CISM_CH11A

Ace your homework & exams now with Quizwiz!

What is the most important factor for successfully recovering a business? A. A copy of the disaster recovery plan is maintained offsite B. Separate ISPs for network redundancy C. The equipment required for the hot site is determined regularly D. Documented criteria for declaring a disaster

Answer: A. A copy of the disaster recovery plan is maintained offsite. Explanation: If a copy of the plan is not available during the disaster, business recovery will be seriously impaired. The other options are generally addressed satisfactorily in the business continuity program.

MTO is primarily based on what? A. Available resources B. Service delivery objective C. Operational capabilities D. Size of the recovery team

Answer: A. Available resources. Explanation: The maximum tolerable outage is the maximum time that an organization can operate from an alternate site. Various factors affect the MTO such as resource availability, location availability, raw material availability, or electric power availability at the alternate site, as well as other constraints. SDO and operational capability should be addressed while considering the available resources for the alternate site.

Which of the following ensures the correct prioritization of operations in the event of disaster recovery? A. Business impact analysis B. Risk assessment C. Organization hierarchy D. Threat assessment

Answer: A. Business impact analysis. Explanation: BIA is conducted to determine the critical processes of the organization and decide the recovery strategy during a disaster.

The priority of actions in a BCP is determined by which of the following? A. Business impact analysis B. Risk evaluation C. Internal audit report D. Vulnerability analysis

Answer: A. Business impact analysis. Explanation: Business impact analysis (BIA) is used to determine the critical process of the organization and decide on the priority level and recovery strategy during a disaster.

While conducting the business continuity test, the security manager noted that new software that is important for businesses is not included in the recovery strategy. This type of concern can be avoided in the future by doing what? A. Conducting periodic and event-driven business impact analysis to determine the need of the business B. All the new applications should be given priority for recovery C. Business process should not be changed for a consistent recovery strategy D. Conducting a thorough risk assessment before the acquisition of a new application

Answer: A. Conducting periodic and event-driven business impact analysis to determine the need of the business. Explanation: This situation could have been controlled if the organization conducted BIA periodically and also based on some event (such as purchasing a new system). This helps update the recovery strategy as per the current requirement of the business.

The time required to restore a process is determined by which of the following? A. Recovery time objective B. Maximum tolerable outage C. Recovery point objectives D. Service delivery objectives

Answer: A. Recovery time objective. Explanation: The recovery time objective is the length of time required to restore the system at a service level acceptable to the organization.

What is the most important factor when selecting an offsite facility? A. The primary and offsite facilities should not be subject to the same environmental threats B. The primary and offsite facilities should be in the same perimeter for ease of operation C. The maintenance cost of the offsite facility D. The facility to transport media at a lower cost

Answer: A. The primary and offsite facilities should not be subject to the same environmental threats. Explanation: The offsite facility should also be away from the primary site so that both are not subject to the same environmental event. In the case of natural calamities, both sites will be impacted if they're in the same proximity.

Which of the following indicates that the business continuity plan objective is being achieved? A. The test results show that the recovery time objective was not exceeded B. BCP testing is conducted consistently C. The test results show that the recovery point objective is inadequate D. Assets are assigned to the owners and an evaluation is done

Answer: A. The test results show that the recovery time objective was not exceeded. Explanation: The recovery time objective is the extent of acceptable system downtime. A system should be restored within RTO. RTO is an important element of a business continuity plan. If RTO is achieved during testing, then it indicates that the business continuity plan objectives have been achieved. Conducting a BCP test and asset ownerships are not the core objectives of the business continuity plan.

What is the most effective way to ensure that incident response activities are aligned with the requirements of business continuity? A. To conduct a scenario-based structured walk-through B. To distribute an enterprise-wide incident response procedure C. To develop a working group represented by each department D. To benchmark an incident response procedure with the industry

Answer: A. To conduct a scenario-based structured walk-through. Explanation: A structured walk-through will help you understand the capabilities of the incident response plan to support the requirements of business continuity. This walk-through should include team members from incident response and business continuity. It will help with identifying gaps or misalignments between the plans.

What is the objective of the recovery point objective? A. To determine the maximum tolerable period of data loss B. To determine the maximum tolerable downtime C. To determine the level of business resiliency D. To determine the type of alternate site

Answer: A. To determine the maximum tolerable period of data loss. Explanation: The RPO is a measure of the user's tolerance to data loss. In other words, the recovery point objective is the extent of acceptable data loss. For example, an RPO of 2 hours indicates that an organization will not be overly impacted if it loses data for up to 2 hours.

An organization has developed an automated tool to manage and store its business continuity plan. The security manager should be careful because of which reason? A. To ensure the availability of the tool when a disaster occurs B. To ensure that the maintenance cost is within the approved budget C. To ensure the tool has the appropriate version control D. To ensure that access is available to the authorized individual

Answer: A. To ensure the availability of the tool when a disaster occurs. Explanation: The area of most importance is the availability of tools during a disaster. In the absence of such tools, it will be extremely difficult to implement business continuity procedures. These tools should be accessible from an offsite location also. The other options are not as serious as the unavailability of tools during a disaster.

The security manager noted that it was not possible to restore the data in the available time while considering various constraints. What solution should the security manager suggest? A. To increase the recovery time objective B. To decrease the security budget C. To adjust the maximum tolerable outage D. To adjust the allowable interruption window

Answer: A. To increase the recovery time objective. Explanation: The recovery time objective means the time within which the system should be restored. If data is not available within the defined timeline, then the system will not be restored as per the RTO. In this case, it is advisable to increase the RTO. The allowable interruption window is based on the maximum time the organization can be down before major financial impacts occur. It cannot be adjusted. Adjusting the maximum tolerable outage (MTO) or decreasing the security budget will not have any effect on the situation.

Which of the following is not a characteristic of hot site provisioning? A. A hot site is situated in another city B. All the equipment at a hot site is provided at the time of disaster and is not available on the floor C. A hot site will be shared with multiple clients D. The equipment at a hot site will not be a replica of the original site as some equipment may be substituted for the equivalent model

Answer: B. All the equipment at a hot site is provided at the time of disaster and is not available on the floor. Explanation: A hot site indicates that the site is already equipped with the required equipment and can be activated at any time. If the equipment is not available on the floor, then it does not meet the requirements of a hot site. A hot site can be arranged in another city as well. Many commercial providers arrange shared hot sites. Substituting the equivalent equipment is not a major concern.

Which of the following is relevant to the recovery point objective? A. Extent of system downtime B. Before image restoration C. Maximum tolerable outage D. After image restoration

Answer: B. Before image restoration. Explanation: RPO is the level of acceptable data loss. Whenever a database is corrupted, the recovery process only recovers completed transactions; any incomplete transactions are rolled back. This is before image processing occurs. The extent of system downtime is referred to as RTO.

What is the most effective way to compensate for the financial impact of downtime caused due to disaster? A. Availability of offsite media storage B. Business interruption insurance C. Business continuity plan D. Disaster recovery plan

Answer: B. Business interruption insurance. Explanation: Business interruption insurance is the best way to compensate for the loss that occurs due to business disruptions. The other options are more focused on restoring services early to minimize the downtime cost. However, they cannot compensate for losses that have already occurred.

The recovery time objective is primarily based on which of the following? A. Legal requirements B. Business requirements C. Recovery budget D. Resource availability

Answer: B. Business requirements. Explanation: The recovery time objective is the extent of acceptable system downtime. RTO is primarily based on business requirements. Generally, business requirements are inclusive of legal requirements.

The RPO for an application is best determined by which of the following? A. Security manager B. Chief operating officer C. Risk management D. Internal audit

Answer: B. Chief operating officer. Explanation: The RPO is best determined by the business process owner; that is, the chief operating officer. The chief operating officer has adequate knowledge to make this decision.

A new security manager has noted that an organization has multiple data centers. They have arranged one of their own data centers as a recovery site instead of having a dedicated recovery site. Which area is of major concern? A. Difficulty in establishing communication between data centers B. Differences in processing capacity load between data centers C. Difficulty in conducting BCP tests D. Difference in system software versions between data centers.

Answer: B. Difference in processing capacity load between data centers. Explanation: Due to differences in capacity, the data center may not able to handle the loads of other data centers during a disaster. This is an area of major concern. The other options can be addressed without much concern.

"In the case of a disaster, the backup for the end of the previous day should be restored." Which of the following will be relevant to this statement? A. Recovery time objective B. Recovery point objective C. Allowable interruption window D. Service delivery objective

Answer: B. Recovery point objective. Explanation: RPO is a measure of the user's tolerance to data loss. In other words, the recovery point objective is the level of acceptable data loss. For example, an RPO of 2 hours indicates that an organization will not be overly impacted if it loses data for up to 2 hours. The recovery point objective is used to determine the various factors of a backup strategy, such as its frequency and type of backup (that is, mirroring, tape backup, and so on).

The security manager is designing a backup strategy. What is the most important factor? A. The quantum of data B. Recovery point objective C. Recovery time objective D. Maximum tolerable outage

Answer: B. Recovery point objective. Explanation: The recovery time objective is the extent of acceptable data loss. For example, an RPO of 2 hours indicates that an organization will not be overly impacted if it loses data for up to 2 hours. The recovery point objective is used to determine the various factors of the backup strategy, such as frequency and the type of backup (that is, mirroring, tape backup, and so on).

What is the most important factor when selecting an offsite facility? A. The outcome of business impact analysis B. Adequate distance between the primary site and offsite so that the same disaster does not simultaneously impact both sites C. The location of the offsite facilities of other organizations in the same industry D. The applicability of regulatory requirements to an offsite location

Answer: B. The adequate distance between the primary site and offsite so that the same disaster does not simultaneously impact both sites. Explanation: The offsite facility should also be away from the primary site so that both are not subject to the same environmental event. In the case of natural calamities, both sites will be impacted if they're located in the same proximity. The other options are secondary factors.

What is the most important factor to consider when designing the technical aspects of the disaster recovery site? A. Standby resource B. Recovery point objective C. Allowable interruption window D. Maximum tolerable outage

Answer: C. Allowable interruption window. Explanation: Allowable interruption window (AIW) is the maximum time for which the normal operations of the organization can be down. After this point, the organization starts facing major financial difficulties that threaten its existence. The technical specification of the DR site will be based on this constraint. Based on AIW, the organization needs to choose between a mirrored, hot, warm, or cold site.

When conducting business impact analysis, who is the best person to determine the recovery time and cost estimates? A. Business continuity manager B. Security manager C. Business process owners D. IT department

Answer: C. Business process owners. Explanation: The business process owners will be in the best position to determine the impact of the unavailability of their system or processes and the appropriate recovery time and cost estimates.

Which recovery arrangement has the highest chance of failure? A. Warm site B. Hot site C. Reciprocal arrangement D. Cold site

Answer: C. Reciprocal arrangement. Explanation: In a reciprocal agreement, two organizations that have similar capabilities and processing capacities agree to provide support to one another in case of an emergency. Reciprocal agreements are not regarded as very reliable. They have many challenges, such as the same processing capabilities of both organizations, testing the plan, keeping the plan updated, and so on.

An organization is in the process of acquiring a new recovery site as the old site is no longer adequate to support the business objectives. Until the new site is available, which of the following objectives for recovery will have to be changed? A. Recovery budget B. Recovery point objective C. Service delivery objective D. Business continuity test

Answer: C. Service delivery objective. Explanation: The service delivery objective is the level of service and operational capability to be maintained from an alternate site. This is influenced by business requirements. Until the new offsite is available, SDO should be kept at a lower level. The other options do not directly impact the new recovery site.

The incident response team has activated a recovery site. Even though the processing capability is only half of that of the primary site's, the team notifies management that they have restored the critical system. This indicates that the team has achieved which of the following? A. The security budget B. The recovery point objective C. The service delivery objective D. The recovery time objective

Answer: C. The service delivery objective. Explanation: The service delivery objective is the level of service and operational capability to be maintained from an alternate site. The service delivery objective is directly related to business needs and is the level of service to be attained during disaster recovery. The other options are linked to service delivery objectives.

The recovery time objective is said to be achieved when which of the following occurs? A. A disaster is declared B. A recovery of the backup is completed C. The systems are restored D. Normal functions have started

Answer: C. The systems are restored. Explanation: The recovery time objective is the amount of time required to restore a system. Normal functioning may occur significantly later than the RTO. The recovery time objective is the minimum acceptable operational level and is generally lower than normal operations.

What is the best way to ensure that a business continuity plan supports the organization's needs? A. To conduct an external audit of the business continuity plan B. To determine the size of the business continuity team C. To periodically test the plan on varied scenarios D. To update management regularly

Answer: C. To periodically test the plan on varied scenarios. Explanation: You should conduct the test periodically and determine whether the plan supports the requirements of the business. The other options are not as effective as periodic tests.

Which of the following is an aspect of the business continuity program? A. Detailed review of the technical recovery plan B. Detailed testing of network redundancy C. Updating the equipment at the hot site D. Developing a recovery time objective for critical functions

Answer: D. Developing a recovery time objective for critical functions. Explanation: While the goal of BCP is to prevent and mitigate an incident, the goal of DR is to restore operations in the event that business operations are down due to an incident. Developing an RTO directly relates to business continuity, whereas the other options are related to infrastructure disaster recovery.

The security manager is required to ensure the availability of the key business processes at the offsite location. They should verify which of the following? A. Recovery point objective B. Operational hierarchy C. Staff requirements at the offsite D. End-to-end transaction flow

Answer: D. End-to-end transaction flow. Explanation: If an organization can establish an end-to-end transaction flow from the offsite location, then it can be validated that the key business processes are available at the offsite location. The achievements of the RPO and staff requirements do not indicate the availability of the required support and processes at the offsite location.

A business continuity plan is primarily based on which of the following? A. Available alternate site B. Available continuity budget C. Strategy to cover all the applications of the organization D. Strategy validated by senior management

Answer: D. Strategy validated by senior management. Explanation: Senior management is in the best position to understand and adopt the strategy that is most beneficial for the organization's continuity. BCP is primarily based on the service delivery objective of management. A strategy that covers everything is not practical. If the objective of senior management is achieved, it will support the budget for the business continuity processes and alternative sites.

The recovery point objective is determined based on which of the following? A. The extent of acceptable system downtime B. The available security budget C. The acceptable level of service D. The extent of acceptable data loss

Answer: D. The extent of acceptable data loss. Explanation: The RPO is a measure of the user's tolerance to data loss. The recovery point objective is the level of acceptable data loss. For example, an RPO of 2 hours indicates that an organization will not be overly impacted if it loses data for up to 2 hours. The recovery point objective is used to determine the various factors of a backup strategy, such as its frequency and type of backup (that is, mirroring, tape backup, and so on). The extent of the acceptable system downtime is indicated by the recovery time objective. The acceptable level of service is determined by the service delivery objective.

When will the proximity factor be of most importance? A. While performing a business impact analysis B. While performing a BCP test C. While developing a disaster recovery procedure D. While selecting an alternate recovery site

Answer: D. While selecting an alternate recovery site. Explanation: While selecting an alternate recovery site, it is of utmost importance to consider the site's proximity to hazards. The recovery site should be an appropriate distance from potential hazards, such as water bodies, chemical factories, or other areas that can cause significant risk to the recovery site. The recovery site should also be away from the primary site so that both are not subject to the same environmental event.


Related study sets

Chapter 22 Quiz: trading securities

View Set

Cellular Regulation Terms & Questions

View Set

Chapter 1: Ionzing Radiation and Basic Principles of X-Rays Generation

View Set

HESI Comprehensive Exit Exam 1 (And Rationale)

View Set