CompTIA CySA+ (CS0-003) — Question 296

Which of the following should be performed first when creating a BCP to ensure that all critical functions and financial implications have been considered?

Answer options

• A. Failover test
• B. Tabletop exercise
• C. Security policies
• D. Business impact analysis

Correct answer: D

Explanation

The Business Impact Analysis (BIA) is crucial as it identifies the critical functions and assesses the financial impact of disruptions, which should be the first consideration in a BCP. The other options, such as failover tests and tabletop exercises, are important but occur after the BIA has established the priorities and impacts of various business functions.