Official (ISC)² SSCP Exam Questions With Complete
Solutions
7. An organization has a security policy in place. What can
personnel within the organization do to ensure it remains
relevant?
A. Perform audits
B. Perform training
C. Review it
D. Test it
C. A security policy should be reviewed on a regular basis (such
as once a year or after a security incident) to ensure that it is still
relevant. Audits help to prove that the security policy is being
used and enforced. Training ensures that people know the
contents of the security policy. It's appropriate to test a BCP or a
DRP, but not a security policy.
8. Which of the following is the most important element of
business continuity planning?
A. Support from senior management
B. Availability of a warm site
C. The backup plan
D. Cost
A. Of the available answers, the most important element is
support from senior management. While an organization might
decide it needs a warm site, not all BCPs require warm sites. A
,security policy may mandate the creation of backup plans, but
this is separate from the BCP. The cost is a concern, but the
requirements drive the cost, and without support from senior
management, business continuity planning may not receive any
funding.
9. What is the purpose of a BIA?
A. To identify recovery plans
B. To drive the creation of the BCP
C. To test recovery plans
D. To identify critical business functions
D. The business impact analysis (BIA) identifies critical
business functions and is a part of the BCP. Personnel create
recovery plans later in the process, after creating recovery
strategies. The BCP drives the creation of the BIA, not the other
way around as suggested by answer B. You can only test the
plans after personnel have created them.
10. Which one of the following is a valid step to perform during
a business impact analysis?
A. Identify alternative locations
B. Create a plan to restore critical operations
C. Identify resources needed by critical business functions
D. Identify minimum outage times for key business services
C. A core goal of a BIA is to identify critical business functions
and the resources needed by these critical business functions.
Identifying alternative locations is part of a business continuity
,plan (BCP). A disaster recovery plan (DRP) is a plan to restore
critical operations. A BIA does identify maximum acceptable
outage times, but not minimum outage times.
11. What is MTO in relation to business continuity planning?
A. Minimum time for an outage
B. Maximum time for an outage
C. Minimum tolerable outage
D. Maximum tolerable outage
D. The maximum tolerable outage (MTO), sometimes called
maximum allowable outage (MAO) or maximum tolerable
downtime (MTD), identifies the maximum amount of time that a
system can be down before critical business functions are
affected. The T does not represent time, and the M does not
represent minimum.
12. Which of the following best describes maximum tolerable
downtime?
A. The maximum amount of downtime before a business loses
viability
B. The point in time in which a failed database should be
restored
C. The maximum amount of time that can be taken to restore a
system or process
D. The minimum amount of time that can be taken to restore a
system or process
, A. The maximum allowable outage (MAO), sometimes called
maximum tolerable downtime (MTD), indicates the maximum
amount of downtime a business can tolerate and still maintain
viability as a business. Recovery point objective (RPO) indicates
the point in time to which a failed database should be restored.
Recovery time objective (RTO) represents the maximum
amount of time that can be taken to restore a system or process
after an outage. MTD is not related to minimum timeframes.
13. What is RPO in relation to business continuity planning?
A. Restoring potential outage
B. Recovery point objective
C. Restoration process option
D. Recovery process options
B. RPO represents recovery point objective and indicates the
point in time to which a failed database should be restored. The
other answers are not valid terms for RPO within business
continuity planning.
14. What is RTO in relation to business continuity planning?
A. Recovery terminal objective
B. Recovery time objective
C. Recovery tolerable outage
D. Recovery tolerable objective
B. RTO is an acronym for recovery time objective and
represents the maximum amount of time that can be taken to
restore a system or process. The RTO is derived from the
Solutions
7. An organization has a security policy in place. What can
personnel within the organization do to ensure it remains
relevant?
A. Perform audits
B. Perform training
C. Review it
D. Test it
C. A security policy should be reviewed on a regular basis (such
as once a year or after a security incident) to ensure that it is still
relevant. Audits help to prove that the security policy is being
used and enforced. Training ensures that people know the
contents of the security policy. It's appropriate to test a BCP or a
DRP, but not a security policy.
8. Which of the following is the most important element of
business continuity planning?
A. Support from senior management
B. Availability of a warm site
C. The backup plan
D. Cost
A. Of the available answers, the most important element is
support from senior management. While an organization might
decide it needs a warm site, not all BCPs require warm sites. A
,security policy may mandate the creation of backup plans, but
this is separate from the BCP. The cost is a concern, but the
requirements drive the cost, and without support from senior
management, business continuity planning may not receive any
funding.
9. What is the purpose of a BIA?
A. To identify recovery plans
B. To drive the creation of the BCP
C. To test recovery plans
D. To identify critical business functions
D. The business impact analysis (BIA) identifies critical
business functions and is a part of the BCP. Personnel create
recovery plans later in the process, after creating recovery
strategies. The BCP drives the creation of the BIA, not the other
way around as suggested by answer B. You can only test the
plans after personnel have created them.
10. Which one of the following is a valid step to perform during
a business impact analysis?
A. Identify alternative locations
B. Create a plan to restore critical operations
C. Identify resources needed by critical business functions
D. Identify minimum outage times for key business services
C. A core goal of a BIA is to identify critical business functions
and the resources needed by these critical business functions.
Identifying alternative locations is part of a business continuity
,plan (BCP). A disaster recovery plan (DRP) is a plan to restore
critical operations. A BIA does identify maximum acceptable
outage times, but not minimum outage times.
11. What is MTO in relation to business continuity planning?
A. Minimum time for an outage
B. Maximum time for an outage
C. Minimum tolerable outage
D. Maximum tolerable outage
D. The maximum tolerable outage (MTO), sometimes called
maximum allowable outage (MAO) or maximum tolerable
downtime (MTD), identifies the maximum amount of time that a
system can be down before critical business functions are
affected. The T does not represent time, and the M does not
represent minimum.
12. Which of the following best describes maximum tolerable
downtime?
A. The maximum amount of downtime before a business loses
viability
B. The point in time in which a failed database should be
restored
C. The maximum amount of time that can be taken to restore a
system or process
D. The minimum amount of time that can be taken to restore a
system or process
, A. The maximum allowable outage (MAO), sometimes called
maximum tolerable downtime (MTD), indicates the maximum
amount of downtime a business can tolerate and still maintain
viability as a business. Recovery point objective (RPO) indicates
the point in time to which a failed database should be restored.
Recovery time objective (RTO) represents the maximum
amount of time that can be taken to restore a system or process
after an outage. MTD is not related to minimum timeframes.
13. What is RPO in relation to business continuity planning?
A. Restoring potential outage
B. Recovery point objective
C. Restoration process option
D. Recovery process options
B. RPO represents recovery point objective and indicates the
point in time to which a failed database should be restored. The
other answers are not valid terms for RPO within business
continuity planning.
14. What is RTO in relation to business continuity planning?
A. Recovery terminal objective
B. Recovery time objective
C. Recovery tolerable outage
D. Recovery tolerable objective
B. RTO is an acronym for recovery time objective and
represents the maximum amount of time that can be taken to
restore a system or process. The RTO is derived from the
