Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Business Continuity, Disaster Recovery, and Incident Response practice sets

ISC2 CC Business Continuity, Disaster Recovery, and Incident Response • Complete Question Bank

ISC2 CC Business Continuity, Disaster Recovery, and Incident Response — All Questions With Answers

Complete ISC2 CC Business Continuity, Disaster Recovery, and Incident Response question bank — all 0 questions with answers and detailed explanations.

95
Questions
Free
No signup
Certifications/ISC2 CC/Practice Test/Business Continuity, Disaster Recovery, and Incident Response/All Questions
Question 1easymultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A company is developing a business continuity plan. Which document identifies critical business functions and their dependencies, including the maximum acceptable downtime?

Question 2mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

An organization's recovery time objective (RTO) for its customer database is 4 hours, and the recovery point objective (RPO) is 1 hour. The database is backed up every hour using full backups. A disaster occurs at 2:00 PM, and the last successful backup was at 1:00 PM. The system is restored and operational at 5:30 PM, but data from 1:00 PM to 2:00 PM is lost. Which statement is correct?

Question 3hardmultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

During a disaster recovery test, an organization uses a warm site. The site has partially configured servers and network infrastructure but lacks recent data. The recovery team expects to have the system operational within 2 days. Which recovery metric is most directly addressed by the warm site's capabilities?

Question 4mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

An organization stores backup data on a tape drive (onsite) and also replicates critical data to a cloud storage service. This practice best exemplifies which backup rule?

Question 5easymultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

Which recovery site strategy provides the shortest recovery time objective (RTO), typically measured in hours, by maintaining a fully mirrored environment that can be activated immediately?

Question 6mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A security analyst detects unusual outbound network traffic from a server that typically only handles internal file sharing. The traffic appears to be exfiltrating sensitive data. Which phase of the incident response process should the analyst initiate next?

Question 7hardmultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A company experiences a ransomware attack that encrypts all files on a file server. The IT team decides to restore the server from the most recent full backup taken 24 hours ago, followed by all differential backups taken since then. If the last full backup was on Sunday at midnight, and the attack occurs on Wednesday at 6:00 AM, with differential backups taken daily at noon, how many differential backups must be restored?

Question 8mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

During a data breach incident, the incident response team discovers that personally identifiable information (PII) of European Union residents was compromised. According to GDPR, what is the maximum time frame for notifying the supervisory authority?

Question 9easymultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

Which type of backup copies all data that has changed since the last full backup, regardless of any subsequent incremental or differential backups?

Question 10mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A financial institution's incident response team is handling a denial-of-service (DoS) attack that is affecting customer access. The team has identified the attack source IPs and implemented filtering rules on the perimeter firewall. Which phase of incident response is being performed?

Question 11hardmultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

An organization's business continuity plan designates a maximum tolerable downtime (MTD) of 8 hours for its order processing system. The system's recovery time objective (RTO) is set at 4 hours, and work recovery time (WRT) is estimated at 2 hours. If a disaster occurs at 10:00 AM and the system is restored at 2:00 PM, but additional configuration and data validation take until 3:30 PM to complete, what is the total downtime and is the MTD met?

Question 12easymultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

Which incident category involves an attacker tricking an employee into revealing their login credentials through a fraudulent email?

Question 13mediummulti select
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A company is creating a backup strategy for its critical database. The database is updated continuously, and the company can tolerate up to 2 hours of data loss. Which TWO backup methods would best help achieve a recovery point objective (RPO) of 2 hours? (Select TWO.)

Question 14hardmulti select
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

During a security incident, the crisis communication team must notify stakeholders. According to best practices, which THREE groups should always be included in initial notifications? (Select THREE.)

Question 15mediummulti select
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

An organization is evaluating recovery site options. Which TWO factors are most critical when selecting between a hot site and a warm site? (Select TWO.)

Question 16easymultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

An organization is developing a Business Continuity Plan (BCP). Which analysis is performed first to identify critical business functions and their dependencies?

Question 17mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

During a disaster recovery test, the IT team successfully restored systems from backups and achieved the recovery time objective (RTO). However, users could not resume normal work because additional configuration and data validation were needed. Which metric was NOT met?

Question 18hardmultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A company’s disaster recovery plan specifies an RTO of 4 hours and an RPO of 1 hour for its critical database. The database is backed up every hour using incremental backups. After a catastrophic failure, restoration takes 3 hours, but the database must be rolled forward using transaction logs. The total time to make the database fully operational is 5 hours. Which statement is correct?

Question 19easymultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

Which recovery site strategy provides the fastest recovery time, typically within hours, and is a fully mirrored environment ready to take over operations immediately?

Question 20mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

An organization adopts the 3-2-1 backup rule. Which combination of backups satisfies this rule?

Question 21mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A small business wants to minimize backup storage space and backup time, knowing that restoration may be slower. Which backup strategy should they choose?

Question 22hardmultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

During an incident, the security team detects unusual outbound traffic from a server that normally does not communicate externally. The traffic appears to be encrypted and is sent to an unknown IP address. Which incident category best describes this scenario?

Question 23mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

An organization experiences a ransomware attack that encrypts critical files. The incident response team follows the standard IR phases. After containing the infection and eradicating the malware, what is the next phase?

Question 24hardmultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A healthcare organization suffers a data breach involving protected health information (PHI). The incident occurred on Monday, and the organization discovers it on Wednesday. Under GDPR, if the breach affects EU residents, what is the deadline for notifying the supervisory authority?

Question 25easymultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

Which of the following best describes a Disaster Recovery Plan (DRP)?

Question 26mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A company’s backup strategy: Full backup every Sunday, differential backups Monday through Saturday. On Thursday, the system fails. How many backups are needed to restore the data?

Question 27mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

An organization determines that its critical financial application has a maximum tolerable downtime (MTD) of 8 hours. The recovery time objective (RTO) is set to 6 hours, and the work recovery time (WRT) is 2 hours. If the application is restored from backup in 5 hours, but additional configuration takes 3 hours, what is the total downtime, and is the MTD met?

Question 28mediummulti select
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

An organization is developing an incident response plan. Which TWO phases are part of the incident response lifecycle according to the NIST framework? (Select two.)

Question 29hardmulti select
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A company is selecting a recovery site strategy. They need to balance cost and recovery time. Which THREE factors should they consider when choosing between hot, warm, and cold sites? (Select three.)

Question 30easymulti select
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

An organization experiences a denial-of-service (DoS) attack. Which TWO actions should the incident response team take during the containment phase? (Select two.)

Question 31easymultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

An organization is preparing its Business Continuity Plan (BCP). Which process identifies critical business functions and the impact of disruptions?

Question 32mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

During a BIA, the maximum tolerable downtime for a critical application is determined to be 4 hours. The IT team estimates system recovery will take 2 hours, but additional manual work to reconcile data will take 1 hour. What is the Recovery Time Objective (RTO)?

Question 33hardmultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A company has a Recovery Point Objective (RPO) of 1 hour for its financial database. It performs full backups every night at 11 PM and incremental backups every 4 hours. If the system fails at 2:30 PM, what is the maximum data loss in terms of time?

Question 34easymultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

Which recovery site strategy provides the fastest Recovery Time Objective (RTO), typically within hours, by maintaining a fully operational mirrored environment?

Question 35mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A company uses a reciprocal agreement for disaster recovery. What is a primary risk of this strategy?

Question 36mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

An organization needs to prioritize recovery of systems after a disaster. Which metric directly indicates the maximum acceptable outage time for a business function?

Question 37mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

Which backup strategy offers the fastest restore time but requires the most storage space?

Question 38hardmultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A company follows the 3-2-1 backup rule. It has two full backups: one on an external hard drive in the server room and one on tape in a safe on-site. Which step should be taken to fully comply with the rule?

Question 39easymultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

During which phase of the incident response process would the team identify the root cause of a security incident?

Question 40mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A company experiences a data breach involving personal data of EU residents. Under GDPR, what is the maximum time within which the organization must notify the supervisory authority?

Question 41hardmultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

During an incident, a security analyst identifies a SQL injection attack. The team contains the threat by blocking the attacker's IP. Which step should be performed next in the incident response process?

Question 42mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

Which incident category involves an attempt to make a system or network resource unavailable to its intended users?

Question 43mediummulti select
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A company is implementing a backup strategy. Which TWO of the following are characteristics of incremental backups? (Choose two.)

Question 44hardmulti select
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A security team is developing an incident response plan. Which THREE of the following are essential components of crisis communications during a data breach? (Choose three.)

Question 45easymulti select
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

Which TWO of the following are common indicators of a potential data breach? (Choose two.)

Question 46easymultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A company is creating a business continuity plan. Which analysis should be performed first to identify critical business functions and their dependencies?

Question 47mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

After a ransomware attack, the IT team restores systems from backups. The CEO asks how quickly data can be recovered. Which metric addresses the acceptable amount of data loss?

Question 48hardmultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

An organization's BIA determines that the payroll system has a Maximum Tolerable Downtime (MTD) of 4 hours. The current recovery plan has an RTO of 2 hours and an RPO of 1 hour. What is the maximum Work Recovery Time (WRT) allowed to meet the MTD?

Question 49easymultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

Which type of recovery site is pre-configured with hardware and software, but does not have live data, typically requiring days to become operational?

Question 50mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A company uses a backup strategy where on Monday a full backup is taken, and on Tuesday only data changed since Monday is backed up. On Wednesday, the backup includes all data changed since Monday. What type of backup is the Wednesday backup?

Question 51mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

During an incident, the incident response team identifies that a malware infection is spreading. They isolate affected systems to prevent further damage. Which phase of the incident response process are they performing?

Question 52hardmultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A security analyst detects unusual outbound traffic from a server that suggests a data breach. According to GDPR, within what timeframe must the organization notify the supervisory authority?

Question 53mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

An organization is adopting the 3-2-1 backup rule. They currently have data on a primary server and a daily backup to an external hard drive. To comply with the rule, what is the minimum additional requirement?

Question 54easymultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

Which incident category involves an attacker tricking an employee into revealing credentials?

Question 55hardmultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

During a disaster, an organization activates a reciprocal agreement with another company. What is a primary risk associated with this strategy?

Question 56mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

An organization's backup schedule: Full backup every Sunday, incremental backups Monday-Saturday. If a failure occurs on Thursday, how many backup sets are needed to restore the data?

Question 57easymultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

Which phase of the incident response process involves restoring systems to normal operations and confirming they are functioning correctly?

Question 58mediummulti select
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A security analyst is prioritizing incidents based on severity. Which TWO factors are most important for determining incident severity?

Question 59hardmulti select
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

After a major power outage, an organization needs to declare a disaster and activate its DRP. Which THREE elements should be included in the initial crisis communication?

Question 60mediummulti select
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

An organization is choosing a backup strategy to minimize restore time. Which TWO backup types require only the most recent full backup and the latest differential backup to restore?

Question 61easymultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

An organization is creating a Business Continuity Plan (BCP). Which analysis should be performed first to identify critical business functions and their dependencies?

Question 62mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A company's critical database must be recovered within 4 hours after a disaster, and they can tolerate losing up to 1 hour of data. During a disaster, after the systems are restored, it takes an additional 30 minutes to verify data integrity and resume normal operations. Which metric is represented by the 4-hour requirement?

Question 63hardmultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A financial institution requires near-instantaneous recovery of its trading platform after a disaster. The recovery time objective (RTO) is 2 hours, and the recovery point objective (RPO) is 15 minutes. Which recovery site strategy best meets these requirements?

Question 64mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

During a disaster recovery test, the IT team discovers that restoring all data from full backups takes 48 hours, exceeding the RTO. Which backup strategy would reduce restore time while maintaining a similar backup window?

Question 65easymultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

Which backup method copies all data that has changed since the last full backup, regardless of subsequent incremental or differential backups?

Question 66mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A hospital's electronic health record (EHR) system must be available 24/7. The disaster recovery plan specifies an RTO of 4 hours and an RPO of 1 hour. Which combination of backup and site strategy best meets these objectives?

Question 67hardmultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

An organization uses a 3-2-1 backup strategy. They have a primary full backup on a local NAS, a second copy on tape stored offsite, and a third copy in the cloud. During a ransomware attack, the local NAS and the tape library are both encrypted. Which copy should be used for recovery?

Question 68easymultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

Which phase of the incident response process involves actions to stop the incident from causing further damage, such as isolating affected systems?

Question 69mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A security analyst detects unusual outbound network traffic from a server that normally does not communicate externally. After confirming a malware infection, the analyst isolates the server from the network. Which incident response phase is the analyst performing?

Question 70hardmultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

During a data breach investigation, the incident response team discovers that personally identifiable information (PII) of EU residents was exfiltrated. Under GDPR, what is the maximum time frame for notifying the supervisory authority?

Question 71mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

Which type of incident involves an attacker attempting to make a system or network resource unavailable to legitimate users?

Question 72easymultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

After an incident is resolved, which phase involves reviewing what happened, documenting lessons learned, and updating procedures?

Question 73mediummulti select
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A company is selecting a recovery site strategy. Which TWO factors should be considered when choosing between a hot site and a warm site? (Select TWO.)

Question 74hardmulti select
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

An organization is updating its incident response plan. Which THREE elements should be included in the preparation phase? (Select THREE.)

Question 75mediummulti select
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

During a ransomware incident, the incident response team needs to communicate with stakeholders. According to best practices, which TWO groups should be notified immediately? (Select TWO.)

Question 76easymultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

An organization wants to ensure that its critical business functions can continue operating during a disruption. Which plan specifically addresses keeping the business running during a disruption?

Question 77mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A company's Business Impact Analysis (BIA) determines that its online payment system can tolerate a maximum of 2 hours of downtime. The IT team estimates that restoring the system from backups will take 1 hour, and the team needs another 30 minutes to verify data integrity and resume normal operations. Which metric does the 30-minute verification period represent?

Question 78mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

An organization is selecting a recovery site strategy that offers the fastest recovery time, measured in hours, to minimize downtime for critical applications. Which recovery site type best meets this requirement?

Question 79mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A company performs a full backup every Sunday and incremental backups on other days. On Wednesday, a server failure occurs. Which backups are needed to restore the server to its state at Tuesday's backup?

Question 80hardmultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

During an incident, a security analyst detects unusual network traffic from a workstation that is exfiltrating data to an external IP address. The analyst isolates the workstation. Which incident response phase does the isolation action belong to?

Question 81easymultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

Which backup strategy requires the least amount of time to perform a daily backup but the most time to perform a full restore?

Question 82mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A healthcare organization experiences a data breach involving protected health information (PHI). Under GDPR, within how many hours must the organization notify the relevant supervisory authority?

Question 83hardmultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

An organization has an RTO of 4 hours and an RPO of 1 hour for its customer database. After a disaster, the IT team restores the database from backups that are 2 hours old, and the system becomes operational in 3 hours. Which of the following is true?

Question 84mediummultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

Which phase of the incident response process involves restoring systems to normal operation and applying patches to prevent recurrence?

Question 85easymultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

Which of the following is a key component of the 3-2-1 backup rule?

Question 86hardmultiple choice
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A company has a reciprocal agreement with another organization for disaster recovery. During a major outage, the company attempts to activate the agreement but finds that the partner's facility is also impacted by the same disaster. This scenario highlights a primary disadvantage of which recovery strategy?

Question 87mediummulti select
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

During a security incident, a company must notify stakeholders without revealing sensitive details that could worsen the situation. Which TWO groups should typically be notified immediately according to incident response best practices? (Select TWO)

Question 88mediummulti select
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

An organization is implementing backup strategies. Which THREE are characteristics of differential backups? (Select THREE)

Question 89hardmulti select
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

An incident response team is analyzing a data breach. Which THREE actions are part of the 'Lessons Learned' phase? (Select THREE)

Question 90hardmulti select
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A company is planning its backup strategy and wants to minimize storage usage while ensuring fast restores. Which TWO backup types should the company consider as primary and secondary backups? (Select TWO)

Question 91mediummulti select
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A financial services company is conducting a Business Impact Analysis (BIA) for its online banking platform. Which TWO of the following are correctly defined metrics used in BIA?

Question 92hardmulti select
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

During a ransomware incident, the incident response team has completed the containment and eradication phases. According to the NIST incident response framework, which THREE of the following activities are part of the post-incident activity phase?

Question 93easymulti select
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

A company is evaluating backup strategies for its critical database. Which TWO of the following are correct statements about backup types?

Question 94mediummulti select
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

An organization is re-evaluating its disaster recovery site options. Which TWO of the following describe characteristics of a warm site?

Question 95hardmulti select
Read the full Business Continuity, Disaster Recovery, and Incident Response explanation →

An organization experiences a data breach involving personally identifiable information (PII) of European Union residents. According to GDPR, which THREE of the following are required actions?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

ISC2 CC Practice Test 1 — 25 Questions→ISC2 CC Practice Test 2 — 25 Questions→ISC2 CC Practice Test 3 — 25 Questions→ISC2 CC Practice Test 4 — 25 Questions→ISC2 CC Practice Test 5 — 25 Questions→ISC2 CC Practice Exam 1 — 20 Questions→ISC2 CC Practice Exam 2 — 20 Questions→ISC2 CC Practice Exam 3 — 20 Questions→ISC2 CC Practice Exam 4 — 20 Questions→Free ISC2 CC Practice Test 1 — 30 Questions→Free ISC2 CC Practice Test 2 — 30 Questions→Free ISC2 CC Practice Test 3 — 30 Questions→ISC2 CC Practice Questions 1 — 50 Questions→ISC2 CC Practice Questions 2 — 50 Questions→ISC2 CC Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Security PrinciplesBusiness Continuity, Disaster Recovery, and Incident ResponseAccess Controls ConceptsSecurity OperationsNetwork SecurityBusiness Continuity, DR & Incident Response

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Business Continuity, Disaster Recovery, and Incident Response setsAll Business Continuity, Disaster Recovery, and Incident Response questionsISC2 CC Practice Hub