DRII CBCP LATEST 2026 EXAM QUESTIONS AND
SOLUTIONS RATED A+
To identify which business processes and assets require the highest level of protection,
establishing priorities, and a time line - ✔✔16.Which answer describes the purpose of a
business impact analysis?
A. To calculate the probability of disruptions to the organization
B. To evaluate the effectiveness of existing controls and safeguards
C. To identify which business processes and assets require the highest level of
protection, establishing priorities,
and a time line
D. To develop preparations and procedures for responding to a disaster
✔✔B.
Loss of employee morale - ✔✔17.Which of the following is an example of a qualitative
impact?
A. Loss of sales
B. Loss of employee morale
C. Loss of revenue due to penalties
D. Extra expense
✔✔C.
Loss of sales - ✔✔18.Which of the following is an example of a quantitative impact?
A. Lower level of customer service
B. A disruption of quality assurance
C. Loss of sales
D. Reduced financial credibility
✔✔D.
Identifies threats from sabotage and/or terrorism and how to eliminate those threats
using cost-effective controls. - ✔✔19.Which of the following is NOT a result of
conducting a BIA?
A. Identifies all essential business functions and operations and their critical
dependencies.
B. Determines when the exposures and impacts begin and how they escalate over time.
C. Identifies the technology and workspace needs as well as potential unbudgeted
expenses.
, D. Identifies threats from sabotage and/or terrorism and how to eliminate those threats
using cost-effective controls.
✔✔B.
Provides the facts upon which to develop strategies - ✔✔20.What is primary purpose of
conducting a Risk Evaluation and BIA?
A. Establishes the organizational structure
B. Provides the facts upon which to develop strategies
C. Decreases the chances of problems occurring during an emergency event
D. Ensures employee safety
✔✔A.
Protects viability of the organization by positioning it to respond quickly and
appropriately in an emergency event - ✔✔21.What is the purpose of developing
recovery strategies?
A. Protects viability of the organization by positioning it to respond quickly and
appropriately in an emergency event
B. Sufficiently exercises documented procedures
C. Positions organization to have zero downtime following an emergency event
D. Ensures procedures for verifying critical recovery resources are implemented and
functioning properly
✔✔A.
Duplicate site/distributed workload - ✔✔22.Which of the following would be considered
an internal recovery strategy?
A. Duplicate site/distributed workload
B. Vendor hot site
C. Commercial recovery center
D. Supplier service level agreements
✔✔D.
Fully operational facility - ✔✔23.Which of the following best describes a "Hot Site"?
A. Environmental infrastructure for technology operations
B. Agreement with a similar industry to provide recovery capabilities
C. Provides business services
D. Fully operational facility
SOLUTIONS RATED A+
To identify which business processes and assets require the highest level of protection,
establishing priorities, and a time line - ✔✔16.Which answer describes the purpose of a
business impact analysis?
A. To calculate the probability of disruptions to the organization
B. To evaluate the effectiveness of existing controls and safeguards
C. To identify which business processes and assets require the highest level of
protection, establishing priorities,
and a time line
D. To develop preparations and procedures for responding to a disaster
✔✔B.
Loss of employee morale - ✔✔17.Which of the following is an example of a qualitative
impact?
A. Loss of sales
B. Loss of employee morale
C. Loss of revenue due to penalties
D. Extra expense
✔✔C.
Loss of sales - ✔✔18.Which of the following is an example of a quantitative impact?
A. Lower level of customer service
B. A disruption of quality assurance
C. Loss of sales
D. Reduced financial credibility
✔✔D.
Identifies threats from sabotage and/or terrorism and how to eliminate those threats
using cost-effective controls. - ✔✔19.Which of the following is NOT a result of
conducting a BIA?
A. Identifies all essential business functions and operations and their critical
dependencies.
B. Determines when the exposures and impacts begin and how they escalate over time.
C. Identifies the technology and workspace needs as well as potential unbudgeted
expenses.
, D. Identifies threats from sabotage and/or terrorism and how to eliminate those threats
using cost-effective controls.
✔✔B.
Provides the facts upon which to develop strategies - ✔✔20.What is primary purpose of
conducting a Risk Evaluation and BIA?
A. Establishes the organizational structure
B. Provides the facts upon which to develop strategies
C. Decreases the chances of problems occurring during an emergency event
D. Ensures employee safety
✔✔A.
Protects viability of the organization by positioning it to respond quickly and
appropriately in an emergency event - ✔✔21.What is the purpose of developing
recovery strategies?
A. Protects viability of the organization by positioning it to respond quickly and
appropriately in an emergency event
B. Sufficiently exercises documented procedures
C. Positions organization to have zero downtime following an emergency event
D. Ensures procedures for verifying critical recovery resources are implemented and
functioning properly
✔✔A.
Duplicate site/distributed workload - ✔✔22.Which of the following would be considered
an internal recovery strategy?
A. Duplicate site/distributed workload
B. Vendor hot site
C. Commercial recovery center
D. Supplier service level agreements
✔✔D.
Fully operational facility - ✔✔23.Which of the following best describes a "Hot Site"?
A. Environmental infrastructure for technology operations
B. Agreement with a similar industry to provide recovery capabilities
C. Provides business services
D. Fully operational facility
