BUSINESS CONTINUITY PLANNING &

DISASTER RECOVERY PLANNING

1. Which of the following criteria should be met by off-site storage protection for media backup?
a. The storage site should be located at least 15 miles from the main site.
b. The storage site should be easily accessible during working hours.
c. The storage site should always be protected by an armed guard.
d. The storage site should guard against unauthorized access.
Answer: d
Reference: Information Systems Security; Fites & Kratz; pg 109.
Discussion:
Answer a - The storage site should be at least 25 miles from the main site.
Answer b - It should be easily accessible any time.
Answer c - A costly protection measure, not typically practiced.
Answer d - An important criteria that must be met when considering off-site storage.

2. For which areas of the enterprise are business continuity plans required?
a. All areas of the enterprise.
b. The financial and information processing areas of the enterprise.
c. The operating areas of the enterprise.
d. The marketing, finance, and information processing areas.
Answer: a

3. Which of the following will a Business Impact Analysis NOT identify?

a. Areas that would suffer the greatest financial or operational loss in the event of a disaster.
b. Systems critical to the survival of the enterprise.
c. The names of individuals to be contacted during a disaster.
d. The outage time that can be tolerated by the enterprise as a result of a disaster.
Answer: c

4. How often should a business continuity plan be tested?

a. Once to validate the plan
b. At least once a year
c. Prior to all audits
d. Only when the off-site backup changes
Answer: b

5. What is a hot-site facility?

a. A site with pre-installed computers, raised flooring, air conditioning, telecommunications and
networking equipment, and UPS.
b. A site in which space is reserved with pre-installed wiring and raised floors.
c. A site with raised flooring, air conditioning, telecommunications, and networking equipment, and
UPS.
d. A site with ready made work space with telecommunications equipment, LANs, PCs, and
terminals for
work groups.
Answer: a

6. Which of the following steps is LEAST likely to be required to quantify the risks associated
with a potential disaster to a commercial enterprise?
a. Identify the organization’s key business functions.
b. Identify computer systems critical to the survival of the organization.
c. Estimate the financial impact a loss would have on the business based on how long an outage
would last.
d. Acquire information from government agencies about the likelihood of a natural disaster
occurring.
Answer: d
Reference: Caelli. Longley. And Shain; Information Security Handbook; Stockton Press; 1991; pg
129-134.

7. Which of the following best describes remote journaling?

a. Send hourly tapes containing transactions off-site.
b. Send daily tapes containing transactions off-site.
c. Real-time capture of transactions to multiple storage devices.
d. The electronic forwarding of transactions to an off-site facility.
Answer: d
Reference: Glossary of INFOSEC & INFOSEC Related Terms, Idaho State University, pg 391 & 547.
Discussion:
Answer a - remote journaling enables information to be sent from one computer to another via a
communications link instead of dumping to tape. No time specification is indicated.
Answer b - remote journaling enables information to be transmitted over a comm. Link instead of sending
tapes off-site.
Answer c - remote journaling enables capture of transactions to a remote computer system instead of
multiple storage devices.
Answer d - remote journaling is the mode of operation that allows the record of all stored data items
whose values are changed as a result of processing and the manipulation of data to be stored at a
remote site via a communications link.

8. In addition to maintaining a record of significant events, what other step is MOST important
during a recovery procedure?
a. Report the events to the appropriate agencies and to higher management.
b. Look for patterns that might indicate wrongdoing.
c. Resolve disputes establishing responsibility for the recovery problems.
d. Document accomplishments for future performance reviews.
Answer: a
9. Emergency actions are taken at the incipient stage of a disaster with the objectives of
preventing injuries or loss of life and of
a. determining the extent of property damage.
b. protecting evidence.
c. preventing looting and further damage.
d. mitigating the damage to avoid the need for recovery.
Answer: d
Reference: Disaster Planning & Recovery; Alan Levitt; Wiley, 1997, pg 104-106.
Discussion:
Answer a - determining the extent of property damage is not the consideration; should minimize not
determine.
Answer b - protecting the evidence is not relevant. That is an investigation issue.
Answer c - preventing looting is not an initial concern.
Answer d - during an incident, emergency actions should minimize or eliminate casualties, damage,
and business interruption to avoid a disaster.

10. What is the FIRST step to be performed in establishing a Disaster Recovery Plan?
a. Determine the cost associated with preparing a disaster recovery plan.
b. Perform a business impact analysis.
c. Identify applications to be run during a declared disaster.
d. Identify the site to be used during a declared disaster.
Answer: b

11. What is the best way to assure the reliability of backup tapes which are being maintained at a
warm disaster recovery site?
a. Have the off-site provider/vendor verify the tapes are properly labeled.
b. Have the off-site provider/vendor verify that the tapes are readable.
c. Retrieve off-site tapes and verify that they can be read.
d. Inventory the off-site backup tapes monthly.
Answer: c

12. What actions should be taken to restore a system’s computational capability and data files
after a system failure?
a. Implement recovery procedures
b. Synchronize system programs
c. Execute risk management
d. Restore storage media backup
Answer: a