My Story Partners Podcasts Blog Resources Contact CISSP Training Program
Academy Login

Weekly CISSP Practice

Exam Questions

Week 24 - Question 1

Scenario: You're revising the company's Business Continuity Plan. Which of the following is NOT typically part of this plan?

 

A.  Risk Assessment

B.  Resource Inventory

C.  Employee Training Programs

D.  Salary Structure

 

Answer:  D

Explanation:

 

A. Risk Assessment

Risk Assessment is a foundational element of the BCP process.

  • The Role: Before you can plan for continuity, you must identify the threats (fire, flood, cyberattack, pandemic) and the vulnerabilities within your business processes.

  • The Connection: This often works in tandem with the Business Impact Analysis (BIA) to determine which risks are most likely to trigger a disaster and which business functions are most at risk.

B. Resource Inventory

A BCP must account for everything needed to keep the lights on when the primary office is unavailable.

  • The Scope: This includes a list of critical hardware (servers, laptops), software licenses, third-party vendor contact info, and "vital records" (contracts, legal docs).

  • Human Resources: It also includes a "Succession Plan" or an inventory of key personnel who have the authority to activate the BCP and lead the recovery.

C. Employee Training Programs

A plan is useless if the people expected to execute it don't know it exists.

  • The Requirement: The CISSP exam emphasizes that BCP is a living process, not just a binder on a shelf. Regular training, tabletop exercises, and full-scale simulations are necessary to ensure that employees understand their roles during a crisis (e.g., how to failover a database or where to report for work if the building is closed).

D. Salary Structure

Salary structure is a function of Human Resources (HR) and general business administration.

  • Why it's the Answer: While the BCP might include a provision for how to issue emergency payroll during a disaster (to ensure employees can still afford to come to work), the actual "structure" (who gets paid what, bonus tiers, etc.) has no bearing on the technical or operational restoration of critical business functions.

  • The Distinction: BCP focuses on Availability and Resilience; Salary Structure focuses on Compensation.

Key Takeaway for the CISSP Exam

The BCP is an "umbrella" that covers several specific sub-plans and processes. For the exam, remember this hierarchy:

  1. Project Initiation: Get management buy-in and define the scope.

  2. Business Impact Analysis (BIA): Quantify the impact of downtime (RTO/RPO).

  3. Strategy Development: Decide how to recover (e.g., Hot Site, Cloud backup).

  4. Plan Development: Write the procedures and document the resource inventory.

  5. Testing and Maintenance: Train employees and update the plan regularly.

 

Podcasts

Check out my weekly podcasts that delve deep into the relevant topics related to each of CISSP domains. In addition, I will go over specific questions and they can be interpreted and answered.

Listen Podcasts

CISSP Cyber Training Academy

Tired of not knowing how to study for the CISSP Exam? 

Check out the CISSP Cyber Training Academy to help you on your journey!

Learn about the Academy!

CISSP Cyber Training - YouTube

Check out my video collection on YouTube discussing all the details needed to help you pass the CISSP exam.   

Check out channel