100+ Free CBCI Practice Questions

Pass your BCI Certificate (CBCI) v7.0 exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately

Not published Pass Rate

100+ Questions

100% Free

1 / 100

Question 1

Score: 0/0

An organisation's head of BC has just received the BIA report. It shows that the customer order management process has an MTPD of 4 hours, but current IT recovery capabilities would take 8 hours to restore the supporting system. What is the MOST appropriate next step?

Revise the MTPD to 8 hours to match IT capability

Identify and implement an interim BC strategy that bridges the 4-hour gap until IT capability is improved

Immediately activate the BC plan as the gap represents an ongoing crisis

Accept the risk and document it in the risk register without further action

to track

2026 Statistics

Key Facts: CBCI Exam

90 MCQ

Exam Questions

BCI

63%

Pass Mark

BCI

77%

Merit Threshold

BCI

90 min

Exam Duration

BCI

GPG 7.0

Exam Syllabus

BCI

ISO 22301:2019

Aligned Standard

ISO/IEC

The CBCI is a 90-question, 90-minute multiple-choice exam based on the BCI Good Practice Guidelines 7.0, covering six Professional Practices: PP1 (Policy & Programme Management), PP2 (Embedding BC), PP3 (Analysis/BIA), PP4 (Design), PP5 (Implementation), and PP6 (Validation). Pass mark is 63%; merit is 77%.

Sample CBCI Practice Questions

Try these sample questions to test your CBCI exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1According to the BCI Good Practice Guidelines (GPG) 7.0, which Professional Practice focuses on establishing the policy and framework for the entire business continuity programme?

A.PP1 – Policy and Programme Management

B.PP2 – Embedding Business Continuity

C.PP3 – Analysis

D.PP6 – Validation

Explanation: PP1 – Policy and Programme Management is the foundational professional practice in the BCI GPG 7.0. It covers establishing the BC policy, defining programme scope and governance, securing senior management commitment, and setting the overall framework within which the other five PPs operate.

2Under the BCI GPG 7.0, the Maximum Tolerable Period of Disruption (MTPD) is best described as:

A.The total duration an organisation's operations could survive without the affected activity before viability is threatened

B.The time within which a minimum level of service must be resumed after a disruption

C.The time required to recover IT systems to normal operational levels

D.The acceptable amount of data loss measured in time from the point of disruption

Explanation: MTPD (also called Maximum Acceptable Outage, MAO) is the duration beyond which the consequences of disruption to a business activity become unacceptable, threatening organisational survival. It defines an absolute upper boundary for recovery time objectives. RTO must always be set shorter than MTPD.

3A Business Impact Analysis (BIA) is primarily used to:

A.Assess the impact of disruption on critical business activities and determine recovery requirements

B.Identify the probability and likelihood of specific threats materialising

C.Develop crisis communication templates for stakeholder notification

D.Evaluate the effectiveness of existing continuity plans through tabletop exercises

Explanation: The BIA is the cornerstone of PP3 (Analysis) in the GPG 7.0. It systematically evaluates the consequences of disrupting business activities — financial, reputational, regulatory, and operational — and produces key metrics such as RTO, RPO, MTPD, and MBCO that inform continuity strategy and plan design.

4ISO 22301:2019 defines 'business continuity' as:

A.The capability of an organisation to continue the delivery of products or services at acceptable predefined levels following a disruptive incident

B.A process that ensures IT systems are resilient to cyber-attacks and natural disasters

C.A management framework for identifying, assessing, and treating risks that could interrupt operations

D.A set of documented procedures invoked during an incident to guide recovery activities

Explanation: ISO 22301:2019 defines business continuity as the capability of an organisation to continue delivery of products or services at acceptable predefined levels following a disruptive incident. This definition underpins both the standard's requirements and the BCI GPG 7.0 which aligns with it.

5Which BCI GPG 7.0 Professional Practice is most concerned with integrating BC awareness, culture, and competence throughout an organisation's day-to-day activities?

A.PP2 – Embedding Business Continuity

B.PP1 – Policy and Programme Management

C.PP5 – Implementation

D.PP6 – Validation

Explanation: PP2 – Embedding Business Continuity focuses on making BC part of the organisation's normal operations and culture. It covers training, awareness campaigns, aligning BC with change management, and ensuring that BC considerations are embedded into procurement, projects, and HR processes.

6The Recovery Point Objective (RPO) defines:

A.The maximum time allowed to recover a business activity to an acceptable service level

B.The maximum tolerable period of disruption before organisational viability is threatened

C.The point in time to which data must be restored following a disruption

D.The minimum business continuity objective acceptable to stakeholders during an incident

Explanation: RPO specifies the maximum acceptable age of the data that must be recovered — in other words, how far back in time recovery systems must go to restore data integrity after a disruption. For example, an RPO of 4 hours means no more than 4 hours of data can be lost.

7In the context of the BCI GPG 7.0, which of the following is the MOST appropriate first step when establishing a new business continuity programme?

A.Develop and obtain approval for a business continuity policy

B.Conduct a full business impact analysis across all business units

C.Identify the organisation's critical IT recovery time objectives

D.Select an appropriate BC strategy for each critical activity

Explanation: PP1 of the GPG 7.0 requires that a BC policy be established first to set the scope, mandate, and commitment of senior management. Without an approved policy, subsequent BIA work, strategy selection, and plan development lack formal authority and organisational direction.

8During a BIA, a finance department states that if their payment processing activity were disrupted for 24 hours, the financial loss would be £2M and regulatory breach fines would apply. This information is used to determine:

A.The MTPD and RTO for the payment processing activity

B.The likelihood score of a payment processing outage occurring

C.The risk appetite threshold for the organisation's ERM framework

D.The budget required for the organisation's BC programme

Explanation: BIA data about the impact of disruption over time — financial losses, regulatory exposure, reputational damage — is used to calculate the MTPD and set appropriate RTOs for each activity. The 24-hour data point, combined with impact severity, helps define how quickly the activity must be recovered.

9Which of the following BEST describes the Minimum Business Continuity Objective (MBCO)?

A.The minimum level of services or products that is acceptable to the organisation to achieve its business objectives during a disruption

B.The level of service below which the organisation would prefer to close down rather than continue operating

C.The minimum number of staff required to operate the organisation during normal business hours

D.The lowest acceptable recovery time objective for any critical process

Explanation: MBCO, defined in the GPG 7.0 and aligned with ISO 22301, is the minimum level of services or products an organisation must deliver during a disruption to meet its objectives and stakeholder obligations. It is a threshold below which recovery is still considered acceptable, though not at full capacity.

10A tabletop exercise in PP6 (Validation) is BEST described as:

A.A discussion-based walkthrough of a scenario in which participants review plans and identify gaps without operational disruption

B.A full-scale simulation in which staff physically enact recovery procedures at an alternate site

C.An unannounced live test of the incident management team's response to a real or simulated event

D.A technical drill focused solely on IT failover to a secondary data centre

Explanation: A tabletop exercise is a discussion-based validation technique where key stakeholders talk through how they would respond to a hypothetical scenario, referencing existing plans to identify gaps, ambiguities, and areas needing improvement — all without operational disruption or physical mobilisation.

About the CBCI Exam

The BCI Certificate (CBCI) is the Business Continuity Institute's entry-level knowledge certification, validating understanding of the BCI Good Practice Guidelines 7.0 and its alignment with ISO 22301:2019.

Questions

90 scored questions

Time Limit

90 minutes

Passing Score

63% (57/90); merit at 77% (69/90)

Exam Fee

Typically bundled into BCI-approved GPG 7.0 training course fee (Business Continuity Institute (BCI))

CBCI Exam Content Outline

~16%

Policy and Programme Management (PP1)

BC policy development, programme governance, scope, senior management commitment, and organisational context

~14%

Embedding Business Continuity (PP2)

BC culture and awareness, change management integration, procurement requirements, and BC champion networks

~18%

Analysis (PP3)

Business impact analysis, cause-agnostic BIA methodology, threat and risk assessment, RTO, RPO, MTPD, and MBCO

~18%

Design (PP4)

BC strategy selection, alternate sites, manual workarounds, supply chain continuity, and resource strategy design

~18%

Implementation (PP5)

BC plan structure and content, incident management plans, crisis management, response teams, and activation procedures

~16%

Validation — Exercising, Maintenance & Review (PP6)

Exercise programme design, tabletop and live exercises, plan maintenance triggers, internal audit, and management review

How to Pass the CBCI Exam

What You Need to Know

Passing score: 63% (57/90); merit at 77% (69/90)
Exam length: 90 questions
Time limit: 90 minutes
Exam fee: Typically bundled into BCI-approved GPG 7.0 training course fee

Keys to Passing

Complete 500+ practice questions
Score 80%+ consistently before scheduling
Focus on highest-weighted sections
Use our AI tutor for tough concepts

CBCI Study Tips from Top Performers

1Master the six PP lifecycle: PP1 (Policy) → PP2 (Embed) → PP3 (Analyse) → PP4 (Design) → PP5 (Implement) → PP6 (Validate) — questions often test which PP an activity belongs to

2Know the four BIA metrics precisely: MTPD, RTO (must be ≤ MTPD), RPO, and MBCO — and the difference between each

3Understand the five GPG 7.0 resource categories: People, Premises, Technology, Information, Suppliers — BIA must assess all five

4Know the exercise types in PP6: tabletop (discussion-only), functional/live (physical mobilisation), full-scale/simulation — and when each is appropriate

5Map ISO 22301 clauses to PDCA: Clause 6=Plan, Clause 8=Do, Clause 9=Check, Clause 10=Act — useful for standard-alignment questions

Frequently Asked Questions

What is the CBCI exam format?

The CBCI is a 90-question multiple-choice exam with a 90-minute time limit. It is delivered online under proctored conditions through a BCI-approved training provider. The pass mark is 63% (57 out of 90 questions); a merit is awarded at 77% (69 out of 90 questions).

What does the CBCI exam cover?

The CBCI is based entirely on the BCI Good Practice Guidelines (GPG) 7.0 and its alignment with ISO 22301:2019. The six Professional Practices — PP1 Policy & Programme Management, PP2 Embedding BC, PP3 Analysis/BIA, PP4 Design, PP5 Implementation, and PP6 Validation — form the entire exam syllabus.

Do I need work experience to sit the CBCI?

No. The CBCI is the BCI's entry-level knowledge certification and has no formal work experience prerequisite. However, the BCI strongly recommends completing a BCI-approved GPG 7.0 training course before attempting the exam. After gaining BC work experience, CBCI holders can apply for MBCI membership.

What is the difference between the CBCI and the MBCI?

The CBCI (Certificate) is a knowledge-based certification requiring no prior experience. The MBCI (Member of the BCI) is a competency-based membership grade requiring demonstrated BC work experience and a portfolio submission. CBCI is the typical starting point before applying for MBCI.

How does BCI GPG 7.0 relate to ISO 22301?

The BCI Good Practice Guidelines 7.0 is a guidance framework describing how to implement effective business continuity through six Professional Practices. ISO 22301:2019 is the certifiable international standard specifying what a BCMS must do. GPG 7.0 is designed to align with ISO 22301 — following GPG good practice helps organisations meet ISO 22301 requirements.

What are the most important metrics to know for the CBCI?

The key BIA metrics are: MTPD (Maximum Tolerable Period of Disruption — the absolute ceiling for recovery before viability is threatened), RTO (Recovery Time Objective — the target recovery time, must be ≤ MTPD), RPO (Recovery Point Objective — maximum acceptable data loss in time), and MBCO (Minimum Business Continuity Objective — the minimum acceptable service level during disruption).