Top 20 Disaster Recovery Questions and Answers

Top 20 Disaster Recovery Questions and Answers

Disaster recovery is a critical component of modern business and IT operations, ensuring the continuity of essential functions in the face of unforeseen crises. To navigate this complex field effectively, it’s essential to have a thorough understanding of the key concepts, strategies, and best practices. In this comprehensive guide, we’ve compiled the top 20 disaster recovery questions and answers to help you grasp the essentials of this crucial discipline. Whether you’re a business leader looking to safeguard your organization’s data and operations, or an IT professional seeking to enhance your disaster recovery expertise, these insights will prove invaluable in fortifying your disaster preparedness and recovery efforts. Let’s delve into the fundamentals of disaster recovery to help you build resilience in the face of adversity.

Now, let’s move on to the top 20 Disaster Recovery Questions and Answers

Q1. In the event of a major disaster, the first goal of the business is to maintain the _______ sustainable level of services for the organization.


Q2. Customers and clients will have __ in the outcome of the disaster recovery.

Select one:
a. an important role
b. a direct interest
c. no interest
d. no effect

Q3. Disaster recovery typically looks at the __.

Select one:
a. long run
b. continuation of the business
c. overall business plan
d. short term

Q4. On whose web site can you find itemized lists, by state and counties within a state, of the declared disasters on a yearly basis?

Select one:
a. CIA
c. FBI
d. IRS

Q5. Any event or occurrence that can have a detrimental effect on an organization either in whole or in part is known as a(n) _____.


Q6. A feedback mechanism that can be used to measure the effectiveness of a CSIRT is the __.

Select one:
a. after action review
b. IR plan test
c. definition of empirical measures
d. help desk report log

Q7. The champion for the CSIRT may be the same person as the champion for the entire IR function—typically, the __.

Select one:
a. chief executive officer
b. chief information officer
c. IT manager
d. operations manager

Q8. The __ flow of information needed from the CSIRT to organizational and IT/InfoSec management is a critical communication requirement.

Select one:
a. operations
b. identifying
c. geographic
d. upward

Q9. Those services undertaken to prepare the organization or the CSIRT constituents to protect and secure systems in anticipation of problems, attacks, or other events are called __.

Select one:
a. vulnerability assessment services
b. security quality management services
c. proactive services
d. reactive services

Q10. A(n) __, a type of IDPS that is similar to the NIDPS, reviews the log files generated by servers, network devices, and even other IDPSs.

Select one:
a. packet exchanger
b. trap and trace system
c. honeynet
d. log file monitor

Q11. The __ is a federal law that creates a general prohibition on the realtime monitoring of traffic data relating to communications.

Select one:
a. Wiretap Act
b. Electronic Communication Protection Act
c. Pen/Trap Statute
d. Fourth Amendment to the U.S. Constitution

Q12. The process of evaluating the circumstances around organizational events includes determining which adverse events are possible incidents, or __.

Select one:
a. critical violations
b. incident candidates
c. hacker intrusions
d. service alarms

Q13. The use of IDPS sensors and analysis systems can be quite complex. One very common approach is to use an open source software program called __ running on an open source UNIX or Linux system that can be managed and queried from a desktop computer using a client interface.

Select one:
a. Sniff
b. Snort
c. Match
d. Detector

Q14. When the measured activity is outside the baseline parameters in a behavior-based IDPS, it is said to exceed the __ (the level at which the IDPS triggers an alert to notify the administrator).

Select one:
a. baseline level
b. footprint level
c. clipping level
d. root level

Q15. A favorite pastime of information security professionals is __, which is a simulation of attack and defense activities using realistic networks and information systems.

Select one:
a. simulation
b. war gaming
c. parallel testing
d. structured walk-through

Q16. A(n) __ is a CSIRT team member, other than the team leader, who is currently performing the responsibilities of the team leader in scanning the organization’s information infrastructure for signs of an incident.

Select one:
a. forensic expert
b. IR duty officer
c. project manager
d. software engineer

Q17. __ is the process of systematically examining information assets for evidentiary material that can provide insight into how an incident transpired.

Select one:
a. Disaster recovery
b. Incident response
c. War gaming
d. Forensics analysis

Q18. One of the primary responsibilities of the IRP team is to ensure that the __ is prepared to respond to each incident it may face.

Select one:
a. IR plan
b. Semtex
d. Catalyst

Q19. Should an incident begin to escalate, the CSIRT team leader continues to add resources and skill sets as necessary to attempt to contain and terminate the incident. The resulting team is called the __ for this particular incident.

Select one:
a. IR unit
b. reaction force
c. forensic team
d. response unit

Q20. The responsibility for creating an organization’s IR plan often falls to the __.

Select one:
a. database administrator
b. project manager
c. forensic expert
d. chief information security officer


  1. minimal
  2. b
  3. d
  4. b
  5. disaster
  6. c
  7. b
  8. d
  9. c
  10. d
  11. c
  12. b
  13. b
  14. c
  15. b
  16. b
  17. d
  18. c
  19. b
  20. d