CISSP PRACTICE QUESTIONS – 20210607

Effective CISSP Questions

Your company manufactures sports shoes for a worldwide big label and initiates a business continuity program to support the continuous delivery of products and services. Which of the following should be done first? (Wentz QOTD)
A. Identify critical activities and their maximum tolerable downtime
B. Identify, analyze, and evaluate risk relevant to business continuity
C. Determine the list of products and services to be protected from disruption
D. Define RTO and RPO for critical IT services subject to business requirements

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Determine the list of products and services to be protected from disruption.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams, and an informative reference for security professionals.

The following demonstrates a general business continuity planning process:

  1. Define the scope of the business continuity program
    – Determine the list of products and services to be protected from disruption
  2. Conduct business impact analysis (BIA)
    – Identify critical activities and their maximum tolerable downtime (MTD)
    – Define RTO and RPO for critical IT services subject to business requirements
  3. Conduct risk assessment (this can be done before BIA and conducted iteratively)
    – Identify, analyze, and evaluate risk relevant to business continuity
Business Continuity Policy
Business Continuity Policy
ISO Generic Management Model
ISO Generic Management Model
Business Impact Analysis (NIST)
Business Impact Analysis (NIST)
ISO 31000
ISO 31000

Reference

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

您的公司為全球大品牌生產運動鞋,並啟動業務持續計畫(business continuity program)以支持產品和服務的持續交付。 以下哪項應該先做?(Wentz QOTD)
A. 找出關鍵活動及其最大可容忍停機時間
B. 識別、分析和評估與業務連續性相關的風險
C. 確定要受保護以防止中斷的產品和服務列表
D. 根據業務需求為關鍵 IT 服務定義 RTO 和 RPO

Leave a Reply