Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
BCLE 2000 PRACTICE EXAM QUESTIONS WITH COMPLETE 100% VERIFIED SOLUTIONS 2024/2025
Typology: Exams
1 / 15
Which of the following statements is true? a. Conforming to a standard is mandatory b. Complying with a regulation is voluntary c. Auditors do not assess business continuity programs against regulations d. Auditors assess business continuity programs against standards and regulations D What is the value of a business continuity policy statement? a. It forces middle management to comply with senior directives b. It shows employees how to do their part in the planning process c. It shows leadership's support for the business continuity planning process d. It provides leadership a direction in which to make future decisions C What is the objective of tracking program progress? a. To report to leadership on the status of the business continuity program on a regular basis b. To conduct meetings to ensure that all members of the entity share responsibility in the project plan c. To involve all internal personnel in developing and adjusting scope d. To validate that the planning team is sticking to the project plan A
What should be the initial scope of the business continuity program? a. Entire entity b. IT / information systems c. Financial department d. Critical business units A What needs to occur first in establishing a business continuity program? a. Develop a detailed project plan b. Identify project objectives and risks c. Gain leadership commitment to program d. Establish framework of project C Shifting production from one manufacturing site to another is an example of: a. Using excess inventory b. Utilizing excess capacity c. Reducing production output d. Prioritizing customer allocations B Supply chain interruptions may prevent an entity's ability to do what? a. Keep employees safe b. Deliver goods and services to customers c. Do walk-through testing
d. Create emergency response plans B Which of the following would be considered an external risk factor? a. Supply chain for goods and services b. Disgruntled employees c. Employee drug screening d. Clean desk policy procedures A Which of the following would be considered a control? a. Loss of access to facilities b. A tornado c. Lack of fire suppression systems d. UPS/generators D Determining cyber threats to the entity is part of the: a. Business continuity plan b. Disaster recovery plan c. Business impact analysis d. Risk assessment D Which of the following is an objective of a business impact analysis? a. To calculate the probability of disruptions to the entity
b. To evaluate the effectiveness of existing controls and safeguards c. To identify and prioritize the recovery of an entity's functions and processes d. To develop preparations and procedures for responding to a disaster C Which of the following is an example of a qualitative impact? a. Loss of sales b. Loss of reputation c. Loss of revenue due to penalties d. Extra expense B Which of the following is an example of a quantitative impact? a. Lower level of customer service b. A disruption of quality assurance c. Loss of sales d. Lower employee morale C Which of the following is NOT a result of conducting a business impact analysis? a. Identifies all essential entity functions and operations and their critical dependencies b. Determines when the exposures and impacts begin and how they escalate over time c. Identifies the technology and workspace needs as well as potential unbudgeted expenses d. Identifies threats from sabotage and/or terrorism and how to reduce those threats using cost- effective controls D Data gaps occur: a. When the system data is current
b. During a data restoration, when the system data has been fully backed up c. In a fully mirrored environment d. When the data backup is not identical to the system data at the time of a system disruption incident D What is the primary purpose of conducting the risk assessment and business impact analysis? a. Establish the organizational structure b. Provide data to be used in determining strategies c. Decrease the chances of problems occurring during an incident d. Ensure employee safety B Which of the following is an objective of developing business continuity strategies? a. Reduce deficiencies as identified during the risk assessment and business impact analysis processes b. Develop business continuity and disaster recovery plans meeting the requirements of the risk assessment and business impact analysis c. Develop scenarios for business continuity exercises and tests d. Verify critical recovery resources are implemented and functioning properly A Which of the following would be considered a technology recovery strategy? a. Hot site b. Manual workaround procedures c. Workspace recovery area
d. Supplier service level agreements A What is the purpose of conducting a cost/benefit analysis? a. To compare the cost of the strategy with loss that may occur during an event b. It is required for DRI certification c. Leadership requires this information d. It is a requirement for the budget A Which of the following is a viable option for manufacturing continuity? a. Commercial hot site b. Manual workaround procedures c. Shifting production to another site d. Business recovery center C Which gap would you expect to be identified in the business impact analysis? a. Actual recovery capability and recovery time objective b. Business continuity project schedule issues c. Insufficient project staffing d. Underfunded budget for business continuity A Which of the following describes contingent business interruption insurance? a. Insurance that pays for the extra expense of maintaining operations after an accident
b. Insurance that provides protection for the loss of profits and continuing fixed expenses resulting from a break in commercial activities c. Insurance that reimburses lost profits and extra expenses resulting from a supply chain interruption d. Insurance in which no risk is transferred to the provider C Which of the following is an objective of Coordination with External Agencies? a. Develop response procedures for both private and public entities b. During a disaster, assist in the implementation of response and alternate operating strategies for public entities c. Establish policies and procedures to coordinate incident response activities with public entities d. Establish the environment of incident response activities for public entities C A single source supplier is: a. The only supplier who can provide a specific product or service b. One of several suppliers who will provide the entity with a given product or service c. An agency that is chartered with helping the entity find the lowest cost provider d. A supplier chosen to be the only provider of a given product or servic D Escalation procedures take place directly after what activity? a. Assessment b. Evacuation c. Declaration
d. Shelter-in-place A What is the primary purpose of incident response procedures and plans? a. Prevent/limit degradation to critical functions and services b. Assure owners/investors that the entity is stable and all critical functions are recoverable c. Continuation of the mission and objectives of the entity d. Minimize the exposure to loss of life and property D Which of the following is a protective action that may be an alternative to evacuation? a. Situational notification to personnel b. Establishing procedures for shelter-in-place c. Creating trauma counseling procedures d. Coordinating response activities with incident response providers B The emergency operations center provides: a. A site for public agencies to manage the incident b. A location for an evacuation rally point c. A site for stabilizing the incident d. A facility for the crisis management team to provide communications and resource support D Which of the following is an objective of the Business Impact Analysis? a. Ascertain any gaps between the entity's requirements and its ability to deliver against those requirements
b. Assess risks to determine the potential impacts to the entity c. Develop cost-effective strategies that enable the entity to effectively recover from disaster incidents d. Document plans to be used during an incident that will enable the entity to continue to function A A plan that documents recovery teams, alternative ways to conduct business, communication processes and procedures is called what? a. Risk and vulnerability assessment b. Crisis communications and management plan c. Business continuity plan d. Disaster recovery plan C In which section of the business continuity plan should the disaster declaration guidelines be documented? a. Incident response b. Critical key processes c. Overview d. Disaster recovery procedures A Which components must be present in order to document the business continuity plan? a. A schedule of tests/exercises for the coming year b. An approved budget c. Audit approval of the document outline
d. An approved strategy D A crisis management and communications plan provides for: a. Immediate notification at the time of an incident b. An orderly transition of authority from one person to the next person in the delegation of authority chain c. Audit approval of the document outline d. Documented procedures for providing information to interested parties throughout the duration of an event D The objective of disaster recovery plans is to: a. Restore technology b. Provide emergency aid c. Provide overall governance for business continuity d. Act as a control mechanism for incident management A Plan appendices contain: a. Plan glossary b. Travel directions c. Vendor lists d. All of the above D Which plan documents declaration procedures to initiate recovery operations at an alternate location?
a. Incident management plan b. Crisis management and communication plan c. Recovery site activation plan d. Operational / recovery plan C What should be the objective of a sustained approach to training and awareness? a. Long-term behavior will change with a short and focused approach b. Job security for the trainer c. Regularly managing the awareness and training program reinforces knowledge and capability d. Change is resisted, training is not C When establishing a business continuity awareness and training program, the professional should: a. Develop custom software to use as the means of communications b. Identify, develop or acquire awareness and training tools and resources c. Create dedicated staff that will oversee all communications d. Create a relationship with media outlets B The objective of awareness and training programs is to: a. Ensure all employees have the opportunity to participate in all phases of the entity's business continuity program b. Ensure that personnel are able to respond to incidents in a calm and efficient manner
c. Recruit team leaders and members for the more specialized training sessions that will ensure the entity can recover from disaster incidents d. Introduce business continuity terms into the entity to lessen confusion during plan development B Presenting the business impact analysis report to leadership concerning restoration of operating functions is designed to: a. Demonstrate project team accomplishments b. Secure additional funding c. Seek strategy advice from leadership d. Ensure that leadership accepts recovery time objective findings D In order for scenarios to be effective during an exercise/test, they need to: a. Have a single business function focus b. Concentrate only on IT functions c. Be complex enough to make it difficult to solve d. Be realistic enough to engage participants D A maintenance program for updating the plan must include: a. The software tool that automatically makes the updates b. Procedures that define the frequency of plan updates c. Procedures to facilitate IT signoff on all changes d. The names of the individuals responsible for approving all changes B
Which of the following is an example of a second-party assessment? a. A self-assessment conducted by the business continuity planner b. An assessment conducted by the entity's internal audit group c. A regulatory audit conducted by a government agency d. An assessment conducted by a customer D At a minimum, how often should a business continuity plan be updated? a. Once a month as required by regulations b. When leadership directs the update c. Annually d. Once every two years C Articles of incorporation, entity charter and entity accounting records, are examples of what? a. Government tax reporting requirements b. Database files that are safe-stored c. Vital records d. Information available to shareholders only C After the completion of an exercise/test, documenting which process will provide information for improving the plan? a. Contact lists b. Media activities surrounding the exercise/test
c. Lessons learned d. Objectives of the exercise/test C A hot site exercise/test would be an example of: a. A strategy employed for manufacturing production exercise/test b. A notification tool exercise/test c. An emergency operations center exercise/test d. An alternate recovery site exercise/test D Which of the following plans is best used to provide information to the public through the media? a. Crisis communication plan b. Incident response plan c. Business continuity plan d. Disaster recovery plan A
. Who should communicate information to the media during or after a disaster on behalf of the entity? a. A trained spokesperson b. The incident response team leader c. The business continuity professional d. The head of operations A The fire department is responsible for:
a. Protecting your vital records b. Stabilizing the event and protecting lives c. Listening to leadership's commands d. Cleanup after the fire is extinguished B