keywords:
Bookmark and Share



Front Back
1. What procedures should take place to restore a system and its data files after a system failure? A. Restore from storage media backup B. Perform a parallel test C. Implement recovery procedures D. Perform a walk-through test
1. C. In this and similar situations, recovery procedures should be followed, which most likely includes recovering data from the backup media. Recovery procedures could include proper steps of rebuilding a system from the beginning, applying the necessary patches and configurations, and ensuring that what needs to take place to ensure productivity is not affected. Some type of redundant system may need to be put into place.
2. What is one of the first steps in developing a business continuity plan? A. Identify backup solution B. Decide whether the company needs to perform a walk-through, parallel, or simulation test C. Perform a business impact analysis D. Develop a business resumption plan
2. C. A business impact analysis includes identifying critical systems and functions of a company and interviewing representatives from each department. Once management’s support is solidified, a business impact analysis needs to be performed to identify the threats the company faces and the potential costs of these threats.
3. How often should a business continuity plan be tested? A. At least every ten years B. Only when the infrastructure or environment changes C. At least every two years D. Whenever there are significant changes in the organization
3. D. The plans should be tested if there have been substantial changes to the company or the environment. They should also be tested at least once a year.
4. During a test recovery procedure, one important step is to maintain records of important events that happen during the procedure. What other step is just as important? A. Schedule another test to address issues that took place during that procedure B. Make sure someone is prepared to talk to the media with the appropriate responses C. Report the events to management D. Identify essential business functions
4. C. When recovery procedures are carried out, the outcome of those procedures should be reported to the individuals who are responsible for this type of activity, which is usually some level of management. If the procedures worked properly, management should know it, and if problems were encountered, management should definitely be made aware of them. Members of management are the ones who are responsible overall for fixing the recovery system and will be the ones to delegate this work and provide the necessary funding and resources.
5. Which of the following actions is least important when quantifying risks associated with a potential disaster? A. Gathering information from agencies that report the probability of certain natural disasters taking place in that area B. Identifying the company’s key functions and business requirements C. Identifying critical systems that support the company’s operations D. Estimating the potential loss and impact the company would face based on how long the outage lasted
5. A. The question asked you about quantifying the risks, which means to calculate the potential business impact of specific disasters. The core components of a business impact analysis are • Identifying the company’s key functions and business requirements • Identifying critical systems that support the company’s operations • Estimating the potential loss and impact the company would face based on how long the outage lasted Gathering information from agencies that report the probability of certain natural disasters taking place in that area is an important piece in determining the probability of these threats, but it is considered least necessary when quantifying the potential damage that could be experienced.
6. The purpose of initiating emergency actions right after a disaster takes place is to prevent loss of life and injuries, and to _______________. A. Secure the area to ensure that no looting or fraud takes place B. Mitigate further damage C. Protect evidence and clues D. Investigate the extent of the damages
6. B. The main goal of disaster recovery and business continuity plans is to mitigate all risks that could be experienced by a company. Emergency procedures first need to be carried out to protect human life and then other procedures need to be executed to reduce the damage from further threats.
7. Which of the following is the best way to ensure that the company’s backup tapes can be restored and used at a warm site? A. Retrieve the tapes from the offsite facility and verify that the equipment at the original site can read them B. Ask the offsite vendor to test them and label the ones that were properly read C. Test them on the vendor’s machine, which won’t be used during an emergency D. Inventory each tape kept at the vendor’s site twice a month
7. A. A warm site is a facility that will not be fully equipped with the company’s main systems. The goal of using a warm site is that, if a disaster takes place, the company will bring its systems with it to the warm site. If the company cannot bring the systems with it because they are damaged, the company must purchase new systems that are exactly like the original systems. So, to properly test backups, the company needs to test them by recovering the data on its original systems at its main site.
8. Which best describes a hot-site facility versus a warm- or cold-site facility? A. A site that has disk drives, controllers, and tape drives B. A site that has all necessary PCs, servers, and telecommunications C. A site that has wiring, central air, and raised flooring D. A mobile site that can be brought to the company’s parking lot
8. B. A hot site is a facility that is fully equipped and properly configured so that it can be up and running within hours to get a company back into production. Answer B gives the best definition of a fully functionally environment.
9. Which is the best description of remote journaling? A. Backing up bulk data to an offsite facility B. Backing up transaction logs to an offsite facility C. Capturing and saving transactions to two mirrored servers in-house D. Capturing and saving transactions to different media types
9. B. Remote journaling is a technology used to transmit data to an offsite facility, but this usually only includes moving the journal or transaction logs to the offsite facility, not the actual files.
10. Which of the following is something that should be required of an offsite backup facility that stores backed-up media for companies? A. The facility should be within 10 to 15 minutes of the original facility to ensure easy access. B. The facility should contain all necessary PCs and servers and should have raised flooring. C. The facility should be protected by an armed guard. D. The facility should protect against unauthorized access and entry.
10. D. This question addresses a facility that is used to store backed-up data; it is not talking about an offsite facility used for disaster recovery purposes. The facility should not be only 10–15 minutes away because some types of disaster could destroy both the company’s main facility and this facility if they are that close together, in which case the company would lose all of its information. The facility should have the same security standards as the company’s security, including protection against unauthorized access.
11. Which item will a business impact analysis not identify? A. Whether the company is best suited for a parallel or full-interrupt test B. What areas would suffer the greatest operational and financial loss in the event of a particular disaster or disruption C. What systems are critical for the company and must be highly protected D. What amount of outage time a company can endure before it is permanently crippled
11. A. All the other answers address the main components of a business impact analysis. Determining the best type of exercise or drill to carry out is not covered under this type of analysis.
12. Which areas of a company are recovery plans recommended for? A. The most important operational and financial areas B. The areas that house the critical systems C. All areas D. The areas that the company cannot survive without
12. C. It is best if every department within the company has its own contingency plan and procedures in place. These individual plans would “roll up” into the overall BCP enterprise plan.
13. Who has the final approval of the business continuity plan? A. The planning committee B. Each representative of each department C. Management D. External authority
13. C. Management really has the final approval over everything within a company, including these plans.
14. Which are the proper steps for developing a continuity plan? A. Project initiation, strategy development, business impact analysis, plan development, implementation, testing, and maintenance B. Strategy development, project initiation, business impact analysis, plan development, implementation, testing, and maintenance C. Implementation and testing, project initiation, strategy development, business impact analysis, and plan development D. Plan development, project initiation, strategy development, business impact analysis, implementation, testing, and maintenance
14. A. These steps outline the processes that should take place from beginning to end pertaining to these types of plans.
15. What is the most crucial piece of developing a business continuity plan? A. Business impact analysis B. Implementation, testing, and following through C. Participation from each and every department D. Management support
15. D. Management’s support is the first thing to obtain before putting any real effort into developing these plans. Without management’s support, the effort will not receive the necessary attention, resources, funds, or enforcement.
16. During development, testing, and maintenance of the continuity plan, a high degree of interaction and communications is crucial to the process. Why? A. This is a regulatory requirement of the process. B. The more people who talk about it and are involved, the more awareness will increase. C. This is not crucial to the plan and should not be interactive because it will most likely affect operations. D. Management will more likely support it.
16. B. Communication not only spreads awareness of these plans and their contents, but also allows more people to discuss the possible threats and solutions, which may lead to ideas that the original team did not consider.
17. To get proper management support and approval of the plan, a business case must be made. Which of the following is least important to this business case? A. Regulatory and legal requirements B. Company vulnerabilities to disasters and disruptions C. How other companies are dealing with these issues D. The impact the company can endure if a disaster hits
17. C. The other three answers are key components when building a business case. Although it is a good idea to investigate and learn about how other companies are dealing with similar issues, it is the least important of the four items listed.
18. Which of the following describes a parallel test? A. It is performed to ensure that some systems will run at the alternate site. B. All departments receive a copy of the disaster recovery plan and walk through it. C. Representatives from each department come together and go through the test collectively. D. Normal operations are shut down.
18. A. In a parallel test, some systems are run at the alternate site and the results are compared with how processing takes place at the primary site. This is to ensure that the systems work in that area and productivity is not affected. This also extends the previous test and allows the team to walk through the steps of setting up and configuring systems at the offsite facility.
19. Which of the following describes a structured walk-through test? A. It is performed to ensure that critical systems will run at the alternate site. B. All departments receive a copy of the disaster recovery plan and walk through it. C. Representatives from each department come together and go through the test collectively. D. Normal operations are shut down.
19. C. During a structured walk-through test, functional representatives review the plan to ensure its accuracy and that it correctly and accurately reflects the company’s recovery strategy.
20. When is the emergency actually over for a company? A. When all people are safe and accounted for B. When all operations and people are moved back into the primary site C. When operations are safely moved to the offsite facility D. When a civil official declares that all is safe
20. B. The emergency is not actually over until the company moves back into its primary site. The company is still vulnerable and at risk while it is operating in an altered or crippled state. This state of vulnerability is not over until the company is operating in the way it was prior to the disaster. Of course, this may mean that the primary site has to be totally rebuilt if it was destroyed.
21. Which of the following does not describe a reciprocal agreement? A. The agreement is enforceable. B. It is a cheap solution. C. It may be able to be implemented right after a disaster. D. It could overwhelm a current data processing site.
21. A. A reciprocal agreement is not enforceable, meaning that the company that agreed to let the damaged company work out of its facility can decide not to allow this to take place. A reciprocal agreement is a better secondary backup option if the original plan falls through.
22. Which of the following describes a cold site? A. Fully equipped and operational in a few hours B. Partially equipped with data processing equipment C. Expensive and fully configured D. Provides environmental measures but no equipment
22. D. A cold site only provides environmental measures—wiring, air conditioning, raised floors—basically a shell of a building and no more.
23. Which of the following best describes what a disaster recovery plan should contain? A. Hardware, software, people, emergency procedures, recovery procedures B. People, hardware, offsite facility C. Software, media interaction, people, hardware, management issues D. Hardware, emergency procedures, software, identified risk
23. A. The recovery plan should contain information about how to deal with people, hardware, software, emergency procedures, recovery procedures, facility issues, and supplies.
24. Which of the following is not an advantage of a hot site? A. Offers many hardware and software choices B. Is readily available C. Can be up and running in hours D. Annual testing is available
24. A. Because hot sites are fully equipped, they do not allow for a lot of different hardware and software choices. The subscription service offers basic software and hardware products and does not usually offer a wide range of proprietary items.
25. D. The plan should be part of normal business activities. A lot of time and resources go into creating disaster recovery plans, after which they are usually stored away and forgotten about. They need to be updated continuously as the environment changes to ensure that the company can properly react to any type of disaster or disruption.
25. D. The plan should be part of normal business activities. A lot of time and resources go into creating disaster recovery plans, after which they are usually stored away and forgotten about. They need to be updated continuously as the environment changes to ensure that the company can properly react to any type of disaster or disruption.
x of y cards