API tools faq
paste
Advertisement
opexxx

BCM_Questions

opexxx
Apr 12th, 2025
9
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 19.95 KB | None | 0 0
raw download clone embed print report
  1. A& C should have included business continuity management requirements in contracts with its supplier.
  2. What strategy would you suggest to A& C after the disruptions caused by risks affecting its supplier?
  3. Which of the following approaches to BCM strategy did A& C employ?
  4. What should A& C have not included in the business continuity plan?
  5. Which statement is correct?
  6. What does big data include?
  7. What is big data ?
  8. By identifying data backups as critical business processes, what did RDK conduct?
  9. What is the root cause of the phishing attack that occurred in RDK on May 2021?
  10. One disadvantage of the file backup data continuity strategy is that it is not a good fit for organizations with voluminous data.
  11. What is the overall objective of conducting exercises?
  12. What is the purpose of the BCMS internal audit?
  13. Which parameter is commonly subject to monitoring and measurement?
  14. Based on the outputs of _____________ and _____________, the organization determines its business continuity strategies.
  15. What is the main reason that employees fail to follow the business continuity policy?
  16. What should an organization ensure when undertaking changes?
  17. The business continuity policy should:
  18. What should an organization do when defining the BCMS scope?
  19. What is recommended for organizations that manage multiple compliance frameworks simultaneously?
  20. What is the first step that should be taken when planning the business impact analysis (BIA)?
  21. Among others, ________________________ consists of identifying organization’s critical activities and resources needed to support prioritized activities of an organization.
  22. What are the steps of business continuity planning process?
  23. Which of the following is considered as a human-caused hazard?
  24. What is the role of disaster recovery for business continuity management?
  25. How did business continuity management evolve as a discipline?
  26. What does business continuity management mainly entail?
  27. What are accreditation bodies?
  28. OneMarket is a market research company which helps its customers determine which products and services are on demand. Recently, the company’s BCMS was audited by another party. What is OneMarket in this case?
  29. What is a certification body?
  30. ISO develops international standards and systematically verifies whether those standards are implemented in accordance with the requirements defined.
  31. What does ISO 22313 provide?
  32. The requirements specified in ISO 22301 are intended to be applicable only to medium and large organizations.
  33. From the perspective of interested parties, what does a business continuity management system (BCMS) ensure?
  34. Which cycle does ISO 22301 apply?
  35. Which statement below is correct?
  36. Implementation of a records management policy for the BCMS can be a corrective action for the lack of a record of business continuity policy?
  37. What is the root cause of lacking a record of a business continuity policy?
  38. The lack of a record of a business continuity policy represents a:
  39. Did the exercise and testing program of FAR achieve its intended results?
  40. Should FAR have hired Dolly as an internal auditor?
  41. Auditors that take part in the audit also participate in the certification decision ?
  42. What is the main activity of stage 1 audit?
  43. What can an organization do prior to the commencement of the audit?
  44. An auditee is not allowed to request that each member of the audit team holds a security clearance or that a background check on each member is conducted before being admitted on-site ?
  45. Which of the following is a valid reason for rejecting an auditor?
  46. Feedback from personnel, business partners, clients, critical customers, suppliers, and community do not serve as inputs to continual improvement ?
  47. What is the correlation between continual improvement and productivity?
  48. What does continual improvement of the BCMS help the organization with?
  49. Which of the following is an activity taken toward continual improvement?
  50. An organization can demonstrate that it continuously strives to improve its BCMS by publishing their performance?
  51. Which activity below is performed in the situation analysis phase of the corrective action process?
  52. Who is responsible for evaluating whether the action plan can resolve the nonconformities within the specified time frame?
  53. There should be an action plan for each nonconformity.
  54. Preventive actions are often more cost-effective than corrective actions?
  55. Which method below is not employed to resolve problems and nonconformities?
  56. Which action should be taken to eliminate the cause of a nonconformity and prevent recurrence?
  57. ISO 22301 does not provide specific requirements on the frequency of management review meetings. However, annual meetings should suffice.
  58. What should be included in the management review output?
  59. Identifying anomalies in the BCMS is one of the main purposes of:
  60. Who is responsible for providing the input needed for a management review?
  61. What is ensured when results are achieved in the best way possible?
  62. To ensure that the mission of the internal auditor is successfully completed, an organization must not:
  63. How many types of nonconformities are there?
  64. A nonconformity report should be explicit, unambiguous, linguistically correct, and as concise as possible.
  65. Which statement below is not correct regarding internal audits?
  66. The main difference between second and third-party audits is in certification. Second party audits are intended for certification, whereas third - party audits are not.
  67. What is the aim of a third-party BCMS audit?
  68. The organization should conduct monitoring and measurement activities twice a year, as specifically indicated in ISO 22301.
  69. Which of the following is not a method for reporting the monitoring and measurement results?
  70. Organizations should monitor and measure activities related to:
  71. It is recommended to introduce as many performance measures as possible to gain more valuable insights regarding the performance of the BCMS.
  72. What is the purpose of monitoring, measurement, analysis, and evaluation?
  73. The exercises and tests of the business continuity plans should be spontaneous and conducted randomly once in a two-year period.
  74. ___________________ refers to a form of exercise where participants are placed in circumstances that are similar to those of an actual incident.
  75. There are five levels of exercises. Which one is recommended to be done when new staff join an organization?
  76. What should an effective exercise plan include?
  77. What are the key stages of an exercise program?
  78. What should an organization do to validate the effectiveness of its business continuity strategies and procedures?
  79. What strategy would you suggest to A& C after the disruptions caused by risks affecting its supplier?
  80. A& C should have included business continuity management requirements in contracts with its supplier.
  81. What is the expected monetary value for the risk of the company’s building catching fire?
  82. What is a key success factor during a crisis?
  83. Whose responsibilities increase during a crisis?
  84. The size and number of teams involved in crisis management depend on the ________ and _________ of the organization.
  85. What does a crisis management plan include?
  86. ISO 22301 does not specifically require the establishment of a crisis management plan.
  87. What should the primary objective be in an emergency?
  88. If the expected duration of the disruption lasts longer than the ___________, the incident response should be activated.
  89. One key principle of incident response investigation is being timely and responsive. Based on this principle, when should incidents be reported?
  90. Employees should be _________________ to report incidents.
  91. Incident response structure consists three main types of teams. Which team is responsible for determining how the causes of the incident are to be managed?
  92. How should incident response plans be?
  93. The time required to implement the business continuity plan must be within or equal to the RTO.
  94. Why should business continuity plans be evaluated?
  95. Which step should be taken first when developing a business continuity plan?
  96. What should, among others, a business continuity plan include?
  97. What is the purpose of business continuity plans?
  98. What should an organization that outsources critical activities do to prevent potential disruptions that may affect them?
  99. What type of strategy can an organization select in order to mitigate, respond to, and manage impacts of a disruption?
  100. Which approach for developing a business continuity strategy is suitable for organizations that operate in the service and manufacturing industry and are predominantly people-intensive?
  101. The business continuity strategy forms the foundation of:
  102. A business continuity strategy must be identified based on the extent to which the strategy:
  103. How do the outputs of BIA and risk assessment help the organizations with?
  104. The organization needs to prioritize risks in order to focus the treatment efforts into risks that have both __________ impact and ____________.
  105. How is the value of risk (expected monetary value) estimated?
  106. The purpose of risk evaluation is to support:
  107. How can the likelihood of an event be estimated?
  108. The magnitude of consequences can be expressed quantitatively or as a distribution. When is the expression in the form of distribution appropriate?
  109. If an organization has already conducted _______________, they already possess data on the existing controls.
  110. Which techniques are used for risk analysis?
  111. During risk identification, an organization should not include all risks but focus only on those that they can control.
  112. What is the purpose of risk identification?
  113. Through risk assessment, organizations are able to assess the risks of:
  114. When Juto’s business continuity team assessed the impact due to the interruption of the business activities by quantifying the impact, they conducted:
  115. Why did top management, instead of the business continuity manager, send an official letter to the staff before publishing the business continuity policy?
  116. Juto’s business continuity policy appears to not detail the:
  117. The total amount of time Juto is willing to accept for a business process disruption is known as:
  118. What is the issue with the way Juto addresses the disruptions it experiences?
  119. The acceptable maximum acceptable outage (MAO) for critical business processes is:
  120. The _____ indicates how much lost data will be acceptable to users.
  121. Which of the following can be employed to evaluate the impact of interrupted activities?
  122. The data collection phase for BIA requires the collection of information for:
  123. RTO is the amount of time a user is willing to lose before regaining the use of their applications.
  124. Cost of disruption is _________________ related with cost of recovery.
  125. What should an organization do, among others, when conducting BIA?
  126. _____________ involves time and resource allocation in assessing the criticality of functions within the organization.
  127. What is the purpose of business impact analysis (BIA)?
  128. Which claim is correct regarding documented information?
  129. The organization should ________________________ for the business continuity communication to be effective.
  130. What should an organization ensure when undertaking business continuity communication activities?
  131. The extent of documented information for a BCMS does not differ from one organization to another.
  132. Which of the following is a principle of effective communication?
  133. Communication relevant to BCMS allows the organization to respond to the needs and expectations of:
  134. Persons doing work under the organization’s control must ____________________ their own role and responsibilities before, during, and after disruptions.
  135. An employee that is neither aware nor trained represents a potential risk.
  136. What is an appropriate action for ensuring that people within the organization are competent for undertaking business continuity-related tasks?
  137. Which factors can create the need for changes in the BCMS?
  138. ISO 22301 requires organizations to apply a formal risk management process.
  139. What is of high importance in cases when the BCMS undergoes changes?
  140. In the change management of the BCMS, it is important to:
  141. Business continuity objectives should be:
  142. What is the typical sequence of actions in the process of drafting a business continuity policy?
  143. A clearly defined business continuity policy does not require review, control, and evaluation.
  144. What should a business continuity policy include?
  145. A business continuity policy should:
  146. A business continuity policy should include a commitment to continual improvement.
  147. _____________ should be addressed in a business case.
  148. What is the business continuity management team responsible for?
  149. A business continuity manager is expected to facilitate:
  150. The organizational structure for business continuity does not require strong support from the top management.
  151. Which of the following are identified during the BCMS project planning phase?
  152. Before defining the organizational structure for business continuity, several factors, such as _____________ should be considered.
  153. A business case is a tool used to:
  154. _____________ are/is imperative for the implementation of a BCMS based on ISO 22301.
  155. Which step below should LCL take?
  156. In addition to the location, what is another vulnerability or source of risk for LCL that can be detected in the scenario?
  157. Why were LCL’s employees interviewed individually?
  158. LCL had already some form of measures in place to ensure business continuity during disruptions. Why did LCL engage in means of determining the current state of the company?
  159. LCL had considered that the continuity of operations is ensured for as long as employees could work remotely in case its offices are subject to severe flooding. Which of the following did LCL fail to take into account?
  160. Should the organization pay attention when changing the scope?
  161. What, among others, should an organization consider when determining its BCMS scope?
  162. The organization should ____________ and _____________ its BCMS scope.
  163. How should the BCMS scope statement be?
  164. What, among others, should be considered when defining organizational boundaries?
  165. A gap analysis helps the implementation and maintenance of a BCMS by:
  166. The organization must inform its interested parties concerning the actions taken for the implementation of the BCMS and the impact and responsibilities they have in this regard?
  167. Which of the following statements is correct regarding the identification and analysis of interested parties?
  168. Why should a business continuity manager be familiar with the organization’s business processes?
  169. ___________ is a tool that assists organizations in determining and managing interested parties.
  170. Why must a BCMS be aligned with the organization’s mission?
  171. Why should general information about an organization be collected?
  172. Which of the following is highly important when analyzing the internal context of an organization?
  173. What, among others, should be ensured when applying the proposed approach to the BCMS implementation?
  174. What is an integrated approach to implementing a BCMS?
  175. Among others, initiating the BCMS implementation project includes:
  176. The PECB approach to the BCMS implementation is based on a range of approaches, including the ___________ approach, which is the integration of the BCMS into the context of commercial activities across the organization.
  177. Which factor can determine the BCMS implementation approach?
  178. Recovery time objective (RTO) refers to the time period within which business operations must be resumed.
  179. What are the main principles of business continuity?
  180. Who is responsible for the effectiveness of the BCMS?
  181. What is essential for an effective BCP, at least in the initial phase of a disruptive incident?
  182. Business continuity is the capability of an organization to:
  183. What is the primary purpose of business impact analysis (BIA)?
  184. What does a business continuity plan include?
  185.   ______________________ is documented information that supports an organization in effectively responding to a disruption and resuming the delivery of products and services following a disruption.
  186. Organizations are encouraged to implement a/an ____________________ if they have to manage several compliance frameworks.
  187. ___________ is an iterative method that helps implementing, maintaining, and systematically improving a BCMS.
  188. Which statement regarding management systems is correct?
  189. What, among others, does ISO 223001 require in relation to understanding the context of the organization?
  190. An organization, wishing to get certified against ISO 22301, must demonstrate compliance with requirements outlined in clauses:
  191. Organizations cannot obtain certification against _______________ standard.
  192. Being ISO/IEC 27001 certified lays the foundation for an easier and more effective implementation of BCMS ?
  193. Which benefit can be gained from the implementation of a BCMS?
  194. Which controls of ISO/IEC 27001’s annex are considered similar to some clauses of ISO 22301?
  195. ISO 22301 provides guidelines on how to implement, maintain, and improve a business continuity management system (BCMS)?
  196. The process of determining the status of a system, process, or activity is known as:
  197. Business continuity plans need to be evaluated in order to:
  198. The organization should conduct exercises and tests that:
  199. What is the primary and most important objective during an emergency?
  200. Incident management plans should be:
  201. “Procedure” is defined as:
  202. Plans that include programs that ensure the effectiveness of business continuity strategies and solutions are also known as____________?
  203. Business continuity plan is NOT required to include:
  204. Clause 8.4.2.4 requires that the documented procedures to guide the actions of the teams shall include:
  205. According to clause 8.4.2 Response Structure, the organization must:
  206. What does an employee who is neither aware nor trained represent?
  207. Apart from the documented information required by ISO 22301, the BCMS must include documented information that:
  208. Based on what is the organization required to identify and select business continuity strategies?
  209. What does an organization need to do when dealing with unintended changes?
  210. With regard to operational planning and control, does the standard require from the organization to control outsourced processes and the supply chain?
  211. Which of the following is the organization required to determine with regard to communication?
  212. Which of the following represents a business continuity strategy option?
  213. What does the standard require to ensure when creating and updating documented information?
  214. Which of the following is performed at the risk analysis stage?
  215. With regard to the training program, what is the objective of the introductory sessions?
  216. What are the external factors that could drive the need for changes?
  217. When planning the BCMS objectives, organizations must determine which of the following?
  218. The BCMS objectives, among others, must be:
  219. Why is it important to consider the risks and opportunities in a BCMS project?
  220. According to the requirements of ISO 22301, the top management of the organization cannot assign to another party:
  221. The requirements of ISO 22301 imply that the top management of the organization is required to demonstrate leadership and commitment with regard to the BCMS. Leadership and commitment can be best demonstrated by:
  222. The top management must ensure that the roles and responsibilities regarding BCMS are:
  223. The business policy must be:
  224. Who shall be responsible for establishing the business continuity policy?
  225. With regard to leadership and commitment, the top management shall ensure:
  226. When defining the scope, is the organization allowed to claim exclusions?
  227. With regard to legal and regulatory requirements, the standard does not require:
  228. Individuals in an area who may be affected by an incident are defined as:
  229. The internal context of an organization can include:
  230. With regard to the needs and expectations of interested parties, the organization is required to:
  231. Why is it important to understand the mission, objectives, values, and strategies of the organization?
  232. How many management systems is an organization allowed to integrate?
  233. Why is the application of the PDCA cycle important for ISO 22301?
  234. Which of the statements below best describes what the PDCA cycle is
  235. What is the purpose of a business impact analysis?
  236.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!