A preparedness test is a localized version of a full test, wherein resources are expended in the simulation of a system crash. This test is performed regularly on different aspects of the plan and can be a cost-effective way to gradually obtain evidence about the plan's effectiveness. It also provides a means to improve the plan in increments. A paper test is a walkthrough of the plan, involving major players, who attempt to determine what might happen in a particular type of service disruption in the plan's execution. A paper test usually precedes the preparedness test. A post-test is actually a test phase and is comprised of a group of activities, such as returning all resources to their proper place, disconnecting equipment, returning personnel and deleting all company data from third-party systems. A walkthrough is a test involving a simulated disaster situation that tests the preparedness and understanding of management and staff, rather than the actual resources.

Explanation
The primary factor to determine system criticality within an organization is the maximum allowable downtime (MAD). MAD is the maximum time frame during which recovery must become effective before an outage compromises the ability of an organization to achieve its business objectives and/or survival. MAD reflects the business impact of a system outage on the organization's operations, reputation, compliance, and finances.
MAD can help to prioritize system recovery efforts, allocate resources, and establish recovery objectives.

Section: Governance and Management of IT

Section: Protection of Information Assets
Explanation/Reference:
A "banana attack" is another particular type of DoS. It involves redirecting outgoing messages from the
client back onto the client, preventing outside access, as well as flooding the client with the sent packets.
The Banana attack uses a router to change the destination address of a frame. In the Banana attack:
A compromised router copies the source address on an inbound frame into the destination address.
The outbound frame bounces back to the sender.
This sender is flooded with frames and consumes so many resources that valid service requests can no
longer be processed.
The following answers are incorrect:
Brute force attack - Brute force (also known as brute force cracking) is a trial and error method used by
application programs to decode encrypted data such as passwords or Data Encryption Standard (DES)
keys, through exhaustive effort (using brute force) rather than employing intellectual strategies. Just as a
criminal might break into, or "crack" a safe by trying many possible combinations, a brute force cracking
application proceeds through all possible combinations of legal characters in sequence. Brute force is
considered to be an infallible, although time-consuming, approach.
Buffer overflow - A buffer overflow occurs when a program or process tries to store more data in a buffer
(temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite
amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers,
corrupting or overwriting the valid data held in them. Although it may occur accidentally through
programming error, buffer overflow is an increasingly common type of security attack on data integrity.
Pulsing Zombie - A Dos attack in which a network is subjected to hostile pinging by different attacker
computer over an extended time period.
Following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 321