CISSP - Question Bank 15

Test your knowledge of CISSP with these multiple choice questions. Each Question Bank includes 20 practice questions that have been designed to measure your knowledge of key ideas.

A key factor to keep in mind is that guessing is better than not answering a question.

Every single question on the CISSP exam is a four-option multiple choice question with a single correct answer. Some are straightforward, such as asking you to select a definition. Some are a bit more involved, such as asking you to select the appropriate concept or best practice. And some questions present you with a scenario or situation and ask you to select the best response.

Start
Q1. What is the first step that individuals responsible for the development of a business continuity plan should perform?

A. BCP team selection
B. Business organization analysis
C. Resource requirements analysis
D. Legal and regulatory assessment

View Answer
The Correct Answer is B.
Explanation: The business organization analysis helps the initial planners select appropriate BCP team members and then guides the overall BCP process.
Q2. Once the BCP team is selected, what should be the first item placed on the team's agenda?

A. Business Impact Assessment
B. Business organization analysis
C. Resource requirements analysis
D. Legal and regulatory assessment

View Answer
The Correct Answer is B.
Explanation: The first task of the BCP team should be the review and validation of the business organization analysis initially performed by those individuals responsible for spearheading the BCP effort. This ensures that the initial effort, undertaken by a small group of individuals, reflects the beliefs of the entire BCP team.
Q3. What is the term used to describe the responsibility of a firm's officers and directors to ensure that adequate measures are in place to minimize the effect of a disaster on the organization's continued viability?

A. Corporate responsibility
B. Disaster requirement
C. Due diligence
D. Going concern responsibility

View Answer
The Correct Answer is C.
Explanation: A firm's officers and directors are legally bound to exercise due diligence in conducting their activities. This concept creates a fiduciary responsibility on their part to ensure that adequate business continuity plans are in place.
Q4. What will be the major resource consumed by the BCP process during the BCP phase?

A. Hardware
B. Software
C. Processing time
D. Personnel

View Answer
The Correct Answer is D.
Explanation: During the planning phase, the most significant resource utilization will be the time dedicated by members of the BCP team to the planning process itself. This represents a significant use of business resources and is another reason that buy-in from senior management is essential.
Q5. What unit of measurement should be used to assign quantitative values to assets in the priority identification phase of the Business Impact Assessment?

A. Monetary
B. Utility
C. Importance
D. Time

View Answer
The Correct Answer is A.
Explanation: The quantitative portion of the priority identification should assign asset values in monetary units.
Q6. Which one of the following BIA terms identifies the amount of money a business expects to lose to a given risk each year?

A. ARO
B. SLE
C. ALE
D. EF

View Answer
The Correct Answer is C.
Explanation: The annualized loss expectancy (ALE) represents the amount of money a business expects to lose to a given risk each year. This figure is quite useful when performing a quantitative prioritization of business continuity resource allocation.
Q7. What BIA metric can be used to express the longest time a business function can be unavailable without causing irreparable harm to the organization?

A. SLE
B. EF
C. MTD
D. ARO

View Answer
The Correct Answer is C.
Explanation: The maximum tolerable downtime (MTD) represents the longest period a business function can be unavailable before causing irreparable harm to the business. This figure is very useful when determining the level of business continuity resources to assign to a particular function.
Q8. You are concerned about the risk that an avalanche poses to your $3 million shipping facility. Based upon expert opinion, you determine that there is a 5 percent chance that an avalanche will occur each year. Experts advise you that an avalanche would completely destroy your building and require you to rebuild on the same land. Ninety percent of the $3 million value of the facility is attributed to the building and 10 percent is attributed to the land itself. What is the single loss expectancy of your shipping facility to avalanches?

A. $3,000,000
B. $2,700,000
C. $270,000
D. $135,000

View Answer
The Correct Answer is B.
Explanation: The SLE is the product of the AV and the EF. From the scenario, you know that the AV is $3,000,000 and the EF is 90 percent, based upon the fact that the same land can be used to rebuild the facility. This yields an SLE of $2,700,000.
Q9. Referring to the scenario in question 8, what is the annualized loss expectancy?

A. $3,000,000
B. $2,700,000
C. $270,000
D. $135,000

View Answer
The Correct Answer is D.
Explanation: This problem requires you to compute the ALE, which is the product of the SLE and the ARO. From the scenario, you know that the ARO is 0.05 (or 5 percent). From question 8, you know that the SLE is $2,700,000. This yields an SLE of $135,000.
Q10. Your manager is concerned that the Business Impact Assessment recently completed by the BCP team doesn't adequately take into account the loss of goodwill among customers that might result from a particular type of disaster. Where should items like this be addressed?

A. Continuity strategy
B. Quantitative analysis
C. Likelihood assessment
D. Qualitative analysis

View Answer
The Correct Answer is D.
Explanation: The qualitative analysis portion of the BIA allows you to introduce intangible concerns, such as loss of customer goodwill, into the BIA planning process.
Q11. Which task of BCP bridges the gap between the Business Impact Assessment and the Continuity Planning phases?

A. Resource prioritization
B. Likelihood assessment
C. Strategy development
D. Provisions and processes

View Answer
The Correct Answer is C.
Explanation: The strategy development task bridges the gap between Business Impact Assessment and Continuity Planning by analyzing the prioritized list of risks developed during the BIA and determining which risks will be addressed by the BCP.
Q12. Which resource should you protect first when designing continuity plan provisions and processes?

A. Physical plant
B. Infrastructure
C. Financial
D. People

View Answer
The Correct Answer is D.
Explanation: The safety of human life must always be the paramount concern in Business Continuity Planning. Be sure that your plan reflects this priority, especially in the written documentation that is disseminated to your organization’s employees!
Q13. Which one of the following concerns is not suitable for quantitative measurement during the Business Impact Assessment?

A. Loss of a plant
B. Damage to a vehicle
C. Negative publicity
D. Power outage

View Answer
The Correct Answer is C.
Explanation: It is very difficult to put a dollar figure on the business lost due to negative publicity. Therefore, this type of concern is better evaluated through a qualitative analysis.
Q14. Lighter Than Air Industries expects that it would lose $10 million if a tornado struck its aircraft operations facility. It expects that a tornado might strike the facility once every 100 years. What is the single loss expectancy for this scenario?

A. 0.01
B. $10,000,000
C. $100,000
D. 0.10

View Answer
The Correct Answer is B.
Explanation: The single loss expectancy (SLE) is the amount of damage that would be caused by a single occurrence of the risk. In this case, the SLE is $10 million, the expected damage from one tornado. The fact that a tornado occurs only once every 100 years is not reflected in the SLE but would be reflected in the annualized loss expectancy (ALE).
Q15. Referring to the scenario in question 13, what is the annualized loss expectancy?

A. 0.01
B. $10,000,000
C. $100,000
D. 0.10

View Answer
The Correct Answer is C.
Explanation: The annualized loss expectancy (ALE) is computed by taking the product of the single loss expectancy (SLE), which was $10 million in this scenario, and the annualized rate of occurrence (ARO), which was 0.01 in this example. These figures yield an ALE of $100,000.
Q16. In which Business Continuity Planning task would you actually design procedures and mechanisms to mitigate risks deemed unacceptable by the BCP team?

A. Strategy development
B. Business Impact Assessment
C. Provisions and processes
D. Resource prioritization

View Answer
The Correct Answer is C.
Explanation: In the provisions and processes phase, the BCP team actually designs the procedures and mechanisms to mitigate risks that were deemed unacceptable during the strategy development phase.
Q17. What type of mitigation provision is utilized when redundant communications links are installed?

A. Hardening systems
B. Defining systems
C. Reducing systems
D. Alternative systems

View Answer
The Correct Answer is D.
Explanation: Redundant communications links are a type of alternative system put in place to provide backup circuits in the event a primary communications link fails.
Q18. What type of plan outlines the procedures to follow when a disaster interrupts the normal operations of a business?

A. Business continuity plan
B. Business Impact Assessment
C. Disaster recovery plan
D. Vulnerability assessment

View Answer
The Correct Answer is C.
Explanation: Disaster recovery plans pick up where business continuity plans leave off. After a disaster strikes and the business is interrupted, the disaster recovery plan guides response teams in their efforts to quickly restore business operations to normal levels.
Q19. What is the formula used to compute the single loss expectancy for a risk scenario?

A. SLE=AV*EF
B. SLE= RO*EF
C. SLE=AV*ARO
D. SLE=EF*ARO

View Answer
The Correct Answer is A.
Explanation: The single loss expectancy (SLE) is computed as the product of the asset value (AV) and the exposure factor (EF). The other formulas displayed here do not accurately reflect this calculation.
Q20. When computing an annualized loss expectancy, what is the scope of the output number?

A. All occurrences of a risk across an organization during the life of the organization
B. All occurrences of a risk across an organization during the next year
C. All occurrences of a risk affecting a single organizational asset during the life of the asset
D. All occurrences of a risk affecting a single organizational asset during the next year

View Answer
The Correct Answer is D.
Explanation: The annualized loss expectancy, as its name implies, covers the expected loss due to a risk during a single year. ALE numbers are computed individually for each asset within an organization.
Copyright © 2018 | All Rights Reserved | Designed & Developed by Yeahhub.com