Domain 2: Business Continuity

What is the goal of a Business Continuity Plan (BCP)?

A. Test incident response capabilities

B. Ensure critical business functions continue during a disruption

C. Mitigate cybersecurity vulnerabilities

D. Monitor system performance

Answer: B

Key outcome of a Business Impact Analysis (BIA):

A. Identifying threats

B. Prioritizing critical systems and processes

C. Writing security policies

D. Testing disaster recovery systems

Answer: B

Part of a disaster recovery plan:

A. Incident detection methods

B. Recovery time objectives (RTOs)

C. Employee training manuals

D. Physical security controls

Answer: B

Recovery Point Objective (RPO):

A. Maximum downtime for critical systems

B. Maximum tolerable data loss

C. Time to detect a security incident

D. Frequency of backups

Answer: B

Test simulating a disaster to evaluate response plans:

A. Tabletop exercise

B. Walkthrough drill

C. Full-scale test

D. Functional test

Answer: C

Goal of high availability:

A. Continuous system access

B. Improved system integrity

C. Increased network security

D. Encrypted communication

Answer: A

Backup type copying data changed since the last full backup:

A. Full backup

B. Incremental backup

C. Differential backup

D. Mirror backup

Answer: B

Purpose of redundancy in business continuity:

A. Reduce costs

B. Ensure system reliability

C. Improve encryption

D. Eliminate testing

Answer: B

Alternate site fully operational during a disaster:

A. Hot site

B. Warm site

C. Cold site

D. Shadow site

Answer: A

Difference between disaster recovery and business continuity:

A. Disaster recovery focuses on technology; business continuity on processes.

B. Disaster recovery focuses on processes; business continuity on compliance.

C. Disaster recovery is part of business continuity.

D. They are unrelated.

Answer: C

Purpose of a contingency plan:

A. Steps to respond to unexpected events

B. Methods to eliminate risks

C. Techniques for improving software development

D. Guidelines for encryption protocols

Answer: A

Concept reducing disruption impact by relocating operations:

A. Data recovery

B. Risk mitigation

C. Disaster recovery

D. Continuity of operations

Answer: D

Tool estimating disruption probability and impact:

A. Penetration test

B. Business Impact Analysis (BIA)

C. Security assessment

D. Threat model

Answer: B

Tabletop exercise:

A. Simulated, non-physical test of plans

B. Full activation of business continuity protocols

C. Automated system backup

D. Incident monitoring solution

Answer: A

Ensures data recovery after a disaster:

A. Firewalls

B. Backups

C. Multi-factor authentication

D. Encryption

Answer: B

Document outlining roles during an incident:

A. Business Impact Analysis

B. Disaster Recovery Plan

C. Incident Response Plan

D. Access Control Policy

Answer: C

Difference between RTO and RPO:

A. RTO = downtime; RPO = data loss tolerance.

B. RTO = business processes; RPO = system availability.

C. RTO = mitigation; RPO = recovery.

D. They are identical.

Answer: A

System ensuring uninterrupted power during disasters:

A. UPS (Uninterruptible Power Supply)

B. Load balancer

C. Firewall

D. Proxy server

Answer: A

Purpose of a warm site:

A. Immediate failover

B. Partial functionality with setup required

C. Basic physical location without equipment

D. Duplicates live systems for seamless recovery

Answer: B

Process evaluating disaster recovery plan effectiveness:

A. Penetration testing

B. Backup monitoring

C. Plan testing and exercises

D. Incident response

Answer: C