Deck 1: Certified Business Continuity Professional

A)Save electronic backup copies of all documents
B)Keep multiple copies of the documents in different areas of the building
C)Set up a fire-proof safe in the building to store the documents
D)Set up an off-site storage to store the documents

A)Readiness
B)Prevention
C)Response
D)Recovery and Resumption

A)It is the process of responding when a crisis happens
B)It is the process of bringing the organization out of the crisis and returning it to normal operations
C)It is the process of cleaning up after a crisis has occurred
D)It is the process of identifying the root cause for the crisis and preventing it from reoccurring

A)Physical damage to the facility
B)Financial cost of all damages
C)Potential long term reputation damages
D)None of the above

A)That work proceed as quickly as possible
B)That business proceed as normal regardless of the cost
C)That each Crisis Team member is contacted prior to work beginning
D)That all decisions are document with justification

A)When the business is no longer under continued threat from the crisis
B)When the business has a plan to implement to recover from the crisis
C)When the business is able to function with its core processes up and running
D)When the business is able to operate as it was pre-crisis

A)Holding a press conference
B)Sending communication to employees
C)Documenting the decision
D)None of the above

A)Continue to try to achieve pre-crisis normal state regardless of the cost
B)Declare the organization failed and file for bankruptcy
C)Declare a "new normal" state for the organization to operate in
D)Continue to react in crisis mode indefinitely

A)It should be reviewed on a yearly basis
B)It should be a living document that is constantly updated and renewed
C)Once created, the BCP does not need additional reviews
D)A new BCP needs to be created each time something in the organization changes

A)Only Crisis Team members should be trained
B)Only Business Continuity team members should be trained
C)Only those who play a part in the Business Continuity Plan implementation should be trained
D)Every employee should be trained

A)Monthly
B)Annually
C)Every two years
D)Only when a significant change occurs

A)Joe's people must be in the office performing the process 24 hours after a disaster or disruption.
B)Joe has 24 hours to decide what to do in event of an emergency.
C)No more than 24 hours of data can be lost.
D)All data related to the process must be recovered within 24 hours.
E)Joe's process must be restored after 24 hours.

A)As soon as possible
B)During the next regularly scheduled training session
C)Official training is not needed

A)The Business Continuity Plan itself
B)Checklists of critical actions for the teams
C)Explanation of responsibilities
D)None of the above

A)Because it is a regulatory mandate
B)Because it will improve the effectiveness of the BCP implementation during a crisis
C)Because senior management requires it
D)Testing is not a key component to BCP success

A)Assigning responsibility for the testing
B)Schedule testing date and time
C)Establishing test goals and expectations
D)Define the scope of the test

A)Test the entire BCP immediately to determine outages and then focus on those outages with subsequent tests
B)Pick the most likely aspects of the BCP to fail and test those first
C)Begin the testing with small, simple tests and then based on the results of those tests, increase scope accordingly
D)Testing should be randomized to provide accurate results

A)No test monitoring is needed
B)Participant feedback at the end of the test
C)Official observers notes about the test
D)Video or audio recording equipment

A)Risk Assessment
B)Damage and Impact Assessment
C)Business Impact Analysis
D)Mitigation Plan

A)Functional
B)Tabletop
C)Orientation
D)Full Scale

A)Orientation
B)Full Scale
C)Functional
D)Tabletop

A)Full Scale
B)Orientation
C)Functional
D)Tabletop

A)Orientation
B)Tabletop
C)Functional
D)Full Scale

A)Orientation
B)Functional
C)Tabletop
D)Full Scale

A)Facilitator
B)Controller
C)Simulator
D)Observer

A)Facilitator
B)Controller
C)Simulator
D)Observer

A)Participant
B)Controller
C)Simulator
D)Observer

A)Facilitator
B)Controller
C)Simulator
D)Observer

A)Readiness
B)Prevention
C)Response
D)Evaluation and Maintenance

A)All tests should be previously scheduled with the participants so that they can clear their schedules
B)Depending on the nature of the test, it might make sense to create a surprise test
C)All tests should be surprise tests - this will best simulate a real crisis
D)It does not matter whether the test is a surprise or planned since the results will be the same either way

A)Public companies
B)Private companies
C)Large companies
D)Small companies

A)The BCP should be created and implemented regardless of the costs
B)The BCP should have a budget which is approved by senior management
C)Individual items in the BCP should be financially justified
D)A BCP should be written so that it takes no money to execute

A)volunteer for
B)be assigned to

A)A work location that is rarely used
B)A work location to supplement the primary work location when it is full or occupied
C)A work location which can be used when the primary work location is not available
D)A work location which is located in a different state or country than the primary work location

A)Business Intent Analysis
B)Business Impact Analysis
C)Business Instruction Arguments
D)Beneficial Impact Actions

A)All team members and key players
B)All employees
C)Senior management
D)All external vendors

A)A hurricane hits a manufacturing facility
B)A bomb threat is made to a facility next to your company
C)An employee who has worked with the company for six months threatens to quit
D)The company CEO is accused of illegal activities

A)A business function that is so critical, it cannot be disrupted for more than a couple hours without severe business impacts
B)A business function or process that cannot be disabled for more than a couple business days, without it having a negative impact on the organization
C)A function or role within the organization which is irreplaceable
D)A function that is managed by the Crisis Management Team

A)Any record that contains confidential, secure company information
B)Any record that contains personal information
C)Any record that would cause considerable inconvenience if lost or destroyed
D)Any record that would be expensive to replace

A)Risk assessment
B)Damage assessment
C)Disaster recovery
D)Mitigation planning

A)Risk Assessment
B)Recovery
C)Prevention
D)Mitigation

A)Recovery
B)Readiness
C)Prevention
D)Evaluation

A)A risk that is not that important
B)Residual risk
C)Force majeure
D)Risk that is highly unlikely to occur
E)Risk caused by another risk response strategy

A)Recovery
B)Resumption
C)Readiness
D)Evaluation

A)Insurance
B)Hot site
C)Cold site.
D)Warranty

A)Terrorist event like 9/11
B)Swine flu pandemic
C)Category 5 Hurricane
D)Death of all board members
E)None of the above

A)Primary location
B)Offsite storage
C)Alternative worksite
D)Shelter in place

A)Simulation
B)Full scale
C)Tabletop
D)Orientation

A)Answer the media's questions
B)Ignore the media's phone calls
C)Tell the media that he can't discuss the crisis
D)Refer the media to the company spokesperson for the crisis

A)Mitigate
B)Recover
C)Eliminate
D)Ameliorate

A)Foreseeable
B)Internal
C)Technical
D)External
E)Redoubtable

A)Root cause analysis
B)Interviewing
C)Delphi technique
D)Brainstorming

A)80% of the effects come from 20% of the causes
B)Work expands so as to fill the time available for its completion.
C)Anything that can go wrong will go wrong.
D)Never attribute to malice that which can be adequately explained by stupidity.

A)Controller
B)Observer
C)Trainer
D)Simulator
E)Facilitator

A)BCP testing results
B)New systems implementation
C)Company reorganization
D)New regulatory requirements
E)All of the above

A)Prepare and Present the BIA Report to Management
B)Identify and Review Enterprise Business Continuity Strategy Requirements
C)Identify and Review Existing Enterprise Response Procedures
D)Identify the Process to Support the Plan
E)Design Framework for Plan Development

A)Personnel
B)Raw materials
C)Telecom
D)Timeframes
E)All of the above

A)Plan and Coordinate Data Gathering and Analysis
B)Obtain Information about the Organization's Risk Tolerance from Management
C)Oversee the Ongoing Effectiveness of the Program
D)Identify Functional Awareness and Training Requirements
E)Identify and Review Enterprise Business Continuity Strategy Requirements

A)When developing the actual business continuity plan
B)Prior to developing a business continuity program budget
C)During the business impact analysis
D)During the periodic review of the business continuity plan
E)When performing the risk assessment

A)Utilize distributed processing
B)Eliminate any affected product(s)
C)Declare bankruptcy
D)Dump inventory into ocean

A)During the business impact analysis
B)When recommending business continuity strategies
C)During program initiation
D)As part of the risk assessment
E)When designing the framework for the BCP development

A)Workshops
B)Interviews
C)Questionnaires
D)All of the above
E)None of the above

A)Identify the process to support the plan
B)Coordinate emergency management with external agencies
C)Coordinate and manage the implementation of the overall program
D)Prepare and present the BIA report to management
E)Establish a business continuity audit process

A)Functional
B)Full-Scale
C)Tabletop
D)Orientation
E)Procedural

A)Local asset protection
B)Controlled asset protection
C)Shelter-in-place
D)Normalized asset preservation
E)Shelter nearby

A)Assign accountability
B)Resource management
C)Crisis management and response team development
D)Assess the situation
E)Agree on strategic plans

A)Replacement costs
B)The business impact analysis
C)Interdependencies between business and technology processes
D)Alternative business continuity strategies
E)None of the above

A)a cognitive bias whereby people refuse to act normal in public during a crisis
B)a cognitive bias against normal or average people when facing a crisis
C)a cognitive bias that makes people refuse to plan for a crisis that has never happened
D)a cognitive bias that makes people refuse to plan for a crisis that has happened