All Practice Exams

100+ Free MBCP Practice Questions

Pass your MBCP Master Business Continuity Professional exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
Not published Pass Rate
100+ Questions
100% Free

Loading practice questions...

Same family resources

Explore More Business Continuity Certifications

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

2026 Statistics

Key Facts: MBCP Exam

4 hours

Master's Case Study Exam Duration

DRI International FAQ (drii.org/faq)

75%

Passing Score

DRI International exam page (drii.org)

$750

Master's Case Study Exam Fee

DRI International FAQ — all DRI exams are $750

$500

MBCP Application Fee

DRI Certification Requirements chart (PDF)

5 years

Experience Requirement

DRI Certification Requirements chart (PDF)

80 CEAPs

Recertification (per 2-year period)

DRI Maintaining Certification page

Per DRI International's published certification requirements chart and FAQ, the MBCP Master's Case Study Examination is a 4-hour written essay exam requiring integrated analysis across all ten Professional Practices, with a 75% passing score. The exam fee is $750 (all DRI exams are $750 per the DRI FAQ), the MBCP application fee is $500, and the annual renewal fee is $250 per the published requirements chart. MBCP requires 5 years of experience across 7 subject matter areas (4 core), verified as of May 2026.

Sample MBCP Practice Questions

Try these sample questions to test your MBCP exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1A newly appointed Chief Resilience Officer inherits a business continuity program that spans 14 countries and uses inconsistent risk methodologies across regions. Which strategic action should be the first priority?
A.Immediately replace all regional risk assessments with a single centralized assessment
B.Establish a global program governance framework defining methodology standards, roles, and escalation paths, then harmonize regional practices within it
C.Eliminate the regional teams and centralize all continuity activities at headquarters
D.Defer harmonization until the next annual audit cycle to avoid disruption
Explanation: A governance framework sets the standards that make harmonization possible without dismantling regional knowledge. Unilateral replacement or elimination of regional teams destroys local expertise and buy-in, while deferral leaves material risk unaddressed. ISO 22301 Clause 5.1 requires top management to establish the BCMS context, policy, and organizational roles before program work begins.
2A global financial services firm's board requests a single dashboard metric to track business continuity program maturity over time. Which metric best satisfies this requirement?
A.Number of employee awareness emails sent per quarter
B.Percentage of critical processes with validated recovery capability against current RTOs
C.Total count of business continuity plans in the document repository
D.Number of incidents declared as business continuity events in the last fiscal year
Explanation: Validated recovery capability against RTOs directly measures whether the program can deliver on its core promise. Plan counts and email volumes are activity metrics that do not demonstrate readiness, and incident declarations vary with external events rather than program quality. The MBCP body of knowledge emphasizes outcome-based metrics aligned to business impact tolerances.
3An MBCP candidate is advising a multinational manufacturing company on embedding business continuity into its enterprise risk management (ERM) framework. Which integration approach best aligns with ISO 22301 and DRI Professional Practices?
A.Run the continuity program completely independently to avoid ERM bureaucracy
B.Map continuity risk appetite and tolerance thresholds to the ERM risk register, ensuring BC strategies reflect enterprise-level residual risk decisions
C.Limit the integration to sharing the same document management system
D.Adopt the ERM team's financial risk scoring model unchanged for all continuity risks
Explanation: ISO 22301 Clause 4.1 and 6.1 require organizations to determine the context and address risks that affect the BCMS. Aligning BC risk appetite with the ERM framework ensures continuity decisions reflect the same tolerances that govern other enterprise risks. Financial risk models alone may miss operational and reputational impact dimensions central to BC.
4A Master Business Continuity Professional is designing a program maintenance cycle for a Fortune 500 company. Which trigger should automatically initiate an unscheduled program review outside the annual cycle?
A.A competitor announcing a new business continuity certification
B.A significant organizational change such as a major merger, new regulatory requirement, or critical infrastructure change
C.The annual employee satisfaction survey showing neutral scores
D.The appointment of a new helpdesk supervisor in the IT department
Explanation: ISO 22301 Clause 10.2 requires the organization to update the BCMS following nonconformities and changes. DRI Professional Practices emphasize that material organizational changes alter the risk environment, dependencies, and recovery assumptions enough to require immediate review. Cosmetic or minor operational changes do not meet that threshold.
5A business continuity program at a global bank has separate continuity, cyber resilience, and crisis management programs governed by three different executives. What is the primary risk of this structure?
A.The programs may develop complementary capabilities that are redundant but harmless
B.Siloed governance creates conflicting priorities, gaps in integrated response, and unclear escalation authority during a multi-threat event
C.Having three executives improves accountability because each is personally responsible for one domain
D.Separate programs ensure regulatory compliance because each regulator prefers its own point of contact
Explanation: When a single disruptive event has concurrent BC, cyber, and crisis dimensions — which is common — siloed governance produces conflicting instructions, resource competition, and gaps in coordinated response. MBCP-level programs are expected to design integrated governance models that allow unified command without eliminating domain expertise. ISO 22301 Clause 5.3 requires clear organizational roles and responsibilities for the integrated BCMS.
6During a global risk assessment, a senior BC professional identifies a geopolitical risk that could simultaneously disrupt three critical supplier tiers in Southeast Asia. Which risk treatment approach is most appropriate for a master-level program?
A.Accept the risk because geopolitical events are outside the organization's control
B.Transfer the risk entirely by purchasing political risk insurance
C.Apply a multi-layered treatment combining supplier diversification across regions, contractual SLA protections, strategic inventory buffers, and scenario-specific response procedures
D.Defer action until the geopolitical situation becomes an actual disruption
Explanation: Complex geopolitical risks require layered treatment because no single control is sufficient. DRI Professional Practice 2 and ISO 31000 both recommend treatment combinations that reduce likelihood and impact across multiple dimensions. Insurance alone does not ensure recovery capability; deferral leaves the supply chain exposed; and acceptance is only appropriate when tolerance thresholds are formally validated.
7An organization's enterprise risk register uses a 5×5 likelihood-impact matrix. The BC team proposes replacing it with a scenario-based threat analysis aligned to DRI Professional Practices. What is the primary advantage of the scenario-based approach for business continuity purposes?
A.Scenario-based analysis eliminates the need for a quantitative risk score
B.Scenario analysis captures cascading dependencies, recovery timing, and organizational impact in ways that a simple matrix score cannot
C.A 5×5 matrix is sufficient; no change is needed
D.Scenario-based analysis is only appropriate for cyber risks, not operational continuity
Explanation: Business continuity risk assessment must account for how a disruption cascades through processes, people, technology, and suppliers over time. A single matrix score collapses all that complexity into one number, losing the sequencing and dependency information critical for recovery planning. DRI Professional Practice 2 recommends threat-scenario analysis to expose these dynamics.
8A risk assessment identifies that a single third-party cloud provider hosts 80% of the organization's critical applications. The residual risk after existing controls remains above tolerance. Which response reflects MBCP-level risk governance?
A.Document the risk as accepted because migration is too costly
B.Escalate the residual risk to the risk committee and board with a formal risk exception or treatment plan, including timeline and accountable owner
C.Immediately migrate all applications to an on-premises data center
D.Reclassify the applications as non-critical to reduce the risk score
Explanation: When residual risk exceeds tolerance, it must be escalated to the appropriate governance body with a formal treatment plan or accepted through a documented risk exception signed by an accountable owner. MBCP practitioners are expected to drive proper risk governance, not mask exposure through reclassification or avoid the issue through cost arguments. ISO 22301 Clause 6.1.2 requires documented risk treatment actions.
9A global BIA for a pharmaceutical manufacturer must capture dependencies across three continents. Which approach produces the most reliable MTD and RTO outputs at master level?
A.Ask each site manager to self-report their own RTO based on personal judgment
B.Use a structured interview and dependency mapping process that validates cross-site inputs against financial, operational, and regulatory impact criteria before executive review
C.Adopt the RTOs from the previous BIA unchanged to save time
D.Set a uniform 24-hour RTO for all processes enterprise-wide to simplify planning
Explanation: Reliable MTD and RTO outputs require structured data collection, cross-validation, and executive sign-off to ensure recovery objectives reflect actual business impact and legal exposure rather than personal preference or convenience. ISO 22317 (Guidelines for Business Impact Analysis) requires that impact criteria be agreed at the organizational level before individual process objectives are set. Self-reporting and uniform defaults produce targets that may be too aggressive or too lenient, leading to over- or under-investment in recovery strategies.
10During a BIA for a global insurance company, the BC team discovers that a regulatory reporting process has a legal deadline of 48 hours post-disruption. How should this finding affect the RTO for the underlying IT systems supporting that process?
A.The IT RTO should be set to 48 hours to match the regulatory deadline
B.The IT RTO should be set significantly shorter than 48 hours to allow for testing, validation, and error correction before the regulatory submission is due
C.Regulatory deadlines are outside BIA scope; only financial impact drives RTO
D.The regulatory deadline should be ignored if the system owner believes recovery will take longer
Explanation: Recovery time objectives for supporting systems must be shorter than the process MTD to provide buffer for system validation, data reconciliation, and the actual work of producing the submission. Setting the IT RTO equal to the regulatory deadline leaves no margin, virtually guaranteeing a regulatory breach after any realistic disruption. DRI Professional Practice 3 and ISO 22317 both emphasize that system RTOs must be derived from process MTDs with appropriate margin.

About the MBCP Exam

The MBCP is DRI International's highest-level business continuity credential. It requires passing the Master's Case Study Examination — a 4-hour essay exam in which candidates analyze a complex, multi-faceted organizational scenario and apply all ten Professional Practices for Business Continuity Management in an integrated strategic framework. MBCP certification additionally requires five years of documented BC experience across seven subject matter areas (including four core areas), two references per area, and subject matter essays. Candidates must have previously passed the DRI Qualifying Examination. Recertification requires an annual maintenance fee and 80 CEAPs per two-year period.

Assessment

The MBCP uses the Master's Case Study Examination — a 4-hour written essay exam covering all ten Professional Practice subject areas in a single complex organizational case study. There is no multiple-choice question count; the exam is graded on the quality of integrated strategic analysis, not answer selection.

Time Limit

4 hours

Passing Score

75%

Exam Fee

$750 Master's Case Study Examination; $500 MBCP application fee after passing (DRI International)

MBCP Exam Content Outline

Professional Practice 1

Program Initiation & Management

Enterprise governance, program charter and policy, sponsorship, metrics, maturity assessment, and integration with ERM and organizational management at a strategic leadership level.

Professional Practice 2

Risk Assessment

Advanced threat scenario analysis, enterprise risk integration, residual risk governance, geopolitical and climate risk assessment, and dynamic threat intelligence integration.

Professional Practice 3

Business Impact Analysis

Global BIA methodology, ISO 22317 multi-dimensional impact criteria, MTD/RTO/RPO derivation with validation buffers, dependency mapping, and regulatory impact integration.

Professional Practice 4

Business Continuity Strategies

Strategic recovery option selection with cost-benefit analysis, site strategy and geographic separation, workforce continuity, supply chain diversification, and validated strategy testing.

Professional Practice 5

Incident Response

Unified command structure, EOC design with alternate locations, delegation of authority, escalation framework, and integrated multi-team response coordination.

Professional Practice 6

Plan Development & Implementation

Multi-level plan architecture, standardized activation criteria and recovery completion criteria, vital records accessibility, document control, and IT/BC plan alignment.

Professional Practice 7

Awareness & Training

Role-based training program design, global localization for diverse workforces, behavioral outcome measurement, and change-driven training currency requirements.

Professional Practice 8

Business Continuity Plan Exercise/Assessment/Maintenance

Progressive exercise maturity modeling, large-scale multi-country exercise controller structure, pre-defined objectives, systematic corrective action tracking, and closed-loop improvement.

Professional Practice 9

Crisis Communications

Regulatory notification sequencing, spokesperson succession planning, pre-approved message frameworks, social media policy, holding statements, and internal communication rhythm for extended disruptions.

Professional Practice 10

Coordination with External Agencies

Multi-jurisdictional regulatory coordination, MOU governance and maintenance, mutual aid protocols, pre-event emergency management liaison relationships, and vendor BC capability validation.

How to Pass the MBCP Exam

What You Need to Know

  • Passing score: 75%
  • Assessment: The MBCP uses the Master's Case Study Examination — a 4-hour written essay exam covering all ten Professional Practice subject areas in a single complex organizational case study. There is no multiple-choice question count; the exam is graded on the quality of integrated strategic analysis, not answer selection.
  • Time limit: 4 hours
  • Exam fee: $750 Master's Case Study Examination; $500 MBCP application fee after passing

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

MBCP Study Tips from Top Performers

1Study all ten Professional Practices as an integrated strategic lifecycle, not as isolated domains — the Master's exam requires you to apply multiple practices to a single complex scenario simultaneously.
2Know ISO 22301 clause numbers and their requirements at a working level: Clause 4.3 (scope), 6.1 (risk/opportunity), 8.2 (BIA), 8.3 (strategies), 8.4 (plans and exercises), 9.3 (management review).
3Practice translating BC concepts into financial and governance language: cost-benefit analysis for strategy selection, risk-capital framing for budgeting, and outcome-based KPIs for board reporting.
4Understand the distinction between MTD (tolerance limit set by BIA) and RTO (internal target that must be shorter than MTD) — MBCP scenarios frequently test whether candidates apply the correct buffer logic.
5Study ISO 22317 impact dimensions beyond financial: regulatory, reputational, operational, environmental, and social impacts are all testable in advanced case study scenarios.
6Prepare for multi-jurisdictional and multi-framework scenarios: ISO 22301 + regulatory frameworks (DORA, Basel, GDPR) + DRI Professional Practices must be applied in combination.
7Practice case study writing: the Master's exam is a written essay, not multiple-choice. Structure responses with explicit Professional Practice references and justified strategic recommendations.

Frequently Asked Questions

How is the MBCP exam different from the CBCP Qualifying Exam?

The CBCP Qualifying Exam is a 148-question multiple-choice test with a 3.5-hour limit. The MBCP uses the Master's Case Study Examination — a 4-hour written essay exam in which candidates analyze a complex organizational scenario using all ten Professional Practices. The MBCP exam tests integrated strategic judgment, not knowledge recall; there are no multiple-choice questions.

What are the MBCP experience and certification requirements?

Per DRI's published certification requirements chart, MBCP requires five years of business continuity experience, documentation across seven Professional Practice subject areas (including at least four core subject areas), and two references per subject matter area. Candidates must have previously passed the DRI Qualifying Examination and must then pass the Master's Case Study Examination with a score of 75% or better.

How much does the MBCP cost in 2026?

DRI's FAQ states that all DRI examinations are $750. DRI's published certification requirements chart lists a $500 MBCP application fee after passing and a $250 annual renewal fee. The BCP-601 Mastering Business Continuity course, which includes the exam, is priced separately as a course package.

Can I take the Master's Case Study Examination without taking the BCP-601 course?

Yes. DRI's FAQ confirms that you can take the exam without taking the course (exam-only challenge). However, the BCP-601 course prerequisites include 5 years of BC experience and a passing score on the DRI Qualifying Examination. Those who challenge the exam without taking the associated course must pay the full $750 exam fee for any retake rather than the discounted $250 retake fee available to course participants.

How is the MBCP recertification maintained?

Per DRI's Maintaining Certification page, MBCP requires an annual maintenance fee and 80 Continuing Education Activity Points (CEAPs) for every two-year period. CEAPs can be earned through continuity training, educational activities, and involvement in the business continuity community.

What should MBCP candidates study differently from CBCP candidates?

MBCP study must go beyond domain definitions to strategic application: case study analysis, enterprise governance architecture, cost-benefit framing for executives, ISO 22301 clause-level knowledge, ISO 22317 BIA methodology, and integrated scenario response across all ten Professional Practices simultaneously. Tabletop practice with complex multi-domain scenarios is more valuable than additional multiple-choice drill.