96. The decision to fully activate a disaster recovery plan is made immediately:
a. After notifying the disaster
b. Before damage control
c. After damage assessment and evaluation
d. Before activating emergency systems
96. c. The decision to activate a disaster recovery plan is made after damage assessment and evaluation is completed. This is because the real damage from a disaster could be minor or major where the latter involves full activation only after damage assessment and evaluation. Minor damages may not require full activation as do the major ones. The decision to activate should be based on cost-benefit analysis.
A list of equipment, software, forms, and supplies needed to operate contingency category I (high priority) applications should be available to use as a damage assessment checklist.
97. Which of the following IT contingency solutions requires a higher bandwidth to operate?
a. Remote journaling
b. Electronic vaulting
c. Synchronous mirroring
d. Asynchronous mirroring
97. c. Depending on the volume and frequency of the data transmission, remote journaling or electronic vaulting could be conducted over a connection with limited or low bandwidth. However, synchronous mirroring requires higher bandwidth for data transfers between servers. Asynchronous mirroring requires smaller bandwidth connection.
98. The business continuity planning (BCP) process should focus on providing which of the following?
a. Financially acceptable level of outputs and services
b. Technically acceptable level of outputs and services
c. Minimum acceptable level of outputs and services
d. Maximum acceptable level of outputs and services
98. c. The business continuity planning (BCP) process should safeguard an organization’s capability to provide a minimum acceptable level of outputs and services in the event of failures of internal and external mission-critical information systems and services. The planning process should link risk management and risk mitigation efforts to operate the organization’s core business processes within the constraints such as a disaster time.
99. Which of the following IT contingency solutions is useful over larger bandwidth connections and shorter physical distances?
a. Synchronous mirroring
b. Asynchronous shadowing
c. Single location disk replication
d. Multiple location disk replication
99. a. The synchronous mirroring mode can degrade performance on the protected server and should be implemented only over shorter physical distances where bandwidth is larger that will not restrict data transfers between servers. The asynchronous shadowing mode is useful over smaller bandwidth connections and longer physical distances where network latency could occur. Consequently, shadowing helps to preserve the protected server’s performance. Both synchronous and asynchronous are techniques and variations of disk replication (i.e., single and multiple location disk replication).
100. Regarding contingency planning, an organization obtains which of the following to reduce the likelihood of a single point of failure?
a. Alternative storage site
b. Alternative processing site
c. Alternative telecommunications services
d. Redundant secondary system
100. c. An organization obtains alternative telecommunications services to reduce the likelihood of encountering a single point of failure with primary telecommunications services because of its high risk. The other choices are not high-risk situations.
101. Which of the following is a prerequisite to developing a disaster recovery plan?
a. Business impact analysis
b. Cost-benefit analysis
c. Risk analysis
d. Management commitment
101. d. Management commitment and involvement are always needed for any major programs, and developing a disaster recovery plan is no exception. Better commitment leads to greater funding and support. The other three choices come after management commitment.
102. With respect to business continuity planning/disaster recovery planning (BCP/DRP), risk analysis is part of which of the following?
a. Cost-benefit analysis
b. Business impact analysis
c. Backup analysis
d. Recovery analysis
102. b. The risk analysis is usually part of the business impact analysis. It estimates both the functional and financial impact of a risk occurrence to the organization and identifies the costs to reduce the risks to an acceptable level through the establishment of effective controls. The other three choices are part of the correct choice.
103. Which of the following disaster recovery plan testing approaches is not recommended?
a. Desk-checking
b. Simulations
c. End-to-end testing
d. Full-interruption testing
103. d. Management will not allow stopping of normal production operations for testing a disaster recovery plan. Some businesses operate on a 24x7 schedule and losing several hours of production time is tantamount to another disaster, financially or otherwise.
104. The business impact analysis (BIA) should critically examine the business processes and which of the following?
a. Composition
b. Priorities
c. Dependencies
d. Service levels
104. c. The business impact analysis (BIA) examines business processes composition and priorities, business or operating cycles, service levels, and, most important, the business process dependency on mission-critical information systems.
105. The major threats that a disaster recovery contingency plan should address include:
a. Physical threats, software threats, and environmental threats
b. Physical threats and environmental threats
c. Software threats and environmental threats
d. Hardware threats and logical threats
105. c. Physical and environmental controls help prevent contingencies. Although many of the other controls, such as logical access controls, also prevent contingencies, the major threats that a contingency plan addresses are physical and environmental threats, such as fires, loss of power, plumbing breaks, or natural disasters. Logical access controls can address both the software and hardware threats.
106. Which of the following is often a missing link in developing a local-area network methodology for contingency planning?
a. Deciding which applications can be handled manually
b. Deciding which users must secure and back up their own-data
c. Deciding which applications are to be supported offsite