BCPDRP1.docx
《BCPDRP1.docx》由会员分享,可在线阅读,更多相关《BCPDRP1.docx(113页珍藏版)》请在冰豆网上搜索。
BCPDRP1
BCP&DRP
Yourquizresults:
Hidedetailsinallquestions.
Hidecorrectquestions.
TopofForm
1.Question:
1516|Difficulty:
3/5|Relevancy:
3/3
Whichofthefollowingstatementspertainingtodisasterrecoveryisincorrect?
o
Arecoveryteam'sprimarytaskistogetthepre-definedcriticalbusinessfunctionsatthealternatebackupprocessingsite.
o
Asalvageteam'staskistoensurethattheprimarysitereturnstonormalprocessingconditions.
o
Thedisasterrecoveryplanshouldincludehowthecompanywillreturnfromthealternatesitetotheprimarysite.
o
Whenreturningtotheprimarysite,themostcriticalapplicationsshouldbebroughtbackfirst.
D.It'sinterestingtonotethatthestepstoresumenormalprocessingoperationswillbedifferentthanthestepsintherecoveryplan;thatis,theleastcriticalworkshouldbebroughtbackfirsttotheprimarysite.
Myexplanation:
atthepointwheretheprimarysiteisreadytoreceiveoperationsagain,lesscriticalsystemsshouldbebroughtbackfirstbecauseonehastomakesurethateverythingwillberunningsmoothlyattheprimarysitebeforereturningcriticalsystems,whicharealreadyoperatingnormallyattherecoverysite.Thiswilllimitthepossibleinterruptionofprocessingtoaminimumformostcriticalsystems,thusmakingitthebestoption.
Source:
KRUTZ,RonaldL.&VINES,RusselD.,TheCISSPPrepGuide:
MasteringtheTenDomainsofComputerSecurity,JohnWiley&Sons,2001,Chapter8:
BusinessContinuityPlanningandDisasterRecoveryPlanning(page291).
Contributor:
ChristianVezina
Studyarea:
CISSPCBKdomain#8-BCPandDRP
Coveredtopic:
Relocationtoprimarysite
Thisquestion©Copyright2003–2006ChristianVezina,cccure.org.
2.Question:
701|Difficulty:
3/5|Relevancy:
3/3
WhichofthefollowingalternativebusinessrecoverystrategieswouldbeLEASTappropriateinalargedatabaseandon-linecommunicationsnetworkenvironmentwherethecriticalbusinesscontinuityperiodis7days?
o
Hotsite
o
Warmsite
o
RedundantorAlternateSite
o
Reciprocalagreement
D.Sinceitcannotbeenforced,areciprocalagreementistheleastreliablesolutionforbusinessrecovery.
Source:
InformationSystemsAuditandControlAssociation,CertifiedInformationSystemsAuditor2002reviewmanual,chapter5:
DisasterRecoveryandBusinessContinuity(page262).
Contributor:
ChristianVezina
Studyarea:
CISSPCBKdomain#8-BCPandDRP
Coveredtopics
(2):
Alternatesites,BusinessImpactAssessment(BIA)
Thisquestion©Copyright2003–2006ChristianVezina,cccure.org.
3.Question:
1512|Difficulty:
5/5|Relevancy:
3/3
Whichofthefollowingstatementspertainingtodisasterrecoveryplanningisincorrect?
o
Everyorganizationneedsadisasterrecoveryplan
o
Adisasterrecoveryplancontainsactionstobetakenbefore,duringandafteradisruptiveeven.
o
Themajorgoalofdisasterrecoveryplanningistoprovideanorganizedwaytomakedecisionsifadisruptiveeventoccurs.
o
Adisasterrecoveryplanshouldcoverreturnfromalternatefacilitiestoprimaryfacilities.
A.Itispossiblethatanorganizationmaynotneedadisasterrecoveryplan.Anorganizationmaynothaveanycriticalprocessingareasandbeabletowithstandlengthyinterruptions.Allotherstatementsaretrue.
Source:
KRUTZ,RonaldL.&VINES,RusselD.,TheCISSPPrepGuide:
MasteringtheTenDomainsofComputerSecurity,JohnWiley&Sons,2001,Chapter8:
BusinessContinuityPlanningandDisasterRecoveryPlanning(page281).
Contributor:
ChristianVezina
Studyarea:
CISSPCBKdomain#8-BCPandDRP
Coveredtopic:
Disasterrecoveryplanning
4.Question:
292|Difficulty:
2/5|Relevancy:
3/3
Whichofthefollowingresultsinthemostdevastatingbusinessinterruptions?
o
LossofHardware/Software
o
LossofData
o
LossofCommunicationLinks
o
LossofApplications
B.Source:
VeritaseLearningCD-IntroducingDisasterRecoveryPlanning,Chapter1.
LossofDataisthecorrectanswer.
Alloftheotherscanbereplacedorrepaired.Datathatislostandwasnotbackedup,cannotberestored.
Edited:
July17,2007,MikeYoung,CISSP,MCSE:
Securiity
Contributor:
JamilSiddique
Studyarea:
CISSPCBKdomain#8-BCPandDRP
Coveredtopic:
Disasterrecoveryplanning
5.Question:
115|Difficulty:
2/5|Relevancy:
3/3
Organizationsshouldnotviewdisasterrecoveryaswhichofthefollowing?
o
committedexpense.
o
discretionaryexpense.
o
enforcementoflegalstatutes.
o
compliancewithregulations.
B.Thecorrectansweris:
discretionaryexpense.
DisasterRecoveryshouldneverbeconsideredadiscretionaryexpense.Itisfartoimportantatask.Inordertomaintainthecontinuityofthebusiness DisasterRecoveryshouldbeacommitmentofandbytheorganization.
Thefollowinganswersareincorrect:
committedexpense.IsincorrectbecauseDisasterRecovery shouldbeacommittedexpense.
enforcementoflegalstatutes.IsincorrectbecauseDisasterRecovery canincludeenforcementoflegalstatutes.ManyorganizationshavelegalrequirementstowardDisasterRecovery.
compliancewithregulations.IsincorrectbecauseDisasterRecovery oftenmeanscompliancewithregulations.ManyfinancialinstitutionshaveregulationsrequiringDisasterRecoveryPlansandProcedures.
Lastmodified6/08/2007-J.Hajec
Comment:
DisasterRecovery:
Itprovidesproceduresforemergencyresponse,extendedbackupoperations,andpost-disasterrecoverywhenanorganizationsuffersalossofcomputerprocessingcapabilityorresourcesandphysicalfacilities.
References:
OIGCBKBusinessContinuityandDisasterRecoveryPlanning(pages368-369)
AIOv3BusinessContinuityPlanning (page 699)
Contributor:
donmurdoch
Studyarea:
CISSPCBKdomain#8-BCPandDRP
Coveredtopic:
Disasterrecoveryplanning
6.Question:
358|Difficulty:
4/5|Relevancy:
3/3
ThescopeandfocusoftheBusinesscontinuityplandevelopmentdependsmoston:
o
DirectivesofSeniorManagement
o
BusinessImpactAnalysis(BIA)
o
ScopeandPlanInitiation
o
SkillsofBCPcommittee
B.SearchSDefinitionsmentions"Aspartofadisasterrecoveryplan,BIAislikelytoidentifycostslinkedtofailures,suchaslossofcashflow,replacementofequipment,salariespaidtocatchupwithabacklogofwork,lossofprofits,andsoon.
ABIAreportquantifiestheimportanceofbusinesscomponentsandsuggestsappropriatefundallocationformeasurestoprotectthem.Thepossibilitiesoffailuresarelikelytobeassessedintermsoftheirimpactsonsafety,finances,marketing,legalcompliance,andqualityassurance.
Wherepossible,impactisexpressedmonetarilyforpurposesofcomparison.Forexample,abusinessmayspendthreetimesasmuchonmarketinginthewakeofadisastertorebuildcustomerconfidence."
Source:
KRUTZ,RonaldL.&VINES,RusselD.,TheCISSPPrepGuide:
MasteringtheTenDomainsofComputerSecurity,JohnWiley&Sons,2001,Page278.
ThankstoKeithSmithforgreatfeedbackthatallowedustoimprovethisquestion.
Contributors:
JamilSiddique,ChristophPuppe
Studyarea:
CISSPCBKdomain#8-BCPandDRP
Coveredtopic:
BusinessImpactAssessment(BIA)
7.Question:
698|Difficulty:
4/5|Relevancy:
3/3
Classificationofinformationsystemsisessentialinbusinesscontinuityplanning.Whichofthefollowingsystemtypescannotbereplacedbymanualmethods?
o
Criticalsystem
o
Vitalsystem
o
Sensitivesystem
o
Noncriticalsystem
A.Thefunctionsofacriticalsystemcanonlybereplacedbyidenticalcapabilities.Otherfunctionscanbeperformedmanually.
Source:
InformationSystemsAuditandControlAssociation,CertifiedInformationSystemsAuditor2002reviewmanual,chapter5:
DisasterRecoveryandBusinessContinuity(page254).
Contributor:
ChristianVezina
Studyarea:
CISSPCBKdomain#8-BCPandDRP
Coveredtopic:
BusinessImpactAssessment(BIA)
Thisquestion©Copyright2003–2006ChristianVezina,cccure.org.
8.Question:
1168|Difficulty:
4/5|Relevancy:
3/3
Abusinesscontinuityplanshouldlistandprioritizetheservicesthatneedtobebroughtbackafteradisasterstrikes.Whichofthefollowingservicesismorelikelytobeofprimaryconcern?
o
Marketing/Publicrelations
o
Data/Telecomm/ISfacilities
o
ISOperations
o
Facilitiessecurity
B.Themainconcernwhenrecoveringafteradisasterisdata,telecommandISfacilities.Otherservices,indescendingpriorityorderare:
ISoperations,ISsupportservices,marketstructure,marketing/publicrelations,customerservice&systemssupport,marketregulation/surveillance,listing,applicationdevelopment,accountingservices,facilities,humanresources,facilitiessecurity,legalandOfficeoftheSecretary,nationalsales.
Source:
BARNES,JamesC.&ROTHSTEIN,PhilipJ.,AGuidetoBusinessContinuityPlanning,JohnWiley&Sons,2001(page129).
Contributor:
ChristianVezina
Studyarea:
CISSPCBKdomain#8-BCPandDRP
Coveredtopic:
BusinessImpactAssessment(BIA)
Thisquestion©Copyright2003–2006ChristianVezina,cccure.org.
9.Question:
206|Difficulty:
1/5|Relevancy:
3/3
Whichofthefollowingbackupsitesismosteffectivefordisasterrecovery?
o
Timebrokers
o
Hotsites
o
Coldsites
o
ReciprocalAgreement
B.Reciprocalagreementsarenotcontractsandcannotbeenforced.Youcannotforcesomeoneyouhavesuchanagreementwithtoprovideprocessingtoyou.Governmentregulatorsdonotacceptreciprocalagreementsasvaliddisasterrecoverybackupsites.Coldsitesareemptycomputerroomsconsistingonlyofenvironmentalsystems,suchasairconditioningandraisedfloors,etc.Theyd