60. d. Housing computers in a fire-resistant area is an example of a physically oriented disaster prevention category, whereas the other three choices are examples of procedure-oriented activities. Procedure-oriented actions relate to tasks performed on a day-to-day, month-to-month, or annual basis or otherwise performed regularly. Housing computers in a fire-resistant area with a noncombustible or charged sprinkler area is not regular work. It is part of a major computer-center building construction plan.
61. Which of the following is the most important outcome from contingency planning tests?
a. The results of a test should be viewed as either pass or fail.
b. The results of a test should be viewed as practice for a real emergency.
c. The results of a test should be used to assess whether the plan worked or did not work.
d. The results of a test should be used to improve the plan.
61. d. In the case of contingency planning, a test should be used to improve the plan. If organizations do not use this approach, flaws in the plan may remain hidden or uncorrected. Although the other three choices are important in their own way, the most important outcome is to learn from the test results in order to improve the plan next time, which is the real benefit.
62. A major risk in the use of cellular radio and telephone networks during a disaster include:
a. Security and switching office issues
b. Security and redundancy
c. Redundancy and backup power systems
d. Backup power systems and switching office
62. a. The airwaves are not secure and a mobile telephone switching office can be lost during a disaster. The cellular company may need to divert a route from the cell site to another mobile switching office. User organizations can take care of the other three choices because they are mostly applicable to them, and not to the telephone company.
63. Regarding BCP and DRP, which of the following is not an element of risk?
a. Threats
b. Assets
c. Costs
d. Mitigating factors
63. c. Whether it is BCP/DRP or not, the three elements of risk include threats, assets, and mitigating factors.
Risks result from events and their surroundings with or without prior warnings, and include facilities risk, physical and logical security risk, reputation risk, network risk, supply-chain risk, compliance risk, and technology risk.
Threat sources include natural (for example, fires and floods), man-made attacks (for example, social engineering), technology-based attacks (DoS and DDoS), and intentional attacks (for example, sabotage).
Assets include people, facilities, equipment (hardware), software, and technologies.
Controls in the form of physical protection, logical protection, and asset protection are needed to avoid or mitigate the effects of risks. Some examples of preventive controls include passwords, smoke detectors, and firewalls and some examples of reactive/recovery controls include hot sites and cold sites.
Costs are the outcomes or byproducts of and derived from threats, assets, and mitigating factors, which should be analyzed and justified along with benefits prior to the investment in controls.
64. Physical disaster prevention and preparedness begins when a:
a. Data center site is constructed
b. New equipment is added
c. New operating system is installed
d. New room is added to existing computer center facilities
64. a. The data center should be constructed in such a way as to minimize exposure to fire, water damage, heat, or smoke from adjoining areas. Other considerations include raised floors, sprinklers, or fire detection and extinguishing systems and furniture made of noncombustible materials. All these considerations should be taken into account in a cost-effective manner at the time the data (computer) center is originally built. Add-ons will not only be disruptive but also costly.
65. Disaster notification fees are part of which of the following cost categories associated with alternative computer processing support?
a. Initial costs
b. Recurring operating costs
c. Activation costs
d. Development costs
65. c. There are three basic cost elements associated with alternate processing-support: initial costs, recurring operating costs, and activation costs. The first two components are incurred whether the backup facility is put into operation; the last cost component is incurred only when the facility is activated.
