Effective CISSP Questions

As a CISO, you intend to establish a business continuity management system (BCMS) compliant with the ISO 22301 standard. You are considering the scope of the BCMS.  Which of the following least affects your decision of the scope?
A. Business impact analysis
B. Customer’s needs
C. Organizational structure
D. Employee’s attitude

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. Business impact analysis.

Business impact analysis (BIA) is conducted after the scope has been defined.

To determine the scope, we have to conduct an analysis of the context of the organization, or external and internal environment analysis. The purpose of the analysis is to identify stakeholders, issues, and constraints.

The stakeholder analysis is then conducted to determine the needs and requirements. The employee is one of the stakeholders.

The scope is typically determined based on the results of those analyses.

There is a more in-depth justification from Chaudhary:


One thought on “CISSP PRACTICE QUESTIONS – 20191215

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.