CISSP | Test Questions | Domain 8 | Business Continuity & Disaster Recovery Planning

An information system's recovery time objective (RTO) considers which of the following? 1. Memorandum of agreement 2. Maximum allowable outage 3. Service-level agreement 4. Cost to recover a. 1 and 3 b. 2 and 4 c. 3 and 4 d. 1, 2, 3, and 4

b. The balancing point between the maximum allowable outage (MAO) for a resource and the cost to recover that resource establishes the information system's recovery time objective (RTO). Memorandum of agreement is another name for developing a service-level agreement (SLA).

Which of the following should be consistent with the frequency of information system backups and the transfer rate of backup information to alternative storage sites? 1. Recovery time objective 2. Mean-time-to-failure 3. Recovery point objective 4. Mean-time-between-outages a. 1 and 2 b. 1 and 3 c. 2 and 3 d. 2 and 4

b. The frequency of information system backups and the transfer rate of backup information to alternative storage sites should be consistent with the organization's recovery time objective (RTO) and recovery point objective (RPO). Recovery strategies must be created to meet the RTO and RPO. Mean-time-to-failure (MTTF) is most often used with safety-critical systems such as airline traffic control systems (radar control services) to measure time between failures. Mean-time-between-outages (MTBO) is the mean time between equipment failures that result in loss of system continuity or unacceptable degradation. MTTF deals with software issues, whereas MTBO measures hardware problems.

Which of the following IT contingency solutions for servers provides high availability? a. Network-attached storage b. System backups c. Redundant array of independent disks d. Electronic vaulting

a. Virtualization network-attached storage (NAS) or storage-area network (SAN) provide high availability because it combines multiple physical storage devices into a logical, virtual storage device that can be centrally managed. System backups provide low availability. A redundant array of independent disks and electronic vaulting provide availability levels between high and low.

Which of the following must be defined to implement each contingency plan? a. Triggers b. Risks c. Costs d. Benefits

a. It is important to document triggers for activating contingency plans. The information needed to define the implementation triggers for contingency plans is the deployment schedule for each contingency plan and the implementation schedule for the replaced mission-critical systems. Triggers are more important than risks, costs, and benefits because the former drives the latter.

The focus of disaster recovery planning should be on: a. Protecting the organization against the consequences of a disaster b. Probability that a disaster may or may not happen c. Balancing the cost of recovery planning against the probability that a disaster might actually happen d. Selecting the best alternative backup processing facilities

a. The focus of disaster recovery planning should be on protecting the organization against the consequences of a disaster, not on the probability that it may or may not happen.

Which of the following tools provide information for reaching people during a disaster? a. Decision tree diagram b. Call tree diagram c. Event tree diagram d. Parse tree diagram

b. A call tree diagram shows who to contact when a required person is not available or not responding. The call tree shows the successive levels of people to contact if no response is received from the lower level of the tree. It shows the backup people when the primary person is not available. A decision tree diagram shows all the choices available with their outcomes to make a decision. An event tree diagram can be used in project management, and a parse tree diagram can be used in estimating probabilities and the nature of states in software engineering.

Regarding BCP and DRP, which of the following does not prevent potential data loss? a. Disk mirroring b. Offsite storage of backup media c. Redundant array of independent disk d. Load balancing

b. Although offsite storage of backup media enables a computer system to be recovered, data added to or modified on the server since the previous backup could be lost during a disruption or disaster. To avoid this potential data loss, a backup strategy may need to be complemented by redundancy solutions, such as disk mirroring, redundant array of independent disk (RAID), and load balancing.

Which of the following is often a missing link in developing a local-area network methodology for contingency planning? a. Deciding which applications can be handled manually b. Deciding which users must secure and back up their own-data c. Deciding which applications are to be supported offsite d. Deciding which applications can be handled as standalone personal computer tasks

b. It is true that during a disaster, not all application systems have to be supported while the local-area network (LAN) is out of service. Some LAN applications may be handled manually, some as standalone PC tasks, whereas others need to be supported offsite. Although these duties are clearly defined, it is not so clear which users must secure and back up their own data. It is important to communicate to users that they must secure and back up their own data until normal LAN operations are resumed. This is often a missing link in developing a LAN methodology for contingency planning.

Which of the following uses both qualitative and quantitative tools? a. Anecdotal analysis b. Business impact analysis c. Descriptive analysis d. Narrative analysis

b. The purpose of business impact analysis (BIA) is to identify critical functions, resources, and vital records necessary for an organization to continue its critical functions. In this process, the BIA uses both quantitative and qualitative tools. The other three choices are examples that use qualitative tools. Anecdotal records constitute a description or narrative of a specific situation or condition.

With respect to business continuity planning/disaster recovery planning (BCP/DRP), risk analysis is part of which of the following? a. Cost-benefit analysis b. Business impact analysis c. Backup analysis d. Recovery analysis

b. The risk analysis is usually part of the business impact analysis. It estimates both the functional and financial impact of a risk occurrence to the organization and identifies the costs to reduce the risks to an acceptable level through the establishment of effective controls. The other three choices are part of the correct choice.

With respect to BCP/DRP, single point of failure means which of the following? a. No production exists b. No vendor exists c. No redundancy exists d. No maintenance exists

c. A single point of failure occurs when there is no redundancy in data, equipment, facilities, systems, and programs. A failure of a component or element may disable the entire system. Use of redundant array of independent disks (RAID) technology provides greater data reliability through redundancy because the data can be stored on multiple hard drives across an array, thus eliminating single points of failure and decreasing the risk of data loss significantly.

What is an alternative processing site that is equipped with telecommunications but not computers? a. Cold site b. Hot site c. Warm site d. Redundant site

c. A warm site has telecommunications ready to be utilized but does not have computers. A cold site is an empty building for housing computer processors later but equipped with environmental controls (for example, heat and air conditioning) in place. A hot site is a fully equipped building ready to operate quickly. A redundant site is configured exactly like the primary site.

The major threats that a disaster recovery contingency plan should address include: a. Physical threats, software threats, and environmental threats b. Physical threats and environmental threats c. Software threats and environmental threats d. Hardware threats and logical threats

c. Physical and environmental controls help prevent contingencies. Although many of the other controls, such as logical access controls, also prevent contingencies, the major threats that a contingency plan addresses are physical and environmental threats, such as fires, loss of power, plumbing breaks, or natural disasters. Logical access controls can address both the software and hardware threats.

The business impact analysis (BIA) should critically examine the business processes and which of the following? a. Composition b. Priorities c. Dependencies d. Service levels

c. The business impact analysis (BIA) examines business processes composition and priorities, business or operating cycles, service levels, and, most important, the business process dependency on mission-critical information systems.

Which of the following computer backup alternative sites is the least expensive method and the most difficult to test? a. Nonmobile hot site b. Mobile hot site c. Warm site d. Cold site

d. A cold site is an environmentally protected computer room equipped with air conditioning, wiring, and humidity control for continued processing when the equipment is shipped to the location. The cold site is the least expensive method of a backup site, but the most difficult and expensive to test.

Which of the following disaster recovery plan testing approaches is not recommended? a. Desk-checking b. Simulations c. End-to-end testing d. Full-interruption testing

d. Management will not allow stopping of normal production operations for testing a disaster recovery plan. Some businesses operate on a 24x7 schedule and losing several hours of production time is tantamount to another disaster, financially or otherwise.

Which of the following is the correct sequence of events when surviving a disaster? a. Respond, recover, plan, continue, and test b. Plan, respond, recover, test, and continue c. Respond, plan, test, recover, and continue d. Plan, test, respond, recover, and continue

d. The correct sequence of events to take place when surviving a disaster is plan, test, respond, recover, and continue.

A company's vital records program must meet which of the following? 1. Legal, audit, and regulatory requirements 2. Accounting requirements 3. Marketing requirements 4. Human resources requirements a. 1 only b. 1 and 2 c. 1, 3, and 4 d. 1, 2, 3, and 4

d. Vital records support the continuity of business operations and present the necessary legal evidence in a court of law. Vital records should be retained to meet the requirements of functional departments of a company (for example, accounting, marketing, production, and human resources) to run day-to-day business operations (current and future). In addition, companies that are heavily regulated (for example, banking and insurance) require certain vital records to be retained for a specified amount of time. Also, internal auditors, external auditors, and third-party auditors (for example, regulatory auditors and banking/insurance industry auditors) require certain vital records to be retained to support their audit work. Periodically, these auditors review compliance with the record retention requirements either as a separate audit or as a part of their scheduled audit. Moreover, vital records are needed during recovery from a disaster. In other words, vital records are so vital for the long-run success of a company. First, a company management with the coordination of corporate legal counsel must take an inventory of all records used in a company, classify what records are vital, and identify what vital records support the continuity of business operations, legal evidence, disaster recovery work, and audit work; knowing that not all records and documents that a company handles everyday are vital records. Some records are on paper media while other records are on electronic media. An outcome of inventorying and classifying records is developing a list of "record retention" showing each document with its retention requirements in terms of years. Then, a systematic method is needed to preserve and store these vital records onsite and offsite with rotation procedures between the onsite and offsite locations. Corporate legal counsel plays an important role in defining retention requirements for both business (common) records and legal records. IT management plays a similar role in backing up, archiving, and restoring the electronic records for future retrieval and use. The goal is to ensure that the current version of the vital records is available and that outdated backup copies are deleted or destroyed in a timely manner. Examples of vital records follow: Legal records: General contracts; executive employment contracts; bank loan documents; business agreements with third parties, partners, and joint ventures; and regulatory compliance forms and reports. Accounting/finance records: Payroll, accounts payable, and accounts receivable records; customer invoices; tax records; and yearly financial statements. Marketing records: Marketing plans; sales contracts with customers and distributors; customer sales orders; and product shipment documents. Human resources records: Employment application and test scores, and employee performance appraisal forms.

All the following are misconceptions about a disaster recovery plan except: a. It is an organization's assurance to survive. b. It is a key insurance policy. c. It manages the impact of LAN failures. d. It manages the impact of natural disasters.

a. A well-documented, well-rehearsed, well-coordinated disaster recovery plan allows businesses to focus on surprises and survival. In today's environment, a local-area network (LAN) failure can be as catastrophic as a natural disaster, such as a tornado. Insurance does not cover every loss. The other three choices are misconceptions. What is important is to focus on the major unexpected events and implement modifications to the plan so that it is necessary to reclaim control over the business. The key is to ensure survival in the long run.

Which of the following statements is not true about contracts and agreements associated with computer backup facilities? a. Small vendors do not need contracts due to their size. b. Governmental organizations are not exempted from contract requirements. c. Nothing should be taken for granted during contract negotiations. d. All agreements should be in writing.

a. All vendors, regardless of their size, need written contracts for all customers, whether commercial or governmental. Nothing should be taken for granted, and all agreements should be in writing to avoid misunderstandings and performance problems.

Which of the following items is usually not considered when a new application system is brought into the production environment? a. Assigning a contingency processing priority code b. Training computer operators c. Developing computer operations documentation d. Training functional users

a. An application system priority analysis should be performed to determine the business criticality for each computer application. A priority code or time sensitivity code should be assigned to each production application system that is critical to the survival of the organization. The priority code tells people how soon the application should be processed when the backup computer facility is ready. This can help in restoring the computer system following a disaster and facilitate in developing a recovery schedule.

Regarding contingency planning, system-level information backups do n o t require which of the following to protect their integrity while in storage? a. Passwords b. Digital signatures c. Encryption d. Cryptographic hashes

a. Backups are performed at the user-level and system-level where the latter contains an operating system, application software, and software licenses. Only user-level information backups require passwords. System-level information backups require controls such as digital signatures, encryption, and cryptographic hashes to protect their integrity.

What is the inherent limitation of a disaster recovery planning exercise? a. Inability to include all possible types of disasters b. Assembling disaster management and recovery teams c. Developing early warning monitors that trigger alerts and responses d. Conducting periodic drills

a. Because there are many types of disasters that can occur, it is not practical to consider all such disasters. Doing so is cost-prohibitive. Hence, disaster recovery planning exercises should focus on major types of disasters that occur frequently. One approach is to perform risk analysis to determine the annual loss expectancy (ALE), which is calculated from the frequency of occurrence of a possible loss multiplied by the expected dollar loss per occurrence.

Regarding contingency planning, which of the following is susceptible to potential accessibility problems in the event of an area-wide disaster? 1. Alternative storage site 2. Alternative processing site 3. Alternative telecommunications services 4. Remote redundant secondary systems a. 1 and 2 b. 2 and 3 c. 3 only d. 1 and 4

a. Both alternative storage site and alternative processing site are susceptible to potential accessibility problems in the event of an area-wide disruption or disaster. Explicit mitigation actions are needed to handle this problem. Telecommunication services (ISPs and network service providers) and remote redundant secondary systems are located far away from the local area, hence not susceptible to potential accessibility problems.

For business continuity planning/disaster recovery planning (BCP/DRP), business impact analysis (BIA) primarily identifies which of the following? a. Threats and risks b. Costs and impacts c. Exposures and functions d. Events and operations

a. Business impact analysis (BIA) is the process of identifying an organization's exposure to the sudden loss of selected business functions and/or the supporting resources (threats) and analyzing the potential disruptive impact of those exposures (risks) on key business functions and critical business operations. Threats and risks are primary and costs and impacts are secondary, where the latter is derived from the former. The BIA usually establishes a cost (impact) associated with the disruption lasting varying lengths of time, which is secondary.

What is the purpose of a business continuity plan (BCP)? a. To sustain business operations b. To recover from a disaster c. To test the business continuity plan d. To develop the business continuity plan

a. Continuity planning involves more than planning for a move offsite after a disaster destroys a data center. It also addresses how to keep an organization's critical functions operating in the event of disruptions, both large and small. This broader perspective on continuity planning is based on the distribution of computer use and support throughout an organization. The goal is to sustain business operations.

Which of the following IT contingency solutions provides recovery time objectives (RTOs) ranging from minutes to several hours? a. Synchronous mirroring b. Asynchronous shadowing c. Single location disk replication d. Multiple location disk replication

a. Disk replication can be implemented locally or between different locations. Disk replication techniques are classified as synchronous or asynchronous. With synchronous mirroring, the recovery time objectives (RTOs) can be minutes to several hours (for shorter time periods), and hence should be used for applications that can accept little or no data loss. With asynchronous shadowing, the RTO can range from several hours to a day (for longer time periods), depending on the time that is required to implement the changes in the unapplied logs. Disk replication involves two different disks to ensure that two valid copies of the data are always available. 7. The IT operations management of KPQ Corporation is concerned about the reliability and availability data for its four major, mission-critical information systems that are used by business end-users. The KPQ corporate management's goal is to improve the reliability and availability of these four systems in order to increase customer satisfaction both internally and externally. The IT operations management collected the following data on downtime hours that include scheduled maintenance hours and uptime hours for all these systems. Assume 365 operating days per year and 24 hours per day for all these systems. The KPQ functional management thinks that the security goal of availability is more important in ensuring the continuity of business operations than the confidentiality and integrity goals. This is because the availability goal will ensure timely and reliable access to and use of system-related data and information, as it is an indicator of quantity of service. System Downtime, hours Uptime, hours 1 200 8,560 2 150 8,610 3 250 8,510 4 100 8,660 Which of the following systems has the highest availability in a year expressed in percentages and rounded up? a. System 1 b. System 2 c. System 3 d. System 4 ## d. System 4 has the highest availability percentage. Theoretically speaking, the lower the downtime for a system, the higher the availability of that system, and higher the reliability of that system, and vice versa. In fact, this question does not require any calculations to perform because one can find out the correct answer just by looking at the downtime and uptime data given in that the lower the downtime hours, the higher the uptime hours, and the higher the availability of the system, and vice versa. System Availability, percent Reliability, percent 1 97.7 97.7 2 98.3 98.3 3 97.1 97.1 4 98.9 98.9 Calculations for System 1 are shown below and calculations for other systems follow the System 1 calculations. Availability for System 1 = [Uptime/(Uptime + Downtime)] × 100 = [(8,560/8,760)] × 100 = 97.7% Reliability for System 1 = [1 - (Downtime/Downtime + Uptime)] × 100 = [1 - (200/8,760)] × 100 = 97.7% Check: Reliability for System 1 = 100 - (100 - Availability percent) = 100 - (100 - 97.7) = 97.7% This goes to say that the availability and reliability goals are intrinsically related to each other, where the former is a component of the latter.

Which of the following statements is not true about the critical application categories established for disaster recovery planning purposes? a. Predefined categories need not be followed during a disaster because time is short. b. Each category has a defined time frame to recover. c. Each category has a priority level assigned to it. d. The highest level category is the last one to recover.

a. It is important to define applications into certain categories to establish processing priority. For example, the time for recovery of applications in category I could be less than 8 hours after disaster declaration (high priority). The time frame for recovery of category IV applications could be less than 12 hours after disaster declaration (low priority).

Regarding BCP and DRP, which of the following determines the recovery cost balancing? a. Cost of system inoperability and the cost of resources to recover b. Maximum allowable outage and the cost to recover c. Cost of disruption and the cost to recover d. Cost of impact and the cost of resources

a. It is important to determine the optimum point to recover an IT system by balancing the cost of system inoperability against the cost of resources required for restoring the system. This is called recovery cost balancing, which indicates how long an organization can afford to allow the system to be disrupted or unavailable. The other three choices are incorrect because they do not deal with the recovery cost balancing principle.

Regarding contingency planning, strategic reasons for separating the alternative storage site from the primary storage site include ensuring: 1. Both sites are not susceptible to the same hazards. 2. Both sites are not colocated in the same area. 3. Both sites do not have the same recovery time objectives. 4. Both sites do not have the same recovery point objectives. a. 1 and 2 b. 1, 2, and 3 c. 1, 2, and 4 d. 1, 2, 3, and 4

a. It is important to ensure that both sites (i.e., alternative storage site and primary storage site) are not susceptible to the same hazards, are not colocated in the same area, have the same recovery time objectives (RTOs), and have the same recovery point objectives (RPOs).

Which of the following phases in the contingency planning and emergency program is most difficult to sell to an organization's management? a. Mitigation b. Preparedness c. Response d. Recovery

a. Mitigation is a long-term activity aimed at eliminating or reducing the probability of an emergency or a disaster occurring. It requires "up-front" money and commitment from management. Preparedness is incorrect because it is a readiness to respond to undesirable events. It ensures effective response and minimizes damage. Response is incorrect because it is the first phase after the onset of an emergency. It enhances recovery operations. Recovery is incorrect because it involves both short- and long-term restoration of vital systems to normal operations.

Redundant array of independent disk (RAID) technology does not use which of the following? a. Electronic vaulting b. Mirroring c. Parity d. Striping

a. Redundant array of independent disk (RAID) technology uses three data redundancy techniques such as mirroring, parity, and striping, not electronic vaulting. Electronic vaulting is located offsite, whereas RAID is placed at local servers where the former may use the latter.

Regarding contingency planning, information system backups require which of the following? 1. Both the primary storage site and alternative storage site do not need to be susceptible to the same hazards. 2. Both operational system and redundant secondary system do not need to be colocated in the same area. 3. Both primary storage site and alternative storage site do not need to have the same recovery time objectives. 4. Both operational system and redundant secondary system do not need to have the same recovery point objectives. a. 1 and 2 b. 1, 2, and 3 c. 1, 2, and 4 d. 1, 2, 3, and 4

a. System backup information can be transferred to the alternative storage site, and the same backup can be maintained at a redundant secondary system, not colocated with the operational system. Both sites and both systems must have the same recovery time objectives (RTOs) and same recovery point objectives (RPOs). This arrangement can be activated without loss of information or disruption to the operation.

Which of the following is an operational control and is a prerequisite to developing a disaster recovery plan? a. System backups b. Business impact analysis c. Cost-benefit analysis d. Risk analysis

a. System backups provide the necessary data files and programs to recover from a disaster and to reconstruct a database from the point of failure. System backups are operational controls, whereas the items mentioned in the other choices come under management controls and analytical in nature.

A major risk in the use of cellular radio and telephone networks during a disaster include: a. Security and switching office issues b. Security and redundancy c. Redundancy and backup power systems d. Backup power systems and switching office

a. The airwaves are not secure and a mobile telephone switching office can be lost during a disaster. The cellular company may need to divert a route from the cell site to another mobile switching office. User organizations can take care of the other three choices because they are mostly applicable to them, and not to the telephone company.

Physical disaster prevention and preparedness begins when a: a. Data center site is constructed b. New equipment is added c. New operating system is installed d. New room is added to existing computer center facilities

a. The data center should be constructed in such a way as to minimize exposure to fire, water damage, heat, or smoke from adjoining areas. Other considerations include raised floors, sprinklers, or fire detection and extinguishing systems and furniture made of noncombustible materials. All these considerations should be taken into account in a cost-effective manner at the time the data (computer) center is originally built. Add-ons will not only be disruptive but also costly.

An organization's effective presentation of disaster scenarios should be based on which of the following? a. Severity and timing levels b. Risk and impact levels c. Cost and timing levels d. Event and incident levels

a. The disaster scenarios, describing the types of incidents that an organization is likely to experience, should be based on events or situations that are severe in magnitude (high in damages and longer in outages), occurring at the worst possible time (i.e., worst-case scenario with pessimistic time), resulting in severe impairment to the organization's ability to conduct and/or continue its business operations. The planning horizon for these scenarios include short-term (i.e., less than one month outage) and long-term (i.e., more than three month outage), the severity magnitude levels include low, moderate, and high; and the timing levels include worst possible time, most likely time, and least likely time. The combination of high severity level and the worst possible time is an example of high-risk scenario. The other three choices are incorrect because they are not relevant directly to the disaster scenarios in terms of severity and timing levels except that they support the severity and timing levels indirectly.

The most effective action to be taken when a hurricane advance warning is provided is to: a. Declare the disaster early. b. Install an uninterruptible power supply system. c. Provide a backup water source. d. Acquire gasoline-powered pumps.

a. The first thing is to declare the disaster as soon as the warning sign is known. Protecting the business site is instrumental in continuing or restoring operations in the event of a hurricane. Ways to do this include an uninterruptible power supply (batteries and generators), a backup water source, and a supply of gasoline-powered pumps to keep the lower levels of the facility clear of floodwaters. Boarding up windows and doors is good to protect buildings from highspeed flying debris and to prevent looting.

All the following need to be established prior to a crisis situation except: a. Public relationships b. Credibility c. Reputation d. Goodwill

a. The other three choices (i.e., credibility, reputation, and goodwill) need to exist in advance of a crisis situation. These qualities cannot be generated quickly during a crisis. They take a long time to develop and maintain, way before a disaster occurs. On the other hand, public (media) relationships require a proactive approach during a disaster. This includes distributing an information kit to the media at a moment's notice. The background information about the company in the kit must be regularly reviewed and updated. When disaster strikes, it is important to get the company information out early. By presenting relevant information to the media, more time is available to manage the actual day-to-day aspects of crisis communications during the disaster.

Which of the following IT contingency solutions is useful over larger bandwidth connections and shorter physical distances? a. Synchronous mirroring b. Asynchronous shadowing c. Single location disk replication d. Multiple location disk replication

a. The synchronous mirroring mode can degrade performance on the protected server and should be implemented only over shorter physical distances where bandwidth is larger that will not restrict data transfers between servers. The asynchronous shadowing mode is useful over smaller bandwidth connections and longer physical distances where network latency could occur. Consequently, shadowing helps to preserve the protected server's performance. Both synchronous and asynchronous are techniques and variations of disk replication (i.e., single and multiple location disk replication).

Regarding BCP and DRP, if MAO is maximum allowable outage, BIA is business impact analysis, RTO is recovery time objective, MTBF is mean-time-between-failures, RPO is recovery point objective, MTTR is mean-time-to-repair, and UPS is uninterruptible power supply, which one of the following is related to and compatible with each other within the same choice? a. MAO, BIA, RTO, and MTBF b. BIA, RTO, RPO, and MAO c. MAO, MTTR, RPO, and UPS d. MAO, MTBF, MTTR, and UPS

b. A business impact analysis (BIA) is conducted by identifying a system's critical resources. Two critical resource measures in BIA include recovery time objective (RTO) and recovery point objective (RPO). The impact in BIA is expressed in terms of maximum allowable outage (MAO). Hence, BIA, RTO, RPO, and MAO are related to and compatible with each other. MTBF is mean-time-between-failures, MTTR is mean-time-to-repair, and UPS is uninterruptible power supply, and they have no relation to BIA, RTO, RPO, and MAO because MAO deals with maximum time, whereas MTTF and MTTR deals with mean time (i.e., average time).

Contingency planning integrates the results of which of the following? a. Business continuity plan b. Business impact analysis c. Core business processes d. Infrastructural services

b. Contingency planning integrates and acts on the results of the business impact analysis. The output of this process is a business continuity plan consisting of a set of contingency plans —with a single plan for each core business process and infrastructure component. Each contingency plan should provide a description of the resources, staff roles, procedures, and timetables needed for its implementation.

Regarding BCP and DRP, which of the following IT platforms typically provide some inherent level of redundancy? a. Mainframe systems b. Distributed systems c. Desktop computers d. Websites

b. Distributed systems use the client-server relationship model to make the application more accessible to users in different locations, and they rely extensively on LAN and WAN connectivity. Because all data resides at a company's headquarters location and is replicated to the local sites, the distributed system provides some inherent level of redundancy. The other three choices cannot provide that kind of redundancy.

Which of the following is the best organizational structure and management style during a disaster? a. People-oriented b. Production-oriented c. Democratic-oriented d. Participative-oriented

b. During the creation of a disaster recovery and restoration plan, the management styles indicated in the other three choices are acceptable due to the involvement and input required of all people affected by a disaster. However, the situation during a disaster is entirely different requiring execution, not planning. The command-and-control structure, which is a productionoriented management style, is the best approach to orchestrate the recovery, unify all resources, and provide solid direction with a single voice to recover from the disaster. This is not the time to plan and discuss various approaches and their merits. The other three choices are not suitable during a disaster.

Regarding BCP and DRP, the board of directors of an organization is not required to follow which of the following? a. Duty of due care b. Duty of absolute care c. Duty of loyalty d. Duty of obedience

b. Duty of absolute care is not needed because reasonable and normal care is expected of the board of directors because no one can anticipate or protect from all disasters. However, the directors need to follow the other three duties of due care, loyalty, and obedience.

The primary objective of emergency planning is to: a. Minimize loss of assets. b. Ensure human security and safety. c. Minimize business interruption. d. Provide backup facilities and services.

b. Emergency planning provides the policies and procedures to cope with disasters and to ensure the continuity of vital data center services. The primary objective of emergency planning is personnel safety, security, and welfare; secondary objectives include (i) minimizing loss of assets, (ii) minimizing business interruption, (iii) providing backup facilities and services, and (iv) providing trained personnel to conduct emergency and recovery operations.

Which of the following is a critical benefit of implementing an electronic vaulting program? a. It supports unattended computer center operations or automation. b. During a crisis situation, an electronic vault can make the difference between an organization's survival and failure. c. It reduces required backup storage space. d. It provides faster storage data retrieval.

b. For some organizations, time becomes money. Increased system reliability improves the likelihood that all the information required is available at the electronic vault. If data can be retrieved immediately from the off-site storage, less is required in the computer center. It reduces retrieval time from hours to minutes. Because electronic vaulting eliminates tapes, which are a hindrance to automated operations, electronic vaulting supports automation.

Which of the following alternative computing backup facilities is intended to serve an organization that has sustained total destruction from a disaster? a. Service bureaus b. Hot sites c. Cold sites d. Reciprocal agreements

b. Hot sites are fully equipped computer centers. Some have fire protection and warning devices, telecommunications lines, intrusion detection systems, and physical security. These centers are equipped with computer hardware that is compatible with that of a large number of subscribing organizations. This type of facility is intended to serve an organization that has sustained total destruction and cannot defer computer services. The other three choices do not have this kind of support.

The greatest cost in data management comes from which of the following? a. Backing up files b. Restoring files c. Archiving files d. Journaling files

b. Manual tape processing has the tendency to cause problems at restore time. Multiple copies of files exist on different tapes. Finding the right tape to restore can become a nightmare, unless the software product has automated indexing and labeling features. Restoring files is costly due to the considerable human intervention required, causing delays. Until the software is available to automate the file restoration process, costs continue to be higher than the other choices. Backing up refers to a duplicate copy of a data set that is held in storage in case the original data are lost or damaged. Archiving refers to the process of moving infrequently accessed data to less accessible and lower cost storage media. Journaling applications post a copy of each transaction to both the local and remote storage sites when applicable.

Which of the following requires advance planning to handle a real flood-driven disaster? a. Call tree list, power requirements, and air-conditioning requirements b. Power requirements and air-conditioning requirements c. Air-conditioning requirements and media communications d. Call tree list and media communications

b. Power and air-conditioning requirements need to be determined in advance to reduce the installation time frames. This includes diesel power generators, fuel, and other associated equipment. Media communications include keeping in touch with radio, television, and newspaper firms. The call tree list should be kept current all the time so that the employee and vendor-notification process can begin as soon as the disaster strikes. This list includes primary and secondary employee names and phone numbers as well as escalation levels.

Regarding BCP and DRP, redundant array of independent disk (RAID) does not do which of the following? a. Provide disk redundancy b. Provide power redundancy c. Decrease mean-time-between-failures d. Provide fault tolerance for data storage

b. Redundant array of independent disk (RAID) does not provide power redundancy and should be acquired through an uninterruptible power supply system. However, RAID provides the other three choices.

Contingency planning for local-area networks should consider all the following except: a. Incident response b. Remote computing c. Backup operations d. Recovery plans

b. Remote computing is not applicable to a local-area network (LAN) because the scope of a LAN is limited to local area only such as a building or group of buildings. Wide-area networks or metropolitan-area networks are good for remote computing. A contingency plan should consider three things: incident response, backup operations, and recovery. The purpose of incident response is to mitigate the potentially serious effects of a severe LAN security-related problem. It requires not only the capability to react to incidents but also the resources to alert and inform the users if necessary. Backup operation plans are prepared to ensure that essential tasks can be completed subsequent to disruption of the LAN environment and can continue until the LAN is sufficiently restored. Recovery plans are made to permit smooth, rapid restoration of the LAN environment following interruption of LAN usage. Supporting documents should be developed and maintained that minimize the time required for recovery. Priority should be given to those applications and services that are deemed critical to the functioning of the organization. Backup operation procedures should ensure that these critical services and applications are available to users.

Business continuity plans (BCP) need periodic audits to ensure the accuracy, currency, completeness, applicability, and usefulness of such plans in order to properly run business operations. Which one of the following items is a prerequisite to the other three items? a. Internal audits b. Self-assessments c. External audits d. Third-party audits

b. Self-assessments are proactive exercises and are a prerequisite to other types of audits. Self-assessments are in the form of questionnaires and usually a company's employees (for example, supervisors or mangers) conduct these self-assessments to collect answers from functional management and IT management on various business operations. If these selfassessments are conducted with honesty and integrity, they can be eye-opening exercises because their results may not be the same as expected by the company management. The purpose of self-assessments is to identify strengths and weaknesses so weaknesses can be corrected and strengths can be improved. In addition, self-assessments make an organization ready and prepared for the other audits such as internal audits by corporate internal auditors, external audits by public accounting firms, and third-party audits by regulatory compliance auditors, insurance industry auditors, and others. In fact, overall audit costs can be reduced if these auditors can rely on the results of selfassessments, and it can happen only when these assessments are done in an objective and unbiased manner. This is because auditors do not need to repeat these assessments with functional and IT management, thus saving their audit time, resulting in reduction in audit costs. However, auditors will conduct their own independent tests to validate the answers given in the assessments. The audit process validates compliance with disaster recovery standards, reviews recovery problems and solutions, verifies the appropriateness of recovery test exercises, and reviews the criteria for updating and maintaining a BCP. Here, the major point is that self-assessments should be performed in an independent and objective manner without the company management's undue influence on the results. Another proactive thinking is sharing these self-assessments with auditors earlier to get their approval prior to actually using them in the company to ensure that right questions are asked and right areas are addressed.

An effective element of damage control after a disaster occurs is to: a. Maintain silence. b. Hold press conferences. c. Consult lawyers. d. Maintain secrecy.

b. Silence is guilt, especially during a disaster. How a company appears to respond to a disaster can be as important as the response itself. If the response is kept in secrecy, the press will assume there is some reason for secrecy. The company should take time to explain to the press what happened and what the response is. A corporate communications professional should be consulted instead of a lawyer due to the specialized knowledge of the former. A spokesperson should be selected to contact media, issue an initial statement, provide background information, and describe action plans, which are essential to minimize the damage. The company lawyers may add restrictions to ensure that everything is done accordingly, which may not work well in an emergency.

Regarding BCP and DRP, which of the following establishes an information system's recovery time objective (RTO)? a. Cost of system inoperability and the cost of resources b. Maximum allowable outage time and the cost to recover c. Cost of disruption and the cost to recover d. Cost of impact and the cost of resources

b. The balancing point between the maximum allowable outage (MAO) and the cost to recover establishes an information system's recovery time objective (RTO). Recovery strategies must be created to meet the RTO. The maximum allowable outage is also called maximum tolerable downtime (MTD). The other three choices are incorrect because they do not deal with time and cost dimensions together.

Which of the following disaster recovery plan test results would be most useful to management? a. Elapsed time to perform various activities b. Amount of work completed c. List of successful and unsuccessful activities d. Description of each activity

c. Management is interested to find out what worked (successful) and what did not (unsuccessful) after a recovery from a disaster. The idea is to learn from experience.

What should be the last step in a risk assessment process performed as a part of business continuity plan? a. Consider possible threats. b. Establish recovery priorities. c. Assess potential impacts. d. Evaluate critical needs.

b. The last step is establishing priorities for recovery based on critical needs. The following describes the sequence of steps in a risk assessment process: 1. Possible threats include natural (for example, fires, floods, and earthquakes), technical (for example, hardware/software failure, power disruption, and communications interference), and human (for example, riots, strikes, disgruntled employees, and sabotage). 2. Assess impacts from loss of information and services from both internal and external sources. This includes financial condition, competitive position, customer confidence, legal/regulatory requirements, and cost analysis to minimize exposure. 3. Evaluate critical needs. This evaluation also should consider timeframes in which a specific function becomes critical. This includes functional operations, key personnel, information, processing systems, documentation, vital records, and policies and procedures. 4. Establish priorities for recovery based on critical needs.

A contingency planning strategy consists of the following four parts. Which of the following parts are closely related to each other? a. Emergency response and recovery b. Recovery and resumption c. Resumption and implementation d. Recovery and implementation

b. The selection of a contingency planning strategy should be based on practical considerations, including feasibility and cost. Risk assessment can be used to help estimate the cost of options to decide an optimal strategy. Whether the strategy is onsite or offsite, a contingency planning strategy normally consists of emergency response, recovery, resumption, and implementation. In emergency response, it is important to document the initial actions taken to protect lives and limit damage. In recovery, the steps that will be taken to continue support for critical functions should be planned. In resumption, what is required to return to normal operations should be determined. The relationship between recovery and resumption is important. The longer it takes to resume normal operations, the longer the organization will have to operate in the recovery mode. In implementation, it is necessary to make appropriate preparations, document the procedures, and train employees. Emergency response and implementation do not have the same relationship as recovery and resumption does.

Which of the following is the most important consideration in locating an alternative computing facility during the development of a disaster recovery plan? a. Close enough to become operational quickly b. Unlikely to be affected by the same contingency issues as the primary facility c. Close enough to serve its users d. Convenient to airports and hotels

b. There are several considerations that should be reflected in the backup site location. The optimum facility location is (i) close enough to allow the backup function to become operational quickly, (ii) unlikely to be affected by the same contingency, (iii) close enough to serve its users, and (iv) convenient to airports, major highways, or train stations when located out of town.

In transaction-based systems, which of the following are mechanisms supporting transaction recovery? 1. Transaction rollback 2. Transaction journaling 3. Router tables 4. Compilers a. 1 only b. 1 and 2 c. 3 and 4 d. 1, 2, 3, and 4

b. Transaction rollback and transaction journaling are examples of mechanisms supporting transaction recovery. Routers use router tables for routing messages and packets. A compiler is software used to translate a computer program written in a high-level programming language (source code) into a machine language for execution. Both router tables and compilers do not support transaction recovery.

Which of the following is an example of a recovery time objective (RTO) for a payroll system identified in a business impact analysis (BIA) document? a. Time and attendance reporting may require the use of a LAN server and other resources. b. LAN disruption for 8 hours may create a delay in time sheet processing. c. The LAN server must be recovered within 8 hours to avoid a delay in time sheet processing. d. The LAN server must be recovered fully to distribute payroll checks on Friday to all employees.

c. "The LAN server must be recovered within 8 hours to avoid a delay in time sheet processing" is an example of BIA's recovery time objective (RTO). "Time and attendance reporting may require the use of a LAN server and other resources" is an example of BIA's critical resource. "LAN disruption for 8 hours may create a delay in time sheet processing" is an example of BIA's resource impact. "The LAN server must be recovered fully to distribute payroll checks on Friday to all employees" is an example of BIA's recovery point objective (RPO).

Which of the following are closely connected to each other when conducting business impact analysis (BIA) as a part of the IT contingency planning process? 1. System's components 2. System's interdependencies 3. System's critical resources 4. System's downtime impacts a. 1 and 2 b. 2 and 3 c. 3 and 4 d. 1, 2, 3, and 4

c. A business impact analysis (BIA) is a critical step to understanding the information system components, interdependencies, and potential downtime impact. Contingency plan strategy and procedures should be designed in consideration of the results of the BIA. A BIA is conducted by identifying the system's critical resources. Each critical resource is then further examined to determine how long functionality of the resource could be withheld from the information system before an unacceptable impact is experienced. Therefore, system's critical resources and system's downtime impacts are closely related to each other than the other items.

Which of the following disaster-recovery alternative facilities eliminates the possibility of competition for time and space with other businesses? a. Hot sites b. Cold sites c. Mirrored sites d. Warm sites

c. A dedicated second site eliminates the threat of competition for time and space with other businesses. These benefits coupled with the ever-growing demands of today's data and telecommunications networks have paved the way for a new breed of mirrored sites (intelligent sites) that can serve as both primary and contingency site locations. These mirrored sites employ triple disaster avoidance systems covering power, telecommunications, life support (water and sanitation), and 24-hour security systems. Mirrored sites are fully redundant facilities with automated real-time information mirroring. A mirrored site (redundant site) is equipped and configured exactly like the primary site in all technical respects. Some organizations plan on having partial redundancy for a disaster recovery purpose and partial processing for normal operations. The stocking of spare personal computers and their parts or LAN servers also provide some redundancy. Hot, cold, and warm sites are operated and managed by commercial organizations, whereas the mirrored site is operated by the user organization.

Regarding contingency planning, an organization obtains which of the following to reduce the likelihood of a single point of failure? a. Alternative storage site b. Alternative processing site c. Alternative telecommunications services d. Redundant secondary system

c. An organization obtains alternative telecommunications services to reduce the likelihood of encountering a single point of failure with primary telecommunications services because of its high risk. The other choices are not high-risk situations.

Which of the following statements is not true? Having a disaster recovery plan and testing it regularly: a. Reduces risks b. Affects the availability of insurance c. Lowers insurance rates d. Affects the total cost of insurance

c. Both underwriters and management are concerned about risk reduction, availability of specific insurance coverage, and its total cost. A good disaster recovery plan addresses these concerns. However, a good plan is not a guarantee for lower insurance rates in all circumstances. Insurance rates are determined based on averages obtained from loss experience, geography, management judgment, the health of the economy, and a host of other factors. Total cost of insurance depends on the specific type of coverage obtained. It could be difficult or expensive to obtain insurance in the absence of a disaster recovery plan. Insurance provides a certain level of comfort in reducing risks but it does not provide the means to ensure continuity of business operations.

Which of the following IT contingency solutions requires a higher bandwidth to operate? a. Remote journaling b. Electronic vaulting c. Synchronous mirroring d. Asynchronous mirroring

c. Depending on the volume and frequency of the data transmission, remote journaling or electronic vaulting could be conducted over a connection with limited or low bandwidth. However, synchronous mirroring requires higher bandwidth for data transfers between servers. Asynchronous mirroring requires smaller bandwidth connection.

Which of the following disaster recovery plan testing options should not be scheduled at critical points in the normal processing cycle? a. Checklist testing b. Parallel testing c. Full-interruption testing d. Structured walk-through testing

c. Full-interruption testing, as the name implies, disrupts normal operations and should be approached with caution.

When an organization is interrupted by a catastrophe, which of the following cost categories requires management's greatest attention? a. Direct costs b. Opportunity costs c. Hidden costs d. Variable costs

c. Hidden costs are not insurable expenses and include (i) unemployment compensation premiums resulting from layoffs in the work force, (ii) increases in advertising expenditures necessary to rebuild the volume of business, (iii) cost of training new and old employees, and (iv) increased cost of production due to decline in overall operational efficiency. Generally, traditional accounting systems are not set up to accumulate and report the hidden costs. Opportunity costs are not insurable expenses. They are costs of foregone choices, and accounting systems do not capture these types of costs. Both direct and variable costs are insurable expenses and are captured by accounting systems.

Which of the following organization's functions are often ignored in planning for recovery from a disaster? a. Computer operations b. Safety c. Human resources d. Accounting

c. Human resource policies and procedures impact employees involved in the response to a disaster. Specifically, it includes extended work hours, overtime pay, compensatory time, living costs, employee evacuation, medical treatment, notifying families of injured or missing employees, emergency food, and cash during recovery. The scope covers the pre-disaster plan, emergency response during recovery, and post-recovery issues. The major reason for ignoring the human resource issues is that they encompass many items requiring extensive planning and coordination, which take a significant amount of time and effort.

Regarding business continuity planning (BCP) and disaster recovery planning (DRP), which of the following contingency solutions for wide-area networks (WANs) increases vulnerability to hackers? a. Redundant communication links b. Multiple network service providers c. Multiple Internet connections d. Redundant network connecting devices

c. It is true that multiple Internet connections increase a network's vulnerability to hackers. But at the same time, multiple Internet connections provide redundancy, meaning that if one connection were to fail, Internet traffic could be routed through the remaining connection. So, there is a trade-off between security and availability. The other three choices are not vulnerable to hackers. Redundant communication links can include two T-1 connections or the backup link. Multiple network service providers (NSPs) and the Internet service providers (ISPs) providing a robust and reliable service from their core networks. Redundant network connecting devices such as routers, switches, and firewalls can create high availability.

Which of the following IT contingency solutions increases a server's performance and availability? a. Electronic vaulting b. Remote journaling c. Load balancing d. Disk replication

c. Load balancing systems monitor each server to determine the best path to route traffic to increase performance and availability so that one server is not overwhelmed with traffic. Electronic vaulting and remote journaling are similar technologies that provide additional data backup capabilities, with backups made to remote tape or disk drives over communication links. Disk replication can be implemented locally or between different locations.

IT resource criticality for recovery and restoration is determined through which of the following ways? 1. Standard operating procedures 2. Events and incidents 3. Business continuity planning 4. Service-level agreements a. 1 and 2 b. 2 and 3 c. 3 and 4 d. 1, 2, 3, and 4

c. Organizations determine IT resource criticality (for example, firewalls and Web servers) through their business continuity planning efforts or their service-level agreements (SLAs), which document actions and maximum response times and state the maximum time for restoring each key resource. Standard operating procedures (SOPs) are a delineation of the specific processes, techniques, checklists, and forms used by employees to do their work. An event is any observable occurrence in a system or network. An incident can be thought of as a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices.

Which of the following tasks is not a part of business continuity plan (BCP)? a. Project scoping b. Impact assessment c. Disaster recovery procedures d. Disaster recovery strategies

c. Tasks are different between a business continuity plan (BCP) and disaster recovery planning (DRP) because of timing of those tasks. For example, disaster recovery procedures come into play only during disaster, which is a part of DRP.

Which of the following is the best course of action to take for retrieving the electronic records stored at an offsite location? a. Installing physical security controls offsite a. Installing environmental security controls offsite c. Ensuring that software version stored offsite matches with the vital records version d. Rotating vital records between onsite and offsite

c. The IT management must ensure that electronic records are retrievable in the future, requiring the correct version of software that created the original records is tested and stored offsite, and that the current software version is matched with the current version of vital records. The other three choices are incorrect because, although they are important in their own way, they do not directly address the retrieval of electronic records. Examples of physical security controls include keys and locks, sensors, alarms, sprinklers, and surveillance cameras. Examples of environmental controls include humidity, air conditioning, and heat levels. Rotating vital records between onsite and offsite is needed to purge the obsolete records and keep the current records only.

The business continuity planning (BCP) process should focus on providing which of the following? a. Financially acceptable level of outputs and services b. Technically acceptable level of outputs and services c. Minimum acceptable level of outputs and services d. Maximum acceptable level of outputs and services

c. The business continuity planning (BCP) process should safeguard an organization's capability to provide a minimum acceptable level of outputs and services in the event of failures of internal and external mission-critical information systems and services. The planning process should link risk management and risk mitigation efforts to operate the organization's core business processes within the constraints such as a disaster time.

If the disaster recovery plan is being tested for the first time, which of the following testing options can be combined? a. Checklist testing and simulation testing b. Simulation testing and full-interruption testing c. Checklist testing and structured walk-through testing d. Checklist testing and full-interruption testing

c. The checklist testing can ensure that all the items on the checklists have been reviewed and considered. During structured walk-through testing, the team members meet and walk through the specific steps of each component of the disaster recovery process and find gaps and overlaps. Simulation testing simulates a disaster during nonbusiness hours, so normal operations will not be interrupted. Full-interruption testing is not recommended because it activates the total disaster recovery plan. This test is costly and disruptive to normal operations and requires senior management's special approval.

The decision to fully activate a disaster recovery plan is made immediately: a. After notifying the disaster b. Before damage control c. After damage assessment and evaluation d. Before activating emergency systems

c. The decision to activate a disaster recovery plan is made after damage assessment and evaluation is completed. This is because the real damage from a disaster could be minor or major where the latter involves full activation only after damage assessment and evaluation. Minor damages may not require full activation as do the major ones. The decision to activate should be based on cost-benefit analysis. A list of equipment, software, forms, and supplies needed to operate contingency category I (high priority) applications should be available to use as a damage assessment checklist.

The final consideration in the disaster recovery strategy must be which of the following? a. Criticality of data and systems b. Availability of data and systems c. Final costs and benefits d. Recovery time objective requirements

c. The final consideration in the disaster recovery strategy must be final costs and benefits; although, cost and benefit data is considered initially. No prudent manager or executive would want to spend ten dollars to obtain a one dollar benefit. When costs exceed benefits, some managers accept the risk and some do not. Note that it is a human tendency to understate costs and overstate benefits. Some examples of costs include loss of income from loss of sales, cost of not meeting legal and regulatory requirements, cost of not meeting contractual and financial obligations, and cost of loss of reputation. Some examples of benefits include assurance of continuity of business operations, ability to make sales and profits, providing gainful employment, and satisfying internal and external customers and other stakeholders. The recovery strategy must meet criticality and availability of data and systems and recovery time objective (RTO) requirements while remaining within the cost and benefit guidelines.

The first step in successfully protecting and backing up information in distributed computing environments is to determine data: a. Availability requirements b. Accessibility requirements c. Inventory requirements d. Retention requirements

c. The first step toward protecting data is a comprehensive inventory of all servers, workstations, applications, and user data throughout the organization. When a comprehensive study of this type is completed, various backup, access, storage, availability, and retention strategies can be evaluated to determine which strategy best fits the needs of an organization.

After a disaster, at what stage should application systems be recovered? a. To the last online transaction completed b. To the last batch processing prior to interruption c. To the actual point of interruption d. To the last master file update prior to interruption

c. The goal is to capture all data points necessary to restart a system without loss of any data in the work-in-progress status. The recovery team should recover all application systems to the actual point of the interruption. The other three choices are incorrect because there could be a delay in processing or posting data into master files or databases depending on their schedules.

Rank the following objectives of a disaster recovery plan (DRP) from most to least important: 1. Minimize the disaster's financial impact on the organization. 2. Reduce physical damage to the organization's property, equipment, and data. 3. Limit the extent of the damage and thus prevent the escalation of the disaster. 4. Protect the organization's employees and the general public. a. 1, 2, 3, and 4 b. 3, 2, 1, and 4 c. 4, 1, 3, and 2 d. 4, 2, 1, and 3

c. The health and safety of employees and general public should be the first concern during a disaster situation. The second concern should be to minimize the disaster's economic impact on the organization in terms of revenues and sales. The third concern should be to limit or contain the disaster. The fourth concern should be to reduce physical damage to property, equipment, and data.

Which of the following natural disasters come with an advanced warning sign? a. Earthquakes and tornadoes b. Tornadoes and hurricanes c. Hurricanes and floods d. Floods only

c. The main hazards caused by hurricanes most often involve the loss of power, flooding, and the inability to access facilities. Businesses may also be impacted by structural damage as well. Hurricanes are the only events that give advanced warnings before the disaster strikes. Excessive rains lead to floods. Earthquakes do not give advanced warnings. Tornado warnings exist but provide little advance warning, and they are often inaccurate.

Rank the following benefits to be realized from a comprehensive disaster recovery plan (DRP) from most to least important: 1. Reduce insurance costs. 2. Enhance physical and data security. 3. Provide continuity of organization's operations. 4. Improve protection of the organization's assets. a. 1, 2, 3, and 4 b. 3, 2, 1, and 4 c. 3, 4, 2, and 1 d. 4, 2, 3, and 1

c. The most important benefit of a comprehensive disaster recovery plan is to provide continuity of operations followed by protection of assets, increased security, and reduced insurance costs. Assets can be acquired if the business is operating and profitable. There is no such thing as 100 percent security. A company can assume self-insurance.

Which of the following is most important in developing contingency plans for information systems and their facilities? a. Criteria for content b. Criteria for format c. Criteria for usefulness d. Criteria for procedures

c. The only reason for creating a contingency plan is to provide a document and procedure that will be useful in time of emergency. If the plan is not designed to be useful, it is not satisfactory. Suggestions for the plan content and format can be described, but no two contingency plans will or should be the same.

The main body of a contingency or disaster recovery plan document should not address which of the following? a. What? b. When? c. How? d. Who?

c. The plan document contains only the why, what, when, where, and who, not how. The how deals with detailed procedures and information required to carry out the actions identified and assigned to a specific recovery team. This information should not be in the formal plan because it is too detailed and should be included in the detail reference materials as an appendix to the plan. The why describes the need for recovery, the what describes the critical processes and resource requirements, the when deals with critical time frames, the where describes recovery strategy, and the who indicates the recovery team members and support organizations. Keeping the how information in the plan document confuses people, making it hard to understand and creating a maintenance nightmare.

Which of the following contingency plan test results is most meaningful? a. Tests met all planned objectives in restoring all database files. b. Tests met all planned objectives in using the latest version of the operating systems software. c. Tests met all planned objectives using files recovered from backups. d. Tests met all planned objectives using the correct version of access control systems software.

c. The purpose of frequent disaster recovery tests is to ensure recoverability. Review of test results should show that the tests conducted met all planned objectives using files recovered from the backup copies only. This is because of the no backup, no recovery principle. Recovery from backup also shows that the backup schedule has been followed regularly. Storing files at a secondary location (offsite) is preferable to the primary location (onsite) because it ensures continuity of business operations if the primary location is destroyed or inaccessible.

Disaster notification fees are part of which of the following cost categories associated with alternative computer processing support? a. Initial costs b. Recurring operating costs c. Activation costs d. Development costs

c. There are three basic cost elements associated with alternate processing-support: initial costs, recurring operating costs, and activation costs. The first two components are incurred whether the backup facility is put into operation; the last cost component is incurred only when the facility is activated. The initial costs include the cost of initial setup, including membership, construction or other fees. Recurring operating costs include costs for maintaining and operating the facility, including rent, utilities, repair, and ongoing backup operations. Activation costs include costs involved in the actual use of the backup capability. This includes disaster notification fees, facility usage charges, overtime, transportation, and other costs.

Regarding BCP and DRP, critical measurements in business impact analysis (BIA) include which of the following? a. General support system objectives b. Major application system objectives c. Recovery time objectives and recovery point objectives d. Uninterruptible power supply system objectives

c. Two critical measurements in business impact analysis (BIA) include recovery time objectives (RTOs) and recovery point objectives (RPOs). Usually, systems are classified as general support systems (for example, networks, servers, computers, gateways, and programs) and major application systems (for example, billing, payroll, inventory, and personnel system). Uninterruptible power supply (UPS) system is an auxiliary system supporting general systems and application systems. Regardless of the nature and type of a system, they all need to fulfill the RTOs and RPOs to determine their impact on business operations.

Regarding BCP and DRP, which of the following is not an element of risk? a. Threats b. Assets c. Costs d. Mitigating factors

c. Whether it is BCP/DRP or not, the three elements of risk include threats, assets, and mitigating factors. Risks result from events and their surroundings with or without prior warnings, and include facilities risk, physical and logical security risk, reputation risk, network risk, supply-chain risk, compliance risk, and technology risk. Threat sources include natural (for example, fires and floods), man-made attacks (for example, social engineering), technology-based attacks (DoS and DDoS), and intentional attacks (for example, sabotage). Assets include people, facilities, equipment (hardware), software, and technologies. Controls in the form of physical protection, logical protection, and asset protection are needed to avoid or mitigate the effects of risks. Some examples of preventive controls include passwords, smoke detectors, and firewalls and some examples of reactive/recovery controls include hot sites and cold sites. Costs are the outcomes or byproducts of and derived from threats, assets, and mitigating factors, which should be analyzed and justified along with benefits prior to the investment in controls.

Disaster recovery strategies must consider or address which of the following? 1. Recovery time objective 2. Disruption impacts 3. Allowable outage times 4. Interdependent systems a. I only b. 1 and 2 c. 1, 2, and 3 d. 1, 2, 3, and 4

d. A disaster recovery strategy must be in place to recover and restore data and system operations within the recovery time objective (RTO) period. The strategies should address disruption impacts and allowable outage times identified in the business impact analysis (BIA). The chosen strategy must also be coordinated with the IT contingency plans of interdependent systems. Several alternatives should be considered when developing the strategy, including cost, allowable outage times, security, and integration into organization-level contingency plans.

All of the following are key stakeholders in the disaster recovery process except: a. Employees b. Customers c. Suppliers d. Public relations officers

d. A public relations (PR) officer is a company's spokesperson and uses the media as a vehicle to consistently communicate and report to the public, including all stakeholders, during pre-crisis, interim, and post-crisis periods. Hence, the PR officer is a reporter, not a stakeholder. Examples of various media used for crisis notification include print, radio, television, telephone (voice mail and text messages), post office (regular mail), the Internet (for example, electronic mail and blogs), and press releases or conferences. The other stakeholders (for example, employees, customers, suppliers, vendors, labor unions, investors, creditors, and regulators) have a vested interest in the positive and negative effects and outcomes, and are affected by a crisis situation, resulting from the disaster recovery process.

Regarding contingency planning, which of the following IT platforms requires vendor service-level agreements? a. Desktop computers b. Servers c. Distributed systems d. Wide-area networks

d. A wide-area network (WAN) is a data communications network that consists of two or more local-area networks (LANs) that are dispersed over a wide geographical area. WAN communication links, usually provided by a public carrier, enable one LAN to interact with other LANs. Service-level agreements (SLAs) can facilitate prompt recovery following software or hardware problems associated with the network. An SLA also may be developed with the network service provider (NSP) or the Internet service provider (ISP) to guarantee the desired network availability and establish tariffs if the vendor's network is unavailable. Desktop computers, servers, and distributed system are not as complicated as WANs requiring SLAs.

Which of the following can be called the disaster recovery plan of last resort? a. Contract with a recovery center b. Demonstration of the recovery center's capabilities c. Tour of the recovery center d. Insurance policy

d. According to insurance industry estimates, every dollar of insured loss is accompanied by three dollars of uninsured economic loss. This suggests that companies are insured only for one-third of the potential consequences of a disaster and that insurance truly is a disaster recovery plan of last resort.

Which of the following is of least concern in a local-area network contingency plan? a. Application systems are scheduled for recovery based on their priorities. b. Application systems are scheduled for recovery based on the urgency of the information. c. Application systems are scheduled for recovery based on a period of downtime acceptable to the application users. d. Application systems are scheduled for recovery based on a period of downtime tolerable to the application programmers.

d. An alternative location is needed to ensure that critical applications can continue to be processed when the local-area network (LAN) is unavailable for an extended period of time. Application systems should be scheduled for recovery and operation at the alternative site, based on their priority, the urgency of the information, and the period of downtime considered acceptable by the application users. It does not matter what the application programmers consider acceptable because they are not the direct users of the system.

Which of the following is the best form of a covered loss insurance policy? a. A basic policy b. A broad policy c. A special all-risk policy d. A policy commensurate with risks

d. Because insurance reduces or eliminates risk, the best insurance is the one commensurate with the most common types of risks to which a company is exposed. The other three choices are incorrect. A basic policy covers specific named perils including fire, lightning, and windstorm. A broad policy covers additional perils such as roof collapse and volcanic action. A special all-risk policy covers everything except specific exclusions named in the policy.

Organizations practice contingency plans because it makes good business sense. Which of the following is the correct sequence of steps involved in the contingency planning process? 1. Anticipating potential disasters 2. Identifying the critical functions 3. Selecting contingency plan strategies 4. Identifying the resources that support the critical functions a. 1, 2, 3, and 4 b. 1, 3, 2, and 4 c. 2, 1, 4, and 3 d. 2, 4, 1, and 3

d. Contingency planning involves more than planning for a move offsite after a disaster destroys a data center. It also addresses how to keep an organization's critical functions operating in the event of disruptions, both large and small. This broader perspective on contingency planning is based on the distribution of computer support throughout an organization. The correct sequence of steps is as follows: Identify the mission or business or critical functions. Identify the resources that support the critical functions. Anticipate potential contingencies or disasters. Select contingency planning strategies.

Which of the following may not reduce the recovery time after a disaster strikes? a. Writing recovery scripts b. Performing rigorous testing c. Refining the recovery plans d. Documenting the recovery plans

d. Documenting the recovery plan should be done first and be available to use during a recovery as a guidance. The amount of time and effort in developing the plan has no bearing on the real recovery from a disaster. On the other hand, the amount of time and effort spent on the other three choices and the degree of perfection attained in those three choices will definitely help in reducing the recovery time after a disaster strikes. The more time spent on these three choices, the better the quality of the plan. The key point is that documenting the recovery plan alone is not enough because it is a paper exercise, showing guidance. The real benefit comes from careful implementation of that plan in actions.

All the following are objectives of emergency response procedures except: a. Protect life b. Control losses c. Protect property d. Maximize profits

d. Emergency response procedures are those procedures initiated immediately after an emergency occurs to protect life, protect property, and minimize the impact of the emergency (loss control). Maximizing profits can be practiced during nonemergency times but not during an emergency.

Which of the following is not an example of procedure-oriented disaster prevention activity? a. Backing up current data and program files b. Performing preventive maintenance on computer equipment c. Testing the disaster recovery plan d. Housing computers in a fire-resistant area

d. Housing computers in a fire-resistant area is an example of a physically oriented disaster prevention category, whereas the other three choices are examples of procedure-oriented activities. Procedure-oriented actions relate to tasks performed on a day-to-day, month-tomonth, or annual basis or otherwise performed regularly. Housing computers in a fire-resistant area with a noncombustible or charged sprinkler area is not regular work. It is part of a major computer-center building construction plan.

Which of the following is the most important outcome from contingency planning tests? a. The results of a test should be viewed as either pass or fail. b. The results of a test should be viewed as practice for a real emergency. c. The results of a test should be used to assess whether the plan worked or did not work. d. The results of a test should be used to improve the plan.

d. In the case of contingency planning, a test should be used to improve the plan. If organizations do not use this approach, flaws in the plan may remain hidden or uncorrected. Although the other three choices are important in their own way, the most important outcome is to learn from the test results in order to improve the plan next time, which is the real benefit.

Which of the following ensures the successful completion of tasks in the development of business continuity and disaster recovery plans? a. Defining individual roles b. Defining operational activities c. Assigning individual responsibility d. Exacting individual accountability

d. It is important to ensure that individuals responsible for the various business continuity and contingency planning activities are held accountable for the successful completion of individual tasks and that the core business process owners are responsible and accountable for meeting the milestones for the development and testing of contingency plans for their core business processes.

Which of the following is a prerequisite to developing a disaster recovery plan? a. Business impact analysis b. Cost-benefit analysis c. Risk analysis d. Management commitment

d. Management commitment and involvement are always needed for any major programs, and developing a disaster recovery plan is no exception. Better commitment leads to greater funding and support. The other three choices come after management commitment.

Which of the following computing backup facilities has a cost advantage? a. Shared contingency centers b. Hot sites c. Cold sites d. Reciprocal agreements

d. Reciprocal agreements do not require nearly as much advanced funding as do commercial facilities. They are inexpensive compared to other three choices where the latter are commercial facilities. However, cost alone should not be the overriding factor when making backup facility decisions.

Which of the following tasks is not a part of disaster recovery planning (DRP)? a. Restoration procedures b. Procuring the needed equipment c. Relocating to a primary processing site d. Selecting an alternate processing site

d. Tasks are different between business continuity plan (BCP) and disaster recovery planning (DRP) because of timing of those tasks. For example, selecting an alternative processing site should be planned out prior to a disaster, which is a part of a BCP. The other three choices are a part of DRP. Note that DRP is associated with data processing and BCP refers to actions that keep the business running in the event of a disruption, even if it is with pencil and paper.

Regarding contingency planning, which of the following actions are performed when malicious attacks compromise the confidentiality or integrity of an information system? 1. Graceful degradation 2. System shutdown 3. Fallback to manual mode 4. Alternate information flows a. 1 and 2 b. 2 and 3 c. 3 and 4 d. 1, 2, 3, and 4

d. The actions to perform during malicious attacks compromise the confidentiality or integrity of the information system include graceful degradation, information system shutdown, fallback to a manual mode, alternative information flows, or operating in a mode that is reserved solely for when the system is under attack.

When comparing alternative computer processing facilities, the major objective is to select the alternative with the: a. Largest annualized profit b. Largest annualized revenues c. Largest incremental expenses d. Smallest annualized cost

d. The major objective is to select the best alternative facility that meets the organization's recovery needs. An annualized cost is obtained by multiplying the annual frequency with the expected dollar amount of cost. The product should be a small figure.

The post-incident review report after a disaster should not focus on: a. What happened? b. What should have happened? c. What should happen next? d. Who caused it?

d. The post-incident review after a disaster has occurred should focus on what happened, what should have happened, and what should happen next, but not on who caused it. Blaming people will not solve the problem.

The least costly test approach for contingency plans is which of the following? a. Full-scale testing b. Pilot testing c. Parallel testing d. End-to-end testing

d. The purpose of end-to-end testing is to verify that a defined set of interrelated systems, which collectively support an organizational core business area or function, interoperate as intended in an operational environment. Generally, end-to-end testing is conducted when one major system in the end-to-end chain is modified or replaced, and attention is rightfully focused on the changed or new system. The boundaries on end-to-end tests are not fixed or predetermined but rather vary depending on a given business area's system dependencies (internal and external) and the criticality to the mission of the organization. Full-scale testing is costly and disruptive, whereas end-to-end testing is least costly. Pilot testing is testing one system or one department before testing other systems or departments. Parallel testing is testing two systems or two departments at the same time.

A full-scale testing of application systems cannot be accomplished in which of the following alternative computing backup facilities? a. Shared contingency centers and hot sites b. Dedicated contingency centers and cold sites c. Hot sites and reciprocal agreements d. Cold sites and reciprocal agreementsxpose

d. The question is asking about the two alternative computing facilities that can perform full-scale testing. Cold sites do not have equipment, so full-scale testing cannot be done until the equipment is installed. Adequate time may not be allowed in reciprocal agreements due to time pressures and scheduling conflicts between the two parties. Full-scale testing is possible with shared contingency centers and hot sites because they have the needed equipment to conduct tests. Shared contingency centers are essentially the same as dedicated contingency centers. The difference lies in the fact that membership is formed by a group of similar organizations which use, or could use, identical hardware.

Which of the following disaster scenarios is commonly n o t considered during the development of disaster recovery and contingency planning? a. Network failure b. Hardware failure c. Software failure d. Failure of the local telephone company

d. Usually, telephone service is taken for granted by the recovery team members that could negatively affect Voice over Internet Protocol (VoIP) services. Consequently, it is not addressed in the planning stage. However, alternative phone services should be explored. The other three choices are usually considered due to familiarity and vendor presence.

Which of the following information technology (IT) contingency solution for servers minimizes the recovery time window? a. Electronic vaulting b. Remote journaling c. Load balancing d. Disk replication

d. With disk replication, recovery windows are minimized because data is written to two different disks to ensure that two valid copies of the data are always available. The two disks are called the protected server (the main server) and the replicating server (the backup server). Electronic vaulting and remote journaling are similar technologies that provide additional data backup capabilities, with backups made to remote tape or disk drives over communication links. Load balancing increases server and application system availability.