1. What are the two types of disaster that are considered when creating a Disaster Recovery Plan (DRP)? (Choose two.)
- natural disasters
- management disasters
- social disasters
- human-caused disasters
Explanation: The two types of disasters that are considered in disaster recovery planning are natural disasters and human-caused disasters.
2. What is considered to be a natural disaster? (Choose three.)
- volcano
- solar strom
- sabotage
- pandemic
Explanation: Examples of natural disasters are volcanoes, solar storms, and pandemics. They occur independent of human action. Sabotage is an example of a human-caused disaster.
3. What does a DRP specify?
- a list of disasters that should be avoided to ensure business continuity
- compensation for affected personnel according to risk
- disaster prevention strategies to migrate common disasters
- details of the critical business processes that must be restored
Explanation: One of the things specified in the DRP is the details of the critical business processes that must be restored by disaster recovery activities.
4. True or False? Detective disaster controls restore systems after a disaster or event.
- true
- false
Explanation: False. Detective controls are designed to detect when unwanted events have occurred. Corrective controls restore systems after a disaster or destructive event.
5. What is an example of a preventive control?
- fire alarm
- fire suppression system
- replacement for fire-damaged equipment
- evacuation plan
Explanation: Fire suppression systems are preventive controls that are designed to prevent severe damage due to fire. Fire alarms are detective controls. Evacuation plans prevent injury and loss of life. Replacing damaged equipment is corrective.
6. What is the purpose of a business impact analysis (BIA)?
- identification of critical business processes and resources, and the relationships between systems
- specification of roles and responsibilities in disaster response activities
- determination of alternative location for critical systems
- specification of key disaster detection mechanisms
Explanation: In the BIA, critical business processes, resources, and relationships between systems are identified.
7. Which business continuity consideration describes the maximum tolerable amount of time that a system, network, or application can be unavailable after a failure or disaster?
- recovery point objectives (RPO)
- mean time to repair (MTTR)
- recovery time objectives (RTO)
- mean time between failures (MTBF)
Explanation: It is important to prioritize recovery actions. The RTO identifies the maximum tolerable amount of time that a system, network, or application can be unavailable. This helps to identify which items require immediate correction.
8. What is a simple test of a disaster recovery plan that involves a facilitated walkthrough of a disaster recovery scenario?
- tabletop exercise
- functional test
- operational exercise
- business continuity control
Explanation: It is important to test the disaster recovery plan. A low-impact way of doing so is with tabletop exercises in which a facilitator supplies information about disasters to personnel who discuss planned responses.