CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.1 Show
Nội dung chính
688 Which of the following would BEST support 24/7 availability? ( A ) Daily backup ( B ) Offsite storage ( C ) Mirroring ( D ) Periodic testing BUSINESS CONTINUITY AND DISASTER RECOVERY 6.1 689 The PRIMARY purpose of implementing Redundant Array of Inexpensive Disks (RAID) level 1 in a file server is to: ( A ) achieve performance improvement. ( B ) provide user authentication. ( C ) ensure availability of data. ( D ) ensure the confidentiality of data. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.1 690 Which of the following is the MOST important criterion when selecting a location for an offsite storage facility for IS backup files? The offsite facility must be: ( A ) physically separated from the data center and not subject to the same risks. ( B ) given the same level of protection as that of the computer data center. ( C ) outsourced to a reliable third party. ( D ) equipped with surveillance capabilities. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.1 691 If a database is restored using before‐image dumps, where should the process begin following an interruption? ( A ) Before the last transaction ( B ) After the last transaction ( C ) As the first transaction after the latest checkpoint ( D ) As the last transaction before the latest checkpoint 1 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.1 692 In addition to the backup considerations for all systems, which of the following is an important consideration in providing backup for online systems? ( A ) Maintaining system software parameters ( B ) Ensuring periodic dumps of transaction logs ( C ) Ensuring grandfather‐father‐son file backups ( D ) Maintaining important data at an offsite location BUSINESS CONTINUITY AND DISASTER RECOVERY 6.1 693 As updates to an online order entry system are processed, the updates are recorded on a transaction tape and a hard copy transaction log. At the end of the day, the order entry files are backed up on tape. During the backup procedure, a drive malfunctions and the order entry files are lost. Which of the following is necessary to restore these files? ( A ) The previous day's backup file and the current transaction tape ( B ) The previous day's transaction file and the current transaction tape ( C ) The current transaction tape and the current hard copy transaction log ( D ) The current hard copy transaction log and the previous day's transaction file BUSINESS CONTINUITY AND DISASTER RECOVERY 6.1 694 An offsite information processing facility: ( A ) should have the same amount of physical access restrictions as the primary processing site. ( B ) should be easily identified from the outside so that, in the event of an emergency, it can be easily found. ( C ) should be located in proximity to the originating site, so it can quickly be made operational. ( D ) need not have the same level of environmental monitoring as the originating site. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.1 695 An IS auditor performing a review of the backup processing facilities should be MOST concerned that: ( A ) adequate fire insurance exists. ( B ) regular hardware maintenance is performed. ( C ) offsite storage of transaction and master files exists. ( D ) backup processing facilities are fully tested. 2 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.1 696 Which of the following procedures would BEST determine whether adequate recovery/restart procedures exist? ( A ) Reviewing program code ( B ) Reviewing operations documentation ( C ) Turning off the UPS, then the power ( D ) Reviewing program documentation BUSINESS CONTINUITY AND DISASTER RECOVERY 6.1 697 Which of the following findings should an IS auditor be MOST concerned about when performing an audit of backup and recovery and the offsite storage vault? ( A ) There are three individuals with a key to enter the area. ( B ) Paper documents are also stored in the offsite vault. ( C ) Data files that are stored in the vault are synchronized. ( D ) The offsite vault is located in a separate facility. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.1 698 Online banking transactions are being posted to the database when processing suddenly comes to a halt. The integrity of the transaction processing is BEST ensured by: ( A ) database integrity checks. ( B ) validation checks. ( C ) input controls. ( D ) database commits and rollbacks. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.1 699 To provide protection for media backup stored at an offsite location, the storage site should be: ( A ) located on a different floor of the building. ( B ) easily accessible by everyone. ( C ) clearly labeled for emergency access. ( D ) protected from unauthorized access. 3 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.1 700 Which of the following ensures the availability of transactions in the event of a disaster? ( A ) Send tapes hourly containing transactions offsite. ( B ) Send tapes daily containing transactions offsite. ( C ) Capture transactions to multiple storage devices. ( D ) Transmit transactions offsite in real time. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.1 701 IS management has decided to install a level 1 Redundant Array of Inexpensive Disks (RAID) system in all servers to compensate for the elimination of offsite backups. The IS auditor should recommend: ( A ) upgrading to a level 5 RAID. ( B ) increasing the frequency of onsite backups. ( C ) reinstating the offsite backups. ( D ) establishing a cold site in a secure location. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.1 702 In which of the following situations is it MOST appropriate to implement data mirroring as the recovery strategy? ( A ) Disaster tolerance is high. ( B ) Recovery time objective is high. ( C ) Recovery point objective is low. ( D ) Recovery point objective is high. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.1 703 Network Data Management Protocol (NDMP) technology should be used for backup if: ( A ) a network attached storage (NAS) appliance is required. ( B ) the use of TCP/IP must be avoided. ( C ) file permissions that can not be handled by legacy backup systems must be backed up. ( D ) backup consistency over several related data volumes must be ensured. 4 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.1 704 An organization currently using tape backups takes one full backup weekly and incremental backups daily. They recently augmented their tape backup procedures with a backup‐to‐disk solution. This is appropriate because: ( A ) fast synthetic backups for offsite storage are supported. ( B ) backup to disk is always significantly faster than backup to tape. ( C ) tape libraries are no longer needed. ( D ) data storage on disks is more reliable than on tapes. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.1 705 Which of the following should be the MOST important criterion in evaluating a backup solution for sensitive data that must be retained for a long period of time due to regulatory requirements? ( A ) Full backup window ( B ) Media costs ( C ) Restore window ( D ) Media reliability BUSINESS CONTINUITY AND DISASTER RECOVERY 6.1 706 In the event of a data center disaster, which of the following would be the MOST appropriate strategy to enable a complete recovery of a critical database? ( A ) Daily data backup to tape and storage at a remote site ( B ) Real‐time replication to a remote site ( C ) Hard disk mirroring to a local server ( D ) Real‐time data backup to the local storage area network (SAN) BUSINESS CONTINUITY AND DISASTER RECOVERY 6.1 707 Which of the following backup techniques is the MOST appropriate when an organization requires extremely granular data restore points, as defined in the recovery point objective (RPO)? ( A ) Virtual tape libraries ( B ) Disk‐based snapshots ( C ) Continuous data backup ( D ) Disk‐to‐tape backup 5 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.1 708 What is the BEST backup strategy for a large database with data supporting online sales? ( A ) Weekly full backup with daily incremental backup ( B ) Daily full backup ( C ) Clustered servers ( D ) Mirrored hard disks BUSINESS CONTINUITY AND DISASTER RECOVERY 6.1 709 NEW 2009 During an audit, an IS auditor notes that an organization's business continuity plan (BCP) does not adequately address information confidentiality during a recovery process. The IS auditor should recommend that the plan be modified to include: ( A ) the level of information security required when business recovery procedures are invoked. ( B ) information security roles and responsibilities in the crisis management structure. ( C ) information security resource requirements. ( D ) change management procedures for information security that could affect business continuity arrangements. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.1 710 NEW 2009 Which of the following is the GREATEST risk when storage growth in a critical file server is not managed properly? ( A ) Backup time would steadily increase ( B ) Backup operational cost would significantly increase ( C ) Storage operational cost would significantly increase ( D ) Server recovery work may not meet the recovery time objective (RTO) BUSINESS CONTINUITY AND DISASTER RECOVERY 6.1 711 NEW 2009 Which of the following is the MOST important consideration when defining recovery point objectives (RPOs)? ( A ) Minimum operating requirements ( B ) Acceptable data loss ( C ) Mean time between failures ( D ) Acceptable time for recovery 6 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 712 A structured walk‐through test of a disaster recovery plan involves: ( A ) representatives from each of the functional areas coming together to go over the plan. ( B ) all employees who participate in the day‐to‐day operations coming together to practice executing the plan. ( C ) moving the systems to the alternate processing site and performing processing operations. ( D ) distributing copies of the plan to the various functional areas for review. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 713 In a contract with a hot, warm or cold site, contractual provisions should cover which of the following considerations? ( A ) Physical security measures ( B ) Total number of subscribers ( C ) Number of subscribers permitted to use a site at one time ( D ) References by other users BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 714 Which of the following is the GREATEST concern when an organization's backup facility is at a warm site? ( A ) Timely availability of hardware ( B ) Availability of heat, humidity and air conditioning equipment ( C ) Adequacy of electrical power connections ( D ) Effectiveness of the telecommunications network BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 715 Which of the following recovery strategies is MOST appropriate for a business having multiple offices within a region and a limited recovery budget? ( A ) A hot site maintained by the business ( B ) A commercial cold site ( C ) A reciprocal arrangement between its offices ( D ) A third‐party hot site 7 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 716 The PRIMARY purpose of a business impact analysis (BIA) is to: ( A ) provide a plan for resuming operations after a disaster. ( B ) identify the events that could impact the continuity of an organization's operations. ( C ) publicize the commitment of the organization to physical and logical security. ( D ) provide the framework for an effective disaster recovery plan. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 717 After implementation of a disaster recovery plan, pre‐disaster and post‐disaster operational costs for an organization will: ( A ) decrease. ( B ) not change (remain the same). ( C ) increase. ( D ) increase or decrease depending upon the nature of the business. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 718 Which of the following is the MOST reasonable option for recovering a noncritical system? ( A ) Warm site ( B ) Mobile site ( C ) Hot site ( D ) Cold site BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 719 An organization having a number of offices across a wide geographical area has developed a disaster recovery plan. Using actual resources, which of the following is the MOST cost‐effective test of the disaster recovery plan? ( A ) Full operational test ( B ) Preparedness test ( C ) Paper test ( D ) Regression test 8 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 720 An organization's disaster recovery plan should address early recovery of: ( A ) all information systems processes. ( B ) all financial processing applications. ( C ) only those applications designated by the IS manager. ( D ) processing in priority order, as defined by business management. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 721 An advantage of the use of hot sites as a backup alternative is that: ( A ) the costs associated with hot sites are low. ( B ) hot sites can be used for an extended amount of time. ( C ) hot sites can be made ready for operation within a short period of time. ( D ) they do not require that equipment and systems software be compatible with the primary site. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 722 Which of the following is a practice that should be incorporated into the plan for testing disaster recovery procedures? ( A ) Invite client participation. ( B ) Involve all technical staff. ( C ) Rotate recovery managers. ( D ) Install locally‐stored backup. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 723 Disaster recovery planning (DRP) addresses the: ( A ) technological aspect of business continuity planning. ( B ) operational piece of business continuity planning. ( C ) functional aspect of business continuity planning. ( D ) overall coordination of business continuity planning. 9 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 724 An IS auditor conducting a review of disaster recovery planning (DRP) at a financial processing organization has discovered the following: • The existing disaster recovery plan was compiled two years earlier by a systems analyst in the organization's IT department using transaction flow projections from the operations department. • The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting their attention. • The plan has never been updated, tested or circulated to key management and staff, though interviews show that eachwould know what action to take for its area in the event of a disruptive incident. The IS auditor's report should recommend that: ( A ) the deputy CEO be censured for their failure to approve the plan. ( B ) a board of senior managers is set up to review the existing plan. ( C ) the existing plan is approved and circulated to all key management and staff. ( D ) a manager coordinates the creation of a new or revised plan within a defined time limit. 10 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 725 An IS auditor conducting a review of disaster recovery planning (DRP) at a financial processing organization has discovered the following: • The existing disaster recovery plan was compiled two years earlier by a systems analyst in the organization's IT department using transaction flow projections from the operations department. • The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his/her attention. • The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for its area in the event of a disruptive incident. The basis of an organization's disaster recovery plan is to reestablish live processing at an alternative site where a similar, but not identical, hardware configuration is already established. An IS auditor should: ( A ) take no action as the lack of a current plan is the only significant finding. ( B ) recommend that the hardware configuration at each site is identical. ( C ) perform a review to verify that the second configuration can support live processing. ( D ) report that the financial expenditure on the alternative site is wasted without an effective plan. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 726 Disaster recovery planning (DRP) for a company's computer system usually focuses on: ( A ) operations turnover procedures. ( B ) strategic long‐range planning. ( C ) the probability that a disaster will occur. ( D ) alternative procedures to process transactions. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 727 The MAIN purpose for periodically testing offsite facilities is to: ( A ) protect the integrity of the data in the database. ( B ) eliminate the need to develop detailed contingency plans. ( C ) ensure the continued compatibility of the contingency facilities. ( D ) ensure that program and system documentation remains current. 11 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 728 A large chain of shops with electronic funds transfer (EFT) at point‐of‐sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communicationsprocessor? ( A ) Offsite storage of daily backups ( B ) Alternative standby processor onsite ( C ) Installation of duplex communication links ( D ) Alternative standby processor at another network node BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 729 Facilitating telecommunications continuity by providing redundant combinations of local carrier T‐1 lines, microwaves and/or coaxial cables to access the local communication loop is: ( A ) last‐mile circuit protection. ( B ) long‐haul network diversity. ( C ) diverse routing. ( D ) alternative routing. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 730 Which of the following represents the GREATEST risk created by a reciprocal agreement for disaster recovery made between two companies? ( A ) Developments may result in hardware and software incompatibility. ( B ) Resources may not be available when needed. ( C ) The recovery plan cannot be tested. ( D ) The security infrastructures in each company may be different. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 731 Which of the following would BEST ensure continuity of a wide area network (WAN) across the organization? ( A ) Built‐in alternative routing ( B ) Completing full system backup daily ( C ) A repair contract with a service provider ( D ) A duplicate machine alongside each server 12 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 732 An IS auditor reviewing an organization's IS disaster recovery plan should verify that it is: ( A ) tested every six months. ( B ) regularly reviewed and updated. ( C ) approved by the chief executive officer (CEO). ( D ) communicated to every department head in the organization. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 733 There are several methods of providing telecommunications continuity. The method of routing traffic through split cable or duplicate cable facilities is called: ( A ) alternative routing. ( B ) diverse routing. ( C ) long‐haul network diversity. ( D ) last‐mile circuit protection. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 734 The responsibilities of a disaster recovery relocation team include: ( A ) obtaining, packaging and shipping media and records to the recovery facilities, as well as establishing and overseeing an offsite storage schedule. ( B ) locating a recovery site, if one has not been predetermined, and coordinating the transport of company employees to the recovery site. ( C ) managing the relocation project and conducting a more detailed assessment of the damage to the facilities and equipment. ( D ) coordinating the process of moving from the hot site to a new location or to the restored original location. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 735 While reviewing the business continuity plan of an organization, an IS auditor observed that the organization's data and software files are backed up on a periodic basis. Which characteristic of an effective plan does this demonstrate? ( A ) Deterrence ( B ) Mitigation ( C ) Recovery ( D ) Response 13 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 736 Which of the following disaster recovery/continuity plan components provides the GREATEST assurance of recovery after a disaster? ( A ) The alternate facility will be available until the original information processing facility is restored. ( B ) User management is involved in the identification of critical systems and their associated critical recovery times. ( C ) Copies of the plan are kept at the homes of key decision‐making personnel. ( D ) Feedback is provided to management assuring them that the business continuity plans are indeed workable and that the procedures are current. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 737 Which of the following must exist to ensure the viability of a duplicate information processing facility? ( A ) The site is near the primary site to ensure quick and efficient recovery. ( B ) The site contains the most advanced hardware available. ( C ) The workload of the primary site is monitored to ensure adequate backup is available. ( D ) The hardware is tested when it is installed to ensure it is working properly. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 738 An offsite information processing facility with electrical wiring, air conditioning and flooring, but no computer or communications equipment, is a: ( A ) cold site. ( B ) warm site. ( C ) dial‐up site. ( D ) duplicate processing facility. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 739 A disaster recovery plan for an organization should: ( A ) reduce the length of the recovery time and the cost of recovery. ( B ) increase the length of the recovery time and the cost of recovery. ( C ) reduce the duration of the recovery time and increase the cost of recovery. ( D ) affect neither the recovery time nor the cost of recovery. 14 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 740 A disaster recovery plan for an organization's financial system specifies that the recovery point objective (RPO) is no data loss and the recovery time objective (RTO) is 72 hours. Which of the following is the MOST cost‐effective solution? ( A ) A hot site that can be operational in eight hours with asynchronous backup of the transaction logs ( B ) Distributed database systems in multiple locations updated asynchronously ( C ) Synchronous updates of the data and standby active systems in a hot site ( D ) Synchronous remote copy of the data in a warm site that can be operational in 48 hours BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 741 A financial institution that processes millions of transactions each day has a central communications processor (switch) for connecting to automated teller machines (ATMs). Which of the following would be the BEST contingency plan for the communications processor? ( A ) Reciprocal agreement with another organization ( B ) Alternate processor in the same location ( C ) Alternate processor at another network node ( D ) Installation of duplex communication links BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 742 The cost of ongoing operations when a disaster recovery plan is in place, compared to not having a disaster recovery plan, will MOST likely: ( A ) increase. ( B ) decrease. ( C ) remain the same. ( D ) be unpredictable. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 743 Which of the following tasks should be performed FIRST when preparing a disaster recovery plan? ( A ) Develop a recovery strategy. ( B ) Perform a business impact analysis. ( C ) Map software systems, hardware and network components. ( D ) Appoint recovery teams with defined personnel, roles and hierarchy. 15 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 744 Which of the following provides the BEST evidence of an organization's disaster recovery readiness? ( A ) A disaster recovery plan ( B ) Customer references for the alternate site provider ( C ) Processes for maintaining the disaster recovery plan ( D ) Results of tests and drills BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 745 Which of the following is the BEST method for determining the criticality of each application system in the production environment? ( A ) Interview the application programmers. ( B ) Perform a gap analysis. ( C ) Review the most recent application audits. ( D ) Perform a business impact analysis. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 746 A hot site should be implemented as a recovery strategy when the: ( A ) disaster tolerance is low. ( B ) recovery point objective (RPO) is high. ( C ) recovery time objective (RTO) is high. ( D ) disaster tolerance is high. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 747 An organization has implemented a disaster recovery plan. Which of the following steps should be carried out next? ( A ) Obtain senior management sponsorship. ( B ) Identify business needs. ( C ) Conduct a paper test. ( D ) Perform a system restore test. 16 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 748 When auditing a disaster recovery plan for a critical business area, an IS auditor finds that it does not cover all the systems. Which of the following is the MOST appropriate action for the IS auditor? ( A ) Alert management and evaluate the impact of not covering all systems. ( B ) Cancel the audit. ( C ) Complete the audit of the systems covered by the existing disaster recovery plan. ( D ) Postpone the audit until the systems are added to the disaster recovery plan. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 749 Which of the following should be of MOST concern to an IS auditor reviewing the BCP? ( A ) The disaster levels are based on scopes of damaged functions, but not on duration. ( B ) The difference between low‐level disaster and software incidents is not clear. ( C ) The overall BCP is documented, but detailed recovery steps are not specified. ( D ) The responsibility for declaring a disaster is not identified. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 750 Of the following alternatives, the FIRST approach to developing a disaster recovery strategy would be to assess whether: ( A ) all threats can be completely removed. ( B ) a cost‐effective, built‐in resilience can be implemented. ( C ) the recovery time objective can be optimized. ( D ) the cost of recovery can be minimized. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 751 An organization has a number of branches across a wide geographical area. To ensure that all aspects of the disaster recovery plan are evaluated in a cost effective manner, an IS auditor should recommend the use of a: ( A ) data recovery test. ( B ) full operational test. ( C ) posttest. ( D ) preparedness test. 17 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 752 If the recovery time objective (RTO) increases: ( A ) the disaster tolerance increases. ( B ) the cost of recovery increases. ( C ) a cold site cannot be used. ( D ) the data backup frequency increases. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 753 Due to changes in IT, the disaster recovery plan of a large organization has been changed. What is the PRIMARY risk if the new plan is not tested? ( A ) Catastrophic service interruption ( B ) High consumption of resources ( C ) Total cost of the recovery may not be minimized ( D ) Users and recovery teams may face severe difficulties when activating the plan BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 754 When developing a disaster recovery plan, the criteria for determining the acceptable downtime should be the: ( A ) annualized loss expectancy (ALE). ( B ) service delivery objective. ( C ) quantity of orphan data. ( D ) maximum tolerable outage. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 755 A lower recovery time objective (RTO) results in: ( A ) higher disaster tolerance. ( B ) higher cost. ( C ) wider interruption windows. ( D ) more permissive data loss. 18 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 756 Regarding a disaster recovery plan, the role of an IS auditor should include: ( A ) identifying critical applications. ( B ) determining the external service providers involved in a recovery test. ( C ) observing the tests of the disaster recovery plan. ( D ) determining the criteria for establishing a recovery time objective (RTO). BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 757 NEW 2009 During a disaster recovery test, an IS auditor observes that the performance of the disaster recovery site's server is slow. To find the root cause of this, the IS auditor should FIRST review the: ( A ) event error log generated at the disaster recovery site. ( B ) disaster recovery test plan. ( C ) disaster recovery plan (DRP). ( D ) configurations and alignment of the primary and disaster recovery sites. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 758 NEW 2009 An organization has a recovery time objective (RTO) equal to zero and a recovery point objective (RPO) close to 1 minute for a critical system. This implies that the system can tolerate: ( A ) a data loss of up to 1 minute, but the processing must be continuous. ( B ) a 1‐minute processing interruption but cannot tolerate any data loss. ( C ) a processing interruption of 1 minute or more. ( D ) both a data loss and a processing interruption longer than 1 minute. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 759 NEW 2009 Which of the following issues should be the GREATEST concern to the IS auditor when reviewing an IT disaster recovery test? ( A ) Due to the limited test time window, only the most essential systems were tested. The other systems were tested separately during the rest of the year. ( B ) During the test it was noticed that some of the backup systems were defective or not working, causing the test of these systems to fail. ( C ) The procedures to shut down and secure the original production site before starting the backup site required far more time than planned. ( D ) Every year, the same employees perform the test. The recovery plan documents are not used since every step is well known by all participants. 19 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 760 NEW 2009 The frequent updating of which of the following is key to the continued effectiveness of a disaster recovery plan (DRP)? ( A ) Contact information of key personnel ( B ) Server inventory documentation ( C ) Individual roles and responsibilities ( D ) Procedures for declaring a disaster BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 761 NEW 2009 A live test of a mutual agreement for IT system recovery has been carried out, including a four‐hour test of intensive usage by the business units. The test has been successful, but gives only partial assurance that the: ( A ) system and the IT operations team can sustain operations in the emergency environment. ( B ) resources and the environment could sustain the transaction load. ( C ) connectivity to the applications at the remote site meets response time requirements. ( D ) workflow of actual business operations can use the emergency system in case of a disaster. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.2 762 NEW 2009 To address an organization's disaster recovery requirements, backup intervals should not exceed the: ( A ) service level objective (SLO). ( B ) recovery time objective (RTO). ( C ) recovery point objective (RPO). ( D ) maximum acceptable outage (MAO). BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 763 Which of the following would have the HIGHEST priority in a business continuity plan (BCP)? ( A ) Resuming critical processes ( B ) Recovering sensitive processes ( C ) Restoring the site ( D ) Relocating operations to an alternative site 20 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 764 After completing the business impact analysis (BIA), what is the next step in the business continuity planning process? ( A ) Test and maintain the plan. ( B ) Develop a specific plan. ( C ) Develop recovery strategies. ( D ) Implement the plan. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 765 Which of the following is an appropriate test method to apply to a business continuity plan (BCP)? ( A ) Pilot ( B ) Paper ( C ) Unit ( D ) System BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 766 An IS auditor has audited a business continuity plan (BCP). Which of the following findings is the MOST critical? ( A ) Nonavailability of an alternate private branch exchange (PBX) system ( B ) Absence of a backup for the network backbone ( C ) Lack of backup systems for the users' PCs ( D ) Failure of the access card system BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 767 As part of the business continuity planning process, which of the following should be identified FIRST in the business impact analysis? ( A ) Organizational risks, such as single point‐of‐failure and infrastructure risk ( B ) Threats to critical business processes ( C ) Critical business processes for ascertaining the priority for recovery ( D ) Resources required for resumption of business 21 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 768 Which of the following activities should the business continuity manager perform FIRST after the replacement of hardware at the primary information processing facility? ( A ) Verify compatibility with the hot site. ( B ) Review the implementation report. ( C ) Perform a walk‐through of the disaster recovery plan. ( D ) Update the IS assets inventory. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 769 Which of the following would contribute MOST to an effective business continuity plan (BCP)? ( A ) Document is circulated to all interested parties ( B ) Planning involves all user departments ( C ) Approval by senior management ( D ) Audit by an external IS auditor BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 770 To develop a successful business continuity plan, end user involvement is critical during which of the following phases? ( A ) Business recovery strategy ( B ) Detailed plan development ( C ) Business impact analysis (BIA) ( D ) Testing and maintenance BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 771 Which of the following would an IS auditor consider to be the MOST important to review when conducting a business continuity audit? ( A ) A hot site is contracted for and available as needed. ( B ) A business continuity manual is available and current. ( C ) Insurance coverage is adequate and premiums are current. ( D ) Media backups are performed on a timely basis and stored offsite. 22 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 772 The PRIMARY objective of business continuity and disaster recovery plans should be to: ( A ) safeguard critical IS assets. ( B ) provide for continuity of operations. ( C ) minimize the loss to an organization. ( D ) protect human life. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 773 After a full operational contingency test, an IS auditor performs a review of the recovery steps. The auditor concludes that the time it took for the technological environment and systems to return to full‐functioning exceeded the required critical recovery time. Which of the following should the auditor recommend? ( A ) Perform an integral review of the recovery tasks. ( B ) Broaden the processing capacity to gain recovery time. ( C ) Make improvements in the facility's circulation structure. ( D ) Increase the amount of human resources involved in the recovery. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 774 Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost‐effectively obtain evidence about the plan's effectiveness? ( A ) Paper test ( B ) Post test ( C ) Preparedness test ( D ) Walkthrough BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 775 While designing the business continuity plan (BCP) for an airline reservation system, the MOST appropriate method of data transfer/backup at an offsite location would be: ( A ) shadow file processing. ( B ) electronic vaulting. ( C ) hard‐disk mirroring. ( D ) hot‐site provisioning. 23 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 776 Depending on the complexity of an organization's business continuity plan (BCP), the plan may be developed as a set of more than one plan to address various aspects of business continuity and disaster recovery. In such an environment, it is essentialthat: ( A ) each plan is consistent with one another. ( B ) all plans are integrated into a single plan. ( C ) each plan is dependent on one another. ( D ) the sequence for implementation of all plans is defined. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 777 During a business continuity audit an IS auditor found that the business continuity plan (BCP) covered only critical processes. The IS auditor should: ( A ) recommend that the BCP cover all business processes. ( B ) assess the impact of the processes not covered. ( C ) report the findings to the IT manager. ( D ) redefine critical processes. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 778 An IS auditor noted that an organization had adequate business continuity plans (BCPs) for each individual process, but no comprehensive BCP. Which would be the BEST course of action for the IS auditor? ( A ) Recommend that an additional comprehensive BCP be developed. ( B ) Determine whether the BCPs are consistent. ( C ) Accept the BCPs as written. ( D ) Recommend the creation of a single BCP. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 779 When developing a business continuity plan (BCP), which of the following tools should be used to gain an understanding of the organization's business processes? ( A ) Business continuity self‐audit ( B ) Resource recovery analysis ( C ) Risk assessment ( D ) Gap analysis 24 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 780 During an audit of a business continuity plan (BCP), an IS auditor found that, although all departments were housed in the same building, each department had a separate BCP. The IS auditor recommended that the BCPs be reconciled. Which of the following areas should be reconciled FIRST? ( A ) Evacuation plan ( B ) Recovery priorities ( C ) Backup storages ( D ) Call tree BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 781 Management considered two projections for its business continuity plan; plan A with two months to recover and plan B with eight months to recover. The recovery objectives are the same in both plans. It is reasonable to expect that plan B projected higher: ( A ) downtime costs. ( B ) resumption costs. ( C ) recovery costs. ( D ) walkthrough costs. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 782 The optimum business continuity strategy for an entity is determined by the: ( A ) lowest downtime cost and highest recovery cost. ( B ) lowest sum of downtime cost and recovery cost. ( C ) lowest recovery cost and highest downtime cost. ( D ) average of the combined downtime and recovery cost. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 783 The PRIMARY objective of testing a business continuity plan is to: ( A ) familiarize employees with the business continuity plan. ( B ) ensure that all residual risks are addressed. ( C ) exercise all possible disaster scenarios. ( D ) identify limitations of the business continuity plan. 25 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 784 In determining the acceptable time period for the resumption of critical business processes: ( A ) only downtime costs need to be considered. ( B ) recovery operations should be analyzed. ( C ) both downtime costs and recovery costs need to be evaluated. ( D ) indirect downtime costs should be ignored. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 785 In the event of a disruption or disaster, which of the following technologies provides for continuous operations? ( A ) Load balancing ( B ) Fault‐tolerant hardware ( C ) Distributed backups ( D ) High‐availability computing BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 786 Which of the following would be MOST important for an IS auditor to verify when conducting a business continuity audit? ( A ) Data backups are performed on a timely basis ( B ) A recovery site is contracted for and available as needed ( C ) Human safety procedures are in place ( D ) Insurance coverage is adequate and premiums are current BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 787 Which of the following insurance types provide for a loss arising from fraudulent acts by employees? ( A ) Business interruption ( B ) Fidelity coverage ( C ) Errors and omissions ( D ) Extra expense 26 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 788 The BEST method for assessing the effectiveness of a business continuity plan is to review the: ( A ) plans and compare them to appropriate standards. ( B ) results from previous tests. ( C ) emergency procedures and employee training. ( D ) offsite storage and environmental controls. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 789 With respect to business continuity strategies, an IS auditor interviews key stakeholders in an organization to determine whether they understand their roles and responsibilities. The IS auditor is attempting to evaluate the: ( A ) clarity and simplicity of the business continuity plans. ( B ) adequacy of the business continuity plans. ( C ) effectiveness of the business continuity plans. ( D ) ability of IS and end‐user personnel to respond effectively in emergencies. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 790 During the design of a business continuity plan, the business impact analysis (BIA) identifies critical processes and supporting applications. This will PRIMARILY influence the: ( A ) responsibility for maintaining the business continuity plan. ( B ) criteria for selecting a recovery site provider. ( C ) recovery strategy. ( D ) responsibilities of key personnel. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 791 During a review of a business continuity plan, an IS auditor noticed that the point at which a situation is declared to be a crisis has not been defined. The MAJOR risk associated with this is that: ( A ) assessment of the situation may be delayed. ( B ) execution of the disaster recovery plan could be impacted. ( C ) notification of the teams might not occur. ( D ) potential crisis recognition might be ineffective. 27 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 792 An organization has just completed their annual risk assessment. Regarding the business continuity plan, what should an IS auditor recommend as the next step for the organization? ( A ) Review and evaluate the business continuity plan for adequacy ( B ) Perform a full simulation of the business continuity plan ( C ) Train and educate employees regarding the business continuity plan ( D ) Notify critical contacts in the business continuity plan BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 793 Integrating business continuity planning (BCP) into an IT project aids in: ( A ) the retrofitting of the business continuity requirements. ( B ) the development of a more comprehensive set of requirements. ( C ) the development of a transaction flowchart. ( D ) ensuring the application meets the user's needs. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 794 While observing a full simulation of the business continuity plan, an IS auditor notices that the notification systems within the organizational facilities could be severely impacted by infrastructural damage. The BEST recommendation the IS auditor can provide to the organization is to ensure: ( A ) the salvage team is trained to use the notification system. ( B ) the notification system provides for the recovery of the backup. ( C ) redundancies are built into the notification system. ( D ) the notification systems are stored in a vault. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 795 The activation of an enterprise's business continuity plan should be based on predetermined criteria that address the: ( A ) duration of the outage. ( B ) type of outage. ( C ) probability of the outage. ( D ) cause of the outage. 28 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 796 NEW 2009 An organization has outsourced its wide area network (WAN) to a third‐party service provider. Under these circumstances, which of the following is the PRIMARY task the IS auditor should perform during an audit of business continuity (BCP) anddisaster recovery planning (DRP)? ( A ) Review whether the service provider's BCP process is aligned with the organization's BCP and contractual obligations. ( B ) Review whether the service level agreement (SLA) contains a penalty clause in case of failure to meet the level of service in case of a disaster. ( C ) Review the methodology adopted by the organization in choosing the service provider. ( D ) Review the accreditation of the third‐party service provider's staff. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 797 NEW 2009 An IS auditor can verify that an organization's business continuity plan (BCP) is effective by reviewing the: ( A ) alignment of the BCP with industry best practices. ( B ) results of business continuity tests performed by IS and end‐user personnel. ( C ) off‐site facility, its contents, security and environmental controls. ( D ) annual financial cost of the BCP activities versus the expected benefit of implementation of the plan. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 798 NEW 2009 To optimize an organization's business contingency plan (BCP), an IS auditor should recommend conducting a business impact analysis (BIA) in order to determine: ( A ) the business processes that generate the most financial value for the organization and therefore must be recovered first. ( B ) the priorities and order for recovery to ensure alignment with the organization's business strategy. ( C ) the business processes that must be recovered following a disaster to ensure the organization's survival. ( D ) the priorities and order of recovery which will recover the greatest number of systems in the shortest time frame. 29 CISA Questions BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 799 NEW 2009 A financial services organization is developing and documenting business continuity measures. In which of the following cases would an IS auditor MOST likely raise an issue? ( A ) The organization uses good practice guidelines instead of industry standards and relies on external advisors to ensure the adequacy of the methodology. ( B ) The business continuity capabilities are planned around a carefully selected set of scenarios which describe events that might happen with a reasonable probability. ( C ) The recovery time objectives (RTOs) do not take IT disaster recovery constraints into account, such as personnel or system dependencies during the recovery phase. ( D ) The organization plans to rent a shared alternate site with emergency workplaces which has only enough room for half of the normal staff. BUSINESS CONTINUITY AND DISASTER RECOVERY 6.3 800 NEW 2009 A medium‐sized organization, whose IT disaster recovery measures have been in place and regularly tested for years, has just developed a formal business continuity plan (BCP). A basic BCP tabletop exercise has been performed successfully. Which testing should an IS auditor recommend be performed NEXT to verify the adequacy of the new BCP? ( A ) Full‐scale test with relocation of all departments, including IT, to the contingency site ( B ) Walk‐through test of a series of predefined scenarios with all critical personnel involved ( C ) IT disaster recovery test with business departments involved in testing the critical applications ( D ) Functional test of a scenario with limited IT involvement 30 When reviewing the desktop software compliance of an organization the IS auditor should be most concerned if the installed software?When reviewing the desktop software compliance of an organization, the IS auditor should be MOST concerned if the installed software: is not listed in the approved software standards document. What is the most important part of a disaster recovery plan?Standardized communication One of the most critical components of a disaster recovery plan is an up-to-date communication strategy. An outdated list of staff phone numbers is a recipe for disaster that knows no bounds -- especially while trying to use a free conferencing service. How do you review a disaster recovery plan?4 Steps for A Successful Disaster Recovery Plan Review. Check Your Backups. Backups are a 100% essential part of ensuring business continuity. ... . Understanding New Threats To Your Business. 2020 unlocked a lot of pandora's boxes for leaders. ... . Follow Up With Resources In Your Plan. ... . Confirm Details With Any Existing IT Support.. Which of the following is the most important reason to classify a disaster recovery plan DRP as confidential?Answer. D. Protect the plan from unauthorized alteration. Which of the following should be of most concern to an IS auditor reviewing the BCP?Explanation: If nobody declares the disaster, the response and recovery plan would not be invoked, making all other concerns mute. Although failure to consider duration could be a problem, it is not as significant as scope, and neither is as critical as the need to have someone invoke the plan.
Which of the following is the most important for an IS auditor to consider when reviewing a service level agreement with an external IT service provider?An IS auditor's GREATEST concern when reviewing the contract and associated service level agreement between the organization and vendor should be the provisions for: independent audit reports or full audit access.
What is one of the first concerns that the IS auditor should have when reviewing service level agreements?What is one of the first concerns that the IS auditor should have when reviewing service-level agreements? The vendor can provide evidence that security controls are present. The services in the agreement are aligned to actual business needs.
Is it appropriate for an IS auditor from a company that is considering outsourcing its is processing to request and review a copy of each vendor business continuity plan?No, because the service bureau's business continuity plan is proprietary information.
|