Information security and risk management

profileAkash
Chapter13.docx
Home>Computer Science homework help>Information security and risk management

Chapter 13

QUESTION 1

1. It is dangerous to assume anything when creating a BCP, because assumptions are rarely accurate.

 True

 False

0.10000 points   

QUESTION 2

1. Who coordinates the actions of the DAT and works closely with the EMT lead and BCP coordinator?

DAT coordinator

TRT lead

BCP PM

DAT lead

0.10000 points   

QUESTION 3

1. What is NOT one of the three commonly used BCP teams?

technical recovery

emergency management

critical contractor

damage assessment

0.10000 points   

QUESTION 4

1. All critical systems should be included in a BCP.

 True

 False

0.10000 points   

QUESTION 5

1. Even though the BIA identifies priorities, it is common to reaffirm them in a BCP.

 True

 False

0.10000 points   

QUESTION 6

1. What correctly lists the overall steps of a BCP?

purpose; scope; assumptions and planning principles; system descriptions and architecture; responsibilities; provide training; test and exercise plans; maintain and update plans

charter the BCP and create scope statements; complete the BIA; identify countermeasures and controls; develop individual DRPs; provide training; test and exercise plans; maintain and update plans

charter the BCP and create scope statements; complete the BIA; identify countermeasures and controls; develop individual DRPs; notification/activation phase; recovery phase; reconstitution phase; plan training, testing, and exercises; plan maintenance

purpose; scope; assumptions and planning principles; system descriptions and architecture; responsibilities; notification/activation phase; recovery phase; reconstitution phase; plan training, testing, and exercises; plan maintenance

0.10000 points   

QUESTION 7

1. The overview section provides a description of the CBFs.

 True

 False

0.10000 points   

QUESTION 8

1. Who coordinates the actions of the EMT and works closely with the DAT lead and BCP coordinator?

EMT lead

BCP PM

EMT coordinator

TRT lead

0.10000 points   

QUESTION 9

1. If a disruption occurs during work hours, then the BCP PM will probably be on the scene quickly. If the disruption occurs after hours, then the BCP PM should be contacted first thing the next business day.

 True

 False

0.10000 points   

QUESTION 10

1. When is the notification/activation phase?

when the BCP CM declares it so

the first step of a BCP

depends on the type of interruption

when the disruption has occurred or is imminent

0.10000 points   

QUESTION 11

1. Criticality of operations identifies the order of importance of each of the seven domains of the typical IT infrastructure.

 True

 False

0.10000 points   

QUESTION 12

1. If a system houses data, you need to ensure that data is protected according to _______.

the C-I-A triad

the BCP’s scope

its criticality

its level of classification

0.10000 points   

QUESTION 13

1. The functional description builds on the __________.

strategy

overview

BIA

system description and architecture

0.10000 points   

QUESTION 14

1. What is the overall goal of BCP exercises?

to ensure continued operations after a disruption or disaster

to demonstrate how the BCP will work

to verify that the BCP will work as planned

to teach people the details of the BCP

0.10000 points   

QUESTION 15

1. When an emergency is declared, the ____________ usually contact(s) appropriate teams or team leads.

BCP PM

stakeholders

BCP coordinator

department heads

0.10000 points   

QUESTION 16

1. Training should be conducted at least annually.

 True

 False

0.10000 points   

QUESTION 17

1. The TRT lead needs to be very familiar with existing DRPs and may have even authored them.

 True

 False

0.10000 points   

QUESTION 18

1. What is the purpose of a BCP?

to ensure that mission-critical elements of an organization continue to operate after a disruption

to ensure that mission-critical elements of an organization are properly restored after a disruption

to prevent loss of mission-critical activities of organization employees in case of a disruption

to identify mission-critical elements of an organization in case of a disruption

0.10000 points   

QUESTION 19

1. Some personnel can be deemed mission-critical.

 True

 False

0.10000 points   

QUESTION 20

1. Having supplies on hand for continued production _______________.

is a best practice in the creation and implementation of a BCP

may be preferable to having an organization obtain parts and supplies as needed

may conflict with other organizational planning principles

is the definition of a just-in-time philosophy

0.10000 points   

Click Save and Submit to save and submit. Click Save All Answers to save all answers.

Chapter 12

QUESTION 1

1. Every resource has an MAO and an impact if it fails.

 True

 False

0.10000 points   

QUESTION 2

1. What is NOT a direct cost?

equipment replacement costs

building replacement costs

penalty costs for noncompliance issues

penalty costs for nonrepudiation issues

0.10000 points   

QUESTION 3

1. A BIA is intended to include all IT functions.

 True

 False

0.10000 points   

QUESTION 4

1. Choose the answer that correctly lists the seven steps of a BIA.

develop the contingency planning policy statement; conduct the business impact analysis; identify preventive controls; identify critical resources; identify the maximum downtime; identify recovery priorities; and develop the BIA report

identify the environment; identify stakeholders; identify critical business functions; identify critical resources; identify the maximum downtime; identify recovery priorities; and develop the BIA report

develop the contingency planning policy statement; conduct the business impact analysis; identify preventive controls; create contingency strategies; develop an information system contingency plan; ensure plan testing, training, and exercises; and ensure plan maintenance

identify the environment; identify stakeholders; identify critical business functions; create contingency strategies; develop an information system contingency plan; ensure plan testing, training, and exercises; and ensure plan maintenance

0.10000 points   

QUESTION 5

1. The seven steps of a BIA are the same as the seven steps of contingency planning.

 True

 False

0.10000 points   

QUESTION 6

1. You are a stakeholder who has just designated a function as critical. What must you do now?

Dedicate resources to protect the function.

Perform a CBA.

Evaluate vulnerabilities.

Bring it up in the next meeting.

0.10000 points   

QUESTION 7

1. What is NOT one of the steps of contingency planning?

identifying assets

ensuring plan maintenance

conducting the business impact analysis

creating contingency strategies

0.10000 points   

QUESTION 8

1. A BIA is concerned with identifying and implementing recovery methods.

 True

 False

0.10000 points   

QUESTION 9

1. Once you identify CBFs and critical business processes, you need to map them to a BIA.

 True

 False

0.10000 points   

QUESTION 10

1. BIAs identify an impact that can result from ____________.

uncontrolled vulnerabilities

disruptions in a business

failure of a DMZ

threats to the IT infrastructure

0.10000 points   

QUESTION 11

1. RPO stands for ____________.

recovery point objective

recovery program objective

recovery policy objective

recovery product objective

0.10000 points   

QUESTION 12

1. Questionnaires, forms, and surveys are the standard way to collect data for a BIA.

 True

 False

0.10000 points   

QUESTION 13

1. What is NOT an indirect cost?

loss of goodwill

costs to re-create or recover data

lost opportunities during recovery

costs to regain market share

0.10000 points   

QUESTION 14

1. What does POCs stand for?

policies of compliance

procedures of control

policies of control

system points of contact

0.10000 points   

QUESTION 15

1. What acronym is NOT a critical term when working with BIAs?

MAO

CBA

CBF

CSF

0.10000 points   

QUESTION 16

1. For a BIA, the step of “identifying the environment” means having a good understanding of the business function.

 True

 False

0.10000 points   

QUESTION 17

1. Low RTOs are _______ but _______.

unachievable, ideal

elusive, maintainable

achievable, costly

risky, high-yield

0.10000 points   

QUESTION 18

1. RTO stands for ________.

recovery time obstacle

repair transfer objective

repair task objective

recovery time objective

0.10000 points   

QUESTION 19

1. What is NOT a best practice when performing a BIA?

using a top-down approach

starting with clear objectives

plan interviews and meetings in advance

performing a CBA

0.10000 points   

QUESTION 20

1. There are seven steps of contingency planning.

 True

 False

0.10000 points   

Click Save and Submit to save and submit. Click Save All Answers to save all answers.

Lab 7

QUESTION 1

1. True or False: the BIA is similar to conducting a risk assessment except that it is focused on identifying critical, major and minor business functions and operations.

 True

 False

0.25000 points   

QUESTION 2

1. True or False: the larger the RTO and RPO maximum allowable time, the potentially more expensive the solution.

 True

 False

0.25000 points   

QUESTION 3

1. What is the proper sequence of development and implementation for the following?

1. Risk Management plan, 2. Business Impact Analysis, 3. Business Continuity plan, then 4. Disaster Recovery plan.

1. Business Continuity plan, 2. Business Impact Analysis, 3. Disaster Recovery plan, then 4. Risk Management plan.

1. Risk Management plan, 2. Business Continuity plan, 3. Business Impact Analysis, then 4. Disaster Recovery plan.

1. Business Continuity plan, 2. Risk Management plan, 3.Business Impact Analysis, then 4. Disaster Recovery plan.

0.25000 points   

QUESTION 4

1. True or False: Customer Service business functions typically have a short RTO and RPO maximum allowable time objective.

 True

 False

0.25000 points   

QUESTION 5

1. True or False: RTO is what the organization defines as the minimum allowable or acceptable downtime.

 True

 False

0.25000 points   

QUESTION 6

1. True or False: The BIA’s goal and purpose is to identify IT Infrastructure components that are critical to the organization. 

 True

 False

0.25000 points   

QUESTION 7

1. True or False: If the RPO metric does not equal the RTO, you can potentially lose data that might not be backed up.

 True

 False

0.25000 points   

QUESTION 8

1. True or False: The BIA helps define the scope and priorities of the Business Continuity plan and the Disaster Recovery plan.

 True

 False

0.25000 points   

Click Save and Submit to save and submit. Click Save All Answers to save all answers.

Lab 8

1. True or False: Disaster Planning is not part of the BCP?

 True

 False

0.25000 points   

QUESTION 2

1. Which of the following should develop and participate in an organization's BCP?

All of the above

Executive Management

Human Resources

IT

0.25000 points   

QUESTION 3

1. True or False: a BIA helps define the scope of the BCP itself.

 True

 False

0.25000 points   

QUESTION 4

1. True or False: the BCP should be updated at least once a year.

 True

 False

0.25000 points   

QUESTION 5

1. Which of the following is NOT true.  A BCP helps mitigate the risk of:

Lengthy IT system outages.

Losing human life.

Lost revenue and lost intellectual property assets.

All of the above are True

0.25000 points   

QUESTION 6

1. True or False: The purpose of having documented IT system, application and data recovery procedures/steps is to help achieve the RTO defined by executive management?

 True

 False

0.25000 points   

QUESTION 7

1. True or False: you still need a BCP or DRP if you have business liability insurance, asset replacement insurance and natural disaster insuranc

 True

 False

0.25000 points   

QUESTION 8

1. True or False: If a business cannot operate, the BCP assists in bringing the business back to life and operational readiness.

 True

 False

0.25000 points   

Click Save and Submit to save and submit. Click Save All Answers to save all answers.