CompTIA Security Plus Mock Test Q1560

Which of the following best describes the objectives of succession planning?

A. To identify and document the successive order in which critical systems should be reinstated following a disaster situation
B. To ensure that a personnel management plan is in place to ensure continued operation of critical processes during an incident
C. To determine the appropriate order in which contract internal resources, third party suppliers and external customers during a disaster response
D. To document the order that systems should be reinstated at the primary site following a failover operation at a backup site.

Correct Answer: A
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1139

Which of the following is considered a risk management BEST practice of succession planning?

A. Reducing risk of critical information being known to an individual person who may leave the organization
B. Implementing company-wide disaster recovery and business continuity plans
C. Providing career advancement opportunities to junior staff which reduces the possibility of insider threats
D. Considering departmental risk management practices in place of company-wide practices


Correct Answer: B
Section: Mixed Questions

CompTIA Security Plus Mock Test Q401

Establishing a published chart of roles, responsibilities, and chain of command to be used during a disaster is an example of which of the following?

A. Fault tolerance
B. Succession planning
C. Business continuity testing
D. Recovery point objectives


Correct Answer: B
Section: Compliance and Operational Security

Explanation:
Succession planning outlines those internal to the organization that has the ability to step into positions when they open. By identifying key roles that cannot be left unfilled and associating internal employees who can step into these roles, you can groom those employees to make sure that they are up to speed when it comes time for them to fill those positions.
Incorrect Answers:
A: Fault tolerance refers to the ability of a system to sustain operations in the event of a component failure.
C: Business Continuity testing is mainly concerned with the processes, policies, and methods that an organization uses to minimize the impact any type of failure would have and to make sure that the business continues.
D: Recovery point objectives define the point at which the system needs to be restored and usually matches the status quo prior to failure.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 33, 454

CompTIA Security Plus Mock Test Q400

Pete, the Chief Executive Officer (CEO) of a company, has increased his travel plans for the next two years to improve business relations. Which of the following would need to be in place in case something happens to Pete?

A. Succession planning
B. Disaster recovery
C. Separation of duty
D. Removing single loss expectancy

Correct Answer: A
Section: Compliance and Operational Security

Explanation:
Succession planning outlines those internal to the organization who have the ability to step into positions when they open. By identifying key roles that cannot be left unfilled and associating internal employees who can step into these roles, you can groom those employees to make sure that they are up to speed when it comes time for them to fill those positions.

Incorrect Answers:
B: Disaster recovery refers to the actions taken after an event resulting in a loss/disaster occurred.
C: Separation of duties are used to reduce the risk of fraud and to prevent other types of losses. It is also designed to prevent accidents from occurring; e.g. someone other than the
user responsible for writing code to check and run tests on the code.
D: Single loss expectance refers to asset value times the exposure factor and is used to calculate risk.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 23, 454

CompTIA Security Plus Mock Test Q399

Which of the following concepts is BEST described as developing a new chain of command in the event of a contingency?

A. Business continuity planning
B. Continuity of operations
C. Business impact analysis
D. Succession planning

Correct Answer: D
Section: Compliance and Operational Security

Explanation:
Succession planning outlines those internal to the organization who have the ability to step into positions when they open. By identifying key roles that cannot be left unfilled and associating internal employees who can step into these roles, you can groom those employees to make sure that they are up to speed when it comes time for them to fill those positions.

Incorrect Answers:
A: Business continuity planning is the process of implementing policies, controls, and procedures to counteract the effects of losses, outages, or failures of critical business processes.
B: Continuity of operations refers to risk management best practices rather than developing a new chain of command as a contingency plan.
C: A business impact analysis is more concerned with evaluating the processes in the organization
as it bears on business continuity.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 454