ISC S2 M3 Exam Questions and
Answers
How is Annualized Rate of Occurrence (ARO) Calculated? - ANSWER-Number of
occurrences divided by number of years
How is Exposure Factor (EF) Calculated? - ANSWER-Damage in terms of dollars
expressed as percentage of asset value. EF for flooding risk at this place is 40% for
example.
Single Loss Expectancy calculated? - ANSWER-Take the Exposure Factor (EF) *
the value of the asset therefore a 40% EF on a $5mill item has a SLE of $2,000,000
Annualized Loss Expectancy (ALE) calculated?? - ANSWER-Cost of specific loss in
a given year. Take the SLE and multiply by ARO. If SLE is $2mill and ARO is .05
then the ALE is $100,000
Main difference between business continuity and crisis management - ANSWER-
Business Continuity focuses on NON-IT operational and personal functions while
Crisis Management focuses on large scale incidents. Disaster Recovery focuses
only on IT problems.
What are the two agreements for when orgs use third party services to manage IT
service? - ANSWER-Agreed Service Time (AST) and Minimal Amont of Downtime
(DT) specified in Service Level Agreement (SLA)
List all of the system availability metrics - ANSWER-1. Maximum Tolerable
Downtime (MTD)
2. Recovery Point Objective (RPO) (max amount of data or dollars that can be lost)
3. Recovery Time Objective (RTO) (max amount of time it should take to restore
operations)
4. Mean Time To Repair
5. Recovery Time Actual
6. Recovery Point Actual
What does RAID stand for? - ANSWER-Redundant Array of Independent Drives
What is the difference between an incremental and a differential backup? -
ANSWER-Incremental is only data items that have changes since last backup.
Slowest of the three backups to be restored, but each creation is fast.
Differential is ALL changes since last backup. Restoration is simpler but slower than
full backup yet faster than incremental one.
Review the System Availability chart in OneNote - ANSWER-Did u do it?
Answers
How is Annualized Rate of Occurrence (ARO) Calculated? - ANSWER-Number of
occurrences divided by number of years
How is Exposure Factor (EF) Calculated? - ANSWER-Damage in terms of dollars
expressed as percentage of asset value. EF for flooding risk at this place is 40% for
example.
Single Loss Expectancy calculated? - ANSWER-Take the Exposure Factor (EF) *
the value of the asset therefore a 40% EF on a $5mill item has a SLE of $2,000,000
Annualized Loss Expectancy (ALE) calculated?? - ANSWER-Cost of specific loss in
a given year. Take the SLE and multiply by ARO. If SLE is $2mill and ARO is .05
then the ALE is $100,000
Main difference between business continuity and crisis management - ANSWER-
Business Continuity focuses on NON-IT operational and personal functions while
Crisis Management focuses on large scale incidents. Disaster Recovery focuses
only on IT problems.
What are the two agreements for when orgs use third party services to manage IT
service? - ANSWER-Agreed Service Time (AST) and Minimal Amont of Downtime
(DT) specified in Service Level Agreement (SLA)
List all of the system availability metrics - ANSWER-1. Maximum Tolerable
Downtime (MTD)
2. Recovery Point Objective (RPO) (max amount of data or dollars that can be lost)
3. Recovery Time Objective (RTO) (max amount of time it should take to restore
operations)
4. Mean Time To Repair
5. Recovery Time Actual
6. Recovery Point Actual
What does RAID stand for? - ANSWER-Redundant Array of Independent Drives
What is the difference between an incremental and a differential backup? -
ANSWER-Incremental is only data items that have changes since last backup.
Slowest of the three backups to be restored, but each creation is fast.
Differential is ALL changes since last backup. Restoration is simpler but slower than
full backup yet faster than incremental one.
Review the System Availability chart in OneNote - ANSWER-Did u do it?