New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 CISSP Exam - Topic 5 Question 107 Discussion

Actual exam question for ISC2's CISSP exam
Question #: 107
Topic #: 5
[All CISSP Questions]

Which of the following BEST describes the objectives of the Business Impact Analysis (BIA)?

Show Suggested Answer Hide Answer
Suggested Answer: B

The best description of the objectives of the Business Impact Analysis (BIA) is identifying what is important and critical based on disruptions that can affect the organization. A BIA is a process that involves the identification, analysis, and evaluation of the potential impacts or consequences of the disruptions or interruptions that may affect the organization, such as natural disasters, human errors, or cyberattacks. A BIA can help to determine the criticality, priority, or dependency of the business functions, processes, or activities, as well as the resources, assets, or systems, that support or enable the business functions, processes, or activities, by using various methods or techniques, such as interviews, surveys, or simulations, to collect or gather the relevant data or information, such as the recovery time objectives, recovery point objectives, or maximum tolerable downtime, that can measure or quantify the impacts or consequences of the disruptions or interruptions. A BIA can also help to identify the requirements, strategies, or solutions, such as backup, redundancy, or contingency, that can prevent, mitigate, or recover from the impacts or consequences of the disruptions or interruptions, by using various methods or techniques, such as risk assessment, gap analysis, or cost-benefit analysis, to evaluate or compare the risks, gaps, or costs of the disruptions or interruptions, as well as the benefits, advantages, or effectiveness of the requirements, strategies, or solutions. Identifying the events and environmental factors that can adversely affect an organization, establishing the need for a Business Continuity Plan (BCP) based on threats that can affect an organization, or preparing a program to create an organizational awareness for executing the Business Continuity Plan (BCP) are not the best descriptions of the objectives of the BIA, as they are either more related to the concepts of risk analysis, business continuity planning, or business continuity management, which are the processes that are performed or supported by the BIA, rather than the BIA itself.Reference:CISSP All-in-One Exam Guide, Eighth Edition, Chapter 7: Security Operations, page 443;CISSP Official (ISC)2 Practice Tests, Third Edition, Domain 7: Security Operations, Question 7.12, page 275.


by Kirk at Aug 13, 2025, 06:15 PM

Limited Time Offer

25%

Off

Get Premium CISSP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Galen
2 months ago
Wait, isn’t A also a big part of BIA? Seems like it could fit too.
upvoted 0 times
...
Royal
2 months ago
Totally agree, option B nails it!
upvoted 0 times
...
Lura
3 months ago
I think C is more accurate, it’s about establishing the need for a BCP.
upvoted 0 times
...
Silva
3 months ago
I didn’t realize BIA was so focused on disruptions, that’s interesting!
upvoted 0 times
...
Mose
3 months ago
BIA is all about identifying critical disruptions.
upvoted 0 times
...
Buck
3 months ago
I thought the BIA was more about awareness and preparation, which makes me think option D could be relevant, but I’m not entirely convinced.
upvoted 0 times
...
Brice
4 months ago
I practiced a question similar to this, and I feel like identifying events is important too, but I don’t know if that’s the main objective.
upvoted 0 times
...
Chuck
4 months ago
I remember something about BIA focusing on threats, but I’m not sure if that means option C is the best choice.
upvoted 0 times
...
Berry
4 months ago
I think the BIA is mainly about identifying what’s critical for the organization, so I’m leaning towards option B.
upvoted 0 times
...
Reuben
4 months ago
I remember the BIA is about understanding the organization's critical processes and the consequences of them being disrupted. So I'd say B is the best description of the BIA's objectives.
upvoted 0 times
...
Slyvia
4 months ago
Okay, let me think this through. The BIA is focused on understanding the potential impacts of disruptions, so I think A and B are both relevant. But B seems to capture the core purpose more directly, so that's my pick.
upvoted 0 times
...
Ty
4 months ago
Hmm, I'm a bit unsure here. I know the BIA is supposed to help with business continuity planning, but I'm not sure if the options fully capture the objectives. I might need to review my notes again.
upvoted 0 times
...
Nida
5 months ago
I'm pretty confident about this one. The BIA is all about identifying critical business functions and the impact of disruptions, so I think B is the best answer.
upvoted 0 times
...
Johnna
5 months ago
I agree, B is the best answer. The BIA is all about understanding the organization's critical processes and dependencies.
upvoted 0 times
...
Yen
5 months ago
I think the answer is C, establishing the need for a Business Continuity Plan.
upvoted 0 times
...
Iluminada
5 months ago
I believe it's A, identifying events and factors that can affect the organization.
upvoted 0 times
...
Shawn
5 months ago
I agree with Karon, identifying what is important and critical makes sense.
upvoted 0 times
...
Deandrea
6 months ago
Option B seems to cover the key objectives of a BIA - identifying critical business functions and the impact of disruptions.
upvoted 0 times
Queenie
5 months ago
User 2: I agree, it's all about identifying what's important and critical.
upvoted 0 times
...
Cherelle
5 months ago
User 1: I think option B is the best choice.
upvoted 0 times
...
...
Karon
6 months ago
I think the answer is B.
upvoted 0 times
...

Save Cancel