Académique Documents
Professionnel Documents
Culture Documents
xmlid=9781118105948%2Fscenariobased_questions_answer0025
Username:AdityaMishraBook:CISSPPractice:2,250Questions,Answers,andExplanationsforPassingtheTest.Nopartofanychapterorbookmaybe
reproducedortransmittedinanyformbyanymeanswithoutthepriorwrittenpermissionforreprintsandexcerptsfromthepublisherofthebookorchapter.
RedistributionorotherusethatviolatesthefairuseprivilegeunderU.S.copyrightlaws(see17USC107)orthatotherwiseviolatestheseTermsofServiceis
strictlyprohibited.ViolatorswillbeprosecutedtothefullextentofU.S.FederalandMassachusettslaws.
SCENARIOBASEDQUESTIONS,ANSWERS,ANDEXPLANATIONS
Usethefollowinginformationtoanswerquestions1through7.
TheGKMCompanyhasjustcompletedthebusinessimpactanalysis(BIA)foritsdataprocessingfacilities.Thecontinuityplanningteamfoundintheriskanalysisthatthereis
asinglepointoffailureinthatbackuptapesfromoffsitelocationsarecontrolledbyanindividualwhoworksforthevendor.Thecontractforthevendordoesnotexpirefor3
years.
1.Whichofthefollowingusesbothqualitativeandquantitativetools?
a.Anecdotalanalysis
b.Businessimpactanalysis
c.Descriptiveanalysis
d.Narrativeanalysis
1.b.ThepurposeofBIAistoidentifycriticalfunctions,resources,andvitalrecordsnecessaryforanorganizationtocontinueitscriticalfunctions.Inthisprocess,the
BIA uses both quantitative and qualitative tools. The other three choices are incorrect because they are examples that use qualitative tools. Anecdotal records
constituteadescriptionornarrativeofaspecificsituationorcondition.
2.Withrespecttobusinesscontinuityplanning/disasterrecoveryplanning(BCP/DRP),riskanalysisispartofwhichofthefollowing?
a.Costbenefitanalysis
b.Businessimpactanalysis
c.Backupanalysis
d.Recoveryanalysis
2.b. The risk analysis is usually part of the business impact analysis (BIA). It estimates both the functional and financial impact of a risk occurrence to the
organizationandidentifiesthecoststoreducetheriskstoanacceptablelevelthroughtheestablishmentofeffectivecontrols.Costbenefitanalysis,backupanalysis,
andrecoveryanalysisarepartoftheBIA.
3.WithrespecttoBCP/DRP,theBIAidentifieswhichofthefollowing?
a.Threatsandrisks
b.Costsandimpacts
c.Exposuresandfunctions
d.Eventsandoperations
3.a.BIAistheprocessofidentifyinganorganization'sexposuretothesuddenlossofselectedbusinessfunctionsand/orthesupportingresources(threats)and
analyzingthepotentialdisruptiveimpactofthoseexposures(risks)onkeybusinessfunctionsandcriticalbusinessoperations.TheBIAusuallyestablishesacost
(impact)associatedwiththedisruptionlastingvaryinglengthsoftime.
4.Thebusinessimpactanalysis(BIA)shouldcriticallyexaminethebusinessprocessesandwhichofthefollowing?
a.Composition
b.Priorities
c.Dependencies
d.Servicelevels
4.c.Thebusinessimpactanalysis(BIA)examinesbusinessprocessescompositionandpriorities,businessoroperatingcycles,servicelevels,and,mostimportant,the
businessprocessdependencyonmissioncriticalinformationsystems.
5.Themajorthreatsthatadisasterrecoveryandcontingencyplanshouldaddressincludewhichofthefollowing?
a.Physicalthreats,softwarethreats,andenvironmentalthreats
b.Physicalthreatsandenvironmentalthreats
c.Softwarethreatsandenvironmentalthreats
http://techbus.safaribooksonline.com/print?xmlid=9781118105948%2Fscenariobased_questions_answer0025 1/2
5/1/2017 techbus.safaribooksonline.com/print?xmlid=9781118105948%2Fscenariobased_questions_answer0025
d.Hardwarethreatsandlogicalthreats
5. b. Physical and environmental controls help prevent contingencies. Although many of the other controls, such as logical access controls, also prevent
contingencies,themajorthreatsthatacontingencyplanaddressesarephysicalandenvironmentalthreats,suchasfires,lossofpower,plumbingbreaks,ornatural
disasters.Logicalaccesscontrolscanaddressboththesoftwareandhardwarethreats.
6.Risksintheuseofcellularradioandtelephonenetworksduringadisasterincludewhichofthefollowing?
a.Securityandswitchingoffice
b.Securityandredundancy
c.Redundancyandbackuppowersystems
d.Backuppowersystemsandswitchingoffice
6.a.Theairwavesarenotsecure,andamobiletelephoneswitchingofficecanbelostduringadisaster.Thecellularcompanymayneedadiverseroutefromthecell
sitetoanothermobileswitchingoffice.
7.Contingencyplanningintegratestheresultsofwhichofthefollowing?
a.Businesscontinuityplan
b.Businessimpactanalysis
c.Corebusinessprocesses
d.Infrastructuralservices
7.b.Contingencyplanningintegratesandactsontheresultsofthebusinessimpactanalysis.Theoutputofthisprocessisabusinesscontinuityplanconsistingofa
setofcontingencyplanswithasingleplanforeachcorebusinessprocessandinfrastructurecomponent.Eachcontingencyplanshouldprovideadescriptionofthe
resources,staffroles,procedures,andtimetablesneededforitsimplementation.
http://techbus.safaribooksonline.com/print?xmlid=9781118105948%2Fscenariobased_questions_answer0025 2/2