handle different tasks

_______ eliminates the need to recover in a disaster. This is faster, more efficient, but also adds cost and complexity.

System/Application replication

The cheapest and longest backup recovery method.

Tape backups

The BC and DR ________ have the responsibilities to provide emergency management, line management and recovery of IT infrastructure and applications.

Teams

What is the seventh phase of the BCP?

Testing and Exercises

Business impact analysis is performed to identify:

The exposure to loss to the organization

A factor to be considered when using a cloud provider for backing up data is:

The legal implications of storing data in another country

The first priority in any crisis is:

The safety and health of personnel

Risk Analysis is concerned with:

Threats and assets

Why does a BCP require both training and awareness?

To ensure staff are both are and qualified to perform tasks as required.

The reason to hold a kickoff meeting at the launch of the project is:

To inform all staff of the purpose and objectives of the project

What is the role of a steering committee for a BCP project?

To provide governance

A critical element in the decision to approve the BCP is costs.

True

A critical function of a business is defined as a function that if disrupted for a significant period of time could result in severe damage and loss to the organization and ultimately lead to business failure

True

A major part of BCP strategy development is examining controls that can be preventative in nature.

True

A major part of BCP strategy development is examining controls that can be preventive in nature. T or F

True

Awareness programs are not one-time events but ongoing activities to reinforce knowledge and support.

True

BC coordinators coordinate team activities, act as liaisons with BCP teams to ensure activities are performed.

True

BC management must establish appropriate and secure locations to store plans for ease of access, security, and high availability during a disaster

True

BCP management is tasked with organizing, managing, and coordinating program policies and procedures through control management and Configuration Control Management (CCM) software.

True

BCP recovery consists of actions taken after an emergency to re-establish, rebuild or replace conditions and services to an acceptable level. T or F

True

BCP recovery consists of actions taken after an emergency to reestablish, rebuild, or replace conditions and services to an acceptable level.

True

Business Impact Analysis is an intensive process that requires a thorough and comprehensive examination of a business.

True

Maximum Tolerable Downtime (MTD) is the amount of time that a critical business activity could suffer disruption without damage or loss leading to a business failure.

True

Testing participants should be carefully chosen and relevant to the type of tests to be conducted.

True

The lessons learned report includes areas for improvement or required changes.

True

The most important aspect of any program is communication. Awareness and training is a critical element of the program's success.

True

The reason for establishing a BC program within an organization can be as straightforward as legislative, regulatory, and contractual obligation to do so.

True

The success of the program is dependent upon the people that implement the programs activities and capabilities.

True

The training program should include various types of training to include, in-house training, external training, computer-based and cross-training.

True

To gain support for the awareness program, BC management should show the importance of having one.

True

The elements of an awareness and training must articulate the components of business continuity planning and answer the questions of: (Choose all that apply)

Why a business continuity plan is important? Where BCP information can be found. Who are the business continuity plan coordinators? When the BCP is exercised / invoked How the BCP is exercised / invoked

A planning team develops a ________ outlining the activities necessary to implement the BC project.

Work Plan

A ________ is an alternative to ducting.

plenum


Ensembles d'études connexes

Psych 3420 Prelim 1, Psych 3420 prelim 2, Psych 3420 Final

View Set

TEXT: McCulloch v. Maryland, Part II

View Set

LaCharity Chapter 7: Cardiovascular Problems

View Set

3MA114 - Management pro informatiky a statistiky

View Set

Nutrition 330 Study Questions 1-7

View Set

Unit 5: Lesson 5.1, Lesson 5.2, Lesson 5.3

View Set

Political Associations before INC

View Set

International Blaw Exam 3 Quiz Question

View Set

FRA 3 - UNDERSTANDING INCOME STATEMENTS

View Set