[8] CISSP – MCQ – Business Continuity Planning and Disaster Recovery Planning

This article offers you a solid foundation for the Certified Information Systems Security Professional (CISSP) exam. This article is designed for readers and students who want to study for the CISSP certification exam.

The CISSP exam is governed by the International Information Systems Security Certification Consortium, Inc. (ISC)2 organization.

1. CISSP – MCQ – Security Management Practices
2. CISSP – MCQ – Access Control Systems
3. CISSP – MCQ – Telecommunications and Network Security
4. CISSP – MCQ – Cryptography
5. CISSP – MCQ – Security Architecture and models
6. CISSP – MCQ – Operations Security
7. CISSP – MCQ – Applications and Systems Development
8. CISSP – MCQ – Business Continuity Planning and Disaster Recovery Planning
9. CISSP – MCQ – Law, Investigation and Ethics
10. CISSP – MCQ – Physical Security
11. CISSP – MCQ – Systems Security Engineering
12. CISSP – MCQ – Certification and Accreditation
13. CISSP – MCQ – Technical Management
14. CISSP – MCQ – U.S. Government Information Assurance (IA) Regulations

(ISC)2 is a global not-for-profit organization. It has four primary mission goals:

• Maintain the Common Body of Knowledge for the field of information systems security
• Provide certification for information systems security professionals and practitioners
• Conduct certification training and administer the certification exams
• Oversee the ongoing accreditation of qualified certification candidates through continued education

In this article, all the questions are related to “Operations Security” and are as follows:

1) Which choice below is the first priority in an emergency?

• Communicating to employees’ families the status of the emergency
• Notifying external support resources for recovery and restoration
• Protecting the health and safety of everyone in the facility
• Warning customers and contractors of a potential interruption of service

2) Which choice below is NOT considered an appropriate role for senior management in the business continuity and disaster recovery process?

• Delegate recovery roles
• Publicly praise successes
• Closely control media and analyst communications.
• Assess the adequacy of information security.
• Closely control media and analyst communications.
• Assess the adequacy of information security during the disaster recovery.

3) Why is it so important to test disaster recovery plans frequently?

• The businesses that provide subscription services might have changed ownership.
• A plan is not considered viable until a test has been performed.
• Employees might get bored with the planning process.
• Natural disasters can change frequently.

4) Which disaster recovery/emergency management plan-testing type below is considered the most cost-effective and efficient way to identify areas of over-lap in the plan before conducting more demanding training exercise?

• Full-scale exercise
• Walk-through drill
• Table-top exercise test
• Evacuation drill

5) Which type of backup subscription service will allow a business to recover quickest?

• A hot site
• A mobile or rolling backup service
• A cold site
• A warm site

6) Which choice below represents the most important first step in creating a business resumption plan?

• Performing a risk analysis
• Obtaining senior management support
• Analyzing the business impact
• Planning recovery strategies

7) What could be a major disadvantage to a mutual aid or reciprocal type of backup service agreement?

• It is free or at a low cost to the organization.
• The use of prefabricated buildings makes recovery easier.
• In a major emergency, the site might not have the capacity to handle the operations required.
• Annual testing by the Info Tech department is required to maintain the site.

8) In developing an emergency or recovery plan, which choice below would NOT be considered a short-term objective?

• Priorities for restoration
• Acceptable downtime before restoration
• Minimum resources needed to accomplish the restoration
• The organization’s strategic plan

9) When is the disaster considered to be officially over?

• When the danger has passed and the disaster has been contained.
• When the organization has processing up and running at the alternate site.
• When all of the elements of the business have returned to normal functioning at the original site.
• When all employees have been financially reimbursed for their expenses.

10) When should the public and media be informed about a disaster?

• Whenever site emergencies extend beyond the facility.
• When any emergency occurs at the facility, internally or externally.
• When the public’s health or safety is in danger.
• When the disaster has been contained.

11) What is the number one priority of disaster response?

• Resuming transaction processing.
• Personnel safety.
• Protecting the hardware.
• Protecting the software.

12) Which Choice below is the BEST description of the critically prioritization goal of the Business Impact Assessment (BIA) process?

• The identification and prioritization of every critical business unit process
• The identification of the resource requirements of the critical business unit processes
• The estimation of the maximum downtime the business can tolerate.
• The presentation of the documentation of the results of the BIA

13) Which choice below most accurately describes a business impact analysis (BIA)?

• A program that implements the strategic goals of the organization
• A management-level analysis that identifies the impact of losing an entity’s resources
• A prearranged agreement between two or more entities to provide assistance
• Activities designed to return an organization to an acceptable operating condition

14) What is considered the major disadvantage to employing a hot site for disaster recovery?

• Exclusivity is assured for processing at the site.
• Maintaining the site is expensive.
• The site is immediately available for recovery.
• Annual testing is required to maintain the site.

15) Which choice below is NOT considered an appropriate role for Financial Management in the business continuity and disaster recovery process?

• Tracking the recovery costs.
• Monitoring employee morale and guarding against employee burnout.
• Formally notifying insurers of claims.
• Reassessing cash flow projections.

16) Which choice below is the MOST accurate description of a warm site?

• A backup processing facility with adequate electrical wiring and air conditioning but no hardware or software installed.
• A backup processing facility with most hardware and software installed, which can be operational within a matter of days.
• A backup processing facility with all hardware and software installed and 100% compatible with the original site, operational within hours.
• A mobile trailer with portable generators and air conditioning.

17) Which of the following is NOT one of the five disaster recovery plan testing types?

• Simulation
• Checklist
• Mobile
• Full Interruption

18) Which choice below is an example of a potential hazard due to a technological event, rather than a human event?

• Sabotage
• Financial collapse
• Mass hysteria
• Enemy attack

19) Which of the following is NOT considered an element of a backup alternative?

• Electronic vaulting
• Remote journaling
• Warm site
• Checklist

20) Which choice below refers to a business asset?

• Events or situations that could cause a financial or operational impact to the Organization.
• Protection devices or procedures in place that reduce the effects of threats.
• Competitive advantage, credibility, or good will.
• Personnel compensation and retirement programs.

21) Which statement below is NOT correct regarding the role of the recovery team during the disaster?

• The recovery team must be the same as the salvage team as they perform the same function.
• The recovery team is often separate from the salvage team as they perform different duties.
• The recovery team’s primary task is to get predefined critical business functions operating at the alternate processing site.
• The recovery team will need full access to all backup media.

22) Which choice below is NOT considered an appropriate role for senior management in the business continuity and disaster recovery process?

• Delegate recovery roles
• Publicly praise successes
• Closely control media and analyst communications
• Assess the adequacy of information security during the disaster recovery

23) Which choice below is incorrect regarding when a BCP, DRP, or emergency management plan should be evaluated and modified?

• Never; once it has been fully tested it should not be changed.
• Annually, in a scheduled review.
• After training drills, tests, or exercises.
• After an emergency or disaster response.

24) When should security isolation of the incident scene start?

• Immediately after the emergency is discovered
• As soon as the disaster plan is implemented
• After all personnel have been evacuated
• When hazardous materials have been discovered at the site

25) Which choice below is NOT a recommended step to take when resuming normal operations after an emergency?

• Reoccupy the damaged building as soon as possible.
• Account for all damage-related costs.
• Protect undamaged property.
• Conduct an investigation.

26) Which choice below would NOT be a good reason to test the disaster recovery plan?

• Testing verifies the processing capability of the alternate backup site.
• Testing allows processing to continue at the database shadowing facility.
• Testing prepares and trains the personnel to execute their emergency duties.
• Testing identifies deficiencies in the recovery procedures.

27) Which statement below is NOT true about the post-disaster salvage team?

• The salvage team must return to the site as soon as possible regardless of the residual physical danger.
• The salvage team manages the cleaning of equipment after smoke damage.
• The salvage team identifies sources of expertise to employ in the recovery of equipment or supplies.
• The salvage team may be given the authority to declare when operations can resume at the disaster site.

28) Which statement below is the most accurate about the results of the disaster recovery plan test?

• If no deficiencies were found during the test, then the plan is probably perfect.
• The results of the test should be kept secret.
• If no deficiencies were found during the test, then the test was probably flawed.
• The plan should not be changed no matter what the results of the test.

29) Which statement is true regarding the disbursement of funds during and after a disruptive event?

• Because access to funds is rarely an issue during a disaster, no special arrangements need to be made.
• No one but the finance department should ever disburse funds during or after a disruptive event.
• In the event senior-level or financial management is unable to disburse funds normally, the company will need to file for bankruptcy.
• Authorized, signed checks should be stored securely off-site for access by lower-level managers in the event senior-level or financial management is unable to disburse funds normally.

30) Which statement is true regarding company/employee relations during and after a disaster?

• The organization has a responsibility to continue salaries or other funding to the employees and/or families affected by the disaster.
• The organization’s responsibility to the employee’s families ends when the disaster stops the business from functioning.
• Employees should seek any means of obtaining compensation after a disaster, including fraudulent ones.
• Senior-level executives are the only employees who should receive continuing salaries during the disruptive event.

31) Which choice below is the correct definition of a Mutual Aid Agreement?

• A management-level analysis that identifies the impact of losing an entity’s resources
• An Appraisal or determination of the effects of a disaster on human, physical, economic, and natural resources
• A prearranged agreement to render assistance to the parties of the agreement
• Activities taken to eliminate or reduce the degree of risk to life and property

32) Which choice below most accurately describes a business continuity program?

• Ongoing process to ensure that the necessary steps are taken to identify the impact of potential losses and maintain viable recovery
• A program that implements the mission, vision, and strategic goals of the organization
• A determination of the effects of a disaster on human, physical, economic, and natural resources
• A standard that allows for rapid recovery during system interruption and data loss

33) Which of the following would best describe a cold backup site?

• A computer facility with electrical power and HVAC, all needed applications installed and configured on the file/print servers, and enough work-stations present to begin processing.
• A computer facility with electrical power and HVAC but with no workstations or servers on-site prior to the event and no applications installed.
• A computer facility with no electrical power or HVAC.
• A computer facility available with electrical power and HVAC and some file/print servers, although the applications are not installed or configured and all of the needed workstations may not be on site or ready to begin processing.

You may also like:

• 80 Most Important Network Fundamentals Questions With Answers
• 100 Most Important SOC Analyst Interview Questions
• Top 40 Cyber Security Questions and Answers
• Top 10 React JS Interview Theory Questions and Answers
• CISSP – Practice Test Questions – 2024 – Set 20 (53 Questions)
• Part 2: Exploring Deeper into CCNA – Wireless (145 Practice Test Questions)
• Part 1: Mastering CCNA – Wireless (145 Practice Test Questions)
• [1z0-1085-20] Oracle Cloud Infrastructure Foundations 2020 Associate MCQ Questions – Part 3
• [1z0-1085-20] Oracle Cloud Infrastructure Foundations 2020 Associate MCQ Questions – Part 2
• [1z0-1085-20] Oracle Cloud Infrastructure Foundations 2020 Associate MCQ Questions – Part 1