Download BCLE 2000 PRACTICE EXAM Questions with 100% Correct Answers | Latest Version 2024 | Verifi and more Exams Business Economics in PDF only on Docsity! BCLE 2000 PRACTICE EXAM Questions with 100% Correct Answers | Latest Version 2024 | Verified Which of the following statements is true? a. Conforming to a standard is mandatory b. Complying with a regulation is voluntary c. Auditors do not assess business continuity programs against regulations d. Auditors assess business continuity programs against standards and regulations - ✔✔D What is the value of a business continuity policy statement? a. It forces middle management to comply with senior directives b. It shows employees how to do their part in the planning process c. It shows leadership's support for the business continuity planning process d. It provides leadership a direction in which to make future decisions - ✔✔C What is the objective of tracking program progress? a. To report to leadership on the status of the business continuity program on a regular basis b. To conduct meetings to ensure that all members of the entity share responsibility in the project plan c. To involve all internal personnel in developing and adjusting scope d. To validate that the planning team is sticking to the project plan - ✔✔A What should be the initial scope of the business continuity program? a. Entire entity b. IT / information systems c. Financial department d. Critical business units - ✔✔A What needs to occur first in establishing a business continuity program? a. Develop a detailed project plan b. Identify project objectives and risks c. Gain leadership commitment to program d. Establish framework of project - ✔✔C Shifting production from one manufacturing site to another is an example of: a. Using excess inventory b. Loss of reputation c. Loss of revenue due to penalties d. Extra expense - ✔✔B Which of the following is an example of a quantitative impact? a. Lower level of customer service b. A disruption of quality assurance c. Loss of sales d. Lower employee morale - ✔✔C Which of the following is NOT a result of conducting a business impact analysis? a. Identifies all essential entity functions and operations and their critical dependencies b. Determines when the exposures and impacts begin and how they escalate over time c. Identifies the technology and workspace needs as well as potential unbudgeted expenses d. Identifies threats from sabotage and/or terrorism and how to reduce those threats using cost- effective controls - ✔✔D Data gaps occur: a. When the system data is current b. During a data restoration, when the system data has been fully backed up c. In a fully mirrored environment d. When the data backup is not identical to the system data at the time of a system disruption incident - ✔✔D What is the primary purpose of conducting the risk assessment and business impact analysis? a. Establish the organizational structure b. Provide data to be used in determining strategies c. Decrease the chances of problems occurring during an incident d. Ensure employee safety - ✔✔B Which of the following is an objective of developing business continuity strategies? a. Reduce deficiencies as identified during the risk assessment and business impact analysis processes b. Develop business continuity and disaster recovery plans meeting the requirements of the risk assessment and business impact analysis c. Develop scenarios for business continuity exercises and tests d. Verify critical recovery resources are implemented and functioning properly - ✔✔A Which of the following would be considered a technology recovery strategy? a. Hot site b. Manual workaround procedures c. Workspace recovery area d. Supplier service level agreements - ✔✔A What is the purpose of conducting a cost/benefit analysis? a. To compare the cost of the strategy with loss that may occur during an event b. It is required for DRI certification c. Leadership requires this information d. It is a requirement for the budget - ✔✔A Which of the following is a viable option for manufacturing continuity? a. Commercial hot site b. Manual workaround procedures c. Shifting production to another site b. Assure owners/investors that the entity is stable and all critical functions are recoverable c. Continuation of the mission and objectives of the entity d. Minimize the exposure to loss of life and property - ✔✔D Which of the following is a protective action that may be an alternative to evacuation? a. Situational notification to personnel b. Establishing procedures for shelter-in-place c. Creating trauma counseling procedures d. Coordinating response activities with incident response providers - ✔✔B The emergency operations center provides: a. A site for public agencies to manage the incident b. A location for an evacuation rally point c. A site for stabilizing the incident d. A facility for the crisis management team to provide communications and resource support - ✔✔D Which of the following is an objective of the Business Impact Analysis? a. Ascertain any gaps between the entity's requirements and its ability to deliver against those requirements b. Assess risks to determine the potential impacts to the entity c. Develop cost-effective strategies that enable the entity to effectively recover from disaster incidents d. Document plans to be used during an incident that will enable the entity to continue to function - ✔✔A A plan that documents recovery teams, alternative ways to conduct business, communication processes and procedures is called what? a. Risk and vulnerability assessment b. Crisis communications and management plan c. Business continuity plan d. Disaster recovery plan - ✔✔C In which section of the business continuity plan should the disaster declaration guidelines be documented? a. Incident response b. Critical key processes c. Overview d. Disaster recovery procedures - ✔✔A Which components must be present in order to document the business continuity plan? a. A schedule of tests/exercises for the coming year b. An approved budget c. Audit approval of the document outline d. An approved strategy - ✔✔D A crisis management and communications plan provides for: a. Immediate notification at the time of an incident b. An orderly transition of authority from one person to the next person in the delegation of authority chain c. Audit approval of the document outline d. Documented procedures for providing information to interested parties throughout the duration of an event - ✔✔D The objective of disaster recovery plans is to: a. Restore technology b. Provide emergency aid Presenting the business impact analysis report to leadership concerning restoration of operating functions is designed to: a. Demonstrate project team accomplishments b. Secure additional funding c. Seek strategy advice from leadership d. Ensure that leadership accepts recovery time objective findings - ✔✔D In order for scenarios to be effective during an exercise/test, they need to: a. Have a single business function focus b. Concentrate only on IT functions c. Be complex enough to make it difficult to solve d. Be realistic enough to engage participants - ✔✔D A maintenance program for updating the plan must include: a. The software tool that automatically makes the updates b. Procedures that define the frequency of plan updates c. Procedures to facilitate IT signoff on all changes d. The names of the individuals responsible for approving all changes - ✔✔B Which of the following is an example of a second-party assessment? a. A self-assessment conducted by the business continuity planner b. An assessment conducted by the entity's internal audit group c. A regulatory audit conducted by a government agency d. An assessment conducted by a customer - ✔✔D At a minimum, how often should a business continuity plan be updated? a. Once a month as required by regulations b. When leadership directs the update c. Annually d. Once every two years - ✔✔C Articles of incorporation, entity charter and entity accounting records, are examples of what? a. Government tax reporting requirements b. Database files that are safe-stored c. Vital records d. Information available to shareholders only - ✔✔C After the completion of an exercise/test, documenting which process will provide information for improving the plan? a. Contact lists b. Media activities surrounding the exercise/test c. Lessons learned d. Objectives of the exercise/test - ✔✔C A hot site exercise/test would be an example of: a. A strategy employed for manufacturing production exercise/test b. A notification tool exercise/test c. An emergency operations center exercise/test d. An alternate recovery site exercise/test - ✔✔D Which of the following plans is best used to provide information to the public through the media? a. Crisis communication plan b. Incident response plan