Security policies Chapter 4

Ace your homework & exams now with Quizwiz!

A disaster recovery plan (DRP) directs the actions necessary to recover resources after a disaster.

True

Business Continuity plan

A written plan for a structured response to any events that result in an interruption to critical business activities or functions. A BIA defines the resources

Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort?

Business Continuity Plan (BCP)

What is the first step in a disaster recovery effort?

Ensure that everyone is safe

Which one of the following is an example of a direct cost that might result from a business disruption?

Facility repair

Continuity of critical business functions and operations is the priority in a well-balanced business continuity plan (BCP)

False

The term risk methodology refers to a list of identified risks that results from the risk-identification process.

False (A description of how you will manage risk)

Which one of the following is an example of a reactive disaster recovery control?

Moving to a warm site

Holly would like to run an annual major disaster recovery test that is a thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is the best in this scenario?

Parallel test

Alan is developing a business impact assessment for his organization. He is working with business units to determine the maximum allowable time to recover a particular function. What value is Alan determining?

Recovery time objective (RTO)

Which formula is typically used to describe the components of information security risks?

Risk = Threat X Vulnerability

Earl is preparing a risk register for his organization's management program. Which data element is LEAST likely to be included in a risk register?

Risk survey results

As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct?

Simulation test ( Checklist test- Simplest Structured walk-through- Checklist with role playing Parallel test- Alternate data center without interrupting the primary. Full-interruption test)

The business impact analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary.

True

The recovery point objective (RPO) is the maximum amount of data loss that is acceptable.

True

The term risk management describers the process of identifying, assessing, prioritizing, and addressing risks.

True

Dawn is selecting an alternative processing facility for her organization's primary data center. She would like to have a facility that balances costs and switch-over time. What would be the best option in this situation?

Warm site

Regarding data center alternatives for disaster recovery, a mobile site is the least expensive option but at the cost of the longest switch-over time

False

Most enterprises are well prepared for a disaster should one occur

False

The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks.

True


Related study sets

Champions A Set 5 Example Sentences

View Set

What are the main advantages and disadvantages of experiments?

View Set

ECO2013 Chapter 16 Monetary System

View Set

Comparative Politics Exam 1 Nunes

View Set

Essentials of Health Information of Management (Principles & Practices: Chapter 7

View Set