A Contingency Planning (CP) team lead suggests bypassing the…

A Contingency Planning (CP) team lead suggests bypassing the formal Business Impact Analysis (BIA) phase to proceed directly to drafting recovery plans, arguing that “we already intuitively know which systems are critical.” What is the MOST significant risk created by this shortcut?

A vulnerability scanner identifies a critical CVE on a serve…

A vulnerability scanner identifies a critical CVE on a server that was classified as “acceptable risk” by a previous analyst 18 months ago. The current analyst seeks to reclassify it for immediate remediation. According to the “vulnerability assessment and remediation” domain of the Cybersecurity Maintenance Model, which of the following is the most appropriate perspective?

An organization’s primary data center is destroyed by a fire…

An organization’s primary data center is destroyed by a fire. The BC team activates a pre-arranged facility with power, network connectivity, and empty server racks, but no pre-loaded hardware or data. The team must install, configure, and restore all systems from backups before operations can resume. What type of alternate site is this? 

Contingency planning (CP) consists of four primary component…

Contingency planning (CP) consists of four primary components: the Business Impact Analysis (BIA), the Incident Response (IR) plan, the Disaster Recovery (DR) plan, and the Business Continuity (BC) plan. Which of the following statements regarding these components is INCORRECT?