CISSP Practice (Wiley) Business Continuity and Disaster Recovery Planning

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Which of the following is the best form of a covered loss insurance policy?

A policy commensurate with risks

Disaster notification fees are part of which of the following cost categories associated with alternative computer processing support?

Activation costs

The decision to fully activate a disaster recovery plan is made immediately:

After damage assessment and evaluation

Regarding contingency planning, which of the following is susceptible to potential accessibility problems in the event of an area-wide disaster?

Alternative storage site and Alternative processing site

Regarding contingency planning, an organization obtains which of the following to reduce the likelihood of a single point of failure?

Alternative telecommunications services

Which of the following is of least concern in a local-area network contingency plan?

Application systems are scheduled for recovery based on a period of downtime tolerable to the application programmers

Which of the following items is usually not considered when a new application system is brought into the production environment?

Assigning a contingency processing priority code

Regarding BCP and DRP, if MAO is maximum allowable outage, BIA is business impact analysis, RTO is recovery time objective, MTBF is mean-time-between-failures, RPO is recovery point objective, MTTR is mean-time-to-repair, and UPS is uninterruptible power supply, which one of the following is related to and compatible with each other within the same choice?

BIA, RTO, RPO, and MAO

Regarding contingency planning, strategic reasons for separating the alternative storage site from the primary storage site include ensuring:

Both sites are not susceptible to the same hazards and Both sites are not colocated in the same area

Regarding contingency planning, information system backups require which of the following?

Both the primary storage site and alternative storage site do not need to be susceptible to the same hazards and Both operational system and redundant secondary system do not need to be colocated in the same area

IT resource criticality for recovery and restoration is determined through which of the following ways?

Business continuity planning and Service-level agreements

Contingency planning integrates the results of which of the following?

Business impact analysis

Which of the following uses both qualitative and quantitative tools?

Business impact analysis

With respect to business continuity planning/disaster recovery planning (BCP/DRP), risk analysis is part of which of the following?

Business impact analysis

Which of the following tools provide information for reaching people during a disaster?

Call tree diagram

If the disaster recovery plan is being tested for the first time, which of the following testing options can be combined?

Checklist testing and structured walk-through testing

Which of the following computer backup alternative sites is the least expensive method and the most difficult to test?

Cold site

A full-scale testing of application systems cannot be accomplished in which of the following alternative computing backup facilities?

Cold sites and reciprocal agreements

Regarding BCP and DRP, which of the following determines the recovery cost balancing?

Cost of system inoperability and the cost of resources to recover

Regarding BCP and DRP, which of the following is not an element of risk?

Costs

Which of the following is most important in developing contingency plans for information systems and their facilities?

Criteria for usefulness

Physical disaster prevention and preparedness begins when a:

Data center site is constructed

Which of the following is often a missing link in developing a local-area network methodology for contingency planning?

Deciding which users must secure and back up their own-data

The most effective action to be taken when a hurricane advance warning is provided is to:

Declare the disaster early

The business impact analysis (BIA) should critically examine the business processes and which of the following?

Dependencies

Which of the following tasks is not a part of business continuity plan (BCP)?

Disaster recovery procedures

Which of the following information technology (IT) contingency solution for servers minimizes the recovery time window?

Disk replication

Regarding BCP and DRP, which of the following IT platforms typically provide some inherent level of redundancy?

Distributed systems

Which of the following may not reduce the recovery time after a disaster strikes?

Documenting the recovery plans

Which of the following is a critical benefit of implementing an electronic vaulting program?

During a crisis situation, an electronic vault can make the difference between an organization's survival and failure

Regarding BCP and DRP, the board of directors of an organization is not required to follow which of the following?

Duty of absolute care

Redundant array of independent disk (RAID) technology does not use which of the following?

Electronic vaulting

The least costly test approach for contingency plans is which of the following?

End-to-end testing

The primary objective of emergency planning is to:

Ensure human security and safety

Which of the following is the best course of action to take for retrieving the electronic records stored at an offsite location?

Ensuring that software version stored offsite matches with the vital records version

What should be the last step in a risk assessment process performed as a part of business continuity plan?

Establish recovery priorities

Which of the following ensures the successful completion of tasks in the development of business continuity and disaster recovery plans?

Exacting individual accountability

Which of the following disaster scenarios is commonly not considered during the development of disaster recovery and contingency planning?

Failure of the local telephone company

The final consideration in the disaster recovery strategy must be which of the following?

Final costs and benefits

Which of the following disaster recovery plan testing approaches is not recommended?

Full-interruption testing

Which of the following disaster recovery plan testing options should not be scheduled at critical points in the normal processing cycle?

Full-interruption testing

Regarding contingency planning, which of the following actions are performed when malicious attacks compromise the confidentiality or integrity of an information system?

Graceful degradation; System shutdown; Fallback to manual mode; Alternate information flows

When an organization is interrupted by a catastrophe, which of the following cost categories requires management's greatest attention?

Hidden costs

An effective element of damage control after a disaster occurs is to:

Hold press conferences

Which of the following alternative computing backup facilities is intended to serve an organization that has sustained total destruction from a disaster?

Hot sites

Which of the following is not an example of procedure-oriented disaster prevention activity?

Housing computers in a fire-resistant area

The main body of a contingency or disaster recovery plan document should not address which of the following?

How? (deals with detailed procedures and information required to carry out the actions identified and assigned to a specific recovery team)

Which of the following organization's functions are often ignored in planning for recovery from a disaster?

Human resources

Which of the following natural disasters come with an advanced warning sign?

Hurricanes and floods

Organizations practice contingency plans because it makes good business sense. Which of the following is the correct sequence of steps involved in the contingency planning process?

Identifying the critical functions; Identifying the resources that support the critical functions; Anticipating potential disasters and Selecting contingency plan strategies

What is the inherent limitation of a disaster recovery planning exercise?

Inability to include all possible types of disasters

Which of the following can be called the disaster recovery plan of last resort?

Insurance policy

The first step in successfully protecting and backing up information in distributed computing environments is to determine data:

Inventory requirements

All the following are misconceptions about a disaster recovery plan except:

It is an organization's assurance to survive

Examples of vital records follows:

Legal records; Accounting/finance records; Marketing records; Human resources records

A company's vital records program must meet which of the following?

Legal, audit, and regulatory requirements; Accounting requirements; Marketing requirements; Human resources requirements

Which of the following disaster recovery plan test results would be most useful to management?

List of successful and unsuccessful activities

Which of the following IT contingency solutions increases a server's performance and availability?

Load balancing

Which of the following statements is not true? Having a disaster recovery plan and testing it regularly:

Lowers insurance rates

Which of the following is a prerequisite to developing a disaster recovery plan?

Management commitment

All the following are objectives of emergency response procedures except:

Maximize profits

An information system's recovery time objective (RTO) considers which of the following?

Maximum allowable outage and Cost to recover

Regarding BCP and DRP, which of the following establishes an information system's recovery time objective (RTO)?

Maximum allowable outage time and the cost to recover

The business continuity planning (BCP) process should focus on providing which of the following?

Minimum acceptable level of outputs and services

Which of the following disaster-recovery alternative facilities eliminates the possibility of competition for time and space with other businesses?

Mirrored sites

Which of the following phases in the contingency planning and emergency program is most difficult to sell to an organization's management?

Mitigation

Regarding business continuity planning (BCP) and disaster recovery planning (DRP), which of the following contingency solutions for wide-area networks (WANs) increases vulnerability to hackers?

Multiple Internet connections

Which of the following IT contingency solutions for servers provides high availability?

Network-attached storage

With respect to BCP/DRP, single point of failure means which of the following?

No redundancy exists

Regarding BCP and DRP, which of the following does not prevent potential data loss?

Offsite storage of backup media

Regarding contingency planning, system-level information backups do not require which of the following to protect their integrity while in storage?

Passwords

Which of the following is the correct sequence of events when surviving a disaster?

Plan, test, respond, recover, and continue

Which of the following requires advance planning to handle a real flood-driven disaster?

Power requirements and air-conditioning requirements

Which of the following statements is not true about the critical application categories established for disaster recovery planning purposes?

Predefined categories need not be followed during a disaster because time is short

Which of the following is the best organizational structure and management style during a disaster?

Production-oriented

Rank the following objectives of a disaster recovery plan (DRP) from most to least important:

Protect the organization's employees and the general public; Minimize the disaster 's financial impact on the organization; Limit the extent of the damage and thus prevent the escalation of the disaster and Reduce physical damage to the organization's property, equipment, and data

Rank the following benefits to be realized from a comprehensive disaster recovery plan (DRP) from most to least important:

Provide continuity of organization's operations; Improve protection of the organization's assets; Enhance physical and data security and Reduce insurance costs

Regarding BCP and DRP, redundant array of independent disk (RAID) does not do which of the following?

Provide power redundancy

All of the following are key stakeholders in the disaster recovery process except:

Public relations officers

All the following need to be established prior to a crisis situation except:

Public relationships

Which of the following computing backup facilities has a cost advantage?

Reciprocal agreements

A contingency planning strategy consists of the following four parts. Which of the following parts are closely related to each other?

Recovery and resumption

Which of the following should be consistent with the frequency of information system backups and the transfer rate of backup information to alternative storage sites?

Recovery time objective and Recovery point objective

Disaster recovery strategies must consider or address which of the following?

Recovery time objective; Disruption impacts; Allowable outage times; Interdependent systems

Regarding BCP and DRP, critical measurements in business impact analysis (BIA) include which of the following?

Recovery time objectives and recovery point objectives

Contingency planning for local-area networks should consider all the following except:

Remote computing

The greatest cost in data management comes from which of the following?

Restoring files

A major risk in the use of cellular radio and telephone networks during a disaster include:

Security and switching office issues

Which of the following tasks is not a part of disaster recovery planning (DRP)?

Selecting an alternate processing site

Business continuity plans (BCP) need periodic audits to ensure the accuracy, currency, completeness, applicability, and usefulness of such plans in order to properly run business operations. Which one of the following items is a prerequisite to the other three items?

Self-assessments

An organization's effective presentation of disaster scenarios should be based on which of the following?

Severity and timing levels

Which of the following statements is not true about contracts and agreements associated with computer backup facilities?

Small vendors do not need contracts due to their size

When comparing alternative computer processing facilities, the major objective is to select the alternative with the:

Smallest annualized cost

The major threats that a disaster recovery contingency plan should address include:

Software threats and environmental threats

Which of the following IT contingency solutions is useful over larger bandwidth connections and shorter physical distances?

Synchronous mirroring

Which of the following IT contingency solutions provides recovery time objectives (RTOs) ranging from minutes to several hours?

Synchronous mirroring

Which of the following IT contingency solutions requires a higher bandwidth to operate?

Synchronous mirroring

The IT operations management of KPQ Corporation is concerned about the reliability and availability data for its four major, mission-critical information systems that are used by business end-users. The KPQ corporate management's goal is to improve the reliability and availability of these four systems in order to increase customer satisfaction both internally and externally. The IT operations management collected the following data on downtime hours that include scheduled maintenance hours and uptime hours for all these systems. Assume 365 operating days per year and 24 hours per day for all these systems. The KPQ functional management thinks that the security goal of availability is more important in ensuring the continuity of business operations than the confidentiality and integrity goals. This is because the availability goal will ensure timely and reliable access to and use of system-related data and information, as it is an indicator of quantity of service. System Downtime, hours Uptime, hours 1 200 8,560 2 150 8,610 3 250 8,510 4 100 8,660 Which of the following systems has the highest availability in a year expressed in percentages and rounded up?

System 4

Which of the following is an operational control and is a prerequisite to developing a disaster recovery plan?

System backups

Which of the following are closely connected to each other when conducting business impact analysis (BIA) as a part of the IT contingency planning process?

System's critical resources and System's downtime impacts

Which of the following contingency plan test results is most meaningful?

Tests met all planned objectives using files recovered from backups

Which of the following is an example of a recovery time objective (RTO) for a payroll system identified in a business impact analysis (BIA) document?

The LAN server must be recovered within 8 hours to avoid a delay in time sheet processing

Which of the following is the most important outcome from contingency planning tests?

The results of a test should be used to improve the plan

For business continuity planning/disaster recovery planning (BCP/DRP), business impact analysis (BIA) primarily identifies which of the following?

Threats and risks

What is the purpose of a business continuity plan (BCP)?

To sustain business operations

After a disaster, at what stage should application systems be recovered?

To the actual point of interruption

In transaction-based systems, which of the following are mechanisms supporting transaction recovery?

Transaction rollback and Transaction journaling

Which of the following must be defined to implement each contingency plan?

Triggers

Which of the following is the most important consideration in locating an alternative computing facility during the development of a disaster recovery plan?

Unlikely to be affected by the same contingency issues as the primary facility

What is an alternative processing site that is equipped with telecommunications but not computers?

Warm site

The post-incident review report after a disaster should not focus on:

Who caused it?

Regarding contingency planning, which of the following IT platforms requires vendor service-level agreements?

Wide-area networks


Set pelajaran terkait

Chapter 68: Emergency and Disaster Nursing Harding: Lewis's Medical-Surgical Nursing, 11th Edition

View Set

Growth and Development Peds Hesi

View Set

5 - Java OCA 8 - Flow and Control Exceptions

View Set