


















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Various aspects of business continuity management (bcm), including gaining senior management support, developing a budget, defining a business continuity problem statement, the value of a bcm policy statement, presenting to leadership, program initiation and management, project planning, risk identification and mitigation, risk factors, impact analysis, recovery strategies, cost-benefit analysis, emergency response, and bcm awareness and training programs. A wide range of topics related to bcm, providing insights into the key steps and considerations involved in developing and implementing an effective bcm plan. The information presented could be useful for university students studying topics related to business continuity, risk management, and organizational resilience.
Typology: Exams
1 / 26
This page cannot be seen from the preview
Don't miss anything!



















Being able to answer the question, "What is important to your business?" is part of what process? A. Gaining senior management support B. Getting an executive sponsor C. Developing a budget D. Defining a business continuity problem statement - Precise Answer ✔✔D. Defining a business continuity problem statement What is the value of a BCM policy statement? A. It forces middle management to comply with senior directives B. It shows employees how to do their part in the planning process C. It shows management's commitment to BC planning process D. It provides senior management a direction in which to make future decisions - Precise Answer ✔✔C. It shows management's commitment to BC planning process What would be evidence of management support for BCM? A. A steering committee that reports to the emergency response team B. An executive sponsor who reports to the damage assessment committee C. A project plan developed solely by the business continuity planner D. A BCM staff with a budget - Precise Answer ✔✔D. A BCM staff with a budget What is a benefit to the organization of having an effective business continuity program? A. Internal disasters will not go unreported B. The business continuity program will relate to organizational mission, objectives, and operations C. Employees will be amazed at the
organization's multi-faceted response to a disaster D. The survivability of the organization when faced with a disaster - Precise Answer ✔✔D. The survivability of the organization when faced with a disaster What must the planner avoid when developing a business continuity program? A. Obtaining management support B. Personally determining what is critical to the organization C. Organizing and managing the project D. Completing the project within agreed upon time and budget limits - Precise Answer ✔✔B. Personally determining what is critical to the organization Why is it important to track and report project progress? A. To communicate up to management, laterally to other programs, and down to project members B. To conduct meetings to ensure that all members of the organization share responsibility in the project plan C. To involve all organizational personnel in developing and adjusting scope D. To validate that the planning team is sticking to the project plan - Precise Answer ✔✔A. To communicate up to management, laterally to other programs, and down to project members A presentation to leadership should avoid which of the following? A. Data presentation charts B. A full description of the quality of the work completed by the project team C. Cost/Benefit slides D. A full written report provided as a supplement to the presentation - Precise Answer ✔✔B. A full description of the quality of the work completed by the project team What should be the initial scope or focus when developing a BCM program? A. Entire organization B. IT / Information Systems C.
drug screening D. Clean desk policy procedures - Precise Answer ✔✔A. Suppliers of goods and services Which of the following would be considered a control? A. Loss of access to facilities B. A tornado C. Lack of fire suppression systems D. Clean desk policy procedures - Precise Answer ✔✔D. Clean desk policy procedures The result of performing a risk analysis is A. All risks are eliminated B. All risk will be mitigated to prevent a disaster C. To determine where mitigating factors should be implemented D. To prevent a risk from occurring and causing a disaster - Precise Answer ✔✔C. To determine where mitigating factors should be implemented Which answer describes the purpose of a business impact analysis? A. To calculate the probability of disruptions to the organization B. To evaluate the effectiveness of existing controls and safeguards C. To identify which business processes and assets require the highest level of protection, establishing priorities, and a time line D. To develop preparations and procedures for responding to a disaster - Precise Answer ✔✔C. To identify which business processes and assets require the highest level of protection, establishing priorities, and a time line Which of the following is an example of a qualitative impact? A. Loss of sales B. Loss of employee morale C. Loss of revenue due to penalties D. Extra expense - Precise Answer ✔✔B. Loss of employee morale
Which of the following is an example of a quantitative impact? A. Lower level of customer service B. A disruption of quality assurance C. Loss of sales D. Reduced financial credibility - Precise Answer ✔✔C. Loss of sales Which of the following is NOT a result of conducting a BIA? A. Identifies all essential business functions and operations and their critical dependencies. B. Determines when the exposures and impacts begin and how they escalate over time. C. Identifies the technology and workspace needs as well as potential unbudgeted expenses. D. Identifies threats from sabotage and/or terrorism and how to eliminate those threats using cost-effective controls. - Precise Answer ✔✔D. Identifies threats from sabotage and/or terrorism and how to eliminate those threats using cost- effective controls. What is primary purpose of conducting a Risk Evaluation and BIA? A. Establishes the organizational structure B. Provides the facts upon which to develop strategies C. Decreases the chances of problems occurring during an emergency event D. Ensures employee safety - Precise Answer ✔✔B. Provides the facts upon which to develop strategies What is the purpose of developing recovery strategies? A. Protects viability of the organization by positioning it to respond quickly and appropriately in an emergency event B. Sufficiently exercises documented procedures C. Positions organization to have zero downtime following an emergency event D. Ensures procedures for verifying critical recovery resources are implemented and functioning properly - Precise Answer ✔✔A. Protects viability of the organization by positioning it to respond quickly and appropriately in an emergency event
functional areas - Precise Answer ✔✔D. One recovery strategy may recover multiple functional areas When evaluating recovery proposals, it is important to: A. Use "patented" terminology and check vendor references B. Meet with the vendor several times to fully understand the proposal C. Determine if the response is consistent with the request, the specifications of the RFP, and is supported by the BIA D. Look primarily at vendors who service only customers in your regional area - Precise Answer ✔✔C. Determine if the response is consistent with the request, the specifications of the RFP, and is supported by the BIA What is the role of an executive during an emergency event? A. Orders the evacuation and shutdown of the facility B. During a disaster, assists in the implementation of response and alternate operating strategies C. Attends to duties they are trained for; addresses the Board and critical customers D. Takes charge of emergency response activities - Precise Answer ✔✔C. Attends to duties they are trained for; addresses the Board and critical customers Which team focuses on stabilizing and returning the organization to normal operations as quickly as possible after the plan has been activated and provides support and resources? A. The Budget team B. The Risk Management & Insurance Team C. The Crisis Management Team D. The Facilities and Finance Team - Precise Answer ✔✔C. The Crisis Management Team What is the purpose of escalation procedures? A. To determine the severity level of an event and the appropriate response B. To select the
appropriate recovery response for each potential cause of disruption C. To mobilize the Crisis Management Team D. To enable the organization to restore all business functions - Precise Answer ✔✔A. To determine the severity level of an event and the appropriate response What is the most important purpose of emergency response procedures and plans? A. Prevent/limit degradation to critical functions and services B. Assure owners/investors that the organization is stable and all critical functions are recoverable C. Continuation of the mission and objectives of the organization D. Minimize the exposure to loss of life and property
exposure to gain understanding D. Change is resisted, training is not - Precise Answer ✔✔C. The average employee needs repeated exposure to gain understanding When establishing a BCM awareness and training program, the planner should... A. Keep BCM awareness and training programs separate from other organizational programs to lessen confusion B. Ensure training is held annually C. Understand the different audiences and take advantage of resources and methods already in place D. Start a new, innovative program to get employees interested in BCM - Precise Answer ✔✔C. Understand the different audiences and take advantage of resources and methods already in place One goal for awareness programs to achieve is to A. Establish an adequate training budget B. Explain the importance of why a BCM program is being developed C. Recruit team leaders for the more specialized training sessions D. Introduce BCM terms into the organization to lessen confusion during plan development - Precise Answer ✔✔B. Explain the importance of why a BCM program is being developed What is an example of training activities in which all personnel should participate? A. Hazardous materials cleanup B. Project management training C. Power down/power up procedures D. Evacuation, shelter and accountability procedures - Precise Answer ✔✔D. Evacuation, shelter and accountability procedures In order for scenarios to be effective during an exercise, they need to be: A. Simple enough to involve only one functional unit at a time B. Broad
enough to address many goals and objectives C. Complex enough to make it difficult to solve D. Realistic & complicated enough to focus planning and exercising on issues that engage participants and exercise major components of the plan - Precise Answer ✔✔D. Realistic & complicated enough to focus planning and exercising on issues that engage participants and exercise major components of the plan A program for updating the plan should include: A. The software tool that automatically makes the updates B. Procedures, frequency and personnel responsible for making updates C. The relevant plan owner who will make all decisions regarding plan D. The template used to make the updates - Precise Answer ✔✔B. Procedures, frequency and personnel responsible for making updates What is NOT the role of an internal or external auditor of the plan? A. To work with the planner because both are concerned with the survivability of the organization B. To audit the plan documentation and control procedures C. To be "Guardian or Steward" of the Business Continuity Plan D. To confirm that plan updates are completed and use these updates as audit points on the next exercise - Precise Answer ✔✔C. To be "Guardian or Steward" of the Business Continuity Plan At a minimum, how often should a business continuity plan be updated? A. Once a month B. Once a quarter C. Once a year D. Once every 2 years - Precise Answer ✔✔C. Once a year Which of the following elements would NOT be part of a crisis communication plan? A. Call and emergency contact lists B. Media contact log C. Damage assessment procedures D. Designated
What information should be presented to senior management about the need for BCM? a. Mechanisms for exercising and auditing b. The schedule for reporting progress c. Legal and regulatory requirements d. The organization's increasing reliance on technology to conduct business - Precise Answer ✔✔c. Legal and regulatory requirements Which team would be responsible for the project planning process? a. Functional recovery teams b. BCM Steering Committee c. Emergency Response Team d. Damage Assessment Team - Precise Answer ✔✔BCM Steering Committee What is the most critical element to the success of the BCM planning effort? a. The policy statement written by the BC Planner b. Senior management commitment c. The BIA d. Documenting all changes - Precise Answer ✔✔b. Senior management commitment Which team or group provides resources and support to the BCM program?
a. Emergency Response Team b. BCM Steering Committee c. Business Continuity Development Team d. Technology Recovery Team - Precise Answer ✔✔b. BCM Steering Committee What are the primary objectives of conducting a risk evaluation? a. Identifying the management's responsibilities for protecting the organization from loss and how effective they have been b. To understand the organization's exposure to loss and evaluate the effectiveness of controls and safeguards c. To identify the impact insufficient backup policies have on the ability to recover business and technology d. To implement controls and remove the primary risks to the organization - Precise Answer ✔✔b. To understand the organization's exposure to loss and evaluate the effectiveness of controls and safeguards Which answer identifies two reasons for implementing controls? a. Reducing the loss and mitigating the threat b. Identifying the risk and eliminating the threat c. Removing the risk and mitigating the threat d. Reducing the loss and eliminating the threat - Precise Answer ✔✔a. Reducing the loss and mitigating the threat
a. To establish the time frame which processes must be restored within to prevent an unacceptable impact to the organization b. To determine the level of risk and potential loss that the management is willing to accept c. To determine the point in time in which transactions and data must be recovered after an outage d. To obtain a qualitative estimate of the impact of a threat - Precise Answer ✔✔c. To determine the point in time in which transactions and data must be recovered after an outage What phrase best describes the reason for establishing RTOs? a. To establish the timeframe which processes must be restored within to prevent an unacceptable impact to the organization b. To determine the level of risk and potential loss that the management is willing to accept following an event c. To determine the point in time when the companies EOC must be opened after a disaster is declared d. To determine the point in time in which transactions and data must be recovered after an outage - Precise Answer ✔✔a. To establish the timeframe which processes must be restored within to prevent an unacceptable impact to the organization What is the desired result of the BIA presentation to the senior management? a. Obtaining the senior management's approval for the relative ranking of processes and their RTOs
b. Obtaining the senior management's approval for implementing recovery strategies c. Obtaining the senior management's approval for implementing additional controls d. Obtaining the senior management's approval on reducing the RTO for identified processes - Precise Answer ✔✔a. Obtaining the senior management's approval for the relative ranking of processes and their RTOs When assessing strategies, what is the MOST important element? a. Meeting the RTOs as identified in the BIA b. Comparing the internal and external solutions c. Assessing the risk of each strategy d. The cost effectiveness of the strategy - Precise Answer ✔✔a. Meeting the RTOs as identified in the BIA What should be your next step if management decides NOT to approve the strategies proposed to meet the RTOs identified for business functions? a. Investigate any manual workaround strategies that would meet RTO requirements b. Inform the functional area managers that they must recover their business functions and processes despite management's decision c. Develop an approach to recover with different strategies and change the RTO requirements d. Request senior management sign off on their decision - Precise Answer ✔✔d. Request senior management sign off on their decision
d. Assessing whether the losses from the - Precise Answer ✔✔b. Determining that the duration of the impact from the incident is expected to be greater than the RTO When an incident occurs, what is the first response activity that should occur? a. The implementation of damage assessment procedures b. The implementation of disaster declaration procedures c. The notification of key personnel d. The activation of emergency response team members - Precise Answer ✔✔c. The notification of key personnel What is the most important purpose of emergency response procedures? a. Limiting the degradation to critical functions and services b. Assuring owners/investors that the organization is stable and that all critical functions are recoverable c. The continuation of the mission and objectives of the organization d. Minimizing the exposure to loss of life and property - Precise Answer ✔✔d. Minimizing the exposure to loss of life and property What is the responsibility of the Crisis Management Team during a disaster? a. Making recovery decisions based upon the information provided by the teams, and allocating resources b. Responding to the disaster, assessing the damage and beginning salvage activities
c. Recovering the processes at the alternate recovery site d. Interfacing with the public sector at the scene of the disaster - Precise Answer ✔✔a. Making recovery decisions based upon the information provided by the teams, and allocating resources What is the plan that recovers the technology for the organization called? a. The Crisis Management Plan b. The Disaster Recovery Plan c. The Emergency Response Plan d. The Business Unit Plan - Precise Answer ✔✔b. The Disaster Recovery Plan The plan which will include the information about life safety procedures is called: a. The Disaster recovery plan b. The Business Unit Plan c. The Emergency Response Plan d. The Crisis Management Plan - Precise Answer ✔✔c. The Emergency Response Plan When developing a scenario for plan development, what is the most important element to include? a. Limited access to the work location b. The loss of non-critical services and resources