
最適な練習法にはGAQM CBCP-002問題集で素晴らしいCBCP-002試験問題PDF
更新された検証済みの合格させるCBCP-002試験リアル問題と解答
質問 # 20
Which of the following can threats be considered? (Choose three)
- A. Operational failure
- B. Fire
- C. Technology failure
- D. Supply chain failure
- E. Water
正解:B、C、E
解説:
Explanation
Threats can be considered any events or situations that can cause harm or disruption to an organization's functions or processes. Threats can be natural, human-made, or technological in origin. Some examples of threats are water (such as floods, leaks, or spills), technology failure (such as system crashes, cyberattacks, or power outages), and fire (such as arson, accidents, or explosions). Verified References:
https://www.iso.org/publication/PUB100442.htmlhttps://phoenixnap.com/blog/what-is-business-continuity-mana
質問 # 21
Which system in place enables you to balance risk and entrepreneurial energy with appropriate internal control procedures to manage that risk?
- A. Quality Management System
- B. Auditing Report
- C. Banking System
- D. Corporate Governance
正解:D
解説:
Explanation
Corporate governance is the system of rules, practices, and processes by which an organization is directed and controlled. It involves balancing the interests of various stakeholders, such as shareholders, management, customers, suppliers, regulators, and the community. It also enables an organization to balance risk and entrepreneurial energy with appropriate internal control procedures to manage that risk. Effective corporate governance can enhance performance, accountability, transparency, and trust. Verified References:
https://www.investopedia.com/terms/c/corporategovernance.asphttps://www.thebci.org/training-qualifications/go
質問 # 22
Which of the following should NOT be released in a publicly released BCP?
- A. All of the above
- B. BIA results
- C. Contact lists
- D. Process flows
正解:A
解説:
Explanation
A publicly released BCP is a version of a business continuity plan that is intended for external audiences, such as customers, suppliers, partners, regulators, media, or the public. It should not contain sensitive or confidential information that may compromise the security or privacy of theorganization or its stakeholders.
Therefore, it should not include process flows that detail how each function or process is performed; contact lists that reveal personal or organizational information; BIA results that show criticality ratings or recovery time objectives; or any other information that may expose vulnerabilities or risks. Verified References:
https://www.ready.gov/business-continuity-planhttps://drii.org/resources/professionalpractices/EN
質問 # 23
Which statement is authorized at an appropriate level and should codify the company's attitude to a particular risk?
- A. Process Document
- B. QMS Document
- C. Privacy Statement
- D. Policy Statement
正解:D
解説:
Explanation
A policy statement is a statement that is authorized at an appropriate level and should codify the company's attitude to a particular risk. A policy statement is a document that defines the scope, objectives, principles, roles, and responsibilities of a business continuity management program. It should also express the organization's commitment to managing risks and ensuring continuity of its critical functions and processes. A policy statement should be approved by senior management and communicated to all relevant stakeholders.
Verified References:
https://www.iso.org/publication/PUB100442.htmlhttps://phoenixnap.com/blog/what-is-business-continuity-mana
質問 # 24
Risk ownership must be clearly set out, documented and agreed with the individual owners at all levels of the operational risk management process.
- A. True
- B. False
正解:A
解説:
Explanation
Risk ownership must be clearly set out, documented and agreed with the individual owners at all levels of the operational risk management process. This is true because risk ownership is oneof the key principles of business continuity management. Risk ownership means that each risk has a designated person who is responsible and accountable for its identification, assessment, treatment, monitoring, and reporting. Risk owners should have the authority and resources to manage their risks effectively and efficiently. Verified References:
https://www.iso.org/publication/PUB100442.htmlhttps://www.thebci.org/training-qualifications/good-practice-g
質問 # 25
A formal "disaster" can only be declared by the firm owners or by the IT Department Manager.
- A. False
- B. True
正解:A
解説:
Explanation
A formal "disaster" can only be declared by the firm owners or by the IT Department Manager. This is false because a formal "disaster" can be declared by any authorized person who has the responsibility and authority to activate the business continuity and disaster recovery plan. The authorized person may vary depending on the type, scope, and severity of the disaster, but it should be clearly defined in the plan who can declare a disaster and under what circumstances. The authorized person should also communicate the declaration of a disaster to all relevant stakeholders, such as employees, customers, suppliers, partners, regulators, media, or the public. Verified References:
https://www.ready.gov/business-continuity-planhttps://www.csoonline.com/article/515730/business-continuity-a
質問 # 26
Damage assessment includes all but which of the following steps?
- A. Estimate the time it will take to restore critical business functions.
- B. Having the insurance company declare the total extent of the damages.
- C. Evaluating the time to restore operations and if greater than the MTD, a disaster should be declared and BCP enacted
- D. Identifying the affected business functions.
正解:B
解説:
Explanation
Damage assessment is the process of evaluating the extent and severity of the damage caused by a disruption to an organization's facilities, equipment, systems, data, records, or personnel. It includes identifying the affected business functions and processes, estimating the time it will take to restore them to normal or acceptable levels of operation, and evaluating whether the recovery time exceeds the maximum tolerable downtime (MTD) for each function or process. If so, a disaster should be declared and the business continuity plan should be activated. Having the insurance company declare the total extent of the damages is not part of the damage assessment process, as it may take longer than the MTD and may not reflect the operational impact of the damage. Verified References:
https://www.fema.gov/pdf/emergency/nims/Damage_Assessment.pdfhttps://drii.org/resources/professionalpracti
質問 # 27
Individual accountability for the management of the risk should be clearly established.
- A. True
- B. False
正解:A
解説:
Explanation
Individual accountability for the management of the risk should be clearly established. This is true because accountability is one of the key principles of business continuity management. Accountability means that each person involved in the business continuity management program has a clear understanding of their roles and responsibilities, as well as the authorityand resources to perform them. Accountability also means that each person is held responsible for their actions and outcomes, and that they report on their performance and progress regularly. Verified References:
https://www.iso.org/publication/PUB100442.htmlhttps://phoenixnap.com/blog/what-is-business-continuity-mana
質問 # 28
Which of the following exercises involve all teams?
- A. Full-scale exercise
- B. Plan walkthrough
- C. Multi-team simulation
- D. Facilitated discussion
正解:A
解説:
Explanation
A full-scale exercise is a type of exercise that involves all teams. A full-scale exercise is a high-pressure exercise that simulates a realistic scenario of a disruption that affects all or most of the organization's functions and processes. A full-scale exercise tests the effectiveness and efficiency of the plans, procedures, systems, teams, and resources that are required to respond to and recover from a disruption. A full-scale exercise also evaluates the coordination and communication among all the teams and stakeholders involved.
Verified References:
https://www.ready.gov/business-continuity-planhttps://www.csoonline.com/article/515730/business-continuity-a
質問 # 29
When should the Business Continuity Planning be reviewed?
- A. Whenever encountering a disaster
- B. Whenever the company gets audited
- C. At least annually or whenever significant changes occur
- D. Whenever the legal department declares it is time
正解:C
解説:
Explanation
Business continuity planning is not a one-time activity, but a dynamic and ongoing process that needs to be reviewed and updated regularly to reflect changes in the internal and external environment. The frequency of review may vary depending on the nature and size of the organization, but it is generally recommended to conduct a review at least annually or whenever significant changes occur that may affect the continuity of the organization's functions and processes. Such changes may include organizational restructuring, new products or services, new technologies, new regulations, new threats or vulnerabilities, or lessons learned from incidents or exercises. Verified References:
https://www.ready.gov/business-continuity-planhttps://drii.org/resources/professionalpractices/EN
質問 # 30
Which certification centre provides the physical infrastructure?
- A. Facility
- B. Service
正解:A
解説:
Explanation
A facility certification center is a center that provides the physical infrastructure for testing and certifying the functionality and performance of products, systems, or services. A facility certification center may have specialized equipment, tools, environments, or standards that can simulate real-world conditions or scenarios.
A facility certification center may also have qualified staff, experts, or auditors who can conduct the testing and certification process. Verified References:
https://www.iso.org/publication/PUB100442.htmlhttps://www.cisco.com/c/en/us/solutions/hybrid-work/what-is-
質問 # 31
BIA stands for
- A. Business Importance and Availability
- B. Business Information Availability
- C. Business Improvement Activities
- D. Business Impact Analysis
正解:D
解説:
Explanation
Business impact analysis (BIA) is the process of identifying and prioritizing the organization's functions and processes based on their importance to the organization's objectives, and assessing the potential impacts of a disruption to those functions and processes over time. The BIA helps to determine the recovery time objectives (RTOs), recovery point objectives (RPOs), and resource requirements for each function and process, as well as the interdependencies and dependencies among them. The BIA provides the basis for developing recovery strategies and plans. Verified References:
https://www.ready.gov/business-impact-analysishttps://drii.org/resources/professionalpractices/EN
質問 # 32
Which type of continuity planning will enhance the functioning relationship with the organization's key suppliers, creating stronger assurances of continuous supply of information, material product and services?
- A. Unilateral
- B. Bilateral
- C. Multilateral
正解:B
解説:
Explanation
Bilateral continuity planning is the type of continuity planning that will enhance the functioning relationship with the organization's key suppliers, creating stronger assurances of continuous supply of information, material product and services. Bilateral continuity planning is the process of developing and maintaining mutual agreements and arrangements between an organization and its key suppliers to ensure the continuity of their respective functions and processes in the event of a disruption. Bilateral continuity planning can help to reduce risks, costs, and dependencies, as well as to improve communication, coordination, and collaboration.
Verified References:
https://www.iso.org/publication/PUB100442.htmlhttps://phoenixnap.com/blog/what-is-business-continuity-mana
質問 # 33
A disaster can also be declared for an illness pandemic where a significant portion of employees are sick.
- A. True
- B. False
正解:A
解説:
Explanation
A disaster can also be declared for an illness pandemic where a significant portion of employees are sick. This is true because an illness pandemic is a type of natural disaster that can affect an organization's ability to continue its normal operations. An illness pandemic can cause absenteeism, reduced productivity, increased costs, supply chain disruptions, customer dissatisfaction, or regulatory compliance issues. Therefore, an organization may need to declare a disaster and activate its business continuity and disaster recovery plan if an illness pandemic impacts its critical functions and processes beyond an acceptable level. Verified References:
https://www.ready.gov/business-continuity-planhttps://www.csoonline.com/article/515730/business-continuity-a
質問 # 34
Which of the following are the four T's of risk guidance produced by by the Office of Government Commerce? (choose four)
- A. Title
- B. Treat
- C. Tolerate
- D. Transfer
- E. Technique
- F. Terminate
正解:B、C、D、F
解説:
Explanation
The four T's of risk guidance produced by the Office of Government Commerce are transfer, tolerate, treat, and terminate. They are:
Transfer: This strategy involves transferring or sharing some or all of the responsibility or impact of a risk to another party, such as an insurer, a supplier, or a partner.
Tolerate: This strategy involves accepting or retaining a risk without taking any further action to reduce it, either because the risk level is acceptable or because the cost or effort of reducing it is not justified.
Treat: This strategy involves taking steps to reduce the likelihood or impact of a risk to an acceptable level, such as implementing controls, mitigations, or contingency plans.
Terminate: This strategy involves eliminating or avoiding a risk by discontinuing or changing the activity that causes it. Verified References: https://www.investopedia.com/terms/t/the-four-ts.asp
https://www.thebci.org/training-qualifications/good-practice-guidelines.html
質問 # 35
A consultant is a person who borrows your watch to tell you the time, charges you for doingso and then sells you back your watch.
- A. False
- B. True
正解:A
解説:
Explanation
A consultant is a person who borrows your watch to tell you the time, charges you for doing so and then sells you back your watch. This is false because it is a cynical and unfair description of a consultant's role and value. A consultant is a person who provides professional or expert advice in a specific field or domain. A consultant can help an organization to identify problems, analyze situations, develop solutions, implement changes, improve performance, or achieve goals. A consultant can also provide knowledge, skills, tools, or resources that the organization may not have or need temporarily. Verified References:
https://www.investopedia.com/terms/c/consultant.asphttps://phoenixnap.com/blog/what-is-business-continuity-m
質問 # 36
......
更新されたPDF(2023年最新)実際にあるGAQM CBCP-002試験問題:https://jp.fast2test.com/CBCP-002-premium-file.html