Question 7 - BCI CBCI Real Exam Questions [March 2026 Update]

Q: 7

Which of the following is used to determine the organization's prioritised activities and the recovery timeframes and resource requirements?

Options

Discussion

Nathan O. Feb 24, 2026 7:47 am

C . D sounds tempting but only BIA gives formal outputs for priorities and recovery needs. D’s a trap here.

Sam Mar 5, 2026 2:19 am

C . The question points to BIA, not risk assessment. A is a trap here since it's just about threats.

Skyler L. Feb 28, 2026 11:20 am

C tbh. Business Impact Analysis is what gives you the priorities and sets RTOs/MTPDs plus resource needs. A (risk assessment) checks for threats, but doesn't determine recovery timeframes directly. D is too vague, B is just testing the plan. Seen similar questions on practice exams-pretty sure C is what they're after here, but happy to hear other takes.

Ryan S. Feb 22, 2026 10:10 am

Probably C, BIA is what sets the official recovery timeframes and priorities. Meetings (D) help but don't deliver formal requirements.

Ryan Feb 25, 2026 3:36 am

If it's more about gathering requirements from business owners directly, D might make sense.

Drew W. Feb 21, 2026 1:08 am

HelpfulDev1583 Feb 18, 2026 3:44 pm

Feels like C since BIA is the formal method to set priorities and recovery objectives. Official study guides always highlight BIA for this, textbooks too. Pretty sure that's what exam questions focus on.

Neha I. Feb 15, 2026 11:11 am

Its C. Only a formal BIA covers prioritized activities, recovery timeframes, and resource needs-if you want compliance or audit proof, meetings alone (D) won’t cut it. Unless the org is super informal and ignores BCM standards, C fits best.

Riley G. Mar 4, 2026 4:04 am

Don't think it's D. C is the one that sets priorities, recovery times and resource needs formally.

Arjun G. Feb 28, 2026 3:24 pm

I think C is the match here. BIA actually formalizes priorities and recovery timeframes, not just gathering input like in D.

Be respectful. No spam.

Correct Answer:

Explanation

The Business Impact Analysis (BIA) is the formal and foundational process within Business Continuity Management used to identify an organization's critical products, services, and their supporting activities. It analyzes the impacts of a disruption to these activities over time. The primary outputs of a BIA are the prioritization of activities, the determination of maximum tolerable periods of disruption (MTPD), and the establishment of Recovery Time Objectives (RTOs), which define the required recovery timeframes. The BIA also identifies the minimum level of resources (e.g., people, technology, facilities, suppliers) needed to achieve recovery.

Why Incorrect

A. A risk assessment identifies and analyzes potential threats and vulnerabilities, not the time-sensitive impact of a disruption on specific business activities.

B. An exercise is conducted to validate and improve existing business continuity plans and capabilities, not to initially determine requirements and priorities.

D. A meeting with owners of product and services activities is a data-gathering technique used during a BIA, but it is not the comprehensive analysis process itself.

References

1. Business Continuity Institute (BCI), Good Practice Guidelines (GPG), 2018 Edition.

Section 4.3, Business Impact Analysis (BIA): "The BIA is the process of analysing the business activities and the effect that a business disruption might have upon them... The BIA process enables the organization to: quantify the impacts of a disruption...; identify the priority for the recovery of products and services and their supporting activities and resources; [and] determine the RTO for each activity..."

2. ISO 22301:2019, Security and resilience — Business continuity management systems — Requirements.

Clause 8.2.2, Business impact analysis and risk assessment: This clause mandates that the organization's BIA process shall "a) identify the products and services... and the activities that support their provision;" "b) determine the time frames for resuming disrupted activities... at a specified minimum acceptable level;" and "c) identify the dependencies and determine the resources required by the prioritized activities..."

3. Hiles, A. (2011). The Definitive Handbook of Business Continuity Management (3rd ed.). Wiley.

Chapter 12, The Business Impact Analysis Stage: "The BIA is the process that identifies the critical business processes of an organization, the resources required to support them, and the impact of a failure of these processes over time... The BIA will provide the data from which the appropriate continuity strategy can be determined." (Paraphrased from concepts throughout the chapter).

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE