1 / 46

Question & Answer

ISA Classes. Question & Answer. Organizations practice contingency plans because it makes good business sense. Which of the following is the CORRECT sequence of steps involved in the contingency planning process?. 1 Anticipating potential disasters 2 Identifying critical functions

gaye
Télécharger la présentation

Question & Answer

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ISA Classes Question & Answer

  2. Organizations practice contingency plans because it makes good business sense. Which of the following is the CORRECT sequence of steps involved in the contingency planning process? • 1 Anticipating potential disasters • 2 Identifying critical functions • 3 Selecting contingency plan strategies • 4 Identifying the resources that support critical functions • (a) 1, 2, 3, 4 • (b) 1, 3, 2, 4 • (c) 2, 1, 4, 3 • (d) 2, 4, 1, 3 D. 2, 4, 1, 3

  3. What is the inherent limitations of a disaster recovery planning exercise? • (a) Inability to include all types of disasters • (b) Assembling disaster management and recovery teams • (c) Developing early warning monitors that will trigger alerts and response • (d) Conducting periodic drills A. Inability to include all types of disasters

  4. Who would be primarily responsible for establishing organization-wide contingency plan? • (a) Chief information officer • (b) Disaster recovery manager • (c) The board of directors • (d) Audit director C. The board of directors

  5. Disaster recovery plan protect against WHICH of the following? • (a) Physical losses • (b) Economic losses • (c) Equipment losses • (d) Inventory losses B. Economic losses

  6. When senior management support for a DRP project has been obtained and resources have been authorized for the development of a disaster recovery document, the individuals who will do the actual writing of the plan should be selected on the basis of their: • (a) Technical knowledge of IS operating systems, databases and telecommunications • (b) Consulting background with hardware and software vendors • (c) Consulting experience with clients or customers in the same industry • (d) Broad perspective of the organization and ability to recognize all the possible consequences of a disaster D. Broad perspective of the organization and ability to recognize all the possible consequences of a disaster

  7. Emergency actions are taken at the incipient stage of a disaster with the objectives of preventing injuries or loss of life and of • (a) determining the extent of property damage • (b) protecting evidence • (c) preventing looting and further damage • (d) mitigating the damage to avoid the need for recovery D. mitigating the damage to avoid the need for recovery

  8. An organization’s disaster recovery plan SHOULD address early recovery of: A. All information system processes B. All financial processing applications C. Only those applications designated by the IS Manager D. Processing in priority order, as defined by business management D. Processing in priority order, as defined by business management

  9. Disaster recovery planning for a company’s computer system usually focuses on: A. Operations turnover procedures B. Strategic long range planning C. The probability that a disaster will occur D. Alternative procedures to process transactions D. Alternative procedures to process transactions

  10. Which of the following steps would an IS auditor normally perform FIRST in a security review? A. Evaluate physical access test results B. Determine the risks/threats to the data center site C. Review business continuity procedures D. Test for evidence of physical access at suspect locations B. Determine the risks/threats to the data center site

  11. What is the single MAJOR item that is often ignored during the development of a disaster recovery plan for an organization? A. Roles and responsibilities of DRP team members B. Critical areas of threats and vulnerabilities C. Functional user operations D. Conducting risk or impact analysis C. Functional user operations

  12. An organization is contemplating developing a computer related disaster recovery plan for the first time. The BEST practice would be to: A. Follow a bottom up approach B. Call other companies in the same industry C. Call a commercial backup service provide D. Follow a top-down approach D. Follow a top-down approach

  13. The BEST approach to maintaining a contingency plan in order to recover from computer related disaster would be to use a: A. Top-down approach B. Bottom up approach C. Combination of top-down and bottom up approaches D. Consultant directed approach C. Combination of top-down and bottom up approaches

  14. To develop a successful business continuity plan,end user involvement is critical during which of the following phases: A. Business recovery strategy Detailed plan development Business impact analysis (BIA) D. Testing and maintenance C. Business impact analysis(BIA)

  15. Which of the following disaster scenarios is NOT commonly considered during the development of disaster recovery and contingency planning? A. Network failure B. Hardware failure C. Software failure D. Failure of the local telephone company D. Failure of the local telephone company

  16. Which of the following can be called “the disaster recovery plan of the LAST resort”? A. A contract with a recovery center B. A demonstration of the recovery center’s capabilities C. A tour of the recovery center D. An insurance policy D. An insurance policy

  17. Which of the following tasks should be performed FIRST when preparing a Disaster Recovery Plan? A. Develop a recovery strategy B. Perform a business impact analysis(BIA) C. Map software systems,hardware and network components D. Appoint recovery teams with defined personnel,roles and hierarchy. B. Perform a business impact analysis (BIA)

  18. After completing the business impact analysis(BIA),what is the next step in the business continuity planning (BCP) process? A. Test and maintain the plan B. Develop a specific plan C. Develop recovery strategies D. Implement the plan. C. Develop recovery strategies

  19. During an audit of a business continuity plan,an IS auditor found that,although all departments were housed in the same building,each department had a separate business continuity plan.The IS auditor recommended that the business continuity plans be reconciled.Which of the following areas should be reconciled FIRST? A. Evacuation plan B. Recovery priorities C. Backup storages D. Call tree. A. Evacuation plan

  20. An IS auditor performing a review of the back-up processing facilities would be MOST concerned that: • (a) adequate fire insurance exists • (b) regular hardware maintenance is performed • (c) off-site storage of transaction and master files exists • (d) backup processing facilities are fully tested C. off-site storage of transaction and master files exists

  21. Which of the following represents the GREATEST risk created by a reciprocal agreement for disaster recovery made between two companies? • (a) Developments may result in hardware and software incompatibility • (b) Resources may not be available when needed • (c) The recovery plan cannot be tested • (d) The security infrastructure in each company may be different A. Developments may result in hardware and software incompatibility

  22. Which of the following is MOST important to have in a disaster recovery plan? • (a) Backup of compiled object programs • (b) Reciprocal processing agreement • (c) Phone contact list • (d) Supply of special forms A. Backup of compiled object programs

  23. An IS auditor reviewing an organization's information systems DRP should verify that it is: • (a) tested every 6 months • (b) regularly reviewed and updated • (c) approved by the Chief Executive Officer (CEO) • (d) communicated to every department head in the organization B. regularly reviewed and updated

  24. The LEAST critical factor in estimating the maximum tolerable downtime during a disaster is: • (a) Availability of a cold site during the disaster • (b) Time of the disaster • (c) Applications affected by the disaster • (d) Length of the disaster A. Availability of a cold site during the disaster

  25. During a disaster, which of the following application systems should be recovered FIRST? • (a) General ledger system • (b) Supplies tracking system • (c) Fixed asset system • (d) Claims processing system D. Claims processing system

  26. Fire has swept through the premises of an organization’s computer room. The company has lost its entire computer system. The BEST thing the organization could have done is to: • (a) Plan for cold site arrangements • (b) Plan for mutual agreements-negotiate with other similar organizations to back each other • (c) Plan for warm site arrangements since everything was ready to go • (d) Take daily backups to an off-site storage facilities D. Take daily backups to an off-site storage facilities

  27. Which of the following rationale is NOT a sound one? DRP should be tested: • (a) By simulation • (b) In stages • (c) In an unannounced manner • (d) In actual use D. In actual use

  28. Most business continuity tests should: • (a) Be conducted at the same time as normal business operations. • (b) Address all system components. • (c) Evaluate the performance of personnel. • (d) Be monitored by the IS Auditor. C. Evaluate the performance of personnel.

  29. The MOST effective way to ascertain the hot-site vendor’s integrity in practices and priorities in the resource sharing area is to: • (a) Review all subscriber contracts with the hot-site vendors • (b) Observe an actual disaster at the hot-site vendor • (c) Request a copy of the actual external audit report • (d) Request the hot-site vendor’s compliance in writing C. Request a copy of the actual external audit report

  30. Which of the following is NOT true? A “cold-site” computer facility includes: • (a) Heat, humidity and air conditioning equipment • (b) CPU and other computer equipment • (c) Electrical power connections • (d) Telecommunications connections B. CPU and other computer equipment

  31. What is a hot-site facility? 4 • (a) A site with pre-installed computers, raised flooring, air conditioning, telecommunications and networking equipment, and UPS. • (b) A site in which space is reserved with pre-installed wiring and raised floors. • (c) A site with raised flooring, air conditioning, telecommunications, and networking equipment, and UPS. • (d) A site with ready made work space with telecommunications equipment, LANs, PCs, and terminals for work groups. • A site with pre-installed computers, raised flooring, air conditioning, • telecommunications and networking equipment, and UPS.

  32. Which of the following would an IS auditor consider to be MOST important to review when conducting a business continuity audit? A. A hot site is contracted for and available as needed B. A business continuity manual is available and current C. Insurance coverage is adequate and premiums are current. D. Media backups are performed on a timely basis and stored off-site D. Media backups are performed on a timely basis and stored off-site

  33. Which of the following business recovery strategies would require the LEAST expenditure of funds? A. Warm site facility B. Empty shell facility C. Hot site subscription D. Reciprocal agreement D. Reciprocal agreement

  34. An advantage of the use of HOT-SITE as a backup alternative is: A. The cost associated with “hot sites” are low B. That “hot sites” can be used for an extended amount of time C. That “hot sites” can be made ready for operation with in short span of time D. That “hot sites” do not require that equipment and systems software be compatible with the primary installations being backed up C. That “hot sites” can be made ready for operation with in short span of time

  35. Which of the following control concepts SHOULD be included in a comprehensive test of disaster recovery procedures? A. Invite client participation B. Involve all technical staff C. Rotate recovery managers D. Install locally stored backups C. Rotate recovery managers

  36. The MAIN purpose for periodically testing off-site hardware backup facilities is to: A. Ensure the integrity of the data in the database B. Eliminate the need to develop detailed contingency plans C. Ensure the continued compatibility of the contingency facilities D. Ensure that program and system documentation remains current C. Ensure the continued compatibility of the contingency facilities

  37. Losses can be minimized MOST effectively by using outside storage facilities to do which of the following? A. Include current, critical information in backup files B. Ensure that current documentation is maintained at the backup facility C. Test backup hardware D. Train personnel in backup procedures A. Include current, critical information in backup files

  38. The primary contingency strategy for application systems and data is regular backup and secure off-site storage. Which of the following decisions is LEAST important to address? A. How often the backup is performed B. How often the backup is stored off-site C. How often the backup is used D. How often the backup is transported C. How often the backup is used

  39. Which of the following is LEAST expensive in terms of providing backup computer facilities? A. Mutual agreements B. Shared facilities C. Service bureaus D. Companies own duplicate facilities A. Mutual agreements

  40. Which of the following is NOT an assumption made during the development of a disaster recovery and contingency plan? A. Testing and maintenance of the contingency plan should be continual B. All resources and materials required to restore the processing capability at the backup recovery site should be obtainable off-site C. All the less critical jobs need not be recovered D. In a multi-site environment, a separate set of recovery plans should be developed for each computer center C. All the less critical jobs need not be recovered

  41. Identify the item THAT demonstrate the ability of an organization to provide immediate, reliable and clear information during different types of disaster? A. A comprehensive and written disaster recovery plan B. A written plan with a well-organized table of contents and easy to follow instructions C. A written plan that is approved by senior management and auditors D. Drills and exercises D. Drills and exercises

  42. A hot site should be implemented as a recovery strategy when the: A. Disaster tolerance is low B. recovery point objective(RPO) is high C. recovery time objective(RTO) is high D. Disaster tolerance is high A. Disaster tolerance is low

  43. In which of the following situations is it MOST appropriate to implement data mirroring as the recovery strategy: A. Disaster tolerance is high B. Recovery time objective is high C. Recovery point objective is low D. Recovery point objective is high C. Recovery point objective is low

  44. There is a debate over how often a disaster recovery plan should be tested. The frequency of testing SHOULD depend on: A. An auditor’s recommendation B. The nature of data processing C. Budget allowances D. Management opinion B. The nature of data processing

  45. Which of the following statements about backups is true? A. Backups are most important for mainframe computers B. Lack of procedures is not a problem for conducting backups C. Backups provide for continuity of operations D. The types of data transfer does not matter for timely backups C. Backups provide for continuity of operations

  46. THANKS

More Related