Career upgrade: Learn practical AI skills for better jobs and higher pay.
Level up
PracticeVideosBlogFlashcardsEspañol
All Practice Exams

100+ Free EC-Council EDRP Practice Questions

Pass your EC-Council Disaster Recovery Professional (EDRP v3, 312-76) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
EC-Council does not publicly report EDRP pass rates Pass Rate
100+ Questions
100% Free
1 / 100
Question 1
Score: 0/0

Which BIA criticality tier is MOST appropriate for a marketing analytics dashboard that supports planning but does not directly impact revenue or compliance if unavailable for several days?

A
B
C
D
to track
Same family resources

Explore More EC-Council Certifications

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

CEH

Practice Questions
1 blog

CND

Practice Questions

EC-Council CEH Practical (312-50 Practical, 6-hr Cyber Range)

Practice Questions

EC-Council Certified Application Security Engineer (CASE .NET 312-95 / Java 312-96)

Practice Questions

EC-Council Certified Blockchain Professional (CBP)

Practice Questions

EC-Council Certified Chief Information Security Officer (CCISO 712-50)

Practice Questions

More From This Family

Videos and articles for deeper review.

ArticleCEH v13 in 2026: A 12-Week Study System That Balances Theory, Labs, and Exam Speed15 min read
2026 Statistics

Key Facts: EC-Council EDRP Exam

150

Exam Questions

EC-Council EDRP v3 blueprint (312-76)

70%

Passing Score

Official EDRP v3 blueprint

4 hours

Time Limit

EC-Council EDRP v3 blueprint

$550

Exam Fee (USD)

EC-Council EDRP program page

3 yrs

Credential Validity

EC-Council ECE policy

37%

Largest Domain (Data Recovery Strategies)

EDRP v3 official blueprint

The EC-Council EDRP v3 (exam 312-76) is a vendor-neutral Disaster Recovery Professional certification with a 150-question, 4-hour exam, 70% passing score, and $550 USD fee delivered through the ECC Exam Portal. The exam is built on 7 weighted domains across 12 modules and aligns to ISO 22301, ISO 31000, and NIST SP 800-34. It validates skills in BC vs DR, BIA, RTO/RPO/MTPD, risk assessment, backup and replication strategies, recovery sites, virtualization-based DR, DRaaS, system and application recovery, centralized vs decentralized recovery, DR plan development, and BCP testing and maintenance. The credential is valid for 3 years through ECE credits.

Sample EC-Council EDRP Practice Questions

Try these sample questions to test your EC-Council EDRP exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1Which statement BEST captures the relationship between Business Continuity (BC) and Disaster Recovery (DR)?
A.BC and DR are synonyms for the same activity in different industries
B.DR is a broader discipline that includes BC as a subset
C.BC focuses on keeping critical business processes running during a disruption; DR focuses on restoring IT systems and data after a disruption
D.BC applies only to IT, while DR applies only to physical facilities
Explanation: Business Continuity (BC) is the broader discipline of keeping mission-critical business processes operating before, during, and after a disruption, while Disaster Recovery (DR) is the IT-focused subset concerned with recovering systems, applications, and data. BC is process-centric; DR is technology-centric and is one component of an overall BC program.
2An organization defines that its order-entry application must be restored within 4 hours of a disruption. Which metric does this 4-hour value represent?
A.Recovery Point Objective (RPO)
B.Recovery Time Objective (RTO)
C.Maximum Tolerable Period of Disruption (MTPD)
D.Mean Time Between Failures (MTBF)
Explanation: The Recovery Time Objective (RTO) is the targeted duration within which a business process or system must be restored after a disruption. RPO measures acceptable data loss, MTPD/MAO is the outer limit before impact becomes unacceptable, and MTBF is a reliability metric for hardware.
3A database is backed up every 6 hours. Management has accepted that up to 6 hours of transactional data may be lost in a disaster. Which recovery metric does this 6-hour interval define?
A.Recovery Time Objective
B.Recovery Point Objective
C.Work Recovery Time
D.Maximum Allowable Outage
Explanation: Recovery Point Objective (RPO) is the maximum acceptable amount of data, measured in time, that may be lost between the last good backup or replication checkpoint and the disruption event. A 6-hour backup window directly equates to a 6-hour RPO for that dataset.
4Which term, per BCM Institute and ISO 22301 vocabulary, represents the OUTER limit beyond which the impact of disruption on a critical activity becomes UNACCEPTABLE to the organization?
A.Recovery Time Objective (RTO)
B.Recovery Point Objective (RPO)
C.Maximum Tolerable Period of Disruption (MTPD)
D.Service Level Objective (SLO)
Explanation: MTPD (also written MAO — Maximum Acceptable Outage in older terminology) is the outermost time boundary that an organization can tolerate the loss of an activity before survival is threatened. RTOs are set inside the MTPD with margin; the MTPD itself comes from the BIA.
5A regional power grid failure that knocks out a data center is BEST classified as which type of disaster?
A.Natural disaster
B.Technical (technological) disaster
C.Man-made (human-caused) disaster
D.Pandemic event
Explanation: Technical or technological disasters are caused by failure of infrastructure or technology — power outages, telecom failures, cooling failures, hardware crashes, software bugs, and cyber incidents. Natural disasters originate in the environment (earthquake, flood), and man-made events include terrorism, sabotage, or operator error.
6Which international standard defines the requirements for a Business Continuity Management System (BCMS) and is structured around the Plan-Do-Check-Act (PDCA) cycle?
A.ISO/IEC 27001
B.ISO 22301
C.ISO/IEC 20000
D.NIST SP 800-53
Explanation: ISO 22301:2019 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a BCMS. It uses the Annex SL high-level structure, which mirrors PDCA across clauses 4-10.
7In the ISO 22301 BCMS lifecycle, which clause maps to the ACT phase of Plan-Do-Check-Act and addresses corrective actions and continual improvement?
A.Clause 6 (Planning)
B.Clause 8 (Operation)
C.Clause 9 (Performance Evaluation)
D.Clause 10 (Improvement)
Explanation: ISO 22301 follows Annex SL: Clauses 4-7 = Plan, Clause 8 = Do, Clause 9 = Check, Clause 10 = Act. Clause 10 (Improvement) is where nonconformities, corrective actions, and continual improvement of the BCMS are formally addressed.
8Per BCM Institute terminology, the 'BCM Steward' role is BEST described as the:
A.Day-to-day operational practitioner who runs BCM exercises
B.Senior executive who is ultimately accountable for sponsoring the BCM program and approving its policy
C.Auditor who independently verifies BCMS conformance
D.Vendor representative who supplies DR tooling
Explanation: The BCM Steward is a senior executive — typically a board-level or C-suite sponsor — who is accountable for the BCM program, approves policy, allocates resources, and champions the program across the enterprise. The BCM Coordinator is the operational SME who runs day-to-day program activities.
9Which trend is MOST closely associated with modern Business Continuity and Disaster Recovery programs in 2026?
A.Replacing offsite storage with single-site backups to reduce cost
B.Shifting from infrastructure-only DR to integrated cyber-resilience and operational resilience programs
C.Eliminating tabletop exercises in favor of unannounced full-interruption tests
D.Outsourcing all BCM accountability to cloud providers
Explanation: Modern BC/DR programs converge with cybersecurity, supply-chain risk, and operational resilience — driven by ransomware, regulatory frameworks (DORA, ISO 22301:2019, ISO 22361), and increasingly digital business models. They do not abandon offsite storage, drop low-cost tabletops, or transfer accountability to providers.
10According to common risk-management terminology, which formula correctly expresses Annualized Loss Expectancy (ALE)?
A.ALE = Asset Value × Exposure Factor
B.ALE = Single Loss Expectancy (SLE) × Annualized Rate of Occurrence (ARO)
C.ALE = Threat × Vulnerability ÷ Countermeasure
D.ALE = SLE + ARO
Explanation: ALE = SLE × ARO. SLE itself is Asset Value × Exposure Factor. ALE expresses the expected monetary loss per year from a particular threat and is the standard quantitative metric used to compare risk treatments.

About the EC-Council EDRP Exam

The EC-Council Disaster Recovery Professional (EDRP v3, exam code 312-76) is a vendor-neutral certification that validates a practitioner's ability to design, build, run, and maintain enterprise Business Continuity (BC) and Disaster Recovery (DR) programs. EDRP v3 is structured around 12 modules and tested across 7 official domains aligned to ISO 22301 (BCMS), ISO 31000 (Risk Management), and NIST SP 800-34 (Contingency Planning). It covers BC vs DR fundamentals, BIA-driven RTO/RPO/MTPD targets, risk assessment, backup and recovery architectures (RAID, SAN, LTO tape, cloud object storage), recovery sites, synchronous/asynchronous replication, virtualization-based DR with VMware SRM and Hyper-V Replica, DRaaS providers (Zerto, Veeam, Druva, Commvault, AWS Elastic Disaster Recovery), system and application recovery (BMR, Windows System State, Linux Live USB, log shipping, AlwaysOn AGs, AD forest recovery), centralized vs decentralized recovery, the DR planning process, and BCP testing through tabletops, walkthroughs, parallel and full-interruption exercises.

Assessment

150 multiple-choice questions covering 7 domains across 12 EDRP v3 modules: Introduction to DR/BC, Risk Assessment, BIA & BCP, Data Backup Strategies, Data Recovery Strategies (incl. virtualization, system recovery, and centralized/decentralized models), DR Planning Process, and BCP Testing/Maintenance/Training

Time Limit

4 hours (240 minutes)

Passing Score

70%

Exam Fee

$550 (EC-Council / ECC Exam Center)

EC-Council EDRP Exam Content Outline

9%

Introduction to Disaster Recovery and Business Continuity

BC vs DR distinction, DR/BC trends, BCM overview, BCM Institute and ISO terminology, governance roles (BCM Steward, BCM Coordinator), threat types (natural, technical, man-made, pandemic), best practices and standards

7%

Risk Assessment

Risk terminology, qualitative vs quantitative analysis, ALE = SLE x ARO, risk-treatment options (avoid/accept/mitigate/transfer), ISO 31000, risk identification using PHA, FMEA, and Bowtie analysis

12%

Business Impact Analysis and Business Continuity Plan

BIA purpose and outputs, RTO/RPO/MTPD/MAO, criticality classification (Mission Critical / Vital / Sensitive / Non-Critical), Cost-Benefit Analysis, BCP scope/assumptions/structure, planning team composition, BC strategy design

17%

Data Backup Strategies

Full / incremental / differential / synthetic-full backups, RAID 0/1/5/6/10, SAN vs NAS vs object, LTO tape generations, cloud backup (S3, Azure Blob, GCP Cloud Storage), 3-2-1-1-0 rule, immutable / WORM storage, data-protection continuum, deduplication, HCI

37%

Data Recovery Strategies (incl. Virtualization, System & Centralized/Decentralized Recovery)

Recovery sites (cold/warm/hot/mirrored/mobile), synchronous vs asynchronous replication, RPO lag, CDP, virtualization-based DR (VMware SRM, Hyper-V Replica), DRaaS (Zerto, Veeam, Druva, Commvault, AWS Elastic DR), Bare Metal Restore, Windows System State, Linux Live USB, log shipping, AlwaysOn AGs, Exchange DAGs, AD forest recovery, application recovery, centralized vs decentralized recovery, data consolidation, survivable storage

10%

Disaster Recovery Planning Process

DR planning methodology, NIST SP 800-34 7-step process, plan structure (notification, activation, recovery, restoration, normalization), runbooks, plan distribution and version control, declaration criteria

8%

BCP Testing, Maintenance, and Training

Exercise types (checklist review, structured walkthrough, tabletop, simulation, parallel test, full-interruption), After-Action Review, corrective actions, ISO 22301 Clause 9 audits and Clause 10 improvement, awareness vs role-specific training, maintenance triggers

How to Pass the EC-Council EDRP Exam

What You Need to Know

  • Passing score: 70%
  • Assessment: 150 multiple-choice questions covering 7 domains across 12 EDRP v3 modules: Introduction to DR/BC, Risk Assessment, BIA & BCP, Data Backup Strategies, Data Recovery Strategies (incl. virtualization, system recovery, and centralized/decentralized models), DR Planning Process, and BCP Testing/Maintenance/Training
  • Time limit: 4 hours (240 minutes)
  • Exam fee: $550

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

EC-Council EDRP Study Tips from Top Performers

1Memorize the recovery-metric ordering: RPO (data loss tolerance) <= RTO (recovery target) < MTPD/MAO (outer survival limit). If you ever see RTO >= MTPD on the exam, that is a planning error and the question is testing whether you spot it.
2Master the official EDRP v3 weightings — Data Recovery Strategies is 37% of the exam. Spend a disproportionate share of study time on recovery sites, replication modes, virtualization DR (VMware SRM, Hyper-V Replica), DRaaS (Zerto, Veeam, Druva, AWS DRS), Bare Metal Restore, and AlwaysOn / DAG / AD forest recovery.
3Lock in the backup math: ALE = SLE x ARO, SLE = Asset Value x Exposure Factor. Practice calculating ALE for several scenarios so the formula is automatic.
4Memorize the 3-2-1-1-0 rule and the difference between full, incremental, differential, and synthetic-full backups, including how many media each restore needs (full + every incremental, vs full + latest differential).
5Map ISO 22301 to PDCA cleanly: Clauses 4-7 = Plan, Clause 8 = Do, Clause 9 = Check, Clause 10 = Act. Many EDRP audit and improvement questions are won or lost on this mapping.
6Learn the 5 BCP exercise types in order of disruption: Checklist Review < Structured Walkthrough < Tabletop < Simulation < Parallel Test < Full Interruption. Expect exam questions that ask which is least or most disruptive.

Frequently Asked Questions

What is the EC-Council EDRP v3 (312-76) certification?

EDRP v3 is EC-Council's vendor-neutral Disaster Recovery Professional credential. It validates the ability to plan, design, implement, test, and maintain enterprise Business Continuity (BC) and Disaster Recovery (DR) programs. The exam (code 312-76) covers 12 modules organized into 7 official domains and aligns to ISO 22301, ISO 31000, and NIST SP 800-34. It is intended for IT, security, audit, and risk professionals responsible for keeping mission-critical services running through disruption.

How many questions are on the EDRP exam and what is the passing score?

The EDRP v3 (312-76) exam contains 150 multiple-choice questions delivered in a 4-hour window. Candidates must score at least 70% to pass. The exam is delivered through the ECC Exam Portal and can be taken at an authorized test center or via online proctoring.

How much does the EDRP exam cost?

The EDRP v3 exam fee is $550 USD per attempt. EC-Council also charges an additional eligibility application fee for candidates who choose to sit the exam without taking the official EDRP training. Retakes are billed at the full exam fee per attempt and are subject to EC-Council's published retake policy.

What topics does the EDRP exam cover?

The 7 official EDRP v3 domains and their weightings are: Introduction to DR/BC (9%), Risk Assessment (7%), BIA & BCP (12%), Data Backup Strategies (17%), Data Recovery Strategies including virtualization, system recovery, and centralized/decentralized recovery (37%), DR Planning Process (10%), and BCP Testing/Maintenance/Training (8%). Topics include BC vs DR, RTO/RPO/MTPD, ALE=SLE*ARO, BIA criticality tiers, RAID, SAN/NAS, the 3-2-1-1-0 backup rule, recovery sites, replication modes, VMware SRM, Hyper-V Replica, DRaaS (Zerto, Veeam, Druva, Commvault, AWS Elastic DR), Bare Metal Restore, AD forest recovery, NIST 800-34 methodology, and BCP exercise types.

How long is the EDRP credential valid?

The EC-Council EDRP credential is valid for 3 years from the date of issue. To maintain the credential, candidates must earn EC-Council Continuing Education (ECE) credits through training, professional activities, conferences, or other recognized contributions, and pay an annual EC-Council membership fee, or re-pass the current EDRP exam.

Do I need experience to take the EDRP exam?

EC-Council recommends 2 or more years of experience in IT security, business continuity, or risk management before attempting EDRP v3. There is no enforced minimum education requirement. Candidates may take the exam either by completing official EDRP v3 training (which waives eligibility review) or by submitting an eligibility application that demonstrates relevant work experience along with the eligibility application fee.

How should I prepare for the EDRP exam?

Effective preparation combines the official EC-Council EDRP v3 courseware with study of ISO 22301 (BCMS), ISO 31000 (Risk Management), and NIST SP 800-34 Rev. 1, plus hands-on familiarity with at least one virtualization-based DR tool (VMware SRM, Hyper-V Replica, or Zerto) and one DRaaS / cloud DR offering such as AWS Elastic Disaster Recovery. Use practice tests like this one to drill BIA and recovery-metrics calculations, exercise types, and plan-phase ordering, and review every wrong answer until the explanation is unambiguous.