Business Continuity And Disaster Recovery
How can a Business Continuity Management team gain senior management support during project initiation?
Detailing a need for a Business Continuity Plan
A lack of control or an unmitigated risk can be referred as:
A vulnerability
A common formula for risk assessment is:
ALE=SLE*ARO
When activating a plan following an incident, what is the priority for operational recovery?
Activate most critical systems first
Who is the target audience of BCP / DRP training?
All personnel
A threat can be either natural or:
An accident
A ________ is a calamitous event, especially one occurring suddenly and causing great loss of life, damage, or hardship.
Disaster
________ is a small subset of business continuity:
Disaster Recovery
BCP testing is a(n) "________" of the process, and not meant to pass or fail the exercise, but to help identify gaps and areas for improvement.
Audit
___ is tasked with organizing, managing, and coordinating program policies and procedures through control management and Control Configuration Management (CCM) software.
BC Management
What is the second phase of the Business Continuity Plan?
BIA, Risk Analysis
When operating at a backup site following a disaster the organization must
Backup data regularly and store offsite
When operating at a backup site following a disaster the organization must:
Backup data regularly and store offsite
BCP stands for:
Business Continuity Planning
Important parts of the functional requirements phase include:
Business Impact Analysis and Risk Analysis
Operational changes may be required to enable or support recovery capabilities. What procedure, if not well maintained, will render the BCP obsolete?
Change control (Change Management)
________ and ________ tests validate written procedures with each business unit. There is no physical walking or evacuation or recoveries.
Checklist and Table-top
Of the individuals listed, who would provide the best endorsement for a business continuity plan's statement of importance.
Chief Executive Officer
Once an incident has been detected and the safety of personnel has been assured, the next step is:
Contain the incident
What is the third phase of the BCP?
Continuity Strategy
What is the third phase of the Business Continuity Plan?
Continuity Strategy
The BC and DR ________ has the responsibility to facilitate activities between management, business units, and IT.
Coordinator
Which one of the following items is a characteristic of hot sites but not a characteristic of warm sites?
Current data
Recovery Point Objective (RPO) is related to:
Data loss
_____ (are) is essential to recovery of processes and services.
Documentation
What is an organization's coordinated response to a disaster in an effective and timely manner?
Emergency Response
The communication tactic must:
Ensure that the goals of the program are consistently promoted Help to develop allies Help to assess people's experience that would be beneficial in the program Help to demonstrate the program's value to the business
A BC program structure commensurate with corporate governance is not essential to establish clear lines of authority and accountability as well as responsibility.
False
Not all employees involved in disaster response and recovery need training to implement documented procedures or address unanticipated problems
False
Once the test is complete, the facilitator should meet with only certain participants for comments regarding the exercise.
False
Training is knowing or reality and awareness is a formal process or method.
False
If a company wants the most efficient restore from tape-backup
Full Backup
When a warm site is used for recovery the organization needs to:
Have arrangements with vendors for equipment procurement
One of the advantages of a hot site recovery solution is
Highly available
A business continuity plan should be updated and maintained
Immediately following an exercise After install new software Following a major change in personnel
What is the sixth phase of the BCP?
Implement
What phase provides for the infrastructure of continuity and recovery for an organization? For example, contracts are executed to procure or build recovery site facilities, contract recovery site services, order network services and equipment, order server and storage equipment, schedule installations, and purchase business managed solutions for process recovery?
Implementation Phase
During the risk analysis phase of the planning, which of the following actions could manage threats or mitigate the effects of an event?
Implementing procedural controls
Collecting data for the BIA is often done through:
Interviews
A disadvantage of using a cold site is that:
It cannot be tested
Backing up data to tape has the following characteristic:
It takes more time to recover than disk
What is a significant control risk caused by reduced staffing during a disaster and recovery effort?
Lack of separation of duties
Choosing a recovery site should consider:
Likelihood to be affected by the same disaster as the primary site
The selection of the ideal business recovery strategy is dependent on:
Maximum Tolerable Downtime (MTD)
Electronic vaulting is:
Method of backing up data
A DR plan has objectives to
Minimize interruptions to the business's ability to provide products and services. Minimize quantitative loss to business Resume critical operations within a specified time after a disasters. Execute the recovery strategy and steps to recover critical services in the order of priority assigned to them.
A DR Plan has objectives to:
Minimize quantitative and qualitative loss to business Resume critical operations within a specified time after a disaster Minimize interruptions to the business's ability to provide products and services Execute the recovery strategy and steps to recover critical services in the order of priority assigned to them.
Disaster recovery training and raising awareness occur at what level of an organization?
Organization-wide
The best recovery strategy for a manufacturing organization using uncommon equipment may be:
Outsourcing
Documenting recovery procedures is NOT for:
Outsourcing disaster recovery system development
________ tests are the most common test. This type of test requires an isolated DR network / facility recovery capabilities be built. There should be no interruption to production.
Parallel
Which of the following is NOT one of the implementation tasks of the BCP?
Perform a Business Impact Analysis
Which of the following is an example of a man-made disaster?
Power outage
A fire suppression system is which type of control?
Preventative
A primary objective of a risk assessment is to:
Prioritize risk
What is the first phase of the BCP?
Project Initiation
A method of evaluating risk is to create scenarios. This is commonly associated with what type of risk assessment?
Qualitative
What is the fourth phase of the BCP?
Recovery
What is the fourth phase of the Business Continuity Plan?
Recovery Plan
_____ is the allotted amount of time given to recover a critical business activity.
Recovery Time Objective
An important part of a Business Continuity Management Policy is:
Roles and Responsibilities
_____ take detailed notes throughout the test. They record actions that went well and those that did not.
Scribes
________ is responsible for organizational commitment and management concerns (obstacles, budgets, etc.).
Senior Management
____should be present at every test. It shows commitment, not only to the test but to the BC/DR program.
Senior Management
Who should declare a disaster?
Senior management
When determining the BIA for a department that supports other areas of the business it is important to document:
Service Level Agreements (SLAs)
The best way to handle an incident or disaster is through:
Specialized teams that handle different tasks
_______ eliminates the need to recover in a disaster. This is faster, more efficient, but also adds cost and complexity.
System/Application replication
The cheapest and longest backup recovery method.
Tape backups
The BC and DR ________ have the responsibilities to provide emergency management, line management and recovery of IT infrastructure and applications.
Teams
What is the seventh phase of the BCP?
Testing and Exercises
Business impact analysis is performed to identify:
The exposure to loss to the organization
A factor to be considered when using a cloud provider for backing up data is:
The legal implications of storing data in another country
The first priority in any crisis is:
The safety and health of personnel
Risk Analysis is concerned with:
Threats and assets
Why does a BCP require both training and awareness?
To ensure staff are both are and qualified to perform tasks as required.
The reason to hold a kickoff meeting at the launch of the project is:
To inform all staff of the purpose and objectives of the project
What is the role of a steering committee for a BCP project?
To provide governance
A critical element in the decision to approve the BCP is costs.
True
A critical function of a business is defined as a function that if disrupted for a significant period of time could result in severe damage and loss to the organization and ultimately lead to business failure
True
A major part of BCP strategy development is examining controls that can be preventative in nature.
True
A major part of BCP strategy development is examining controls that can be preventive in nature. T or F
True
Awareness programs are not one-time events but ongoing activities to reinforce knowledge and support.
True
BC coordinators coordinate team activities, act as liaisons with BCP teams to ensure activities are performed.
True
BC management must establish appropriate and secure locations to store plans for ease of access, security, and high availability during a disaster
True
BCP management is tasked with organizing, managing, and coordinating program policies and procedures through control management and Configuration Control Management (CCM) software.
True
BCP recovery consists of actions taken after an emergency to re-establish, rebuild or replace conditions and services to an acceptable level. T or F
True
BCP recovery consists of actions taken after an emergency to reestablish, rebuild, or replace conditions and services to an acceptable level.
True
Business Impact Analysis is an intensive process that requires a thorough and comprehensive examination of a business.
True
Maximum Tolerable Downtime (MTD) is the amount of time that a critical business activity could suffer disruption without damage or loss leading to a business failure.
True
Testing participants should be carefully chosen and relevant to the type of tests to be conducted.
True
The lessons learned report includes areas for improvement or required changes.
True
The most important aspect of any program is communication. Awareness and training is a critical element of the program's success.
True
The reason for establishing a BC program within an organization can be as straightforward as legislative, regulatory, and contractual obligation to do so.
True
The success of the program is dependent upon the people that implement the programs activities and capabilities.
True
The training program should include various types of training to include, in-house training, external training, computer-based and cross-training.
True
To gain support for the awareness program, BC management should show the importance of having one.
True
The elements of an awareness and training must articulate the components of business continuity planning and answer the questions of: (Choose all that apply)
Why a business continuity plan is important? Where BCP information can be found. Who are the business continuity plan coordinators? When the BCP is exercised / invoked How the BCP is exercised / invoked
A planning team develops a ________ outlining the activities necessary to implement the BC project.
Work Plan
A ________ is an alternative to ducting.
plenum