Isaca Updated CISA Exam Questions and Answers by allegra

The primary difference between a Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP) lies in their timeframe for activation and overall scope.

BCP (Business Continuity Plan):

Focuses on ensuring that critical business processes continue operating during and after a disruption.

It includes strategies for maintaining operations (e.g., alternative work locations, manual procedures, supplier dependencies).

Activated immediately when a disruption occurs to keep the business running.

DRP (Disaster Recovery Plan):

Primarily focuses on the recovery of IT systems and infrastructure after a disruption.

It includes steps for restoring data, servers, and applications to bring IT operations back to normal.

Activated after the disaster event to restore normal IT operations.

The timeframe for activation is the key difference because:

BCP is implemented immediately to ensure business continuity.

DRP is implemented after the disaster to restore IT operations.

A. The annual testing requirements → Both BCP and DRP require regular testing, so this is not the key differentiator.

B. The focus on system recovery → Only DRP focuses on system recovery, but the BCP covers more than just IT. The key difference is still the timeframe.

D. The involvement of senior management → Senior management is involved in both plans, so this is not the primary distinction.

Comprehensive and Detailed Step-by-Step Explanation:

Normalizationis the process ofstructuring log datainto a standard format for easy analysis and correlation across multiple systems.

Normalization (Correct Answer – D)

Ensures consistency in log file formats.

Helps security analysts detect patterns and anomalies.

Example:Converting log timestamps into a standardized format (UTC).

Extraction (Incorrect – A)

Retrieves data but does not format it for analysis.

Data Acquisition (Incorrect – B)

Refers to collecting data, not structuring it.

Imaging (Incorrect – C)

Creates copies of disk storage but is unrelated to log analysis.