Risk Identification
Disaster Recovery
Risk Mitigation Strategies
Compliance & Governance
Real-World Scenarios
100

What is the first step in a business continuity risk assessment?

What is identifying potential threats and vulnerabilities?

100

This type of backup is taken at regular intervals and stored offsite.

What is an incremental backup?

100

This strategy involves spreading operations across multiple locations.

What is geographic diversification?

100

This federal law requires financial institutions to have continuity plans.

What is the Gramm-Leach-Bliley Act (GLBA)?

100

A snowstorm shuts down your main office. What’s your first step?

What is activating the business continuity plan?

200

This type of analysis helps determine the impact of disruptions.

What is a Business Impact Analysis (BIA)?

200

The maximum tolerable period a system can be down is called this.

What is Recovery Time Objective (RTO)?

200

Regularly testing your BCP is an example of this type of control.

What is a preventive control?

200

This international standard provides a framework for business continuity.

What is ISO 22301?

200

Your data center floods. What’s the best immediate action?

What is switching to a backup site or cloud environment?

300

Name one internal and one external risk to business continuity.

What are system failure (internal) and natural disasters (external)?

300

This plan outlines how to restore IT systems after a disaster.

What is a Disaster Recovery Plan (DRP)?

300

This strategy involves transferring risk to another party.

What is risk transfer (e.g., insurance)?

300

This agency provides guidelines for continuity in U.S. federal agencies.

What is FEMA (Federal Emergency Management Agency)?

300

A cyberattack locks your systems. What’s the first team to respond?

What is the incident response team?

400

This document lists all critical business functions and their dependencies.

What is a Business Continuity Plan (BCP)?

400

This term refers to the point in time to which data must be restored.

What is Recovery Point Objective (RPO)?

400

This type of analysis helps prioritize which risks to address first.

What is a risk prioritization matrix?

400

This act mandates data protection and breach notification in the EU.

What is the General Data Protection Regulation (GDPR)?

400

A supplier goes bankrupt. What continuity strategy helps here?

What is having alternate suppliers or vendor redundancy?

500

This risk assessment technique evaluates both likelihood and impact.

What is a risk matrix?

500

This type of site is fully equipped and can take over operations immediately.

What is a hot site?

500

This strategy involves accepting a risk when the cost of mitigation is too high.

What is risk acceptance?

500

This document outlines roles, responsibilities, and escalation procedures.

What is a governance framework?

500

A pandemic disrupts global operations. What long-term strategy is key?

What is remote work infrastructure and flexible supply chains?