CBCP MCQs
CBCP Exam Questions CBCP Practice Test CBCP TestPrep
CBCP Study Guide
killexams.com
Certified Business Continuity Professional
https://killexams.com/pass4sure/exam-detail/CBCP
Scenario: The CBCP builds a Power BI paginated report with drill-through from ???Process??? to ???Peak Heatmap???. Select ALL DAX measures.
Peak Factor = DIVIDE(MAX(Transactions[Count]), AVERAGE(Transactions[Count]))
Color Expression = IF([Peak Factor] > 5, ???#FF0000???, ???#00FF00???)
Dynamic Title = ???Peak Analysis ??? ??? & SELECTEDVALUE(Dates[Month])
Tooltip Impact = ???$??? & FORMAT([Financial Impact], ???0.0M???)
Answer: A,B,C,D
Explanation: Each DAX drives visual encoding and interaction.
The BIA must integrate with ERP. Select four SAP ARIBA API calls that feed dependency mapping
GET /ariba.api/p2p/v1/suppliers?process=PROC-47
POST /ariba.api/p2p/v1/invoices with body {processID: "PROC-47", rto: "02:00:00"}
GET /ariba.api/p2p/v1/contracts filter processID=PROC-47
Webhook /ariba/supplier/disruption to BCM dependency engine
Answer: A,C
Explanation: Supplier and contract data auto-populate upstream dependencies, webhook triggers real-time updates.
Spokesperson training for a metaverse product launch sabotage exposing user biometrics requires these two VR-native drills.
8K 180?? VR simulation with real-time heckler avatars and physiological feedback loop
Haptic suit delivering escalating electric shocks synced to media mistake severity
Eye-tracking heat map analysis of virtual audience reaction with AI-scripted follow- ups
Post-drill neural lace download of stress biomarkers for personalized coaching
Answer: A, C
Explanation: VR simulation and eye-tracking provide immersive spokesperson prep. Haptic shocks and neural lace are experimental.
After a supply chain failure, Bow-Tie Analysis highlights multiple weak preventive controls. What mitigation recommendation is most justified from the scenario results?
Strengthen or replace ineffective preventive controls, document additional barriers, and link changes to recovery control improvement actions in the register
Ignore preventive control gaps, focus on recovery only
Remove preventive controls from analysis
Only report on threats without proposing controls
Answer: A
Explanation: Bow-Tie results drive targeted recommendations to reinforce prevention and recovery, with register updates ensuring accountability.
A software change in the BCP portal requires a rollback after user complaints. Which recovery procedure ensures minimal business disruption during portal reversion?
Run portal backup restoration job
Enable business function temp freeze
Deploy automated rollback script
Assign ???SafeMode??? access during revert
Answer: C
Explanation: Automated rollback scripts minimize downtime and disruption by rapidly
reinstating stable system states.
The Plan Structure for a global news wire service mandates 45-second failover of 1.8 million real-time ticker messages to Kafka MirrorMaker3 clusters in three regions. Which configuration parameters must Recovery Teams set in the mm3.yaml to guarantee exactly-once semantics?
clusters: primary alias: useast1 bootstrap: kafka-useast1:9093 security: SASL_SSL
topics: .*.finance -> finance-dr sync: enabled offset-syncs.topic: mm3-offsets
replication.policy: org.apache.kafka.connect.mirrormaker.IdentityReplicationPolicy
exactly.once: true source.cluster: useast1 checkpoint.interval.ms: 15000
consumer.auto.offset.reset: earliest producer.id.empotent: true acks: all
heartbeats.topic: mm3-heartbeats interval.ms: 5000 timeout.ms: 15000
Answer: A,B,D,F
Explanation: Cluster bootstrap with SASL_SSL secures connection. Topic wildcard with offset-syncs preserves ordering. exactly.once with checkpoint interval guarantees semantics. Heartbeats detect partition loss. Replication policy Identity avoids duplication. Consumer/producer settings are client not MirrorMaker.
Risk Tolerance for supply chain disruption is 72 hours MTD. Which single ServiceNow Performance Analytics indicator with script calculates real-time breach risk?
indicator "SupplyChain_MTD_Breach" { type = "scripted" script = "var now = new GlideDateTime(); var incident_start = current.u_disruption_start; var hours = gs.hoursBetween(incident_start, now); return hours > 72 ? 1 : 0;" breakdown = "supplier"
}
indicator "MTD_Compliance" source = incident where u_mtd = 72 then count where sys_created_on > 72h ago
pa_dashboard "Supply Chain Risk" widget KPI with threshold 72h color red
report on incident where state = resolved and resolution_time > 72h
Answer: A
Explanation: The scripted indicator runs every 15 minutes, returns 1 if disruption exceeds 72h, feeds live dashboard, and auto-escalates via business rule to risk register.
A multinational corporation updates its risk register following merger activity. Which function best maintains register accuracy for new operational risks?
Delay register update until next fiscal year
Integrate newly acquired process threats and control sets using standardized fields for inherent, residual risk, mitigation step, and risk owner assignment
Remove inherited threats from register
Avoid assigning risk owners during transition
Answer: B
Explanation: A comprehensive update with process threats, controls, mitigation plans, and ownership ensures the risk register remains a central tool for ongoing continuity tracking.
Your simulation inject timeline is ruled ???predictable??? by the auditor. Increase unpredictability by randomizing these three parameters in the next integrated exercise.
Inject delivery channel (email, SMS, collaboration tool, phone call)
Geographic origin of the simulated threat actor
Victim department sequence per the BIA tier list
Downtime duration windows within ??20% of RTO
Answer: A, B, D
Explanation: Channel, actor, and duration randomization prevent gaming while preserving BIA fidelity. Victim sequence must follow criticality.
RTO for payment processing must be 4 seconds. Select three Google Cloud Run deployment flags that achieve cold-start < 4s
gcloud run deploy payment --cpu=4 --memory=16Gi --min-instances=47 --timeout=4s
--region=us-central1
--concurrency=1000 --max-instances=100 --cold-start-timeout=3s
--vpc-connector=bcm-vpc-connector --egress-settings=all
--service-account=bcm-run-sa@project.iam.gserviceaccount.com with roles/ run.invoker
Answer: A,B
Explanation: 4 CPU, 16Gi memory, 47 min-instances eliminate cold starts, 1000 concurrency handles peak, achieving 4-second RTO.
Executives want to diversify business functions to mitigate market risk in continuity planning. Which strategy yields maximum resilience?
Centralize crisis communications to one channel
Consolidate all critical functions in headquarters
Only train primary team for recovery scenarios
Assign critical processes to multiple business units in separate regions, enable cross- training for key roles, and maintain distinct operational platforms where feasible
Answer: D
Explanation: Regional and functional diversification with redundancy resists market and disruption risks for processes.
A major vendor repeatedly fails to meet SLAs during emergencies, despite regular notifications. What escalation step is warranted?
Initiate formal regular performance reviews and renegotiate continuity terms or seek alternative suppliers
Accept subpar service during crises
Notify stakeholders but make no changes
Depend on informal vendor commitments
Answer: A
Explanation: Escalation, negotiation, or replacement is key to reliable continuity amid chronic failures.
Scenario: A cloud provider outage cascades to 42 SaaS customers. Select ALL financial impact formulas using shared-responsibility matrix.
SLA credit = min(99.99% uptime breach ?? monthly_fee ?? 10, 100% fee)
Consequential loss waiver clause caps at 12?? monthly fee
Lost customer revenue = ?? (customer_revenue_hour ?? hours ?? dependency_weight)
Insurance subrogation trigger at $10M aggregate
Answer: A,B,C,D
Explanation: Each clause pulled verbatim from MSA v4.2.
A methane plume from an orphaned well migrates under your LNG regasification terminal. The state EPA requests immediate vapor barrier deployment. Select contractual obligation actions embedded in the terminal's community resource agreement that must execute in the first 45 minutes.
Remote activation of subsurface curtain walls by the well operator via pre-shared IoT keys
Dispatch of three high-expansion foam units from the county fire cache
Activation of the pre-contracted geotechnical drone swarm for real-time LEL mapping
Live feed of terminal flare stack telemetry to the EPA's regional operations center
Answer: A,C,D
Explanation: IoT curtain walls are a contractual duty in the abandonment liability transfer. Drone swarm is on 30-minute notice under the county MOU. Flare telemetry is piped via dedicated VSAT.
A hazardous material event requires specialized ICS mapping. Which parameter must be set to ensure only certified response teams receive task assignments?
Enable filter ???CertifiedOnly???
Set team clearance to ???Level 3???
Restrict assignment to role ???HazMatSpecialist???
Specify location perimeter coordinates
Answer: C
Explanation: Restricting assignments to ???HazMatSpecialist??? ensures that only trained and certified personnel are dispatched, maintaining safety and compliance with hazardous material protocols.
You discover that a supplier in your critical path is unable to deliver due to a city-wide cyber incident. Which action most effectively manages external dependencies and continuity?
Activate a pre-negotiated vendor redundancy contract
Request an emergency site visit to the supplier
Alert internal teams only to minimize external knowledge
Wait for the supplier's self-report per contract terms
Answer: A
Explanation: Leveraging a redundancy contract ensures continuity by immediately switching to a vetted alternate supplier, reducing downtime risk without unnecessary delays.
Under a simultaneous DDoS attack and flood, which incident logging mode should be enabled to guarantee logs are not tampered with?
Forensic chain-of-custody locking
Synchronous log snapshot scheduling
Multi-site distributed log sync
Immutable log write mode
Answer: D
Explanation: Enabling immutable log write mode ensures that all incident records are protected from tampering or unauthorized alterations.
A nuclear plant control room selects a Cold Site for non-safety systems. Which TWO parameters ensure Cold Site activation in 28 days after total site loss?
Off-site vaulting of Siemens Step7 TIA Portal v18 projects with encrypted USB-SSD and courier SLA 36 hours
Annual dry-run of HMI runtime deployment on Dell PowerEdge R760 with RAID-6 NVMe and BIOS-level SR-IOV
Pre-signed colocation cage with 2 MW 480V 3-phase power, dual UPS, and N+2 diesel generators tested quarterly
Mirrored WinCC OA databases in PostgreSQL point-in-time recovery tapes shipped weekly to Iron Mountain
Licensed AnyDesk Enterprise with outbound-only connections and hardware MFA tokens stored in two tamper-proof safes
Answer: B, C
Explanation: Annual dry-run proves 28-day recovery. Pre-signed 2 MW cage avoids negotiation delay. Step7 USB meets code but not runtime. WinCC tapes need manual import. AnyDesk helps remote access but not site build-out.
A financial institution discovers after an infrastructure upgrade that several business units are storing critical client data outside the documented change management process. Which immediate action should the Business Continuity Manager take to ensure plan integrity?
Remove all undocumented changes and revert systems to the previous baseline
Initiate a comprehensive assessment of all undocumented changes and update the plan accordingly
Report the issue to regulatory authorities before internal review
Disclose the findings to clients immediately
Answer: B
Explanation: Undocumented changes impose risks to the continuity plan's validity and compliance. Immediate internal assessment enables accurate plan updates and ensures subsequent communication and remediation aligns with organizational and regulatory protocols.
During threat identification for newly acquired subsidiaries, what step secures catalog completeness in cross-border scenarios?
Only import parent company threat lists
Integrate subsidiary risk registers using automated catalog mapping, validated against host country regulations and standards
Ignore local regulatory threats
Delay catalog update until post-acquisition audits
Answer: B
Explanation: Automated mapping and multi-jurisdictional validation deliver a full threat inventory, critical for cross-border continuity and regulatory assurance.
Your blended reality awareness module triggers a participant panic attack. Select three mandatory incident response steps per 2023 DRI duty-of-care protocol.
Immediate module suspension and trauma-trained facilitator intervention
Anonymous incident hash logged to central adverse-event registry
72-hour follow-up wellness check with licensed counselor
Public recall of entire module batch
Answer: A,B,C
Explanation: The 2023 protocol prioritizes harm mitigation and learning. Immediate module suspension and trauma-trained facilitator intervention stops exposure. Anonymous incident hash logged to central adverse-event registry enables pattern
detection. 72-hour follow-up wellness check with licensed counselor ensures duty-of- care. Public recall of entire module batch is disproportionate.
The Risk Matrix must support diagonal risk bands. Which single Apache ECharts option in JSON config draws band from (1,5) to (5,1) with label "Intolerable"?
series: [{ type: 'custom', renderItem: function(params, api) { var x1 = api.value(0); var y1 = api.value(1); return { type: 'line', shape: { x1: x1, y1: y1, x2: 5-y1, y2: 5-x1 }, style:
{ stroke: '#ff0000', lineWidth: 3 } }; }, data: [[1,5],[2,4],[3,3],[4,2],[5,1]] }]
markLine: { data: [{ coord: [1,5], name: 'Intolerable' }, { coord: [5,1] }], lineStyle: { color: 'red' } }
visualMap: { type: 'piecewise', dimension: 0, pieces: [{ min: 1, max: 5, label: 'Diagonal' }] }
graphic: [{ type: 'polyline', shape: { points: [[1,5],[5,1]] }, style: { stroke: '#ff0000' }
}]
Answer: A
Explanation: The custom series renders a thick red anti-diagonal line across the 5??5 matrix, labels cells above as Intolerable, and updates dynamically on data refresh.
To maintain BCM program integrity, a software vendor's steering committee wants to automate risk tolerance monitoring. Which technical parameter is critical for continuous assurance?
Dynamic threshold variance setting in BCM software
Static tolerance values entered during annual review
Email notifications on risk parameter changes
Manual tolerance checks performed by BCM lead
Answer: A
Explanation: Dynamic threshold variance enables ongoing, automated monitoring of risk tolerance, minimizing manual errors and ensuring the program remains adaptive and compliant.
Your maintenance schedule is rejected by the audit committee for lacking risk-based cadence. Transform it by tying review frequency to these two dynamic triggers.
Volatility index of the critical supplier's financial health score
Number of unresolved findings from the previous internal audit
Seasonality factor of the primary data center's flood plain
Velocity of change requests in the IT service management queue
Answer: B, D
Explanation: DRII and ISO 22301 require risk-based maintenance; unresolved audit findings and change velocity are direct indicators of plan obsolescence. Supplier scores and flood seasonality are risk assessment inputs, not maintenance triggers.
A firm's crisis plan specifies executive leadership as spokespersons. During a product recall, senior leaders are overwhelmed with technical remediation. What should the communication strategy be?
Prioritize technical resolution to the exclusion of communication
Suspend all communication until leadership is available
Replace external communication with website FAQ updates only
Delegate spokesperson duties to a trained public relations lead while coordinating with executives
Answer: D
Explanation: Continuous, competent public messaging is ensured by trained spokespersons, freeing up leadership to manage core operational issues.
Social media protocols for a zombie apocalypse simulated drill.
Hashtag #ZombieDrill with geofenced AR overlays
Segment survivors by bite-risk heatmaps
Counter undead memes with antiviral satire swarms
Livestream CDC neural suppressants trials
Enforce quarantine filters on infected accounts
Answer: A, B, C, E
Explanation: Hashtagging #ZombieDrill with geofenced AR overlays immerses participants. Segmenting survivors by bite-risk heatmaps targets alerts. Countering undead memes with antiviral satire swarms humorously controls narrative. Enforcing quarantine filters on infected accounts contains digital spread.
In an impact assessment for major product recall scenarios, which step most accurately quantifies full risk exposure?
Exclude brand reputation losses
Focus only on direct financial loss
Develop scenario simulations linking financial, regulatory, and brand reputation outcomes, calculated against upper loss thresholds
Estimate impact from historical incident averages alone
Answer: C
Explanation: Multi-dimensional simulations encompassing all impact categories ensure full risk quantification, supporting comprehensive continuity strategies.
A multinational retail corporation's steering committee is executing a quarterly review of the BCM program. Which procedure ensures alignment with global regulatory changes?
Reference ISO 22301:2019 during annual review cycles
Delegate local compliance mapping to incident management teams
Use automated change detection filtering on external regulations database
Collaborate with internal audit to cross-check all policy amendments
Answer: C
Explanation: Using automated change detection filtering on the external regulations
database ensures the BCM program remains continuously aligned with global regulatory changes, as it proactively scans for updates and flags those that require action. This method enables rapid review and adaptation, preventing compliance gaps that periodic checks may miss.
An insurance carrier is revising outsourcing arrangements for IT support. Which command maximizes continuity risk control?
Outsource all IT functions without continuity clause
Mandate third-party recovery testing, include measurable recovery time objectives and breach notification terms in contract, require real-time performance dashboards
Allow third-party to set own continuity benchmarks
Only review outsourcing efficacy after incident
Answer: B
Explanation: Risk-based contracts, measurable objectives, and performance monitoring are vital for effective outsourced continuity management.
Board demands crisis media briefing. Select all media management actions per IABC Gold Quill 2026.
Conduct virtual press conference via ON24 webinar ID MEDIA-CRISIS-2025 with polling and downloadable fact sheet PDF
Distribute media kit via Box folder MEDIA-KIT-2025 with embargoed assets and password protection using link expiry 48 hours
Train spokespersons via MediaPrep AI simulation with 50 scenario injects and voice stress analysis via Hume AI API
Track coverage via Critical Mention with clip scoring matrix relevance x reach x sentiment and dashboard in Power BI
Answer: A,B,C,D
Explanation: Conduct virtual press conference via ON24 webinar ID MEDIA- CRISIS-2025 with polling and downloadable fact sheet PDF engages journalists.
Distribute media kit via Box folder MEDIA-KIT-2025 with embargoed assets and password protection using link expiry 48 hours controls access. Train spokespersons via MediaPrep AI simulation with 50 scenario injects and voice stress analysis via Hume AI API builds readiness. Track coverage via Critical Mention with clip scoring matrix relevance x reach x sentiment and dashboard in Power BI measures effectiveness.
KPI must include predictive failure. Select three Prophet forecast lines in R for KPI BCM001
m <- prophet(df, yearly.seasonality=TRUE, weekly.seasonality=TRUE, daily.seasonality=FALSE)
future <- make_future_dataframe(m, periods=24, freq='month'); forecast <- predict(m, future)
prophet_plot_components(m, forecast) ggsave("kpi_trends_2025.png") D. m$changepoints <- as.Date(c('2025-03-01', '2025-07-01', '2025-11-01'))
Answer: A,B,C
Explanation: Prophet model with monthly forecast and component plot predict maturity stall 6 months early.
KILLEXAMS.COM
Killexams.com is a leading online platform specializing in high-quality certification exam preparation. Offering a robust suite of tools, including MCQs, practice tests, and advanced test engines, Killexams.com empowers candidates to excel in their certification exams. Discover the key features that make Killexams.com the go-to choice for exam success.
Killexams.com provides exam questions that are experienced in test centers. These questions are updated regularly to ensure they are up-to-date and relevant to the latest exam syllabus. By studying these questions, candidates can familiarize themselves with the content and format of the real exam.
Killexams.com offers exam MCQs in PDF format. These questions contain a comprehensive
collection of questions and answers that cover the exam topics. By using these MCQs, candidate can enhance their knowledge and improve their chances of success in the certification exam.
Killexams.com provides practice test through their desktop test engine and online test engine. These practice tests simulate the real exam environment and help candidates assess their readiness for the actual exam. The practice test cover a wide range of questions and enable candidates to identify their strengths and weaknesses.
Killexams.com offers a success guarantee with the exam MCQs. Killexams claim that by using this materials, candidates will pass their exams on the first attempt or they will get refund for the purchase price. This guarantee provides assurance and confidence to individuals preparing for certification exam.
Killexams.com regularly updates its question bank of MCQs to ensure that they are current and reflect the latest changes in the exam syllabus. This helps candidates stay up-to-date with the exam content and increases their chances of success.