104. c. The business impact analysis (BIA) examines business processes composition and priorities, business or operating cycles, service levels, and, most important, the business process dependency on mission-critical information systems.
105. The major threats that a disaster recovery contingency plan should address include:
a. Physical threats, software threats, and environmental threats
b. Physical threats and environmental threats
c. Software threats and environmental threats
d. Hardware threats and logical threats
105. c. Physical and environmental controls help prevent contingencies. Although many of the other controls, such as logical access controls, also prevent contingencies, the major threats that a contingency plan addresses are physical and environmental threats, such as fires, loss of power, plumbing breaks, or natural disasters. Logical access controls can address both the software and hardware threats.
106. Which of the following is often a missing link in developing a local-area network methodology for contingency planning?
a. Deciding which applications can be handled manually
b. Deciding which users must secure and back up their own-data
c. Deciding which applications are to be supported offsite
d. Deciding which applications can be handled as standalone personal computer tasks
106. b. It is true that during a disaster, not all application systems have to be supported while the local-area network (LAN) is out of service. Some LAN applications may be handled manually, some as standalone PC tasks, whereas others need to be supported offsite. Although these duties are clearly defined, it is not so clear which users must secure and back up their own data. It is important to communicate to users that they must secure and back up their own data until normal LAN operations are resumed. This is often a missing link in developing a LAN methodology for contingency planning.
107. Which of the following uses both qualitative and quantitative tools?
a. Anecdotal analysis
b. Business impact analysis
c. Descriptive analysis
d. Narrative analysis
107. b. The purpose of business impact analysis (BIA) is to identify critical functions, resources, and vital records necessary for an organization to continue its critical functions. In this process, the BIA uses both quantitative and qualitative tools. The other three choices are examples that use qualitative tools. Anecdotal records constitute a description or narrative of a specific situation or condition.
108. With respect to BCP/DRP, single point of failure means which of the following?
a. No production exists
b. No vendor exists
c. No redundancy exists
d. No maintenance exists
108. c. A single point of failure occurs when there is no redundancy in data, equipment, facilities, systems, and programs. A failure of a component or element may disable the entire system. Use of redundant array of independent disks (RAID) technology provides greater data reliability through redundancy because the data can be stored on multiple hard drives across an array, thus eliminating single points of failure and decreasing the risk of data loss significantly.
109. What is an alternative processing site that is equipped with telecommunications but not computers?
a. Cold site
b. Hot site
c. Warm site
d. Redundant site
109. c. A warm site has telecommunications ready to be utilized but does not have computers. A cold site is an empty building for housing computer processors later but equipped with environmental controls (for example, heat and air conditioning) in place. A hot site is a fully equipped building ready to operate quickly. A redundant site is configured exactly like the primary site.
110. Which of the following computer backup alternative sites is the least expensive methodand the most difficult to test?
a. Nonmobile hot site
b. Mobile hot site
c. Warm site
d. Cold site
110. d. A cold site is an environmentally protected computer room equipped with air conditioning, wiring, and humidity control for continued processing when the equipment is shipped to the location. The cold site is the least expensive method of a backup site, but the most difficult and expensive to test.
111. Which of the following is the correct sequence of events when surviving a disaster?
