DRII CBCP FINAL EXAM ACTUAL 2026 QUESTIONS AND
SOLUTIONS RATED A+
✔✔The purpose of identifying and evaluating the effectiveness of existing controls is? -
✔✔To mitigate impact exposures
✔✔Evaluating the effectiveness of controls involves? - ✔✔Identifying the existing
controls that are in place
✔✔Implementing controls and procedures ________? - ✔✔Minimizes risk
✔✔Necessary changes in order to reduce the impact of identified risks include: -
✔✔Changes to physical protection and changes to cyber security and information
technology.
✔✔Resilience - ✔✔The adaptive capacity of an organization in a complex and changing
environment
✔✔Controls - ✔✔Processes, procedures, or devices that prevent or mitigate impact
exposures/risks
✔✔What is the number one emerging supply chain risk? - ✔✔Cyber attack
✔✔Business interruption insurance - ✔✔The requirement for calculation of adequate
insurance, covering financial loss due to temporary business cessation.
✔✔Extra expense insurance - ✔✔Pays for extra expenses to maintain operations after
an accident to an insured item until normal operations can be restored.
✔✔Contingent business interruption insurance - ✔✔Reimburses for lost profits and
extra expenses. due to an interruption relating to a customer or supplier.
✔✔What are the primary objectives of conducting a risk assessment? - ✔✔To
understand the entity's exposure to loss and evaluate the effectiveness of controls and
safeguards.
✔✔What is describes mitigation? - ✔✔Reducing risk
✔✔What is an objective of performing a risk assessment? - ✔✔To identify risks that can
adversely affect an entity's resources.
✔✔What are examples of quantitative impacts? - ✔✔Percentages, numbers, money
✔✔What are examples of qualitative impacts? - ✔✔High, medium, low
, ✔✔What is the number one objective of the BIA? - ✔✔To prioritize functions and
processes based on the level of criticality and time sensitivity
✔✔What is the second objective of the BIA? - ✔✔To determine the recovery objectives
for core and support functions and processes.
✔✔What is the third objective of the BIA? - ✔✔To analyze the findings to ascertain any
gaps between the entity's requirements and it's ability to deliver those requirements.
✔✔A BIA sets requirements not? - ✔✔Strategies
✔✔Recovery Point Objective - ✔✔The amount of data that you can tolerate to lose.
Data that is not on the backup.
✔✔What is the primary goal of the BIA? - ✔✔To gain acceptance of the RTO and RPO
for each operational area
✔✔Sole Source Supplier - ✔✔The only supplier of that resource, no other options.
✔✔Single Source Supplier - ✔✔The only supplier that you choose to supply your
resource, however there are other options out there.
✔✔What is one of the last steps in the BIA process? - ✔✔To prepare a gap analysis
✔✔What are example gaps? - ✔✔Resource, time, and data gaps
✔✔Impact should determine? - ✔✔The frequency of backups
✔✔The greater the impact from lost data the? - ✔✔More frequently backups should be
completed
✔✔Objective of the BIA? - ✔✔Entity function/process criticality and time sensitivity
✔✔What is the first planning professional practice? - ✔✔Business Continuity Srategies
✔✔What is the objective for the professional practice: Business continuity strategies -
✔✔Select cost-effective strategies to reduce deficiencies as identified during the risk
assessment and business impact analysis (BIA) processes
✔✔Who is responsible for developing business continuity strategies? - ✔✔The
functional area manager
SOLUTIONS RATED A+
✔✔The purpose of identifying and evaluating the effectiveness of existing controls is? -
✔✔To mitigate impact exposures
✔✔Evaluating the effectiveness of controls involves? - ✔✔Identifying the existing
controls that are in place
✔✔Implementing controls and procedures ________? - ✔✔Minimizes risk
✔✔Necessary changes in order to reduce the impact of identified risks include: -
✔✔Changes to physical protection and changes to cyber security and information
technology.
✔✔Resilience - ✔✔The adaptive capacity of an organization in a complex and changing
environment
✔✔Controls - ✔✔Processes, procedures, or devices that prevent or mitigate impact
exposures/risks
✔✔What is the number one emerging supply chain risk? - ✔✔Cyber attack
✔✔Business interruption insurance - ✔✔The requirement for calculation of adequate
insurance, covering financial loss due to temporary business cessation.
✔✔Extra expense insurance - ✔✔Pays for extra expenses to maintain operations after
an accident to an insured item until normal operations can be restored.
✔✔Contingent business interruption insurance - ✔✔Reimburses for lost profits and
extra expenses. due to an interruption relating to a customer or supplier.
✔✔What are the primary objectives of conducting a risk assessment? - ✔✔To
understand the entity's exposure to loss and evaluate the effectiveness of controls and
safeguards.
✔✔What is describes mitigation? - ✔✔Reducing risk
✔✔What is an objective of performing a risk assessment? - ✔✔To identify risks that can
adversely affect an entity's resources.
✔✔What are examples of quantitative impacts? - ✔✔Percentages, numbers, money
✔✔What are examples of qualitative impacts? - ✔✔High, medium, low
, ✔✔What is the number one objective of the BIA? - ✔✔To prioritize functions and
processes based on the level of criticality and time sensitivity
✔✔What is the second objective of the BIA? - ✔✔To determine the recovery objectives
for core and support functions and processes.
✔✔What is the third objective of the BIA? - ✔✔To analyze the findings to ascertain any
gaps between the entity's requirements and it's ability to deliver those requirements.
✔✔A BIA sets requirements not? - ✔✔Strategies
✔✔Recovery Point Objective - ✔✔The amount of data that you can tolerate to lose.
Data that is not on the backup.
✔✔What is the primary goal of the BIA? - ✔✔To gain acceptance of the RTO and RPO
for each operational area
✔✔Sole Source Supplier - ✔✔The only supplier of that resource, no other options.
✔✔Single Source Supplier - ✔✔The only supplier that you choose to supply your
resource, however there are other options out there.
✔✔What is one of the last steps in the BIA process? - ✔✔To prepare a gap analysis
✔✔What are example gaps? - ✔✔Resource, time, and data gaps
✔✔Impact should determine? - ✔✔The frequency of backups
✔✔The greater the impact from lost data the? - ✔✔More frequently backups should be
completed
✔✔Objective of the BIA? - ✔✔Entity function/process criticality and time sensitivity
✔✔What is the first planning professional practice? - ✔✔Business Continuity Srategies
✔✔What is the objective for the professional practice: Business continuity strategies -
✔✔Select cost-effective strategies to reduce deficiencies as identified during the risk
assessment and business impact analysis (BIA) processes
✔✔Who is responsible for developing business continuity strategies? - ✔✔The
functional area manager
