Download DRI International BCP Examination Questions and Answers and more Exams Business Statistics in PDF only on Docsity!
DRI International BCP Examination Questions and Answers with
Complete Solution
1. Business Continuity: An ongoing process to ensure that the
necessary steps are taken to identify the impact of potential losses and maintain viable recovery strategies, recovery plans, and continuity of services. (NFPA 1600)
2. Disaster Recovery: The technical aspect of business continuity.
The collection of resources and activities to re-establish information technology services (including components such as infrastructure, telecommunications, systems, applications and data) at an alternate site following a disruption of IT services. Dis- aster recovery includes subsequent resumption and restoration of those operations at a more permanent site. (DRJ)
3. Risk Assessment: The quantification of threats to an organization and
the prob- ability of them being realized. (BCI)
4. Business Impact Analysis: A method of identifying the effects of
failing to perform a function or requirement. (FCD-1)
5. Recovery Time Objective: Time goal for the restoration and recovery of
functions or resources based on the acceptable down time and acceptable level of perfor- mance in case of a disruption of operations. (ASIS)
6. Recovery Point Objective: Point to which information used by an
activity must be restored to enable the activity to operate on resumption. ISO Editor's Note: Can also be referred to as "maximum data loss". (ISO 22301)
7. Crisis Management: The overall coordination of an organization's
response to a crisis, in an effective, timely manner, with the goal of avoiding or minimizing damage to the organization's profitability,
reputation, and ability to operate. (DRJ)
8. Incident Management: The process by which an organization
responds to and controls an incident using emergency response procedures or plans. (DRJ)
9. Incident Response: The response of an organization to a disaster or
other significant event that may significantly impact the organization, its people, or its ability to function productively. An incident response may include evacuation of a facility, initiating a disaster recovery plan, performing damage assessment, and any other measures necessary to bring an organization to a more stable status. (DRJ)
10. The Business Continuity Professional's Role: 1. Establish the
need for a business continuity program
2.Obtain support and funding for the business continuity program
3.Build the organizational framework to support the business continuity
program
11. Scope: The boundary, or extent, to which a process, procedure,
certification, or contract applies - considers the whole entity.
12. Objectives: Documents what will be delivered at the end of the
project and what benefit that will provide to the entity.
13. Assumptions: Documents the assumptions you are making regarding
the pro- gram.
14. The steering committee should ..: Determine/establish objectives,
program structure, critical success factors and be involved in project/program management
15. In which area of the professional practices would you develop
teams for the Business Continuity program?: Program initiation and management
28. To establish the need for a business continuity program you must::
Ref- erence legal and regulatory requirements, reference relevant standards, show the benefits of the program within the context of the organization's mission.
29. Leadership is accountable and liable to know:: Their legal
responsibilities in- cluding: applicable laws, regulations, and contractual and employment agreements.
30. What must you present to leadership to establish the need for
business continuity management?: Legal and regulatory requirements
31. In which professional practice would you identify teams that will
support the business continuity program implementation?: Program initiation and man- agement
32. What is the role of the business continuity steering committee?:
To imple- ment objectives, program structure, and critical success factors.
33. Is program management a part of the steering committees role?:
Yes, they help manage the business continuity program.
34. In which of the three elements of a business continuity plan would
you put exclusions?: In the scope.
35. Who is legally responsible for the business continuity program
and out- comes?: The CEO and leadership.
36. What information should be presented to leadership about the
need for business continuity?: Legal and regulatory requirements.
37. Which team is responsible for defining the objectives, structure,
policies, and charter for the business continuity program?: The steering committee.
38. What is the most critical element to the success of the
business continuity planning effort?: Leadership commitment.
39. Which team provides resources and support to the
business continuity program?: The steering committee.
40. The most important role for the business continuity professional
in per- forming a risk assessment is?: To determine the probability and impact of the identified risks.
41. To collect data for risk assessments and BIA's one must use a
combination of what methods?: Forms and questionnaires, interviews and
49. Resilience: The adaptive capacity of an organization in a complex and
changing environment
50. Controls: Processes, procedures, or devices that prevent or
mitigate impact exposures/risks
51. What is the number one emerging supply chain risk?: Cyber
attack 52. Business interruption insurance: The requirement for calculation of adequate insurance, covering financial loss due to temporary business cessation.
53. Extra expense insurance: Pays for extra expenses to maintain
operations after an accident to an insured item until normal operations can be restored.
54. Contingent business interruption insurance: Reimburses for lost
profits and extra expenses. due to an interruption relating to a customer or supplier.
55. What are the primary objectives of conducting a risk assessment?:
To understand the entity's exposure to loss and evaluate the effectiveness of controls and safeguards.
56. What is describes mitigation?: Reducing risk
57. What is an objective of performing a risk assessment?: To identify risks
that can adversely affect an entity's resources.
58. What are examples of quantitative impacts?: Percentages,
numbers, money
59. What are examples of qualitative impacts?: High, medium, low
60. What is the number one objective of the BIA?: To prioritize
functions and processes based on the level of criticality and time sensitivity
61. What is the second objective of the BIA?: To determine the
recovery objec- tives for core and support functions and processes.
62. What is the third objective of the BIA?: To analyze the findings to
ascertain any gaps between the entity's requirements and it's ability to deliver those require- ments.
63. A BIA sets requirements not?: Strategies
64. Recovery Point Objective: The amount of data that you can tolerate
to lose. Data that is not on the backup.
65. What is the primary goal of the BIA?: To gain acceptance of the
RTO and RPO for each operational area
66. Sole Source Supplier: The only supplier of that resource, no other
options.
67. Single Source Supplier: The only supplier that you choose to
supply your resource, however there are other options out there.
68. What is one of the last steps in the BIA process?: To prepare a
gap analysis
69. What are example gaps?: Resource, time, and data gaps
70. Impact should determine?: The frequency of backups
71. The greater the impact from lost data the?: More frequently
backups should be completed
72. Objective of the BIA?: Entity function/process criticality and time
sensitivity
73. What is the first planning professional practice?: Business
Continuity Srate- gies
74. What is the objective for the professional practice: Business
continuity strategies: Select cost-effective strategies to reduce deficiencies as identified dur- ing the risk assessment and business impact analysis (BIA) processes
75. Who is responsible for developing business continuity strategies?:
The functional area manager
76. What is the difference between a regulation and a standard?:
Regulations are enforceable by external agencies and you have to comply with them. While standards are not enforced and you can conform to them, they resemble best practices.
77. What are the four life safety procedures?: Evacuation,
sheltering, shel- ter-in-place, and lockdown
78. Reciprocal Agreements need to be documented in what way?:
External agreements need to be documented in writing.
