Which technique is used in BCP to determine which business processes are critical and how long they can be down?
A CISSP practice question covering Domain 1: Security and Risk Management. Try answering before reading the explanation below.
Show options & answer
Why "BIA — Business Impact Analysis" is the right answer
BIA identifies critical processes, dependencies, and tolerable outage durations — feeding RTO/RPO/MTD targets. Vuln scans and pen tests assess security posture, not business criticality. Declaration is an event, not analysis.
Study videos for this topic
Want to go deeper on Domain 1? Watch the full breakdown — every video is free, no account, no upsell.
CISSP Domain 1: Ethics & the 5 Pillars (Canon Order)
Domain 1 — Security and Risk Management
CISSP Domain 1: Governance, Roles & Due Care (2026)
Domain 1 — Security and Risk Management
CISSP Domain 1: Laws, IP & GDPR (Compliance)
Domain 1 — Security and Risk Management
CISSP Domain 1: Investigation Types & Security Docs
Domain 1 — Security and Risk Management
Take the full CISSP practice test
120 questions, instant explanations, study-video links on every miss. No account.