Download CBCI EXAM CERTIFICATE OF THE BUSINESS CONTINUITY INSTITUTE EXAM 2024 | QUESTIONS AND ANS and more Exams Business Administration in PDF only on Docsity!
CBCI EXAM CERTIFICATE OF THE BUSINESS
CONTINUITY INSTITUTE EXAM 2024 | ALL
QUESTIONS AND CORRECT ANSWERS |
ALREADY GRADED A+ | VERIFIED ANSWERS |
LATEST EXAM
Key requirements for implementation of an effective business continuity plan are: ------CORRECT ANSWER---------------An ability to recognise and assess existing and potential threats when they occur. Personnel with authority and competence An ability to communicate between internal and external interested parties. Access to sufficient resources to support agreed continuity solutions Plans for specific threats are called ------CORRECT ANSWER--------------- contingency plans Response structure ------CORRECT ANSWER---------------Who is doing what The roles and responsibilities Relationship between individuals and teams Documented procedures to support individuals and teams An incident ------CORRECT ANSWER---------------A situation that could lead to a disruption, loss or emergency or crisis A crisis ------CORRECT ANSWER---------------A situation with a high level of uncertainty that disrupts the core activities or credibility of nthe organisation
Difference between crisis and Incident ------CORRECT ANSWER------------- --Incident is likely to be addressed using established plans and procedures. A crisis is an unpredictable situation which exceeds anticipated levels and requires a flexible, creative and strategic level response. - Example major cyber attack. Three types of team in BCM ------CORRECT ANSWER---------------Strategic teams - command and control Tactical teams - responsible for the assessment and management of the medium and short term effects of an incident Operational teams - deal with the immediate effects of an incident These may be combined. Business Continuity Plans should be ------CORRECT ANSWER--------------- Direct Adaptable Concise Relevant Business continuity plans should be ------CORRECT ANSWER--------------- stored centrally even if they are owned by specific depts. When defining the roles and responsibilities the people involved should -----
- CORRECT ANSWER---------------Have the necessary authority and capability to respond to an incident at an appropriate level The plan should document when ------CORRECT ANSWER---------------it is activated and under what conditions or circumstances this should occur
Operational plans ------CORRECT ANSWER---------------Determine the individual departments or business units involved in the incident response. Before writing an operational plan ------CORRECT ANSWER--------------- make sure you have a tactical plan in outline Example of where you need an operational plan ------CORRECT ANSWER- --------------Where manual workaround procedures are required. Where alternate ICT systems or processing equipment are to be used in place of disrupted ICT systems. Where personnel are unfamiliar with the procedures Validation is achieved through a combination of ------CORRECT ANSWER- --------------three exercises including exercising, maintenance and review An exercise programme should ensure the desired level of capability by ---- --CORRECT ANSWER---------------Rehearsing all plans Verifying all business continuity solutions Verifying all information contained in plans Exercising all relevant personnel (including alternates) The frequency, planning and management of the exercise programme ------ CORRECT ANSWER---------------Is established in the Business Continuity Policy & Programme Five categories of exercise are ------CORRECT ANSWER--------------- Discussion based exercises
A scenario based exercise (usually table top) Simulation exercises - can involve the whole organisation and teams at strategic, tactical or operational levels. Live exercises Tests - a unique type of exercise which generally involves an element of pass or fail Exercise development outcomes include ------CORRECT ANSWER---------- -----The objectives to be achieved The methods required to achieve the objectives Defined resource requirements Proposed timings and training requirements What does the business continuity policy do ------CORRECT ANSWER------ ---------It sets out the purpose, scope and governance of the business continuity programme If an organisation doesnt have any business continuity capacity ------ CORRECT ANSWER---------------Get an interim structure and plan in place The BCP should be what ------CORRECT ANSWER---------------Short, precise and to the point Business Continuity should include ------CORRECT ANSWER--------------- Definition for use. Objectives and scope Roles and responsibilities Legals and standards Identification of interested parties
Business Continuity Programme ------CORRECT ANSWER--------------- Ongoing mgt and governance process appropriately resourced to implement and maintain business continuity mgt. Business continuity mgt. programme documentation ------CORRECT ANSWER---------------Business Continuity policy Business continuity programme of activities Project management documentation Meeting agendas, minutes and action trackers Skills and competancy BIA questionnaires Response structure Plans Exercise programmes Crisis mgt. plans Outsource contracts SLA with customers and suppliers General Principles of Embedding ------CORRECT ANSWER--------------- Ensure business continuity is a central p[art of what the organisation does. Make sure its aligned with the organisational goals and objectives. Health and saftey and data protection are embedded in similar ways Process ------CORRECT ANSWER---------------Engage the key players Use existing communication channels to get the message across. Build a network of champions across the business Methods & Techniques ------CORRECT ANSWER---------------Sector peers having disasters - make it relevant to the persons short term objectives. Learn lessons from peers. Get business continuity onto meeting agendas
Schedule exercises for holidays or quieter times Make sure business continuity is part of supply change mgt. Competancies & Skills - Embedding ------CORRECT ANSWER--------------- Anyone with roles and experience should have the right education, training and experience for their role in the BCMP This includes key personnel in the supply chain and outrsourced service providers. Make sure there are alternates. Competancies & Skills - Incident Response ------CORRECT ANSWER------- --------Could include: First aid, ICT, crisis mgt and leadership, damage mgt. Four types of BIA ------CORRECT ANSWER---------------An initial BIA A product and service BIA A process BIA An activity BIA Business Continuity Requirements are ------CORRECT ANSWER------------- --The timeframes, resources and capabilities necessary to continue to deliver the prioritised products, services, processes and activities following a disruption. Product and services ------CORRECT ANSWER---------------Sometimes referred to as beneficial outcomes by an organisation to its customers, reciepients or interested parties.
MTPD Limit ------CORRECT ANSWER---------------This is reached when the damage levels mean organisational failure is imminent. Factors when calculating MTPD ------CORRECT ANSWER--------------- Financial damage Reputational damage Legal or regulatory breach Failure to meet strategic objectives MTPD is express in terms of ------CORRECT ANSWER---------------Minutes, hours, days and weeks A BIA quantifies ------CORRECT ANSWER---------------The impacts of a disruption on the organisation not the impact on interested third parties The RTO in relation to MTPD should always be ------CORRECT ANSWER- --------------RTO should always be less than MTPD When should a BIA be reviewed ------CORRECT ANSWER---------------At regular pre-agreed intervals (annually) or following significant business change The initial BIA ------CORRECT ANSWER---------------High level analysis that identifies the products, services and processes within the the organisation.
The delivery of what is more important ------CORRECT ANSWER------------- --A timely initial BIA is more important than a detailed piece of work Outcomes from initial BIA ------CORRECT ANSWER---------------List of products and services Impacts over time relating to delivery failure Estimated MTPD Processes and owners that contribute (including externals) A breakdown of internal and external dependencies List of exclusions and reasoning Product and services BIA ------CORRECT ANSWER--------------- Organisation identifies and prioritises its products and services A product and services BIA can be used ------CORRECT ANSWER----------- ----to determine disruption before implementing a significant organisational change Process BIA ------CORRECT ANSWER---------------Generally performed by process driven organisations say in manufacturing. Outcomes of the process BIA are ------CORRECT ANSWER---------------A list of processes that contributes to the delivery of the organisations prioritised products and services. Identification of the interdependencies of the processes. The MTPD, RTO and RPO for each process Identification of any processes that have been ouitsourced and may present an increased risk.
The risk and threat assessment must inform ------CORRECT ANSWER------ ---------the options in the design phase of the business continuity management lifecycle Outcomes of the risk and threat assessment include ------CORRECT ANSWER---------------An awareness of the range of potential threats that could disrupt the organisations activities. A prioritised list of threats based on the risk of disruption. Identification of any unacceptable risks and single points of failure. Identification of potential mitigation measures. The BIA final analysis should be ------CORRECT ANSWER--------------- Correct, accurate and reliable Credible, believable and reasonable Consistent, clear and repeatable Current and up to date Comprehensive BIA final analysis and consolidation should have the following ------ CORRECT ANSWER---------------Confirmation of impacts over time Review and confirm of resource dependencies and requirements Review and confirmation of the inter-dependencies of process and activities and their relation to the delivery of products and service What is the difference between current capability and business continuity requirements ------CORRECT ANSWER---------------A gap where the requirement is not being met thus creating an operational exposure An over investment where the capability is greater than the organisation needs it to be
The shorter the RPO and RTO ------CORRECT ANSWER---------------The more expensive the solution is Design Process ------CORRECT ANSWER---------------Identify and document existing capability Identify solutions to achieve RTO, RPO and MBCO Identifying new solutions to allow the closure of the gap Reviewing the existing continuity solutions to evaluate whether the most appropriate solutions are in place. Well established business continuity solutions include ------CORRECT ANSWER---------------Diversification - Separating activities and resources - possibly location wise Replication - replicating all resources at an alternate site. Post incident acquisition - acquire resources after an incident Do nothing Diversification ------CORRECT ANSWER---------------Seperating activities and resources at two or more locations. - Generally a costly solution and wont protect where both locations are in the same area. Generally used where RTO is measured in minutes. Replication ------CORRECT ANSWER---------------Duplicating resources. The duplicated site is maintained at a high state of readiness. Generally used where RTO is measured in hours or days. Standby ------CORRECT ANSWER---------------Warm site solution where facilities can be brought on line quickly. May involve staff working away from primary location for unknown period of time.
Subcontracting during an incident ------CORRECT ANSWER--------------- May be required to fulfill obligations. May have to use a rival or competitor. General principles of risk ------CORRECT ANSWER---------------Measures should be targeted at unacceptable levels of risk, single points of failure and main threats to prioritised activities. Reducing what is the key to risk mitigation ------CORRECT ANSWER-------- -------Likelihood and impact Suppliers BCP must be ------CORRECT ANSWER---------------Assessed and verified as part of any pre contract assessment and established before signing Make sure that the appropriate people are involved this could include: ------ CORRECT ANSWER---------------Customers, suppliers, regulators, statutory and professional bodies, emergency services For any exercise define the following ------CORRECT ANSWER--------------- Exercise aims and objectives Roles and responsibilities during the exercise Information communication tools and technologies used Action in the event of unforeseen circumstances Post-exercise activities Ways of debreifing after exercise ------CORRECT ANSWER---------------Hot debrief - held immediately Formal debrief - held within one week
Surveys Interviews - should be held within one week Post-exercise report Maintenance is effective when ------CORRECT ANSWER---------------It is embedded within the organisations BAU processes rather than being viewed as a seperate activity. Requirements for maintenance activities can be identified as ------ CORRECT ANSWER---------------Lessons leanred through exercising Changes to the organisations structure, products and services Changes to the environment in which the organisation operates A review or audit A real incident - where lessons can be learned or incorporated Changes or updates in the business continuity management lifecycle Six types of review ------CORRECT ANSWER---------------Audit - formal and impartial Self Assessment - Quality Assurance - Performance appraisal Supplier Performance Management review What are the outcomes of a product and services BIA process ------ CORRECT ANSWER---------------Clarification or modification of the scope of the business continuity programme. A list of the organisations prioritised products and services. Evaluations of impacts over time
Tactical plans should consider what other aspects ------CORRECT ANSWER---------------key suppliers to the organisations supply chain other business partners who are able to support the continuity solution and response activities.
