(ISC)2 CISSP EXAM BUNDLE

Transcription

1 (ISC)2 CISSP EXAM BUNDLE Number: CISSP Passing Score: 800 Time Limit: 120 min File Version: (ISC)2 CISSP EXAM BUNDLE Exam Name: (ISC)2 Certified Information Systems Security Professional

2 Exam A QUESTION 1 Business continuity planning needs to provide several types of functionalities and protection types for an organization. Which of the following is not one of these items? i. Provide an immediate and appropriate response to emergency situations ii. Protect lives and ensure safety iii. Reduce business conflicts iv. Resume critical business functions v. Work with outside vendors during the recovery period vi. Reduce confusion during a crisis vii. Ensure survivability of the business viii. Get "up and running" quickly after a disaster A. ii, iii B. iii, iv, vi C. i, ii, vii D. iii /Reference: Preplanned procedures allow an organization to: i. Provide an immediate and appropriate response to emergency situations ii. Protect lives and ensure safety iii. Reduce business impact iv. Resume critical business functions v. Work with outside vendors during the recovery period vi. Reduce confusion during a crisis vii. Ensure survivability of the business viii. Get "up and running" quickly after a disaster QUESTION 2 What procedures should take place to restore a system and its data files after system failure? A. Restore from storage media backup B. Perform a parallel test C. Implement recovery procedures D. Perform a walk-through test Correct Answer: C /Reference: In this and similar situations, recovery procedures should be followed, which most likely includes recovering data from the backup media. Recovery procedures could include proper steps of rebuilding a system from the beginning, applying the necessary patches and configurations, and whatever needs to take place to ensure productivity is not affected. Some type of redundant system may need to be put into place. QUESTION 3

3 What is the first step in developing a disaster recovery plan? A. Identify all critical systems and functions of the company B. Decide if the company needs to perform a walk-through, parallel, or simulation test C. Perform a business impact analysis D. Interview a representative from each department Correct Answer: C /Reference: A business impact analysis includes identifying critical systems and functions of a company and interviewing representatives from each department. Once management s support is solidified, a business impact analysis needs to be performed to identify the threats the company faces and the potential costs of these threats. QUESTION 4 During a recovery procedure, one important step is to maintain records of important events that happen during the procedure. What other step is just as important? A. Schedule another test to address issues that took place during that procedure B. Make sure someone is prepared to talk to the media with the appropriate responses C. Report the events to management and the appropriate agencies D. Identify essential business functions Correct Answer: C /Reference: When recovery procedures are carried out, the outcome of those procedures should be reported to the individuals who are responsible for this type of activity. This is usually some level of management. If the procedures worked properly, they should know this, and if problems were encountered, they should definitely be made aware of this. They are the ones responsible for fixing the recovery system and will be the ones to delegate this work and provide the necessary funding and resources. QUESTION 5 Which of the following is the NIST document that was created for disaster recovery? A B C D /Reference:

4 NIST's Special Publication is the Continuity Planning Guide for Information Technology Systems ( QUESTION 6 The purpose of initiating emergency actions right after a disaster takes place is to prevent loss of life, attend to injuries, and. A. Secure the area to ensure that no looting or fraud takes place B. Mitigate further damage C. Protect evidence and clues D. Investigate the extent of the damages /Reference: The main goal of disaster recovery and business continuity plans is to mitigate all risks that could be experienced by a company. Emergency procedures need to be carried out first to protect human life. Then other procedures need to be executed to reduce the damage from further threats. QUESTION 7 Which is the best description of remote journaling? A. Backing up bulk data to an off-site facility B. Backing up transaction logs to an off-site facility C. Capturing and saving transactions to two mirror servers in-house D. Capturing and saving transactions to different media types /Reference: Remote journaling is a technology used to transmit data to an off-site facility, but this usually only includes moving the journal or transaction logs to the off-site facility, not the actual files. QUESTION 8 Which of the following is something that should be required of an off-site backup facility that stores backed-up media for companies? A. The facility should be within 10 to 15 minutes of the original facility to ensure easy access. B. The facility should contain all necessary PCs, servers, and raised flooring. C. The facility should be protected by an armed guard.

5 D. The facility should protect against unauthorized access and entry. /Reference: This question is addressing a facility that is used to store backed-up data; it is not talking about an off-site facility used for disaster recovery purposes. The facility should not be 10 to 15 minutes away because if there was some type of disaster, the company s main facility and this facility could both be destroyed and the company would lose all of their information. The facility should have the same security standards as the company s security, including protecting against unauthorized access. QUESTION 9 Which item will a business impact analysis not identify? A. If the company is best suited for a parallel or full-interrupt test B. What areas would suffer the greatest operational and financial loss in the event of a particular disaster or disruption C. What systems are critical for the company and must be highly protected D. What amount of outage time a company can endure before it is permanently crippled /Reference: All of the other answers address the main components of a business impact analysis. Determining the best type of exercise or drill to carry out is not covered under this type of analysis. QUESTION 10 Which areas of a company are business plans recommended for? A. The most important operational and financial areas B. The areas that house the critical systems C. All areas D. The areas that the company cannot survive without Correct Answer: C /Reference: It is best if every department within the company has its own recovery plan and continuity plan and procedures in place. These individual plans would "roll up" into the overall enterprise plan. QUESTION 11 Who has the final approval of the disaster recovery and business continuity plan? A. The planning committee

6 B. Each representative of each department C. Management D. External authority Correct Answer: C /Reference: Management has the final approval over everything within a company, including these plans. QUESTION 12 Which are the proper steps of developing a disaster recovery and continuity plan? A. Project initiation, strategy development, business impact analysis, plan development, implementation, testing, and maintenance B. Strategy development, project initiation, business impact analysis, plan development, implementation, testing, and maintenance C. Implementation and testing, project initiation, strategy development, business impact analysis, and plan development D. Plan development, project initiation, strategy development, business impact analysis, implementation, testing, and maintenance /Reference: These steps outline the processes that should take place from beginning to end pertaining to these types of plans. QUESTION 13 What is the most crucial piece of developing a disaster recovery plan? A. Business impact analysis B. Implementation, testing, and following through C. Participation from each and every department D. Management support /Reference: Management s support is the first thing to be obtained before putting any real effort into developing these plans. Without management s support the effort will not receive the necessary attention, resource, funds, or enforcement. QUESTION 14 During development, testing, and maintenance of the disaster recovery and continuity plan, a high degree of interaction and communication is crucial to the process. Why? A. This is a regulatory requirement of the process.

7 B. The more people talk about it and get involved, the more awareness will increase. C. This is not crucial to the plan and should not be interactive because it will most likely affect operations D. Management will more likely support it. /Reference: Communication not only provides awareness of these plans and their contents, but also allows more people to discuss the possible threats and solutions that the original team may not uncover. QUESTION 15 John has to create a team to carry out a business impact analysis and develop the company's business continuity plan. Which of the following should not be on this team? i. Business units ii. Senior management iii. IT department iv. Security department v. Communications department vi. Legal department A. v. B. None of them C. All of them D. i /Reference: The best plan is when all issues and threats are brought to the table and discussed. This cannot be done effectively with a few people who are familiar with only a couple of departments. Representatives from each department must be involved with not only the planning stages but also the testing and implementation stages. The committee should be made up of representatives from at least the following departments: - Business units - Senior management - IT department - Security department - Communications department - Legal department QUESTION 16 Which of the following describes a parallel test? A. It is performed to ensure that some systems will run at the alternate site. B. All departments receive a copy of the disaster recovery plan and walk-through. C. Representatives from each department come together and go through the test collectively.

8 D. Normal operations are shutdown. /Reference: In a parallel test, some systems are run at the alternate site and results are compared with how processing takes place at the primary site. This is to ensure the systems work in that area and productivity is not affected. This also extends the previous test and allows the team to walk through the steps of setting up and configuring systems at the off-site facility. QUESTION 17 Which of the following describes a structured walk-through test? A. It is performed to ensure that critical systems will run at the alternate site. B. All departments receive a copy of the disaster recovery plan and walk through it. C. Representatives from each department come together and go through the test collectively. D. Normal operations are shut down. Correct Answer: C /Reference: During a structured walk-through test, functional representatives meet and review the plan to ensure its accuracy and that it correctly and accurately reflects the company s recovery strategy. QUESTION 18 Using another company's facilities in the event of a disaster is called what? A. Rolling hot site B. Redundant site C. Merger D. Reciprocal agreement /Reference: Reciprocal agreements with other companies can be a cheap alternative to disaster recovery but are very difficult to enforce legally. A reciprocal agreement is not enforceable, meaning that the company that agreed to let the damaged company work out of its facility can decide not to allow this to take place. A reciprocal agreement is a better secondary backup option if the primary plan falls through. QUESTION 19 Which of the following best describes the continuity planning policy statement? A. Scope of the BCP project, the team member roles, and the financial goals of the project.

9 B. Scope of the BCP project, the team management member roles, and the goals of the project. C. Scope of the BCP project, the team member roles, and the goals of the project. D. Scope of the recovery project, the team member roles, and the goals of the project. Correct Answer: C /Reference: This statement lays out the scope of the BCP project, the team member roles, and the goals of the project. Basically, it is a document that outlines what needs to be accomplished after the team communicates with management and comes to agreement on the terms of the project. QUESTION 20 What should be done first when the original facility becomes operational again following a disaster? A. Inform the media and stockholders B. Inform all of the employees C. Move the most critical functions to the original facility D. Move the least critical functions to the original facility /Reference: To ensure that critical business functions and systems continue to operate during a move back to the original facility, the first step should be reinstating the least critical functions. QUESTION 21 Which is not true of a reciprocal agreement? A. It is a temporary solution. B. It is expensive. C. It is difficult to enforce. D. Most environments are not able to support multiple business operations at one time. /Reference: While a reciprocal agreement is difficult to implement and enforce, it does offer an extremely inexpensive alternative to disaster recovery. It is an agreement between two companies which usually have very similar technologies, to open their doors to the other in case of an emergency or disaster. QUESTION 22 A business impact analysis (BIA) is considered a in which a team collects data through interviews and documentary sources and documents business

10 functions, activities, and transactions. A. Risk assessment B. Functionality analysis C. Risk management methodology D. Business analysis /Reference: A business impact analysis (BIA) is considered a functional analysis, in which a team collects data through interviews and documentary sources; documents business functions, activities, and transactions; develops a hierarchy of business functions; and finally applies a classification scheme to indicate each individual function's criticality level. QUESTION 23 Talking to external organizations after a disaster is important for all of the following reasons except: A. To inform customers and shareholders of the company's status B. To redirect unfavorable attention to other entities C. To ensure that the media is reporting the facts accurately D. To help stop rumors from developing /Reference: Informing the public and affected groups is a critical part of disaster recovery so that the company's reputation and overall business status are not damaged. The information that will be reported should be prepared beforehand, along with deciding who will be responsible for communicating the message to the public and press. QUESTION 24 Which is not a task for senior management in disaster recovery? A. Approve of final plans B. Oversee budget C. Drive all phases of plan D. Implement the plans themselves /Reference: Senior management should support all functions of disaster recovery and business continuity, and they should oversee the progress of developing, implementing, and testing the plans. They should also ensure that the proper resources and budget are available. But they are not usually the ones who actually implement the plans.

11 QUESTION 25 Which of the following issues is least important when quantifying risks associated with a potential disaster? A. Gathering information from agencies that report the probability of certain natural disasters taking place in that area B. Identifying the company s key functions and business requirements C. Identifying critical systems that support the company s operations D. Estimating the potential loss and impact the company would face based on how long the outage lasts /Reference: Information gathered from agencies that report the probability of certain natural disasters taking place in that area would be the least important out of this list. QUESTION 26 Which of the following statements is true of a full-scale BCP? A. It is a long-term project. B. It is a short-term project. C. It is a single entity venture. D. BCP guarantees no service interruption. /Reference: A BCP plan is a long-term project and must have support from upper management. It could take a year or more for a small to medium-size business before the plan is implemented and fully tested. QUESTION 27 A hot site offers recovery with costs. A. Instant, high B. Moderate, high C. Instant, low D. Moderate, low /Reference: A hot site has all of the equipment in place and can allow fast recovery. However it is also the most expensive solution. QUESTION 28 Mutual aid agreements between two companies are also called agreements.

12 A. Reciprocal B. Rolling C. Proximate causation D. Downstream liability /Reference: A mutual aid agreement between two companies is called a reciprocal agreement. QUESTION 29 Sam is a manager that is responsible for overseeing the development and the approval of the business continuity plan. He needs to make sure that his team is creating a correct and all inclusive loss criteria when it comes to potential business impacts. Which of the following should not be included in this criteria? i. Loss in reputation and public confidence ii. Loss of competitive advantages iii. Decrease in operational expenses iv. Violations of contract agreements v. Violations of legal and regulatory requirements vi. Delayed income costs vii. Loss in revenue viii. Loss in productivity A. i, ii B. v, vi C. v D. iii /Reference: Loss criteria must be applied to the individual threats that were identified. The criteria should include at least the following: - Loss in reputation and public confidence - Loss of competitive advantages - Increase in operational expenses - Violations of contract agreements - Violations of legal and regulatory requirements - Delayed income costs - Loss in revenue - Loss in productivity QUESTION 30 Part of operational recovery is designing backup facility configurations to work in an acceptable manner so that business can continue. Which of the following is a setup that allows services to be distributed over two or more in-house centers? A. Hot site B. Multi-processing center C. Mobile site

13 D. Reciprocal agreements /Reference: A multi-processing center allows a company to have backup over multiple facilities where services have been distributed. QUESTION 31 Recovery strategies are pre-established and management- steps that should be put into action in the event of a disaster. A. Approved B. Directed C. Requested D. Documented /Reference: Recovery strategies are planned ahead of time before they are needed. These strategies are approved by management and are tested. QUESTION 32 Amy has been appointed to the BCP team and is in charge of information gathering for the business impact analysis. Amy could use any of the following tools to gather information, except: A. Surveys B. Questionnaires C. Workshops D. Quantitative formulas /Reference: Amy is only at the information gathering step at this stage. She would not be doing her quantitative or qualitative risk assessment yet. QUESTION 33 Which of the following provides the correct characteristic for the specific data backup type? A. Differential process backs up the files that have been modified since the last backup B. Differential process backs up the files that have been modified since the last full backup C. Incremental process sets the archive bit to 1 D. Differential process sets the archive bit to 1

14 /Reference: A differential process backs up the files that have been modified since the last full backup. When the data need to be restored, the full backup is laid down first, and then the most recent differential backup is put down on top of it. The differential process does not change the archive bit value. An incremental process backs up all the files that have changed since the last full or incremental backup and sets the archive bit to 0. QUESTION 34 Which of the following statements is true regarding a BCP project plan? A. Management must have a representative on the BCP team. B. Management must approve the plan in writing. C. To ensure diversity, the people who should write the plan, should not be those who carry it out. D. The plan should be tested before presenting it to management. /Reference: If the plan is not approved in writing by upper management, it will be hard to enforce it. The plan must be approved and signed by senior management. QUESTION 35 Business continuity plans address all of the following except: A. Critical servers used on the company's LAN B. The most critical devices housed in the main data center C. Individual workstations that are used by operations personnel D. The protection of cold sites at a remote location /Reference: A BCP does not address the protection of cold sites at remote location. QUESTION 36 Organizations should not view disaster recovery as: A. A committed expense B. A discretionary expense C. An enforcement of legal statues D. Compliance with regulations

15 /Reference: Businesses need to treat disaster recovery planning as a committed expense, much like insurance is a requirement. In many sectors, disaster recovery is a legal requirement.

16 Exam B QUESTION 1 Which of the following best describes a continuity of operations plan? A. Establishes senior management and a headquarters after a disaster. Outlines roles and authorities, orders of succession, and individual role tasks. B. Plan for systems, networks, and major applications recovery procedures after disruptions. A contingency plan should be developed for each major system and application. C. Includes internal and external communications structure and roles. Identifies specific individuals who will communicate with external entities. Contains predeveloped statements that are to be released. D. Focuses on malware, hackers, intrusions, attacks, and other security issues. Outlines procedures for incident response. /Reference: The continuity of operations plan establishes senior management and a headquarters after a disaster. It outlines roles and authorities, orders of succession, and individual role tasks. QUESTION 2 Which of the following best describes a parallel test? A. A scenario is established and individuals are gathered to go through each step of the plan. B. Copies of the plan are handed out to representatives from each functional area. C. Some systems are moved to the alternate site and installed to test processing procedures and compatibility. D. Management gathers and goes through a structured walk-through test. Correct Answer: C /Reference: When a parallel test is performed, the critical systems are taken to the site where they would need to perform in an actual disaster. QUESTION 3 Which of the following is not a purpose to develop and implement a disaster recovery plan? A. Provides procedures for emergency responses B. Extends backup operations to include more than just backing up data C. Provides steps for a post-disaster recovery D. Outlines business functions and systems

17 /Reference: The disaster recovery plan does not outline business functions and systems. Those are handled in the business impact analysis. QUESTION 4 Which of the following best describes electronic vaulting? A. Backing up bulk data to an off-site facility B. Backing up the transaction logs to an off-site facility C. Backing up all data to an on-site mirroring facility D. Backing up data to two disks with one controller /Reference: Electronic vaulting is a mechanism to protect data by immediately copying it to an off-site facility once it has been altered. QUESTION 5 A reciprocal agreement is best described how? A. A site that has some computers and environmental controls B. A site that has fully redundant systems, software, and configurations C. A site that is in use by another company already D. An agreement that is enforceable Correct Answer: C /Reference: A reciprocal agreement is when one company promises another company that it can move in if a disaster hits. This agreement is not enforceable. QUESTION 6 A business impact analysis (BIA) does not typically include: A. Identifying the type and quantity of resources required for the recovery B. Identifying critical business processes and the dependencies between them C. Identifying organizational risks D. Developing a mission statement

18 /Reference: The development of a mission statement is normally performed before the BIA. QUESTION 7 An off-site information processing facility: A. Should have the same degree of physical access restrictions as the primary processing site B. Should be located close to the originating site so that it can quickly be made operational C. Should be easily identified from the outside for easy emergency access D. Need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive /Reference: An off-site information processing facility should have the same amount of physical control as the originating site. QUESTION 8 Failure of a contingency plan is usually due to: A. Technical issues B. Management issues C. Lack of awareness D. Lack of training /Reference: Failure of a contingency plan is usually due to management failing to exhibit ongoing interest and concern about the BCP/DRP effort, and to provide financial and other resources as needed. QUESTION 9 Out of the following steps in the development of a disaster recovery plan, which is the second step? A. Develop an information system contingency plan B. Create contingency strategies C. Conduct the business impact analysis (BIA) D. Ensure plan testing, training, and exercises Correct Answer: C /Reference: The seven progressive steps are designed to be integrated into each stage of the system development life cycle.

19 . Develop the contingency planning policy statement. A formal policy provides the authority and guidance necessary to develop an effective contingency plan.. Conduct the business impact analysis (BIA). The BIA helps identify and prioritize information systems and components critical to supporting the organization's mission/business functions. A template for developing the BIA is provided to assist the user.. Identify preventive controls. Measures taken to reduce the effects of system disruptions can increase system availability and reduce contingency life cycle costs.. Create contingency strategies. Thorough recovery strategies ensure that the system may be recovered quickly and effectively following a disruption.. Develop an information system contingency plan. The contingency plan should contain detailed guidance and procedures for restoring a damaged system unique to the system's security impact level and recovery requirements.. Ensure plan testing, training, and exercises. Testing validates recovery capabilities, whereas training prepares recovery personnel for plan activation and exercising the plan identifies planning gaps; combined, the activities improve plan effectiveness and overall organization preparedness.. Ensure plan maintenance. The plan should be a living document that is updated regularly. QUESTION 10 Which of the following statements is false? A. A disaster recovery team s primary task is to restore critical business functions at the alternate backup processing site. B. A disaster salvage team s task is to ensure that the primary site returns to normal processing conditions. C. The disaster recovery plan should include how the company will return from the alternate site to the primary site. D. When returning to the primary site, the most critical applications should be brought back first. /Reference: When the primary site is ready to receive operations again, less critical systems should be brought back first to ensure that everything is running smoothly before returning critical systems, which are already operating normally at the recovery site. QUESTION 11 The Widgetworld Corporation has a business continuity plan that provides for an alternate processing site that will accommodate 50 percent of the primary processing facility s processing capability. Having ascertained this, what is Widgetworld s best next step? A. Do nothing. Less than 25 percent of all processing is critical to an organization s survival and the backup capacity is therefore adequate. B. Identify the applications that can be processed at the alternate site and develop manual procedures to back up the rest of the processing. C. Ensure that all critical applications have been identified and that the alternate site can handle all such applications. D. Arrange for an alternate processing site with the capacity to handle at least 75 percent of normal processing.

20 /Reference: Business continuity plans should only provide for the recovery of critical systems. Some processing that cannot take place through automation may need to take place manually. QUESTION 12 Which of the following is not a drawback of using hot sites? A. Hot sites need security controls, as they usually contain mirrored copies of live production data. B. It s expensive to have full redundancy in hardware, software, communication lines, and applications. C. Hot sites are available immediately or within maximum tolerable downtime (MTD). D. Transaction redundancy controls need to be implemented to keep data up to date. Correct Answer: C /Reference: The immediate availability of a hot site is a definite advantage, not a drawback. QUESTION 13 A business continuity plan is an example of a control. A. Corrective B. Detective C. Preventive D. Collective /Reference: Business continuity plans are designed to minimize the damage inflicted by an event and to facilitate restoration of the organization to its full operational capacity. QUESTION 14 Business continuity plans are required for: A. All areas of the enterprise B. Financial resources and information processing C. Operating areas of the enterprise D. Marketing, finance, and information processing /Reference:

21 Business continuity plans are required for all parts of an enterprise. QUESTION 15 In disaster recovery planning, what is the recovery point objective? A. The point to which application data must be recovered to resume business operations B. The maximum elapsed time required to complete recovery of application data C. The point to which application data must be recovered to resume system operations D. The point to which information system must be operational at an alternate site Correct Answer: C /Reference: The Recovery Point Objective (RPO) is the point in time to which you must recover data as defined by your organization. This is generally a definition of what an organization determines is an "acceptable loss" in a disaster situation. If the RPO of a company is 2 hours and the time it takes to get the data back into production is 5 hours, the RPO is still 2 hours. Based on this RPO the data must be restored to within 2 hours of the disaster. QUESTION 16 The most devastating business interruptions are the result of loss of: A. Hardware/software B. Data C. Communication links D. Applications /Reference: Loss of data can cause the most damage to an enterprise in the short and long run. QUESTION 17 Miranda is assessing her organization s contingency planning controls. Which of the following questions does she not need to ask? A. Is damaged media stored and/or destroyed? B. Are the backup storage site and alternate site geographically removed from the primary site? C. Is there an up-to-date copy of the plan stored securely offsite? D. Where are stored backups located? /Reference: Handling of damaged media is an operational task related to regular

22 production and is not specific to contingency planning. QUESTION 18 Tim is responsible for contingency planning at his company. Which of the following will allow Tim to focus risk management efforts on identified risks? A. A risk assessment B. Residual risks C. Security controls D. Business units /Reference: The risk assessment is critical because it enables the person responsible for contingency planning to focus risk management efforts and resources in a prioritized manner only on the identified risks. QUESTION 19 Which of the following statements is false? A. A criticality survey is implemented to gather input from all personnel who are part of the recovery teams. B. The purpose of a criticality survey must be clearly stated. C. Management s approval should be obtained before distributing a criticality survey. D. A criticality survey finds out what services and systems are critical to keeping the organization in business. /Reference: Not all personnel who are going to be part of recovery teams are necessarily able to help in identifying critical functions of the organization. QUESTION 20 Which of the following statements is incorrect? A. To facilitate recovery, a single business continuity plan should cover all locations. B. A committee should decide a course of action ahead of time and incorporate those decisions into the recovery plan. C. A business continuity plan should refer to functions, not specific individuals. D. Critical vendors should be contacted ahead of time to ensure that equipment can be obtained in a timely manner in case of disaster. /Reference: Each location should have its own business continuity plan/disaster

23 recovery plan. QUESTION 21 Which of the following best describes the difference between an Information Systems Contingency Plan and Disaster Recovery Plan? A. Information Systems Contingency Plan procedures are developed for recovery of the system regardless of site or location B. Disaster Recovery Plan procedures are developed for recovery of the system regardless of site or location C. Disaster Recovery Plan can be activated at the system's current location or at an alternate site D. Information Systems Contingency Plan is primarily a site-specific plan /Reference: The ISCP differs from a DRP primarily in that the information system contingency plan procedures are developed for recovery of the system regardless of site or location. An ISCP can be activated at the system's current location or at an alternate site. In contrast, a DRP is primarily a site-specific plan developed with procedures to move operations of one or more information systems from a damaged or uninhabitable location to a temporary alternate location. QUESTION 22 Which of the following increases system reliability? A. A lower MTBF and a lower MTTR B. A higher MTBF and a lower MTTR C. A lower MTBF and a higher MTTR D. A higher MTBF and a higher MTTR /Reference: Mean-time-between-failures (MTBF) is the average length of time the hardware is functional without failure. Mean-time-to-repair (MTTR) is the amount of time it takes to repair and resume normal operation after a failure has occurred. Having a higher MTBF and a lower MTTR will increase equipment s reliability, thus increasing the system s overall reliability. QUESTION 23 Which of the following assesses the potential loss from disaster? A. A business assessment (BA) B. A business impact analysis (BIA) C. A risk assessment (RA) D. A business continuity plan (BCP)

24 /Reference: The BIA assesses potential loss that could be caused by a disaster. QUESTION 24 Most threats to a company stem from: A. Disgruntled employees B. Fire, water, and electrical hazards C. Errors and omissions D. Outsider threats Correct Answer: C /Reference: Most threats come from errors and omissions. QUESTION 25 Todd needs to make sure that there is a plan that deals with the first-response procedures for his employees. What does he need to make sure is in place? A. Personnel Emergency Plan B. Employee Emergency Plan C. Disaster Emergency Plan D. Occupant Emergency Plan /Reference: The OEP outlines first-response procedures for occupants of a facility in the event of a threat or incident to the health and safety of personnel, the environment, or property. Such events include a fire, bomb threat, chemical release, domestic violence in the workplace, or a medical emergency. QUESTION 26 Disaster recovery drills and tests should be performed at least: A. Once a quarter B. Once a year C. Twice a year D. Every two years /Reference: Tests and disaster recovery drills should be performed at least once a year. The company should have no confidence in an untested plan. Since systems and processes can change, frequent testing will aid in ensuring a plan will succeed. QUESTION 27

25 Which of the following is not part of a cold-site setup? A. Computer equipment B. Electrical wiring C. Raised flooring D. Air conditioning /Reference: A cold site is ready to be used but does not have any of the needed equipment in advance on site. QUESTION 28 When reviewing a reciprocal disaster recovery agreement between two companies, which of the following should be the main concern? A. The soundness of the business impact analysis B. Hardware and software compatibility C. Frequency of system testing D. Differences in business missions /Reference: For a reciprocal agreement to be effective, hardware and software at the two sites must be compatible. QUESTION 29 A disaster recovery plan for a company s computer system is usually focused on: A. Alternate procedures to process transactions B. The probability that a disaster will occur C. Strategic long-range planning D. Availability of compatible equipment at a hot site /Reference: It is important that alternate processes can be put in place while the system is not available. QUESTION 30 represents the total amount of time the system owner/authorizing official is willing to accept for a mission/business process outage or disruption and includes all impact considerations. A. Maximum Tolerable Downtime B. Recovery Time Objective

26 C. Recovery Point Objective D. Recovery Tolerable Downtime /Reference: The Maximum Tolerable Downtime (MTD) represents the total amount of time the system owner/authorizing official is willing to accept for a mission/business process outage or disruption and includes all impact considerations. QUESTION 31 The is responsible for getting the alternate site into a working and functioning environment, and the is responsible for starting the recovery of the original site. A. Restoration team, salvage team B. Salvage team, restoration team C. Recovery team, restoration team D. Recovery team, salvage team /Reference: The restoration team should be responsible for getting the alternate site into a working and functioning environment, and the salvage team should be responsible for starting the recovery of the original site. QUESTION 32 Which is not one of the primary goals of BIA? A. Criticality prioritization B. Downtime estimation C. Determining requirements for critical business functions D. Deciding on various tests to be performed to validate the business continuity plan /Reference: The BIA analyzes threats and informs the development of the business continuity plan, but does not describe the BCP testing procedures. QUESTION 33 Of all business process interruptions, most devastating are ones resulting from: A. Loss of hardware/software B. Loss of data C. Loss of communication links D. Loss of applications

27 /Reference: Data loss needs to be addressed as a top priority. QUESTION 34 Critical support areas are defined as: A. Business units or functions that must be present to sustain continuity of business, maintain life safety, and avoid public embarrassment B. Business units or functions that may be replaced by others in a disaster situation C. Human resource and information technologies D. Business units or functions that require support against manmade disasters /Reference: Critical support areas are those business units or functions that must be present to sustain continuity of business, maintain life safety, and avoid public embarrassment. QUESTION 35 What is maximum tolerable downtime (MTD)? A. Maximum elapsed time required to complete recovery of application data B. Minimum elapsed time required to complete recovery of application data C. The number of minutes allowed within the SLA D. Maximum delay businesses can tolerate and still remain viable /Reference: The BIA requires obtaining a firm and formal agreement from the management group as to precise maximum tolerable downtimes (MTDs). The formalized MTDs must be communicated to each business unit so that realistic recovery alternatives can be acquired and recovery measures developed. QUESTION 36 A test that requires all regular operations to cease is: A. A parallel test B. A simulation test C. A walk-through test D. A full-interruption test

28 /Reference: Full-interruption testing also involves running the production processes in the alternate site and verifying full functionality.

29 Exam C QUESTION 1 defines the maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources, supported mission/business functions. A. Maximum Tolerable Downtime B. Recovery Time Objective C. Recovery Point Objective D. Recovery Tolerable Downtime /Reference: The Recovery Time Objective (RTO) defines the maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources, supported mission/business functions, and the MTD. Determining the information system resource RTO is important for selecting appropriate technologies that are best suited for meeting the MTD. QUESTION 2 represents the point in time, prior to a disruption or system outage, to which mission/business process data can be recovered. A. Maximum Tolerable Downtime B. Recovery Time Objective C. Recovery Point Objective D. Recovery Tolerable Downtime Correct Answer: C /Reference: Recovery Point Objective (RPO) represents the point in time, prior to a disruption or system outage, to which mission/business process data can be recovered (given the most recent backup copy of the data) after an outage. QUESTION 3 Which of the following is a true statement? A. Because the RPO must ensure that the MTD is not exceeded, the RTO must normally be shorter than the MTD. B. Because the RTO must ensure that the MTD is not exceeded, the RTO must normally be shorter than the MTD. C. Because the MTD must ensure that the RPO is not exceeded, the RTO must normally be shorter than the MTD. D. Because the ROO must ensure that the MTD is not exceeded, the RTO must normally be shorter than the MTD.

30 /Reference: Because the RTO must ensure that the MTD is not exceeded, the RTO must normally be shorter than the MTD. For example, a system outage may prevent a particular process from being completed, and because it takes time to reprocess the data, that additional processing time must be added to the RTO to stay within the time limit established by the MTD. QUESTION 4 Which of the following statements is not true? A. The longer a disruption is allowed to continue, the more costly it can become to the organization and its operations. B. The shorter the RTO, the more expensive the recovery solutions cost to implement. C. The less amount of time a disruption is allowed to continue, the more costly it can become to the organization and its operations. D. Calculating the cost balance points will show an optimal point between disruption and recovery costs. Correct Answer: C /Reference: The longer a disruption is allowed to continue, the more costly it can become to the organization and its operations. The shorter the RTO, the more expensive the recovery solutions cost to implement. Calculating the cost balance points will show an optimal point between disruption and recovery costs. QUESTION 5 When selecting an offsite storage facility and vendor, which of the following criteria should be considered? i. Geographic area ii. Accessibility iii. Security iv. Environment v. Cost A. i, ii, iii, iv, v B. i, ii, iii C. i, iii, v D. ii, iii, iv /Reference: When selecting an offsite storage facility and vendor, the following criteria should be considered: - Geographic area: distance from the organization and the probability of the storage site being affected by the same disaster as the organization's primary site; - Accessibility: length of time necessary to retrieve the data from storage and the storage facility's operating hours; - Security: security capabilities of the shipping method, storage facility, and personnel; all must meet the data's security requirements;

31 - Environment: structural and environmental conditions of the storage facility (i.e., temperature, humidity, fire prevention, and power management controls); and - Cost: cost of shipping, operational fees, and disaster response/recovery services. QUESTION 6 There are three types of alternate sites available for organizations to use. Which of the following does not describe one of these types? A. Dedicated site owned or operated by the organization B. Memorandum of agreement with an internal or external entity C. Commercially leased facility D. Hot site /Reference: In general, three types of alternate sites are available: - Dedicated site owned or operated by the organization; - Reciprocal agreement or memorandum of agreement with an internal or external entity; and - Commercially leased facility. Regardless of the type of alternate site chosen, the facility must be able to support system operations as defined in the contingency plan. The three alternate site types commonly categorized in terms of their operational readiness are cold sites, warm sites, or hot sites. QUESTION 7 Two or more organizations with similar or identical system configurations and backup technologies may enter into a formal agreement to serve as alternate sites for each other or enter into a joint contract for an alternate site. Which of the following best describes this setup? A. Memorandum of coordination B. Reciprocal memorandum C. Memorandum of understanding D. Reciprocal site Correct Answer: C /Reference: Two or more organizations with similar or identical system configurations and backup technologies may enter into a formal agreement to serve as alternate sites for each other or enter into a joint contract for an alternate site. This type of site is set up via a reciprocal agreement or memorandum of understanding (MOU). QUESTION 8 Randy is a manager and responsible for business continuity training. He has been told that the company needs the following type of training - A facilitator presents a scenario and asks the exercise participants questions related to the scenario, which initiates a discussion among the participants of roles, responsibilities, coordination, and decision making. What type of training does Randy need to put into place?

32 A. Structured B. Tabletop C. Functional D. Interruption /Reference: Tabletop exercises are discussion-based exercises where personnel meet in a classroom setting or in breakout groups to discuss their roles during an emergency and their responses to a particular emergency situation. A facilitator presents a scenario and asks the exercise participants questions related to the scenario, which initiates a discussion among the participants of roles, responsibilities, coordination, and decision making. A tabletop exercise is discussion-based only and does not involve deploying equipment or other resources. QUESTION 9 Which of the following is not a component of a business continuity functional analysis? A. Collect data B. Document functions C. Develop hierarchy of functions D. Develop data classification /Reference: Functional analysis is when a team: - Collects data through interviews and documentary sources - Documents business functions, activities, and transactions - Develops a hierarchy of business functions - Applies a classification scheme to indicate each individual business unit function's criticality level QUESTION 10 Which of the following provides a correct characteristic of electronic vaulting? A. Moves the journal or transaction log to a remote location, not the actual files B. Transfers change in bulk in batch processes C. Parallel processing of transactions to an alternate site D. Backup takes place in real time (synchronous) /Reference: The following outlines the characteristics of electronic vaulting - Modified file is sent to remote system - Transfers change in bulk in batch processes

33 - Backup is not in real time (asynchronous) QUESTION 11 Which of the following provides not a correct characteristic of remote journaling? A. Moves the journal or transaction log to a remote location, not the actual files B. Parallel processing of transactions to an alternate site C. Backup takes place in real time (synchronous) D. Backup is not in real time (asynchronous) /Reference: The following are characteristics of remote journaling; - Moves the journal or transaction log to a remote location, not the actual files - Parallel processing of transactions to an alternate site - Backup takes place in real time (synchronous) QUESTION 12 Two or more organizations with similar or identical system configurations and backup technologies may enter into a formal agreement to serve as alternate sites for each other or enter into a joint contract for an alternate site. Which of the following best describes this setup? A. Memorandum of coordination B. Reciprocal memorandum C. Memorandum of understanding D. Reciprocal site Correct Answer: C /Reference: Two or more organizations with similar or identical system configurations and backup technologies may enter into a formal agreement to serve as alternate sites for each other or enter into a joint contract for an alternate site. This type of site is set up via a reciprocal agreement or memorandum of understanding (MOU). QUESTION 13 Paul needs to outline different exercise types for the various systems in the environment. Which of the following does not providing the correct mapping types that Paul needs to implement? A. Low-impact systems, a tabletop exercise B. Moderate-impact systems, a functional exercise C. High-impact systems, a full-scale functional exercise D. Medium-impact, structured walk through