Overview

Project Scope and Plan

business impact analysis

continuity plan

Plan approval and implementation

Understand the four steps of the BCP process. BCP consists of four distinct phases: project scope and planning, business impact analysis, continuity planning, and plan approval and implementation. Each task contributes to the overall goal of ensuring business continuity during emergencies.

Describe how to perform business organization analysis. In a business organization analysis, the person responsible for leading the BCP process determines which departments and individuals are involved in the business continuity plan. This analysis is the basis for selecting the BCP team and, after confirmation by the BCP team, is used to guide subsequent stages of BCP development.

List the necessary members of the BCP team. At a minimum, the BCP team should include: representatives from each operations and support department, the department's technical experts, physical and 1T security personnel with BCP skills, legal representatives familiar with the company's legal, regulatory and contractual responsibilities, and representatives from senior management . Other team members depend on the structure and nature of the organization.

Understand the legal and regulatory requirements faced by BCP personnel. Business leaders must implement due diligence to ensure shareholder interests are protected in the event of a disaster. Certain industries are also subject to specific requirements for BCP procedures under federal, state regulations, and local regulations.

Explain the steps of the business impact analysis process. The five steps of the business impact analysis process are: prioritization, risk identification, likelihood assessment, impact analysis, and resource prioritization.

Describe the process of developing a continuity strategy. During the strategy development phase, the BCP team determines which risks to mitigate. During the preparation and treatment phases, devise mechanisms and procedures that reduce the identified risks. The plan must then be approved by senior management and implemented. Personnel must also receive training relevant to their role in the BCP process.

Explain the importance of fully documenting the organization's business continuity plan. Documenting the plan gives the organization a written procedure to follow in the event of a disaster. This ensures that the organization can implement plans in an orderly manner in the event of an emergency.

1.James was recently asked by his organization's CI0 to lead a core team of 4 experts for the organization's business continuity plan. What is the first task this core team should perform? A. Select a BCP Team B. Business Organization Analysis C. Resource requirements analysis D. Legal and Regulatory Assessment

2 Traoy is preparing for her organization's annual business continuity exercise but encounters resistance from some managers. They considered the drill well unimportant and a waste of resources. She has told managers that their employees will only have half a day to attend the event. What arguments could Tracy make that would best address these issues? A. This drill is required in the policy. B. The drill is already scheduled and difficult to cancel. C. Drills are critical to ensuring the organization is prepared for emergencies. D. The drill will not be time-consuming.

3. Clashmore Circuits’ Board of Directors conducts an annual review of the business continuity planning process to ensure that the organization takes appropriate steps to minimize the impact of preventing continued operations. Which obligation did they pass this review? A.Corporate Responsibility B. Disaster needs C. due diligence D. Special line operating responsibilities

4. Daroy is leading her organization's BCP efforts and is currently in the project scope and planning stages. What are the main resources consumed at this stage of the BCP process? A.Hardware B.Software C. Processing time D.Personnel

5. Ryan is assisting with the organization's annual business impact analysis. He is asked to assign a quantitative value to the asset. This is part of the work of identifying priorities. What unit of measurement should he use? A. Currency B.Utility C.Importance D. time

6. Rence is reporting her organization's BIA results to senior leadership. They expressed dissatisfaction with all the details, and one of them said, "Look, we just need to know how much these risks are costing us every year." What metric can Rence capture to best answer this question? A.ARO B. SLE C.ALE D.EF

7.Jake is conducting a business impact analysis for his organization. As per procedure, he asked leaders from different departments to provide input on how long an enterprise resource planning (ERP) system could be unavailable without causing irreparable damage to the organization. What metric is he trying to determine? A. SLE B.E.F. C.MTD D.ARO

8. You are concerned that avalanches could pose a risk to a $3 million transportation facility. Based on expert opinion, you determine that the probability of snow occurring each year is 5%. Experts warn you that an avalanche can completely destroy your structure, requiring you to rebuild on the same piece of land. The transportation facility is valued at $3 million, with 90% of the value being the building and 10% being the land. What is the single loss expectation (SLE) of Yunlun in an avalanche? A. $3 000 000 B. $2 700 000 C. S270 000 D. $135,000

9. Referring to the scenario in question 8, what is the expected annual loss? A. S3 000 000 B. $2 700 000 C. $270,000 D. $135,000

10. You are concerned about the risk a hurricane could pose to your company's headquarters in South Florida. The building itself is estimated to cost $15 million. After consulting with the National Weather Service, you determine that the chance of a hurricane within a year is 10%, and you hire a team of architects and engineers. They all thought the hurricane would destroy about 50% of the buildings. So what is the Annual Loss Expectation (ALE)? A. $750,000 B. $1 500 000 C. $7 500 000 D. $15 000 000

11.Cris is refining the risk acceptance document for its organization’s business continuity plan. Which of the following is Cmis least likely to be included in this document? A. List of risks considered acceptable B. List future events that may require reconsideration of risk acceptance decisions C. Risk mitigation controls implemented to address acceptable risks D. Determine the reasons why the risk is acceptable

12. Brian is developing continuity plan preparation and processing for his organization. Which resources should he set as the highest priority in these plans? A. There is no difference in physics B.Infrastructure C. Financial resources D. Personnel

13. Ricky is conducting a quantitative business impact analysis on his organization. Which of the following is least appropriate to measure quantitatively in this assessment? A.Loss of factory building B. Damage to vehicle C. Negative publicity D.Power outage

14. LTA Airlines expects a $10 million loss if a tornado hits its aircraft operations facility: the facility is expected to be hit by a tornado once every 100 years. What is the single loss expectation in this scenario? A. 0.01 B. $10 000 000 C. $100,000 D. 0.10

15. Referring to the scenario in question 14, what is the expected annual loss? A. 0.01 B. $10 000 000 C. $100,000 D. 0.10

16. In which task of business continuity planning would you actually design processes and mechanisms to mitigate unacceptable risks? A. Strategy Development B. Business Impact Analysis C. Preparation and Processing D. Resource prioritization

17. Matt is overseeing the installation of redundant communications links in response to a discovery his organization made in the B1A smoke room. What type of mitigation measures is Nhaur overseeing? A. Reinforcement system B. Define the system C. Reduce the system D.Backup system

18. Helen is developing a resilience plan for her organization and her manager asks her whether the organization has adequate technical controls in place to ensure that it can resume operations after a disruption. What type of plan addresses technical controls related to backup processing facilities, backup, and fault tolerance? A. Business Continuity Plan B. Business Impact Analysis C. Disaster recovery plan D. Vulnerability assessment

19.Daren is concerned about the risk of a severe power outage affecting the organization's data center. He looked up the organization's business impact analysis and determined that the ARO of the outage was 20%. He noted that the assessment was conducted three years ago and there had been no outages. Assuming that none of the circumstances on which the analysis is based have changed, what ARO should be used in this year's assessment? A. 20% B. 50% C. 75% D. 100%

20. Of the following people, who would provide the best context for the importance statement for business continuity planning? A. Vice President of Business Operations B.Chief Information Officer C. CEO D. Business continuity managers