Overview
Please answer the following true and false / multiple choice questions. Please use the course
content that we have covered as well as your notes.

1. Risk management tends to be preventative, whereas BCM tends to deal more with consequences.
2. The five phases of business continuity are: prevention, mitigation, response, recovery and restoration.
3. Strictly speaking, business continuity planning is a subset of technology planning.
4. Which one, if any, of the following statements regarding BCM is false?
   a. BCM is a holistic program.
   b. Risk management and BCM are competing fields.
   c. There are multiple purposes of BCM.
   d. BCM is used to prevent serious disruptions, if possible, and to mitigate the impact of occurring disruptions.
5. Which one of the following statements regarding BCM is false?
   a. Risk management is the foundation of comprehensive BCM.
   b. Senior management is responsible to initiate and oversee BCM.
   c. All employees of an organization need to understand their role in BCM.
   d. Utilizing business continuity and risk management simultaneously is inefficient and unproductive.
6. Which one of the following statements is true?
   a. A primary objective of the ERP is life-safety.
   b. BIA is not really a planning component; therefore, conducting BIA should be considered as an optional project.
   c. The maintenance stage of BCM includes ERP development and testing.
   d. None of the above statements are true.
7. It is not uncommon to find the COO, and not the CEO, at the top of the Chain-of- Command for crisis event purposes.
8. BIA determines the importance of the organization’s activities by assessing the impact over time.
9. BIA identifies critical operations, supply chains and interdependencies.
10. For most organizations, all operations are considered to be critical operations.
11. Which one of the following statements is false?
    a. The objectives of the BIA include the determination of critical deliverables.
    b. The objectives of the BIA include the determination of the impact over time of deliverables.
    c. The objectives of the BIA include the determination of objectives.
    d. The objectives of the BIA include the determination of risks.
12. Which one of the following statements is false?
    a. A ‘resource’ is an asset used to conduct operations.
    b. ‘Resources’ include personnel, facilities, equipment, inventory, utilities and systems.
    c. A ‘Recovery Point Objective (RPO)’ is a retrospective point in time to which information must be restored to ensure objectives can be met.
    d. ‘Impact’ is the effect of an event.
13. Regarding the RTO, which one of the following statements is false?
    a. Recovery efforts focus on recovering operations with the shortest RTO first.
    b. The RTO is the prospective point in time when an operation must be resumed before a disruption compromises the ability of the organization to achieve its objectives.
    c. The RTO may initially target a temporary recovery level less than a full 100% recovery.
    d. Once an RTO is established it is never changed.
14. Regarding the RPO and RTO, which one of the following statements is false?
    a. Business continuity and recovery efforts focus on recovering operations with the shortest RTO first.
    b. The RPO is a retrospective point in time to which information must be recovered to ensure objectives can be met.
    c. A short RTO will typically require less expensive strategies.
    d. The RPO establishes the pre-crisis period of acceptable information loss.
15. The terms ‘threat’ and ‘crisis event’ mean the same thing.
16. The terms ‘event’ and ‘incident’ mean the same thing.
17. Which one of the following statements is false?
    a. A ‘threat’ is also referred to as a ‘hazard.’
    b. An ‘event’ is also referred to as an ‘incident.’
    c. ‘Risk Assessment’ is also referred to as ‘risk treatment.’
    d. ‘Impact’ is also referred to as ‘consequences.’
18. Which one of the following statements about information security is generally false?
    a. Smaller data centers need to designate someone to be in charge of information security even if that position is not full time.
    b. An information threat assessment should be performed.
    c. In an extreme case, a security breach could result in an organization bankruptcy.
    d. The information security plan is strictly based upon costs.
19. A useful way of implementing controls in any situation is to view them as a multilayered process of controls.
20. Federal laws dictate how long certain business data must be maintained. However, some companies may choose to archive their data for longer periods of time.
21. The Emergency Response Plan is designed for use by the Incident Commander only.
22. Regarding the Emergency Response Plan, which one of the following statements is true?
    a. The Emergency Response Plan should detail the response to hazard-specific crisis events as identified in RA and BIA.
    b. The Emergency Response Plan is designed for use primarily by the Crisis Communication Team.
    c. The Emergency Response Plan does not address pre-strike event action steps for crisis events that provide a warning period.
    d. Employees are typically provided with the complete Emergency Response Plan.
23. Regarding the Emergency Response Plan, which one of the following statements is true?
    A. Each important preparation and response step should be stated in alphabetical order and assigned to the appropriate individual, team or department.
    B. The Emergency Response Plan does not include activities during the crisis pre-strike phase.
    C. The Emergency Response Plan should address all specific crisis events of significance as identified in RA and BIA.
    D. The primary objective of the Emergency Response Plan is recovery.
24. Before final approval, the BCP needs to be verified that it is consistent with the BIA report.
25. The first objective of the BCP is to protect the environment.

Sample Solution

Share on Facebook

Tweet

Follow us