Relationships between critical systems are BEST understood by
Correct Answer: B
Explanation The explanation given is: "A BIA is a process that identifies and evaluates the potential effects of natural and man-made events on business operations. It helps to understand how critical systems are interrelated and what their dependencies are. A BIA also helps to determine the RTOs for each system. The other options are not directly related to understanding the relationships between critical systems."
Question 87
The PRIMARY objective of a post-incident review of an information security incident is to:
Correct Answer: C
Explanation The primary objective of a post-incident review of an information security incident is to identify the root cause of the incident and determine what can be done to prevent a similar incident from happening in the future. This process helps organizations to learn from past incidents and make improvements to their security posture to reduce the risk of future incidents. By conducting a thorough post-incident review, organizations can identify areas for improvement in their security controls, policies, and procedures, and implement changes to prevent similar incidents from happening in the future. Other important objectives of a post-incident review may include updating the risk profile, minimizing impact, and determining the impact of the incident, but the main focus should be on identifying ways to prevent recurrence.
Question 88
Which of the following is the MOST effective way to demonstrate alignment of information security strategy with business objectives?
Correct Answer: A
Explanation The balanced scorecard is a management tool that can be used to demonstrate the alignment of information security strategy with business objectives. The balanced scorecard provides a comprehensive view of an organization's performance by considering multiple dimensions, including financial performance, customer satisfaction, internal processes, and learning and growth. By integrating information security objectives and metrics into the balanced scorecard, organizations can demonstrate how their information security investments support and align with their overall business objectives. This can help to gain the support and commitment of senior management and other stakeholders, as well as ensure that information security investments are effectively managed and optimized to deliver maximum value to the organization. While other tools, such as risk matrices, benchmarking, and heat maps, can also provide valuable information, the balanced scorecard provides a more holistic and integrated view of organizational performance and the alignment of information security with business objectives.
Question 89
Recovery time objectives (RTOs) are BEST determined by:
Correct Answer: B
Explanation Recovery time objectives (RTOs) are best determined by business continuity officers, who are responsible for ensuring that the organization is prepared for any type of disruption. Business managers, executive management, and database administrators (DBAs) all have important roles to play in the preparation and implementation of a disaster recovery plan, but they are not the ones who should determine the RTOs. References that support this statement include: * "Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP)" by ISACA (Information Systems Audit and Control Association). This resource states that "BCP and DRP teams are responsible for determining the RTOs for critical processes and systems." * "Business Continuity Planning" by the Federal Emergency Management Agency (FEMA). This guide states that "RTOs are determined by the organization and are based on the criticality of the business function and the maximum acceptable outage for that function." * "Business Continuity Planning: The Process" by Continuity Central. This resource states that "The BCP team should determine the RTOs for the organization's critical functions, processes and systems." Please note that while Business Continuity Officer is responsible for determining RTOs, it is important to consider input from other stakeholders such as executive management, IT, and other department heads to ensure that RTOs align with the overall goals and priorities of the organization.
Question 90
When designing a disaster recovery plan (DRP), which of the following MUST be available in order to prioritize system restoration?
Correct Answer: A
Explanation A BIA is an important part of Disaster Recovery Planning (DRP). It helps identify the impact of a disruption on the organization, including the critical systems and processes that must be recovered in order to minimize that impact. The BIA results are used to prioritize system restoration and determine the resources needed to get the organization back into operation as quickly as possible.
