Back to Security Policies and Procedures

Business Continuity and Disaster Recovery

5 minutes 5 Questions

Business continuity (BC) and disaster recovery (DR) are essential aspects of security policies and procedures focused on ensuring the continuous operation of critical systems and the timely recovery after disruptive events. The primary objective is to minimize the impact of incidents, maintain system availability, and protect crucial data. BC involves planning for and maintaining normal business operations in the face of a disruptive event, while DR focuses on the recovery aspects of IT infrastructure and vital systems. Both aim to minimize downtime and data loss by employing tools, practices, and strategies such as data backups, redundancies, testing, and documentation.

Guide for Business Continuity and Disaster Recovery

The concept of Business Continuity and Disaster Recovery (BCDR) pertains to the measures put into place to ensure that business operations can continue in the face of unforeseen disasters.

Why it is important?
BCDR ensures that businesses are prepared for crises, which in turn minimizes downtime, data loss and service disruption. It also supports the ability to keep functioning even in the event of a major incident, ensuring business longevity and maintaining customer trust.

What is it?
BCDR is a combination of two concepts. Business Continuity involves setting up a system of prevention and recovery to deal with potential threats to a company. Disaster Recovery is a specific subset of Business Continuity that primarily focuses on restoring IT infrastructure and systems back to normal after a disaster.

How it works?
BCDR typically involves a set of guidelines and procedures to follow in order to recover from emergencies, disasters, threats, and other unexpected adverse circumstances. It begins with risk assessment, to identify potential threats. The next step is business impact analysis, to identify crucial functions and systems. Finally, plans are created, tested and revised regularly.

Exam Tips: Answering Questions on Business Continuity and Disaster Recovery
Understand the key differences between Business Continuity and Disaster Recovery, as these terms can sometimes appear interchangeably in exam questions but their meanings are distinct.
Remember that understanding the different stages of a BCDR plan (Risk Assessment, Business Impact Analysis, Plan Creation, Testing and Revision) is crucial to answering exam questions.
Real-life scenarios are often used in exam questions and having a firm grip on how BCDR applies in different situations can set you up for success.
Finally, beware of questions that test your understanding of the importance of regular testing and revision of BCDR plans. The dynamic nature of business and technology means that plans must be periodically reassessed and updated.

Test mode:
Start practice test
CompTIA Security+ - Security Policies and Procedures Example Questions

Test your knowledge of Amazon Simple Storage Service (S3)

Question 1

A company's main facility has been affected by a fire, causing significant damage to critical infrastructure. To maintain business continuity, which of these solutions should the company enact as part of their disaster recovery plan?

Correct Answer: Activate an alternate worksite

Activating an alternate worksite allows the company to continue business operations using predefined backup infrastructure and processes at a different location. Other suggestions, such as purchasing equipment or hiring specialists, may be part of recovery efforts but do not directly contribute to maintaining business continuity during the disaster.

Question 2

A bank experiences a ransomware attack, resulting in encrypted systems and sensitive information compromised. What should the bank do as its next business continuity planning step?

Correct Answer: Activate the incident response plan

Activating the incident response plan ensures a structured methodology is followed to address the attack. The other options can lead to additional issues or fails to properly address the situation.

Question 3

Which of the following best ensures business operations continue after an earthquake by providing a fully functional environment in a geographically distinct location?

Correct Answer: Relocating to an alternative facility

Relocating to an alternative facility that is geographically distant from the earthquake-affected area is the most effective strategy to ensure business operations continue after an earthquake. This approach provides a separate, operational location where essential functions can resume, minimizing downtime and potential data loss. While cloud-based services offer some advantages, they may still be affected if the organization's primary access points are compromised. Other options like reinforced server racks or special venting systems may mitigate some earthquake damage, but they do not guarantee operational continuity if the primary facility becomes inaccessible or severely damaged.

image/svg+xml
Go Premium

CompTIA Security+ Preparation Package (2024)

  • 1087 Superior-grade CompTIA Security+ practice questions.
  • Accelerated Mastery: Deep dive into critical topics to fast-track your mastery.
  • Unlock Effortless CompTIA Security+ preparation: 5 full exams.
  • 100% Satisfaction Guaranteed: Full refund with no questions if unsatisfied.
  • Bonus: If you upgrade now you get upgraded access to all courses
  • Risk-Free Decision: Start with a 7-day free trial - get premium features at no cost!
More Business Continuity and Disaster Recovery questions
23 questions (total)
Start 23 question test