CISSP · Question #245
CISSP Question #245: Real Exam Question with Answer & Explanation
The correct answer is C: Resource priorities for recovery and Maximum Tolerable Downtime (MTD). A Business Impact Analysis (BIA) identifies critical business functions, the resources needed to support them, and the maximum tolerable downtime (MTD) if those functions are disrupted.
Question
The goal of a Business Impact Analysis (BIA) is to determine which of the following?
Options
- ACost effectiveness of business recovery
- BCost effectiveness of installing software security patches
- CResource priorities for recovery and Maximum Tolerable Downtime (MTD)
- DWhich security measures should be implemented
Explanation
A Business Impact Analysis (BIA) identifies critical business functions, the resources needed to support them, and the maximum tolerable downtime (MTD) if those functions are disrupted.
Common mistakes.
- A. Cost effectiveness of business recovery is a consideration during the Business Continuity Plan (BCP) development phase, not the primary output of a BIA, which focuses on impact and recovery metrics rather than cost analysis.
- B. Evaluating the cost effectiveness of software security patches is a vulnerability management or risk management activity, entirely unrelated to the scope of a Business Impact Analysis.
- D. Determining which security measures to implement is the outcome of a risk assessment or risk treatment process, not a BIA, which is specifically concerned with operational impact and recovery priorities.
Concept tested. Business Impact Analysis goals and recovery metrics
Reference. https://csrc.nist.gov/publications/detail/sp/800-34/rev-1/final
Topics
Community Discussion
No community discussion yet for this question.