nerdexam
ExamsCISSPQuestions#2
(ISC)2(ISC)2

CISSP · Question #2

CISSP Question #2: Real Exam Question with Answer & Explanation

The correct answer is D: When it has been validated by realistic exercises. A Business Continuity Plan (BCP) is only considered valid when it has been tested and validated through realistic exercises that simulate actual disruption scenarios.

Submitted by asante_acc· Mar 5, 2026Governance, Risk, and Compliance

Question

When is a Business Continuity Plan (BCP) considered to be valid?

Options

  • AWhen it has been validated by the Business Continuity (BC) manager
  • BWhen it has been validated by the board of directors
  • CWhen it has been validated by all threat scenarios
  • DWhen it has been validated by realistic exercises

Explanation

A Business Continuity Plan (BCP) is only considered valid when it has been tested and validated through realistic exercises that simulate actual disruption scenarios.

Common mistakes.

  • A. Validation by the BC manager is an administrative approval step, not a functional test of the plan's effectiveness during an actual disruption scenario.
  • B. Board of directors approval provides governance and executive sponsorship, but organizational sign-off does not confirm that the plan will work operationally when invoked.
  • C. Validating against all possible threat scenarios is neither practical nor achievable, as threat landscapes are constantly evolving and exhaustive scenario coverage is impossible.

Concept tested. Business Continuity Plan validation through exercises

Reference. https://www.iso.org/standard/75106.html

Topics

#BCP validation#DRP testing#disaster recovery exercises#business continuity

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CISSP PracticeBrowse All CISSP Questions