Cisa Exam Cram 2

  1. End-user involvement is critical during the business impact assessment phase of business continuity planning.

  2. Redundancy provides both integrity and availability. Organizations should use offsite storage facilities to maintain redundancy of current and critical information within backup files.

  3. Of the three major types of BCP tests (paper, walk-through, and preparedness), only the preparedness test uses actual resources to simulate a system crash and validate the plan's effectiveness.

  4. The primary purpose of business continuity planning and disaster-recovery planning is to mitigate, or reduce, the risk and impact of a business interruption or disaster. Total elimination of risk is impossible.

  5. Disaster recovery for systems typically focuses on making alternative processes and resources available for transaction processing.

  6. If a database is restored from information backed up before the last system image, the system should be restarted before the last transaction because the final transaction must be reprocessed.

  7. Of the three major types of BCP tests (paper, walk-through, and preparedness), a walk-through test requires only that representatives from each operational meet to review the plan.

  8. An offsite processing facility should not be easily identifiable externally because easy identification would create an additional vulnerability for sabotage.

  9. Criticality of assets is often influenced by the business criticality of the data to be protected and by the scope of the impact upon the organization as a whole. For example, the loss of a network backbone creates a much greater impact on the organization as a whole than the loss of data on a typical user's workstation.

  10. Although the primary business objective of BCP and DRP is to mitigate the risk and impact of a business interruption, the dominating objective remains the protection of human life.

  11. Of the three major types of offsite processing facilities (hot, warm, and cold), a cold site is characterized by at least providing for electricity and HVAC. A warm site improves upon this by providing for redundant equipment and software that can be made operational within a short time.

  12. Minimizing single points of failure or vulnerabilities of a common disaster are mitigated by geographically dispersing resources.

  13. With the objective of mitigating the risk and impact of a major business interruption, a disaster-recovery plan should endeavor to reduce the length of recovery time necessary and the costs associated with recovery.

    Although DRP results in an increase of pre- and post-incident operational costs, the extra costs are more than offset by reduced recovery and business impact costs.

  14. Mitigating the risk and impact of a disaster or business interruption usually takes priority over transferring risk to a third party such as an insurer.

  15. A cold site is often an acceptable solution for preparing for recovery of noncritical systems and data.

  16. Offsite data storage should be kept synchronized when preparing for recovery of time-sensitive data such as that resulting from transaction processing.

  17. Any changes in systems assets, such as replacement of hardware, should be immediately recorded within the assets inventory of a business continuity plan.

  18. Shadow file processing can be implemented as a recovery mechanism for extremely time-sensitive transaction processing.

Категории