-
CISAQuestions
1
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
688 WhichofthefollowingwouldBESTsupport24/7availability?
(A) Dailybackup
(B) Offsitestorage
(C) Mirroring
(D) Periodictesting
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
689
ThePRIMARYpurposeofimplementingRedundantArrayofInexpensiveDisks(RAID)level1inafileserveristo:
(A) achieveperformanceimprovement.
(B) provideuserauthentication.
(C) ensureavailabilityofdata.
(D) ensuretheconfidentialityofdata.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
690
WhichofthefollowingistheMOSTimportantcriterionwhenselectingalocationforanoffsitestoragefacilityforISbackupfiles?Theoffsitefacilitymustbe:
(A)
physicallyseparatedfromthedatacenterandnotsubjecttothesamerisks.
(B)
giventhesamelevelofprotectionasthatofthecomputerdatacenter.
(C) outsourcedtoareliablethirdparty.
(D) equippedwithsurveillancecapabilities.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
691
Ifadatabaseisrestoredusingbeforeimagedumps,whereshouldtheprocessbeginfollowinganinterruption?
(A) Beforethelasttransaction
(B) Afterthelasttransaction
(C) Asthefirsttransactionafterthelatestcheckpoint
(D) Asthelasttransactionbeforethelatestcheckpoint
-
CISAQuestions
2
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
692
Inadditiontothebackupconsiderationsforallsystems,whichofthefollowingisanimportantconsiderationinprovidingbackupforonlinesystems?
(A) Maintainingsystemsoftwareparameters
(B) Ensuringperiodicdumpsoftransactionlogs
(C) Ensuringgrandfatherfathersonfilebackups
(D) Maintainingimportantdataatanoffsitelocation
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
693
Asupdatestoanonlineorderentrysystemareprocessed,theupdatesarerecordedonatransactiontapeandahardcopytransactionlog.Attheendoftheday,theorderentryfilesarebackedupontape.Duringthebackupprocedure,adrivemalfunctionsandtheorderentryfilesarelost.Whichofthefollowingisnecessarytorestorethesefiles?
(A) Thepreviousday'sbackupfileandthecurrenttransactiontape
(B)
Thepreviousday'stransactionfileandthecurrenttransactiontape
(C)
Thecurrenttransactiontapeandthecurrenthardcopytransactionlog
(D)
Thecurrenthardcopytransactionlogandthepreviousday'stransactionfile
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
694 Anoffsiteinformationprocessingfacility:
(A)
shouldhavethesameamountofphysicalaccessrestrictionsastheprimaryprocessingsite.
(B)
shouldbeeasilyidentifiedfromtheoutsidesothat,intheeventofanemergency,itcanbeeasilyfound.
(C)
shouldbelocatedinproximitytotheoriginatingsite,soitcanquicklybemadeoperational.
(D)
neednothavethesamelevelofenvironmentalmonitoringastheoriginatingsite.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
695
AnISauditorperformingareviewofthebackupprocessingfacilitiesshouldbeMOSTconcernedthat:
(A) adequatefireinsuranceexists.
(B) regularhardwaremaintenanceisperformed.
(C) offsitestorageoftransactionandmasterfilesexists.
(D) backupprocessingfacilitiesarefullytested.
-
CISAQuestions
3
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
696
WhichofthefollowingprocedureswouldBESTdeterminewhetheradequaterecovery/restartproceduresexist?
(A) Reviewingprogramcode
(B) Reviewingoperationsdocumentation
(C) TurningofftheUPS,thenthepower
(D) Reviewingprogramdocumentation
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
697
WhichofthefollowingfindingsshouldanISauditorbeMOSTconcernedaboutwhenperforminganauditofbackupandrecoveryandtheoffsitestoragevault?
(A) Therearethreeindividualswithakeytoenterthearea.
(B) Paperdocumentsarealsostoredintheoffsitevault.
(C) Datafilesthatarestoredinthevaultaresynchronized.
(D) Theoffsitevaultislocatedinaseparatefacility.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
698
Onlinebankingtransactionsarebeingpostedtothedatabasewhenprocessingsuddenlycomestoahalt.TheintegrityofthetransactionprocessingisBESTensuredby:
(A) databaseintegritychecks.
(B) validationchecks.
(C) inputcontrols.
(D) databasecommitsandrollbacks.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
699
Toprovideprotectionformediabackupstoredatanoffsitelocation,thestoragesiteshouldbe:
(A) locatedonadifferentfloorofthebuilding.
(B) easilyaccessiblebyeveryone.
(C) clearlylabeledforemergencyaccess.
(D) protectedfromunauthorizedaccess.
-
CISAQuestions
4
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
700
Whichofthefollowingensurestheavailabilityoftransactionsintheeventofadisaster?
(A) Sendtapeshourlycontainingtransactionsoffsite.
(B) Sendtapesdailycontainingtransactionsoffsite.
(C) Capturetransactionstomultiplestoragedevices.
(D) Transmittransactionsoffsiteinrealtime.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
701
ISmanagementhasdecidedtoinstallalevel1RedundantArrayofInexpensiveDisks(RAID)systeminallserverstocompensatefortheeliminationofoffsitebackups.TheISauditorshouldrecommend:
(A) upgradingtoalevel5RAID.
(B) increasingthefrequencyofonsitebackups.
(C) reinstatingtheoffsitebackups.
(D) establishingacoldsiteinasecurelocation.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
702
InwhichofthefollowingsituationsisitMOSTappropriatetoimplementdatamirroringastherecoverystrategy?
(A) Disastertoleranceishigh.
(B) Recoverytimeobjectiveishigh.
(C) Recoverypointobjectiveislow.
(D) Recoverypointobjectiveishigh.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
703
NetworkDataManagementProtocol(NDMP)technologyshouldbeusedforbackupif:
(A) anetworkattachedstorage(NAS)applianceisrequired.
(B) theuseofTCP/IPmustbeavoided.
(C)
filepermissionsthatcannotbehandledbylegacybackupsystemsmustbebackedup.
(D)
backupconsistencyoverseveralrelateddatavolumesmustbeensured.
-
CISAQuestions
5
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
704
Anorganizationcurrentlyusingtapebackupstakesonefullbackupweeklyandincrementalbackupsdaily.Theyrecentlyaugmentedtheirtapebackupprocedureswithabackuptodisksolution.Thisisappropriatebecause:
(A) fastsyntheticbackupsforoffsitestoragearesupported.
(B) backuptodiskisalwayssignificantlyfasterthanbackuptotape.
(C) tapelibrariesarenolongerneeded.
(D) datastorageondisksismorereliablethanontapes.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
705
WhichofthefollowingshouldbetheMOSTimportantcriterioninevaluatingabackupsolutionforsensitivedatathatmustberetainedforalongperiodoftimeduetoregulatoryrequirements?
(A) Fullbackupwindow
(B) Mediacosts
(C) Restorewindow
(D) Mediareliability
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
706
Intheeventofadatacenterdisaster,whichofthefollowingwouldbetheMOSTappropriatestrategytoenableacompleterecoveryofacriticaldatabase?
(A) Dailydatabackuptotapeandstorageataremotesite
(B) Realtimereplicationtoaremotesite
(C) Harddiskmirroringtoalocalserver
(D) Realtimedatabackuptothelocalstorageareanetwork(SAN)
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
707
WhichofthefollowingbackuptechniquesistheMOSTappropriatewhenanorganizationrequiresextremelygranulardatarestorepoints,asdefinedintherecoverypointobjective(RPO)?
(A) Virtualtapelibraries
(B) Diskbasedsnapshots
(C) Continuousdatabackup
(D) Disktotapebackup
-
CISAQuestions
6
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
708
WhatistheBESTbackupstrategyforalargedatabasewithdatasupportingonlinesales?
(A) Weeklyfullbackupwithdailyincrementalbackup
(B) Dailyfullbackup
(C) Clusteredservers
(D) Mirroredharddisks
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1 NEW2009
709
Duringanaudit,anISauditornotesthatanorganization'sbusinesscontinuityplan(BCP)doesnotadequatelyaddressinformationconfidentialityduringarecoveryprocess.TheISauditorshouldrecommendthattheplanbemodifiedtoinclude:
(A)
thelevelofinformationsecurityrequiredwhenbusinessrecoveryproceduresareinvoked.
(B)
informationsecurityrolesandresponsibilitiesinthecrisismanagementstructure.
(C) informationsecurityresourcerequirements.
(D)
changemanagementproceduresforinformationsecuritythatcouldaffectbusinesscontinuityarrangements.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1 NEW2009
710
WhichofthefollowingistheGREATESTriskwhenstoragegrowthinacriticalfileserverisnotmanagedproperly?
(A) Backuptimewouldsteadilyincrease
(B) Backupoperationalcostwouldsignificantlyincrease
(C) Storageoperationalcostwouldsignificantlyincrease
(D)
Serverrecoveryworkmaynotmeettherecoverytimeobjective(RTO)
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1 NEW2009
711
WhichofthefollowingistheMOSTimportantconsiderationwhendefiningrecoverypointobjectives(RPOs)?
(A) Minimumoperatingrequirements
(B) Acceptabledataloss
(C) Meantimebetweenfailures
(D) Acceptabletimeforrecovery
-
CISAQuestions
7
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
712
Astructuredwalkthroughtestofadisasterrecoveryplaninvolves:
(A)
representativesfromeachofthefunctionalareascomingtogethertogoovertheplan.
(B)
allemployeeswhoparticipateinthedaytodayoperationscomingtogethertopracticeexecutingtheplan.
(C)
movingthesystemstothealternateprocessingsiteandperformingprocessingoperations.
(D)
distributingcopiesoftheplantothevariousfunctionalareasforreview.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
713
Inacontractwithahot,warmorcoldsite,contractualprovisionsshouldcoverwhichofthefollowingconsiderations?
(A) Physicalsecuritymeasures
(B) Totalnumberofsubscribers
(C) Numberofsubscriberspermittedtouseasiteatonetime
(D) Referencesbyotherusers
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
714
WhichofthefollowingistheGREATESTconcernwhenanorganization'sbackupfacilityisatawarmsite?
(A) Timelyavailabilityofhardware
(B) Availabilityofheat,humidityandairconditioningequipment
(C) Adequacyofelectricalpowerconnections
(D) Effectivenessofthetelecommunicationsnetwork
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
715
WhichofthefollowingrecoverystrategiesisMOSTappropriateforabusinesshavingmultipleofficeswithinaregionandalimitedrecoverybudget?
(A) Ahotsitemaintainedbythebusiness
(B) Acommercialcoldsite
(C) Areciprocalarrangementbetweenitsoffices
(D) Athirdpartyhotsite
-
CISAQuestions
8
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
716 ThePRIMARYpurposeofabusinessimpactanalysis(BIA)isto:
(A) provideaplanforresumingoperationsafteradisaster.
(B)
identifytheeventsthatcouldimpactthecontinuityofanorganization'soperations.
(C)
publicizethecommitmentoftheorganizationtophysicalandlogicalsecurity.
(D) providetheframeworkforaneffectivedisasterrecoveryplan.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
717
Afterimplementationofadisasterrecoveryplan,predisasterandpostdisasteroperationalcostsforanorganizationwill:
(A) decrease.
(B) notchange(remainthesame).
(C) increase.
(D) increaseordecreasedependinguponthenatureofthebusiness.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
718
WhichofthefollowingistheMOSTreasonableoptionforrecoveringanoncriticalsystem?
(A) Warmsite
(B) Mobilesite
(C) Hotsite
(D) Coldsite
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
719
Anorganizationhavinganumberofofficesacrossawidegeographicalareahasdevelopedadisasterrecoveryplan.Usingactualresources,whichofthefollowingistheMOSTcosteffectivetestofthedisasterrecoveryplan?
(A) Fulloperationaltest
(B) Preparednesstest
(C) Papertest
(D) Regressiontest
-
CISAQuestions
9
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
720
Anorganization'sdisasterrecoveryplanshouldaddressearlyrecoveryof:
(A) allinformationsystemsprocesses.
(B) allfinancialprocessingapplications.
(C) onlythoseapplicationsdesignatedbytheISmanager.
(D) processinginpriorityorder,asdefinedbybusinessmanagement.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
721 Anadvantageoftheuseofhotsitesasabackupalternativeisthat:
(A) thecostsassociatedwithhotsitesarelow.
(B) hotsitescanbeusedforanextendedamountoftime.
(C)
hotsitescanbemadereadyforoperationwithinashortperiodoftime.
(D)
theydonotrequirethatequipmentandsystemssoftwarebecompatiblewiththeprimarysite.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
722
Whichofthefollowingisapracticethatshouldbeincorporatedintotheplanfortestingdisasterrecoveryprocedures?
(A) Inviteclientparticipation.
(B) Involvealltechnicalstaff.
(C) Rotaterecoverymanagers.
(D) Installlocallystoredbackup.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
723 Disasterrecoveryplanning(DRP)addressesthe:
(A) technologicalaspectofbusinesscontinuityplanning.
(B) operationalpieceofbusinesscontinuityplanning.
(C) functionalaspectofbusinesscontinuityplanning.
(D) overallcoordinationofbusinesscontinuityplanning.
-
CISAQuestions
10
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
724
AnISauditorconductingareviewofdisasterrecoveryplanning(DRP)atafinancialprocessingorganizationhasdiscoveredthefollowing:
Theexistingdisasterrecoveryplanwascompiledtwoyearsearlierbyasystemsanalystintheorganization'sITdepartmentusingtransactionflowprojectionsfromtheoperationsdepartment.
TheplanwaspresentedtothedeputyCEOforapprovalandformalissue,butitisstillawaitingtheirattention.
Theplanhasneverbeenupdated,testedorcirculatedtokeymanagementandstaff,thoughinterviewsshowthateachwouldknowwhatactiontotakeforitsareaintheeventofadisruptiveincident.
TheISauditor'sreportshouldrecommendthat:
(A) thedeputyCEObecensuredfortheirfailuretoapprovetheplan.
(B) aboardofseniormanagersissetuptoreviewtheexistingplan.
(C)
theexistingplanisapprovedandcirculatedtoallkeymanagementandstaff.
(D)
amanagercoordinatesthecreationofaneworrevisedplanwithinadefinedtimelimit.
-
CISAQuestions
11
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
725
AnISauditorconductingareviewofdisasterrecoveryplanning(DRP)atafinancialprocessingorganizationhasdiscoveredthefollowing:
Theexistingdisasterrecoveryplanwascompiledtwoyearsearlierbyasystemsanalystintheorganization'sITdepartmentusingtransactionflowprojectionsfromtheoperationsdepartment.
TheplanwaspresentedtothedeputyCEOforapprovalandformalissue,butitisstillawaitinghis/herattention.
Theplanhasneverbeenupdated,testedorcirculatedtokeymanagementandstaff,thoughinterviewsshowthateachwouldknowwhatactiontotakeforitsareaintheeventofadisruptiveincident.
Thebasisofanorganization'sdisasterrecoveryplanistoreestablishliveprocessingatanalternativesitewhereasimilar,butnotidentical,hardwareconfigurationisalreadyestablished.AnISauditorshould:
(A)
takenoactionasthelackofacurrentplanistheonlysignificantfinding.
(B)
recommendthatthehardwareconfigurationateachsiteisidentical.
(C)
performareviewtoverifythatthesecondconfigurationcansupportliveprocessing.
(D)
reportthatthefinancialexpenditureonthealternativesiteiswastedwithoutaneffectiveplan.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
726
Disasterrecoveryplanning(DRP)foracompany'scomputersystemusuallyfocuseson:
(A) operationsturnoverprocedures.
(B) strategiclongrangeplanning.
(C) theprobabilitythatadisasterwilloccur.
(D) alternativeprocedurestoprocesstransactions.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
727
TheMAINpurposeforperiodicallytestingoffsitefacilitiesisto:
(A) protecttheintegrityofthedatainthedatabase.
(B) eliminatetheneedtodevelopdetailedcontingencyplans.
(C)
ensurethecontinuedcompatibilityofthecontingencyfacilities.
(D) ensurethatprogramandsystemdocumentationremainscurrent.
-
CISAQuestions
12
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
728
Alargechainofshopswithelectronicfundstransfer(EFT)atpointofsaledeviceshasacentralcommunicationsprocessorforconnectingtothebankingnetwork.WhichofthefollowingistheBESTdisasterrecoveryplanforthecommunicationsprocessor?
(A) Offsitestorageofdailybackups
(B) Alternativestandbyprocessoronsite
(C) Installationofduplexcommunicationlinks
(D) Alternativestandbyprocessoratanothernetworknode
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
729
FacilitatingtelecommunicationscontinuitybyprovidingredundantcombinationsoflocalcarrierT1lines,microwavesand/orcoaxialcablestoaccessthelocalcommunicationloopis:
(A) lastmilecircuitprotection.
(B) longhaulnetworkdiversity.
(C) diverserouting.
(D) alternativerouting.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
730
WhichofthefollowingrepresentstheGREATESTriskcreatedbyareciprocalagreementfordisasterrecoverymadebetweentwocompanies?
(A)
Developmentsmayresultinhardwareandsoftwareincompatibility.
(B) Resourcesmaynotbeavailablewhenneeded.
(C) Therecoveryplancannotbetested.
(D) Thesecurityinfrastructuresineachcompanymaybedifferent.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
731
WhichofthefollowingwouldBESTensurecontinuityofawideareanetwork(WAN)acrosstheorganization?
(A) Builtinalternativerouting
(B) Completingfullsystembackupdaily
(C) Arepaircontractwithaserviceprovider
(D) Aduplicatemachinealongsideeachserver
-
CISAQuestions
13
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
732
AnISauditorreviewinganorganization'sISdisasterrecoveryplanshouldverifythatitis:
(A) testedeverysixmonths.
(B) regularlyreviewedandupdated.
(C) approvedbythechiefexecutiveofficer(CEO).
(D) communicatedtoeverydepartmentheadintheorganization.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
733
Thereareseveralmethodsofprovidingtelecommunicationscontinuity.Themethodofroutingtrafficthroughsplitcableorduplicatecablefacilitiesiscalled:
(A) alternativerouting.
(B) diverserouting.
(C) longhaulnetworkdiversity.
(D) lastmilecircuitprotection.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
734
Theresponsibilitiesofadisasterrecoveryrelocationteaminclude:
(A)
obtaining,packagingandshippingmediaandrecordstotherecoveryfacilities,aswellasestablishingandoverseeinganoffsitestorageschedule.
(B)
locatingarecoverysite,ifonehasnotbeenpredetermined,andcoordinatingthetransportofcompanyemployeestotherecoverysite.
(C)
managingtherelocationprojectandconductingamoredetailedassessmentofthedamagetothefacilitiesandequipment.
(D)
coordinatingtheprocessofmovingfromthehotsitetoanewlocationortotherestoredoriginallocation.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
735
Whilereviewingthebusinesscontinuityplanofanorganization,anISauditorobservedthattheorganization'sdataandsoftwarefilesarebackeduponaperiodicbasis.Whichcharacteristicofaneffectiveplandoesthisdemonstrate?
(A) Deterrence
(B) Mitigation
(C) Recovery
(D) Response
-
CISAQuestions
14
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
736
Whichofthefollowingdisasterrecovery/continuityplancomponentsprovidestheGREATESTassuranceofrecoveryafteradisaster?
(A)
Thealternatefacilitywillbeavailableuntiltheoriginalinformationprocessingfacilityisrestored.
(B)
Usermanagementisinvolvedintheidentificationofcriticalsystemsandtheirassociatedcriticalrecoverytimes.
(C)
Copiesoftheplanarekeptatthehomesofkeydecisionmakingpersonnel.
(D)
Feedbackisprovidedtomanagementassuringthemthatthebusinesscontinuityplansareindeedworkableandthattheproceduresarecurrent.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
737
Whichofthefollowingmustexisttoensuretheviabilityofaduplicateinformationprocessingfacility?
(A)
Thesiteisneartheprimarysitetoensurequickandefficientrecovery.
(B) Thesitecontainsthemostadvancedhardwareavailable.
(C)
Theworkloadoftheprimarysiteismonitoredtoensureadequatebackupisavailable.
(D)
Thehardwareistestedwhenitisinstalledtoensureitisworkingproperly.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
738
Anoffsiteinformationprocessingfacilitywithelectricalwiring,airconditioningandflooring,butnocomputerorcommunicationsequipment,isa:
(A) coldsite.
(B) warmsite.
(C) dialupsite.
(D) duplicateprocessingfacility.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
739 Adisasterrecoveryplanforanorganizationshould:
(A) reducethelengthoftherecoverytimeandthecostofrecovery.
(B) increasethelengthoftherecoverytimeandthecostofrecovery.
(C)
reducethedurationoftherecoverytimeandincreasethecostofrecovery.
(D) affectneithertherecoverytimenorthecostofrecovery.
-
CISAQuestions
15
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
740
Adisasterrecoveryplanforanorganization'sfinancialsystemspecifiesthattherecoverypointobjective(RPO)isnodatalossandtherecoverytimeobjective(RTO)is72hours.WhichofthefollowingistheMOSTcosteffectivesolution?
(A)
Ahotsitethatcanbeoperationalineighthourswithasynchronousbackupofthetransactionlogs
(B)
Distributeddatabasesystemsinmultiplelocationsupdatedasynchronously
(C)
Synchronousupdatesofthedataandstandbyactivesystemsinahotsite
(D)
Synchronousremotecopyofthedatainawarmsitethatcanbeoperationalin48hours
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
741
Afinancialinstitutionthatprocessesmillionsoftransactionseachdayhasacentralcommunicationsprocessor(switch)forconnectingtoautomatedtellermachines(ATMs).WhichofthefollowingwouldbetheBESTcontingencyplanforthecommunicationsprocessor?
(A) Reciprocalagreementwithanotherorganization
(B) Alternateprocessorinthesamelocation
(C) Alternateprocessoratanothernetworknode
(D) Installationofduplexcommunicationlinks
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
742
Thecostofongoingoperationswhenadisasterrecoveryplanisinplace,comparedtonothavingadisasterrecoveryplan,willMOSTlikely:
(A) increase.
(B) decrease.
(C) remainthesame.
(D) beunpredictable.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
743
WhichofthefollowingtasksshouldbeperformedFIRSTwhenpreparingadisasterrecoveryplan?
(A) Developarecoverystrategy.
(B) Performabusinessimpactanalysis.
(C) Mapsoftwaresystems,hardwareandnetworkcomponents.
(D)
Appointrecoveryteamswithdefinedpersonnel,rolesandhierarchy.
-
CISAQuestions
16
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
744
WhichofthefollowingprovidestheBESTevidenceofanorganization'sdisasterrecoveryreadiness?
(A) Adisasterrecoveryplan
(B) Customerreferencesforthealternatesiteprovider
(C) Processesformaintainingthedisasterrecoveryplan
(D) Resultsoftestsanddrills
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
745
WhichofthefollowingistheBESTmethodfordeterminingthecriticalityofeachapplicationsystemintheproductionenvironment?
(A) Interviewtheapplicationprogrammers.
(B) Performagapanalysis.
(C) Reviewthemostrecentapplicationaudits.
(D) Performabusinessimpactanalysis.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
746 Ahotsiteshouldbeimplementedasarecoverystrategywhenthe:
(A) disastertoleranceislow.
(B) recoverypointobjective(RPO)ishigh.
(C) recoverytimeobjective(RTO)ishigh.
(D) disastertoleranceishigh.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
747
Anorganizationhasimplementedadisasterrecoveryplan.Whichofthefollowingstepsshouldbecarriedoutnext?
(A) Obtainseniormanagementsponsorship.
(B) Identifybusinessneeds.
(C) Conductapapertest.
(D) Performasystemrestoretest.
-
CISAQuestions
17
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
748
Whenauditingadisasterrecoveryplanforacriticalbusinessarea,anISauditorfindsthatitdoesnotcoverallthesystems.WhichofthefollowingistheMOSTappropriateactionfortheISauditor?
(A)
Alertmanagementandevaluatetheimpactofnotcoveringallsystems.
(B) Canceltheaudit.
(C)
Completetheauditofthesystemscoveredbytheexistingdisasterrecoveryplan.
(D)
Postponetheaudituntilthesystemsareaddedtothedisasterrecoveryplan.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
749
WhichofthefollowingshouldbeofMOSTconcerntoanISauditorreviewingtheBCP?
(A)
Thedisasterlevelsarebasedonscopesofdamagedfunctions,butnotonduration.
(B)
Thedifferencebetweenlowleveldisasterandsoftwareincidentsisnotclear.
(C)
TheoverallBCPisdocumented,butdetailedrecoverystepsarenotspecified.
(D) Theresponsibilityfordeclaringadisasterisnotidentified.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
750
Ofthefollowingalternatives,theFIRSTapproachtodevelopingadisasterrecoverystrategywouldbetoassesswhether:
(A) allthreatscanbecompletelyremoved.
(B) acosteffective,builtinresiliencecanbeimplemented.
(C) therecoverytimeobjectivecanbeoptimized.
(D) thecostofrecoverycanbeminimized.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
751
Anorganizationhasanumberofbranchesacrossawidegeographicalarea.Toensurethatallaspectsofthedisasterrecoveryplanareevaluatedinacosteffectivemanner,anISauditorshouldrecommendtheuseofa:
(A) datarecoverytest.
(B) fulloperationaltest.
(C) posttest.
(D) preparednesstest.
-
CISAQuestions
18
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
752 Iftherecoverytimeobjective(RTO)increases:
(A) thedisastertoleranceincreases.
(B) thecostofrecoveryincreases.
(C) acoldsitecannotbeused.
(D) thedatabackupfrequencyincreases.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
753
DuetochangesinIT,thedisasterrecoveryplanofalargeorganizationhasbeenchanged.WhatisthePRIMARYriskifthenewplanisnottested?
(A) Catastrophicserviceinterruption
(B) Highconsumptionofresources
(C) Totalcostoftherecoverymaynotbeminimized
(D)
Usersandrecoveryteamsmayfaceseveredifficultieswhenactivatingtheplan
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
754
Whendevelopingadisasterrecoveryplan,thecriteriafordeterminingtheacceptabledowntimeshouldbethe:
(A) annualizedlossexpectancy(ALE).
(B) servicedeliveryobjective.
(C) quantityoforphandata.
(D) maximumtolerableoutage.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
755 Alowerrecoverytimeobjective(RTO)resultsin:
(A) higherdisastertolerance.
(B) highercost.
(C) widerinterruptionwindows.
(D) morepermissivedataloss.
-
CISAQuestions
19
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
756
Regardingadisasterrecoveryplan,theroleofanISauditorshouldinclude:
(A) identifyingcriticalapplications.
(B)
determiningtheexternalserviceprovidersinvolvedinarecoverytest.
(C) observingthetestsofthedisasterrecoveryplan.
(D)
determiningthecriteriaforestablishingarecoverytimeobjective(RTO).
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2 NEW2009
757
Duringadisasterrecoverytest,anISauditorobservesthattheperformanceofthedisasterrecoverysite'sserverisslow.Tofindtherootcauseofthis,theISauditorshouldFIRSTreviewthe:
(A) eventerrorloggeneratedatthedisasterrecoverysite.
(B) disasterrecoverytestplan.
(C) disasterrecoveryplan(DRP).
(D)
configurationsandalignmentoftheprimaryanddisasterrecoverysites.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2 NEW2009
758
Anorganizationhasarecoverytimeobjective(RTO)equaltozeroandarecoverypointobjective(RPO)closeto1minuteforacriticalsystem.Thisimpliesthatthesystemcantolerate:
(A) adatalossofupto1minute,buttheprocessingmustbecontinuous.
(B)
a1minuteprocessinginterruptionbutcannottolerateanydataloss.
(C) aprocessinginterruptionof1minuteormore.
(D)
bothadatalossandaprocessinginterruptionlongerthan1minute.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2 NEW2009
759
WhichofthefollowingissuesshouldbetheGREATESTconcerntotheISauditorwhenreviewinganITdisasterrecoverytest?
(A)
Duetothelimitedtesttimewindow,onlythemostessentialsystemsweretested.Theothersystemsweretestedseparatelyduringtherestoftheyear.
(B)
Duringthetestitwasnoticedthatsomeofthebackupsystemsweredefectiveornotworking,causingthetestofthesesystemstofail.
(C)
Theprocedurestoshutdownandsecuretheoriginalproductionsitebeforestartingthebackupsiterequiredfarmoretimethanplanned.
(D)
Everyyear,thesameemployeesperformthetest.Therecoveryplandocumentsarenotusedsinceeverystepiswellknownbyallparticipants.
-
CISAQuestions
20
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2 NEW2009
760
Thefrequentupdatingofwhichofthefollowingiskeytothecontinuedeffectivenessofadisasterrecoveryplan(DRP)?
(A) Contactinformationofkeypersonnel
(B) Serverinventorydocumentation
(C) Individualrolesandresponsibilities
(D) Proceduresfordeclaringadisaster
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2 NEW2009
761
AlivetestofamutualagreementforITsystemrecoveryhasbeencarriedout,includingafourhourtestofintensiveusagebythebusinessunits.Thetesthasbeensuccessful,butgivesonlypartialassurancethatthe:
(A)
systemandtheIToperationsteamcansustainoperationsintheemergencyenvironment.
(B)
resourcesandtheenvironmentcouldsustainthetransactionload.
(C)
connectivitytotheapplicationsattheremotesitemeetsresponsetimerequirements.
(D)
workflowofactualbusinessoperationscanusetheemergencysystemincaseofadisaster.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2 NEW2009
762
Toaddressanorganization'sdisasterrecoveryrequirements,backupintervalsshouldnotexceedthe:
(A) servicelevelobjective(SLO).
(B) recoverytimeobjective(RTO).
(C) recoverypointobjective(RPO).
(D) maximumacceptableoutage(MAO).
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
763
WhichofthefollowingwouldhavetheHIGHESTpriorityinabusinesscontinuityplan(BCP)?
(A) Resumingcriticalprocesses
(B) Recoveringsensitiveprocesses
(C) Restoringthesite
(D) Relocatingoperationstoanalternativesite
-
CISAQuestions
21
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
764
Aftercompletingthebusinessimpactanalysis(BIA),whatisthenextstepinthebusinesscontinuityplanningprocess?
(A) Testandmaintaintheplan.
(B) Developaspecificplan.
(C) Developrecoverystrategies.
(D) Implementtheplan.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
765
Whichofthefollowingisanappropriatetestmethodtoapplytoabusinesscontinuityplan(BCP)?
(A) Pilot
(B) Paper
(C) Unit
(D) System
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
766
AnISauditorhasauditedabusinesscontinuityplan(BCP).WhichofthefollowingfindingsistheMOSTcritical?
(A)
Nonavailabilityofanalternateprivatebranchexchange(PBX)system
(B) Absenceofabackupforthenetworkbackbone
(C) Lackofbackupsystemsfortheusers'PCs
(D) Failureoftheaccesscardsystem
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
767
Aspartofthebusinesscontinuityplanningprocess,whichofthefollowingshouldbeidentifiedFIRSTinthebusinessimpactanalysis?
(A)
Organizationalrisks,suchassinglepointoffailureandinfrastructurerisk
(B) Threatstocriticalbusinessprocesses
(C)
Criticalbusinessprocessesforascertainingthepriorityforrecovery
(D) Resourcesrequiredforresumptionofbusiness
-
CISAQuestions
22
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
768
WhichofthefollowingactivitiesshouldthebusinesscontinuitymanagerperformFIRSTafterthereplacementofhardwareattheprimaryinformationprocessingfacility?
(A) Verifycompatibilitywiththehotsite.
(B) Reviewtheimplementationreport.
(C) Performawalkthroughofthedisasterrecoveryplan.
(D) UpdatetheISassetsinventory.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
769
WhichofthefollowingwouldcontributeMOSTtoaneffectivebusinesscontinuityplan(BCP)?
(A) Documentiscirculatedtoallinterestedparties
(B) Planninginvolvesalluserdepartments
(C) Approvalbyseniormanagement
(D) AuditbyanexternalISauditor
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
770
Todevelopasuccessfulbusinesscontinuityplan,enduserinvolvementiscriticalduringwhichofthefollowingphases?
(A) Businessrecoverystrategy
(B) Detailedplandevelopment
(C) Businessimpactanalysis(BIA)
(D) Testingandmaintenance
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
771
WhichofthefollowingwouldanISauditorconsidertobetheMOSTimportanttoreviewwhenconductingabusinesscontinuityaudit?
(A) Ahotsiteiscontractedforandavailableasneeded.
(B) Abusinesscontinuitymanualisavailableandcurrent.
(C) Insurancecoverageisadequateandpremiumsarecurrent.
(D) Mediabackupsareperformedonatimelybasisandstoredoffsite.
-
CISAQuestions
23
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
772
ThePRIMARYobjectiveofbusinesscontinuityanddisasterrecoveryplansshouldbeto:
(A) safeguardcriticalISassets.
(B) provideforcontinuityofoperations.
(C) minimizethelosstoanorganization.
(D) protecthumanlife.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
773
Afterafulloperationalcontingencytest,anISauditorperformsareviewoftherecoverysteps.Theauditorconcludesthatthetimeittookforthetechnologicalenvironmentandsystemstoreturntofullfunctioningexceededtherequiredcriticalrecoverytime.Whichofthefollowingshouldtheauditorrecommend?
(A) Performanintegralreviewoftherecoverytasks.
(B) Broadentheprocessingcapacitytogainrecoverytime.
(C) Makeimprovementsinthefacility'scirculationstructure.
(D) Increasetheamountofhumanresourcesinvolvedintherecovery.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
774
Whichofthefollowingisacontinuityplantestthatusesactualresourcestosimulateasystemcrashtocosteffectivelyobtainevidenceabouttheplan'seffectiveness?
(A) Papertest
(B) Posttest
(C) Preparednesstest
(D) Walkthrough
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
775
Whiledesigningthebusinesscontinuityplan(BCP)foranairlinereservationsystem,theMOSTappropriatemethodofdatatransfer/backupatanoffsitelocationwouldbe:
(A) shadowfileprocessing.
(B) electronicvaulting.
(C) harddiskmirroring.
(D) hotsiteprovisioning.
-
CISAQuestions
24
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
776
Dependingonthecomplexityofanorganization'sbusinesscontinuityplan(BCP),theplanmaybedevelopedasasetofmorethanoneplantoaddressvariousaspectsofbusinesscontinuityanddisasterrecovery.Insuchanenvironment,itisessentialthat:
(A) eachplanisconsistentwithoneanother.
(B) allplansareintegratedintoasingleplan.
(C) eachplanisdependentononeanother.
(D) thesequenceforimplementationofallplansisdefined.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
777
DuringabusinesscontinuityauditanISauditorfoundthatthebusinesscontinuityplan(BCP)coveredonlycriticalprocesses.TheISauditorshould:
(A) recommendthattheBCPcoverallbusinessprocesses.
(B) assesstheimpactoftheprocessesnotcovered.
(C) reportthefindingstotheITmanager.
(D) redefinecriticalprocesses.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
778
AnISauditornotedthatanorganizationhadadequatebusinesscontinuityplans(BCPs)foreachindividualprocess,butnocomprehensiveBCP.WhichwouldbetheBESTcourseofactionfortheISauditor?
(A) RecommendthatanadditionalcomprehensiveBCPbedeveloped.
(B) DeterminewhethertheBCPsareconsistent.
(C) AccepttheBCPsaswritten.
(D) RecommendthecreationofasingleBCP.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
779
Whendevelopingabusinesscontinuityplan(BCP),whichofthefollowingtoolsshouldbeusedtogainanunderstandingoftheorganization'sbusinessprocesses?
(A) Businesscontinuityselfaudit
(B) Resourcerecoveryanalysis
(C) Riskassessment
(D) Gapanalysis
-
CISAQuestions
25
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
780
Duringanauditofabusinesscontinuityplan(BCP),anISauditorfoundthat,althoughalldepartmentswerehousedinthesamebuilding,eachdepartmenthadaseparateBCP.TheISauditorrecommendedthattheBCPsbereconciled.WhichofthefollowingareasshouldbereconciledFIRST?
(A) Evacuationplan
(B) Recoverypriorities
(C) Backupstorages
(D) Calltree
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
781
Managementconsideredtwoprojectionsforitsbusinesscontinuityplan;planAwithtwomonthstorecoverandplanBwitheightmonthstorecover.Therecoveryobjectivesarethesameinbothplans.ItisreasonabletoexpectthatplanBprojectedhigher:
(A) downtimecosts.
(B) resumptioncosts.
(C) recoverycosts.
(D) walkthroughcosts.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
782
Theoptimumbusinesscontinuitystrategyforanentityisdeterminedbythe:
(A) lowestdowntimecostandhighestrecoverycost.
(B) lowestsumofdowntimecostandrecoverycost.
(C) lowestrecoverycostandhighestdowntimecost.
(D) averageofthecombineddowntimeandrecoverycost.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
783 ThePRIMARYobjectiveoftestingabusinesscontinuityplanisto:
(A) familiarizeemployeeswiththebusinesscontinuityplan.
(B) ensurethatallresidualrisksareaddressed.
(C) exerciseallpossibledisasterscenarios.
(D) identifylimitationsofthebusinesscontinuityplan.
-
CISAQuestions
26
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
784
Indeterminingtheacceptabletimeperiodfortheresumptionofcriticalbusinessprocesses:
(A) onlydowntimecostsneedtobeconsidered.
(B) recoveryoperationsshouldbeanalyzed.
(C) bothdowntimecostsandrecoverycostsneedtobeevaluated.
(D) indirectdowntimecostsshouldbeignored.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
785
Intheeventofadisruptionordisaster,whichofthefollowingtechnologiesprovidesforcontinuousoperations?
(A) Loadbalancing
(B) Faulttoleranthardware
(C) Distributedbackups
(D) Highavailabilitycomputing
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
786
WhichofthefollowingwouldbeMOSTimportantforanISauditortoverifywhenconductingabusinesscontinuityaudit?
(A) Databackupsareperformedonatimelybasis
(B) Arecoverysiteiscontractedforandavailableasneeded
(C) Humansafetyproceduresareinplace
(D) Insurancecoverageisadequateandpremiumsarecurrent
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
787
Whichofthefollowinginsurancetypesprovideforalossarisingfromfraudulentactsbyemployees?
(A) Businessinterruption
(B) Fidelitycoverage
(C) Errorsandomissions
(D) Extraexpense
-
CISAQuestions
27
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
788
TheBESTmethodforassessingtheeffectivenessofabusinesscontinuityplanistoreviewthe:
(A) plansandcomparethemtoappropriatestandards.
(B) resultsfromprevioustests.
(C) emergencyproceduresandemployeetraining.
(D) offsitestorageandenvironmentalcontrols.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
789
Withrespecttobusinesscontinuitystrategies,anISauditorinterviewskeystakeholdersinanorganizationtodeterminewhethertheyunderstandtheirrolesandresponsibilities.TheISauditorisattemptingtoevaluatethe:
(A) clarityandsimplicityofthebusinesscontinuityplans.
(B) adequacyofthebusinesscontinuityplans.
(C) effectivenessofthebusinesscontinuityplans.
(D)
abilityofISandenduserpersonneltorespondeffectivelyinemergencies.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
790
Duringthedesignofabusinesscontinuityplan,thebusinessimpactanalysis(BIA)identifiescriticalprocessesandsupportingapplications.ThiswillPRIMARILYinfluencethe:
(A) responsibilityformaintainingthebusinesscontinuityplan.
(B) criteriaforselectingarecoverysiteprovider.
(C) recoverystrategy.
(D) responsibilitiesofkeypersonnel.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
791
Duringareviewofabusinesscontinuityplan,anISauditornoticedthatthepointatwhichasituationisdeclaredtobeacrisishasnotbeendefined.TheMAJORriskassociatedwiththisisthat:
(A) assessmentofthesituationmaybedelayed.
(B) executionofthedisasterrecoveryplancouldbeimpacted.
(C) notificationoftheteamsmightnotoccur.
(D) potentialcrisisrecognitionmightbeineffective.
-
CISAQuestions
28
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
792
Anorganizationhasjustcompletedtheirannualriskassessment.Regardingthebusinesscontinuityplan,whatshouldanISauditorrecommendasthenextstepfortheorganization?
(A) Reviewandevaluatethebusinesscontinuityplanforadequacy
(B) Performafullsimulationofthebusinesscontinuityplan
(C)
Trainandeducateemployeesregardingthebusinesscontinuityplan
(D) Notifycriticalcontactsinthebusinesscontinuityplan
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
793
Integratingbusinesscontinuityplanning(BCP)intoanITprojectaidsin:
(A) theretrofittingofthebusinesscontinuityrequirements.
(B) thedevelopmentofamorecomprehensivesetofrequirements.
(C) thedevelopmentofatransactionflowchart.
(D) ensuringtheapplicationmeetstheuser'sneeds.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
794
Whileobservingafullsimulationofthebusinesscontinuityplan,anISauditornoticesthatthenotificationsystemswithintheorganizationalfacilitiescouldbeseverelyimpactedbyinfrastructuraldamage.TheBESTrecommendationtheISauditorcanprovidetotheorganizationistoensure:
(A) thesalvageteamistrainedtousethenotificationsystem.
(B) thenotificationsystemprovidesfortherecoveryofthebackup.
(C) redundanciesarebuiltintothenotificationsystem.
(D) thenotificationsystemsarestoredinavault.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
795
Theactivationofanenterprise'sbusinesscontinuityplanshouldbebasedonpredeterminedcriteriathataddressthe:
(A) durationoftheoutage.
(B) typeofoutage.
(C) probabilityoftheoutage.
(D) causeoftheoutage.
-
CISAQuestions
29
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3 NEW2009
796
Anorganizationhasoutsourceditswideareanetwork(WAN)toathirdpartyserviceprovider.Underthesecircumstances,whichofthefollowingisthePRIMARYtasktheISauditorshouldperformduringanauditofbusinesscontinuity(BCP)anddisasterrecoveryplanning(DRP)?
(A)
Reviewwhethertheserviceprovider'sBCPprocessisalignedwiththeorganization'sBCPandcontractualobligations.
(B)
Reviewwhethertheservicelevelagreement(SLA)containsapenaltyclauseincaseoffailuretomeetthelevelofserviceincaseofadisaster.
(C)
Reviewthemethodologyadoptedbytheorganizationinchoosingtheserviceprovider.
(D)
Reviewtheaccreditationofthethirdpartyserviceprovider'sstaff.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3 NEW2009
797
AnISauditorcanverifythatanorganization'sbusinesscontinuityplan(BCP)iseffectivebyreviewingthe:
(A) alignmentoftheBCPwithindustrybestpractices.
(B)
resultsofbusinesscontinuitytestsperformedbyISandenduserpersonnel.
(C)
offsitefacility,itscontents,securityandenvironmentalcontrols.
(D)
annualfinancialcostoftheBCPactivitiesversustheexpectedbenefitofimplementationoftheplan.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3 NEW2009
798
Tooptimizeanorganization'sbusinesscontingencyplan(BCP),anISauditorshouldrecommendconductingabusinessimpactanalysis(BIA)inordertodetermine:
(A)
thebusinessprocessesthatgeneratethemostfinancialvaluefortheorganizationandthereforemustberecoveredfirst.
(B)
theprioritiesandorderforrecoverytoensurealignmentwiththeorganization'sbusinessstrategy.
(C)
thebusinessprocessesthatmustberecoveredfollowingadisastertoensuretheorganization'ssurvival.
(D)
theprioritiesandorderofrecoverywhichwillrecoverthegreatestnumberofsystemsintheshortesttimeframe.
-
CISAQuestions
30
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3 NEW2009
799
Afinancialservicesorganizationisdevelopinganddocumentingbusinesscontinuitymeasures.InwhichofthefollowingcaseswouldanISauditorMOSTlikelyraiseanissue?
(A)
Theorganizationusesgoodpracticeguidelinesinsteadofindustrystandardsandreliesonexternaladvisorstoensuretheadequacyofthemethodology.
(B)
Thebusinesscontinuitycapabilitiesareplannedaroundacarefullyselectedsetofscenarioswhichdescribeeventsthatmighthappenwithareasonableprobability.
(C)
Therecoverytimeobjectives(RTOs)donottakeITdisasterrecoveryconstraintsintoaccount,suchaspersonnelorsystemdependenciesduringtherecoveryphase.
(D)
Theorganizationplanstorentasharedalternatesitewithemergencyworkplaceswhichhasonlyenoughroomforhalfofthenormalstaff.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3 NEW2009
800
Amediumsizedorganization,whoseITdisasterrecoverymeasureshavebeeninplaceandregularlytestedforyears,hasjustdevelopedaformalbusinesscontinuityplan(BCP).AbasicBCPtabletopexercisehasbeenperformedsuccessfully.WhichtestingshouldanISauditorrecommendbeperformedNEXTtoverifytheadequacyofthenewBCP?
(A)
Fullscaletestwithrelocationofalldepartments,includingIT,tothecontingencysite
(B)
Walkthroughtestofaseriesofpredefinedscenarioswithallcriticalpersonnelinvolved
(C)
ITdisasterrecoverytestwithbusinessdepartmentsinvolvedintestingthecriticalapplications
(D) FunctionaltestofascenariowithlimitedITinvolvement
