After a tabletop exercise has been performed, the next step would be a functional test, which includes the mobilization of staff to exercise the administrative and organizational functions of a recovery. Since the IT part of the recovery has been tested for years, it would be more efficient to verify and optimize the business continuity plan (BCP) before actually involving IT in a full-scale test. The full-scale test would be the last step of the verification process before entering into a regular annual testing schedule. A full-scale test in the situation described might fail because it would be the first time that the plan is actually exercised, and a number of resources (including IT) and time would be wasted. The walk-through test is the most basic type of testing. Its intention is to make key staff familiar with the plan and discuss critical plan elements, rather than verifying its adequacy. The recovery of applications should always be verified and approved by the business instead of being purely IT-driven. A disaster recovery test would not help in verifying the administrative and organizational parts of the BCP which are not IT-related.
Topic 8, Mixed Questions

Section: Protection of Information Assets
Explanation:
Database commits ensure the data are saved to disk, while the transaction processing is underway or
complete. Rollback ensures that the already completed processing is reversed back, and the data already
processed are not saved to the disk in the event of the failure of the completion of the transaction
processing. All other options do not ensure integrity while processing is underway.

Parity bits are a control used to validate data completeness.

Section: Protection of Information Assets
Explanation:
Intrusion Detection Systems are designed to detect network attacks in progress and assist in post-attack
forensics, while audit trails and logs serve a similar function for individual systems.