BANK COMPLETE STUDY GUIDE 2026 | ALL
DOMAINS QUESTIONS & ANSWERS
| GRADED A+ | GUARANTEED SUCCESS
Updated 2026 Questions and Answers
100% Verified Exam Prep and Comprehensive
Rationales Included
,Business Continuity Plan (BCP) The documentation of a predetermined set of instructions or procedures that
describe how an organization's mission/business processes will be sustained
during and after a significant disruption.
Business continuity planning The proactive development of a plan that can be executed to restore business
operations within predetermined times after a disaster or other significant
disruption to the organization.
Business impact analysis (BIA) The process of determining the criticality of business activities and associated
resource requirements to ensure operational resilience and continuity of
operations during and after a business disruption. This quantifies the impacts of
disruptions on service delivery, risks to service delivery, and recovery time
objectives (RTOs) and recovery point objectives (RPOs). These recovery
requirements are then used to develop strategies, solutions, and plans.
Compliance Adherence to a mandate; both the actions demonstrating adherence and the
tools, processes, and documentation that are used in adherence.
Confidentiality The property that data or information is not made available or disclosed to
unauthorized persons or processes.
Data subject The individual who is identified or described by the data.
Disaster recovery In terms of information systems, the activities necessary to restore IT and
communications services to an organization during and after an outage,
disruption, or disturbance of any kind or scale.
Disaster Recovery Plan (DRP) A documented, structured approach that describes how an organization can
quickly resume operations after an unplanned incident. This plan is an essential
part of a Business Continuity Plan (BCP) and is applied to the aspects of an
organization that depend on a functioning IT infrastructure. This plan aims to help
an organization resolve data loss and recover system functionality to perform in
the aftermath of an incident, even if it operates at a minimal level.
Due care The care an ordinarily reasonable and prudent person would use under the same
or similar circumstances.
Due diligence The measures taken to manage, oversee, monitor, and assess the successful
accomplishment and continued applicability of a duty of due care. This requires a
higher standard of research and application of knowledge than due care.
, Governance The process of establishing and maintaining a framework and supporting
management structure and processes to provide assurance that information
security strategies are aligned with and support business objectives, are
consistent with applicable laws and regulations through adherence to policies
and internal controls, and provide assignment of responsibility, all in an effort to
manage risk. Source: NIST SP 800-100.
Governance committee A formal body of personnel who determines how decisions will be made within
the organization and the entity that can approve changes and exceptions to
current relevant governance.
Guidelines Suggested practices and expectations of activity to best accomplish tasks and
attain goals. Statements that are not designed for enforcement, but principles that
can assist in accomplishing objectives.
Integrity A property whereby data has not been altered in an unauthorized manner since it
was created, transmitted, or stored.
Intellectual property (IP) Creations of the mind such as musical, literary, and artistic works; inventions; and
symbols, names, images, and designs used in commerce, including copyrights,
trademarks, patents, and related rights. Holders of one of these abstract
"properties" have certain exclusive rights to their creative work, commercial
symbol, or invention.
Maximum allowable downtime (MAD) Also known as Maximum Tolerable Downtime (MTD), this is the longest period
that a system, application, or process can be unavailable or non-functional
without causing significant harm to an organization. Beyond this period, the
downtime would start to have severe consequences, such as financial losses,
reputational damage, regulatory penalties, or operational disruptions.
Personally identifiable information (PII) Any representation of information that permits the identity of an individual to
whom the information applies to be reasonably inferred by either direct or
indirect means.
Policies Documented standards published and promulgated by senior management
dictating and describing the organization's strategic goals.
Privacy Assurance that the confidentiality of, and access to, certain information about an
entity is protected.