CompTIA Security Plus Mock Test Q378

Key elements of a business impact analysis should include which of the following tasks?

A. Develop recovery strategies, prioritize recovery, create test plans, post-test evaluation, and update processes.
B. Identify institutional and regulatory reporting requirements, develop response teams and communication trees, and develop press release templates.
C. Employ regular preventive measures such as patch management, change management, antivirus and vulnerability scans, and reports to management.
D. Identify critical assets systems and functions, identify dependencies, determine critical downtime limit, define scenarios by type and scope of impact, and quantify loss potential.

Correct Answer: D
Section: Compliance and Operational Security

Explanation:
The key components of a Business impact analysis (BIA) include:
Identifying Critical Functions
Prioritizing Critical Business Functions
Calculating a Timeframe for Critical Systems Loss
Estimating the Tangible and Intangible Impact on the Organization

Incorrect Answers:
A: Recovery strategy development is not part of the Business impact analysis.
B: Identifying institutional and regulatory reporting requirements are not part of the Business impact analysis.
C: Employing regular preventive measures is not part of the Business impact analysis.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 4, 29-30, 431