13. c. Two critical measurements in business impact analysis (BIA) include recovery time objectives (RTOs) and recovery point objectives (RPOs). Usually, systems are classified as general support systems (for example, networks, servers, computers, gateways, and programs) and major application systems (for example, billing, payroll, inventory, and personnel system). Uninterruptible power supply (UPS) system is an auxiliary system supporting general systems and application systems. Regardless of the nature and type of a system, they all need to fulfill the RTOs and RPOs to determine their impact on business operations.
14. Regarding BCP and DRP, which of the following establishes an information system’s recovery time objective (RTO)?
a. Cost of system inoperability and the cost of resources
b. Maximum allowable outage time and the cost to recover
c. Cost of disruption and the cost to recover
d. Cost of impact and the cost of resources
14. b. The balancing point between the maximum allowable outage (MAO) and the cost to recover establishes an information system’s recovery time objective (RTO). Recovery strategies must be created to meet the RTO. The maximum allowable outage is also called maximum tolerable downtime (MTD). The other three choices are incorrect because they do not deal with time and cost dimensions together.
15. Regarding BCP and DRP, which of the following determines the recovery cost balancing?
a. Cost of system inoperability and the cost of resources to recover
b. Maximum allowable outage and the cost to recover
c. Cost of disruption and the cost to recover
d. Cost of impact and the cost of resources
15. a. It is important to determine the optimum point to recover an IT system by balancing the cost of system inoperability against the cost of resources required for restoring the system. This is called recovery cost balancing, which indicates how long an organization can afford to allow the system to be disrupted or unavailable. The other three choices are incorrect because they do not deal with the recovery cost balancing principle.
16. Regarding contingency planning, which of the following actions are performed when malicious attacks compromise the confidentiality or integrity of an information system?
1. Graceful degradation
2. System shutdown
3. Fallback to manual mode
4. Alternate information flows
a. 1 and 2
b. 2 and 3
c. 3 and 4
d. 1, 2, 3, and 4
16. d. The actions to perform during malicious attacks compromise the confidentiality or integrity of the information system include graceful degradation, information system shutdown, fallback to a manual mode, alternative information flows, or operating in a mode that is reserved solely for when the system is under attack.
17. In transaction-based systems, which of the following are mechanisms supporting transaction recovery?
1. Transaction rollback
2. Transaction journaling
3. Router tables
4. Compilers
a. 1 only
b. 1 and 2
c. 3 and 4
d. 1, 2, 3, and 4
17. b. Transaction rollback and transaction journaling are examples of mechanisms supporting transaction recovery. Routers use router tables for routing messages and packets. A compiler is software used to translate a computer program written in a high-level programming language (source code) into a machine language for execution. Both router tables and compilers do not support transaction recovery.
18. Regarding contingency planning, which of the following is susceptible to potential accessibility problems in the event of an area-wide disaster?
1. Alternative storage site
2. Alternative processing site
3. Alternative telecommunications services
4. Remote redundant secondary systems
a. 1 and 2
b. 2 and 3
c. 3 only
d. 1 and 4
18. a. Both alternative storage site and alternative processing site are susceptible to potential accessibility problems in the event of an area-wide disruption or disaster. Explicit mitigation actions are needed to handle this problem. Telecommunication services (ISPs and network service providers) and remote redundant secondary systems are located far away from the local area, hence not susceptible to potential accessibility problems.
