nerdexam
(ISC)2

CISSP · Question #1311

All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that

The correct answer is A. determine the risk of a business interruption occurring. A Business Impact Analysis (BIA) focuses on the consequences and effects of a disruption, not on the likelihood of one occurring. Risk probability assessment is a separate function belonging to risk analysis, not the BIA.

Submitted by klara.se· Mar 5, 2026Security and Risk Management

Question

All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that

Options

  • Adetermine the risk of a business interruption occurring
  • Bdetermine the technological dependence of the business processes
  • CIdentify the operational impacts of a business interruption
  • DIdentify the financial impacts of a business interruption

How the community answered

(31 responses)
  • A
    77% (24)
  • B
    13% (4)
  • C
    3% (1)
  • D
    6% (2)

Why each option

A Business Impact Analysis (BIA) focuses on the consequences and effects of a disruption, not on the likelihood of one occurring. Risk probability assessment is a separate function belonging to risk analysis, not the BIA.

Adetermine the risk of a business interruption occurringCorrect

A BIA is specifically designed to analyze the impact and consequences of a business interruption after it occurs, not to determine the probability or risk likelihood of one happening. Assessing the likelihood of a disruption is the function of a Risk Assessment or Risk Analysis process, which is a distinct activity performed separately from the BIA. Including risk probability questions would conflate two separate disciplines within business continuity planning.

Bdetermine the technological dependence of the business processes

Identifying technological dependencies of business processes is a standard BIA component, as it helps determine which IT systems and infrastructure are critical to operations and must be recovered to restore business functions.

CIdentify the operational impacts of a business interruption

Identifying operational impacts - such as loss of productivity, inability to deliver services, or staffing disruptions - is a core purpose of the BIA questionnaire and directly informs recovery priorities.

DIdentify the financial impacts of a business interruption

Quantifying financial impacts, such as lost revenue, contractual penalties, or increased costs resulting from a disruption, is a fundamental objective of the BIA and is used to justify recovery investments and set recovery time objectives.

Concept tested: Business Impact Analysis scope versus risk assessment

Source: https://www.ready.gov/business-impact-analysis

Topics

#Business Impact Analysis (BIA)#risk assessment#business interruption#impact analysis

Community Discussion

No community discussion yet for this question.

Full CISSP Practice