Information Security And Risk Management
Chapter 13
QUESTION 1
1. It is dangerous to assume anything when creating a BCP, because assumptions are rarely accurate.
True
False
0.10000 points
QUESTION 2
1. Who coordinates the actions of the DAT and works closely with the EMT lead and BCP coordinator?
DAT coordinator | ||
TRT lead | ||
BCP PM | ||
DAT lead |
0.10000 points
QUESTION 3
1. What is NOT one of the three commonly used BCP teams?
technical recovery | ||
emergency management | ||
critical contractor | ||
damage assessment |
0.10000 points
QUESTION 4
1. All critical systems should be included in a BCP.
True
False
0.10000 points
QUESTION 5
1. Even though the BIA identifies priorities, it is common to reaffirm them in a BCP.
True
False
0.10000 points
QUESTION 6
1. What correctly lists the overall steps of a BCP?
purpose; scope; assumptions and planning principles; system descriptions and architecture; responsibilities; provide training; test and exercise plans; maintain and update plans | ||
charter the BCP and create scope statements; complete the BIA; identify countermeasures and controls; develop individual DRPs; provide training; test and exercise plans; maintain and update plans | ||
charter the BCP and create scope statements; complete the BIA; identify countermeasures and controls; develop individual DRPs; notification/activation phase; recovery phase; reconstitution phase; plan training, testing, and exercises; plan maintenance | ||
purpose; scope; assumptions and planning principles; system descriptions and architecture; responsibilities; notification/activation phase; recovery phase; reconstitution phase; plan training, testing, and exercises; plan maintenance |
0.10000 points
QUESTION 7
1. The overview section provides a description of the CBFs.
True
False
0.10000 points
QUESTION 8
1. Who coordinates the actions of the EMT and works closely with the DAT lead and BCP coordinator?
EMT lead | ||
BCP PM | ||
EMT coordinator | ||
TRT lead |
0.10000 points
QUESTION 9
1. If a disruption occurs during work hours, then the BCP PM will probably be on the scene quickly. If the disruption occurs after hours, then the BCP PM should be contacted first thing the next business day.
True
False
0.10000 points
QUESTION 10
1. When is the notification/activation phase?
when the BCP CM declares it so | ||
the first step of a BCP | ||
depends on the type of interruption | ||
when the disruption has occurred or is imminent |
0.10000 points
QUESTION 11
1. Criticality of operations identifies the order of importance of each of the seven domains of the typical IT infrastructure.
True
False
0.10000 points
QUESTION 12
1. If a system houses data, you need to ensure that data is protected according to _______.
the C-I-A triad | ||
the BCP’s scope | ||
its criticality | ||
its level of classification |
0.10000 points
QUESTION 13
1. The functional description builds on the __________.
strategy | ||
overview | ||
BIA | ||
system description and architecture |
0.10000 points
QUESTION 14
1. What is the overall goal of BCP exercises?
to ensure continued operations after a disruption or disaster | ||
to demonstrate how the BCP will work | ||
to verify that the BCP will work as planned | ||
to teach people the details of the BCP |
0.10000 points
QUESTION 15
1. When an emergency is declared, the ____________ usually contact(s) appropriate teams or team leads.
BCP PM | ||
stakeholders | ||
BCP coordinator | ||
department heads |
0.10000 points
QUESTION 16
1. Training should be conducted at least annually.
True
False
0.10000 points
QUESTION 17
1. The TRT lead needs to be very familiar with existing DRPs and may have even authored them.
True
False
0.10000 points
QUESTION 18
1. What is the purpose of a BCP?
to ensure that mission-critical elements of an organization continue to operate after a disruption | ||
to ensure that mission-critical elements of an organization are properly restored after a disruption | ||
to prevent loss of mission-critical activities of organization employees in case of a disruption | ||
to identify mission-critical elements of an organization in case of a disruption |
0.10000 points
QUESTION 19
1. Some personnel can be deemed mission-critical.
True
False
0.10000 points
QUESTION 20
1. Having supplies on hand for continued production _______________.
is a best practice in the creation and implementation of a BCP | ||
may be preferable to having an organization obtain parts and supplies as needed | ||
may conflict with other organizational planning principles | ||
is the definition of a just-in-time philosophy |
0.10000 points
Click Save and Submit to save and submit. Click Save All Answers to save all answers.
Chapter 12
QUESTION 1
1. Every resource has an MAO and an impact if it fails.
True
False
0.10000 points
QUESTION 2
1. What is NOT a direct cost?
equipment replacement costs | ||
building replacement costs | ||
penalty costs for noncompliance issues | ||
penalty costs for nonrepudiation issues |
0.10000 points
QUESTION 3
1. A BIA is intended to include all IT functions.
True
False
0.10000 points
QUESTION 4
1. Choose the answer that correctly lists the seven steps of a BIA.
develop the contingency planning policy statement; conduct the business impact analysis; identify preventive controls; identify critical resources; identify the maximum downtime; identify recovery priorities; and develop the BIA report | ||
identify the environment; identify stakeholders; identify critical business functions; identify critical resources; identify the maximum downtime; identify recovery priorities; and develop the BIA report | ||
develop the contingency planning policy statement; conduct the business impact analysis; identify preventive controls; create contingency strategies; develop an information system contingency plan; ensure plan testing, training, and exercises; and ensure plan maintenance | ||
identify the environment; identify stakeholders; identify critical business functions; create contingency strategies; develop an information system contingency plan; ensure plan testing, training, and exercises; and ensure plan maintenance |
0.10000 points
QUESTION 5
1. The seven steps of a BIA are the same as the seven steps of contingency planning.
True
False
0.10000 points
QUESTION 6
1. You are a stakeholder who has just designated a function as critical. What must you do now?
Dedicate resources to protect the function. | ||
Perform a CBA. | ||
Evaluate vulnerabilities. | ||
Bring it up in the next meeting. |
0.10000 points
QUESTION 7
1. What is NOT one of the steps of contingency planning?
identifying assets | ||
ensuring plan maintenance | ||
conducting the business impact analysis | ||
creating contingency strategies |
0.10000 points
QUESTION 8
1. A BIA is concerned with identifying and implementing recovery methods.
True
False
0.10000 points
QUESTION 9
1. Once you identify CBFs and critical business processes, you need to map them to a BIA.
True
False
0.10000 points
QUESTION 10
1. BIAs identify an impact that can result from ____________.
uncontrolled vulnerabilities | ||
disruptions in a business | ||
failure of a DMZ | ||
threats to the IT infrastructure |
0.10000 points
QUESTION 11
1. RPO stands for ____________.
recovery point objective | ||
recovery program objective | ||
recovery policy objective | ||
recovery product objective |
0.10000 points
QUESTION 12
1. Questionnaires, forms, and surveys are the standard way to collect data for a BIA.
True
False
0.10000 points
QUESTION 13
1. What is NOT an indirect cost?
loss of goodwill | ||
costs to re-create or recover data | ||
lost opportunities during recovery | ||
costs to regain market share |
0.10000 points
QUESTION 14
1. What does POCs stand for?
policies of compliance | ||
procedures of control | ||
policies of control | ||
system points of contact |
0.10000 points
QUESTION 15
1. What acronym is NOT a critical term when working with BIAs?
MAO | ||
CBA | ||
CBF | ||
CSF |
0.10000 points
QUESTION 16
1. For a BIA, the step of “identifying the environment” means having a good understanding of the business function.
True
False
0.10000 points
QUESTION 17
1. Low RTOs are _______ but _______.
unachievable, ideal | ||
elusive, maintainable | ||
achievable, costly | ||
risky, high-yield |
0.10000 points
QUESTION 18
1. RTO stands for ________.
recovery time obstacle | ||
repair transfer objective | ||
repair task objective | ||
recovery time objective |
0.10000 points
QUESTION 19
1. What is NOT a best practice when performing a BIA?
using a top-down approach | ||
starting with clear objectives | ||
plan interviews and meetings in advance | ||
performing a CBA |
0.10000 points
QUESTION 20
1. There are seven steps of contingency planning.
True
False
0.10000 points
Click Save and Submit to save and submit. Click Save All Answers to save all answers.
Lab 7
QUESTION 1
1. True or False: the BIA is similar to conducting a risk assessment except that it is focused on identifying critical, major and minor business functions and operations.
True
False
0.25000 points
QUESTION 2
1. True or False: the larger the RTO and RPO maximum allowable time, the potentially more expensive the solution.
True
False
0.25000 points
QUESTION 3
1. What is the proper sequence of development and implementation for the following?
1. Risk Management plan, 2. Business Impact Analysis, 3. Business Continuity plan, then 4. Disaster Recovery plan. | ||
1. Business Continuity plan, 2. Business Impact Analysis, 3. Disaster Recovery plan, then 4. Risk Management plan. | ||
1. Risk Management plan, 2. Business Continuity plan, 3. Business Impact Analysis, then 4. Disaster Recovery plan. | ||
1. Business Continuity plan, 2. Risk Management plan, 3.Business Impact Analysis, then 4. Disaster Recovery plan. |
0.25000 points
QUESTION 4
1. True or False: Customer Service business functions typically have a short RTO and RPO maximum allowable time objective.
True
False
0.25000 points
QUESTION 5
1. True or False: RTO is what the organization defines as the minimum allowable or acceptable downtime.
True
False
0.25000 points
QUESTION 6
1. True or False: The BIA’s goal and purpose is to identify IT Infrastructure components that are critical to the organization.
True
False
0.25000 points
QUESTION 7
1. True or False: If the RPO metric does not equal the RTO, you can potentially lose data that might not be backed up.
True
False
0.25000 points
QUESTION 8
1. True or False: The BIA helps define the scope and priorities of the Business Continuity plan and the Disaster Recovery plan.
True
False
0.25000 points
Click Save and Submit to save and submit. Click Save All Answers to save all answers.
Lab 8
1. True or False: Disaster Planning is not part of the BCP?
True
False
0.25000 points
QUESTION 2
1. Which of the following should develop and participate in an organization’s BCP?
All of the above | ||
Executive Management | ||
Human Resources | ||
IT |
0.25000 points
QUESTION 3
1. True or False: a BIA helps define the scope of the BCP itself.
True
False
0.25000 points
QUESTION 4
1. True or False: the BCP should be updated at least once a year.
True
False
0.25000 points
QUESTION 5
1. Which of the following is NOT true. A BCP helps mitigate the risk of:
Lengthy IT system outages. | ||
Losing human life. | ||
Lost revenue and lost intellectual property assets. | ||
All of the above are True |
0.25000 points
QUESTION 6
1. True or False: The purpose of having documented IT system, application and data recovery procedures/steps is to help achieve the RTO defined by executive management?
True
False
0.25000 points
QUESTION 7
1. True or False: you still need a BCP or DRP if you have business liability insurance, asset replacement insurance and natural disaster insuranc
True
False
0.25000 points
QUESTION 8
1. True or False: If a business cannot operate, the BCP assists in bringing the business back to life and operational readiness.
True
False
0.25000 points
Click Save and Submit to save and submit. Click Save All Answers to save all answers.