cisa questions business continuity and disaster recovery
DESCRIPTION
Sample Questions for the Certified Information Systems Audit ExaminationFocuses on Chapter 6: Business Continuity and Disaster RecoveryTRANSCRIPT
-
CISAQuestions
1
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
688 WhichofthefollowingwouldBESTsupport24/7availability?
(A) Dailybackup
(B) Offsitestorage
(C) Mirroring
(D) Periodictesting
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
689 ThePRIMARYpurposeofimplementingRedundantArrayofInexpensiveDisks(RAID)level1inafileserveristo:
(A) achieveperformanceimprovement.
(B) provideuserauthentication.
(C) ensureavailabilityofdata.
(D) ensuretheconfidentialityofdata.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
690 WhichofthefollowingistheMOSTimportantcriterionwhenselectingalocationforanoffsitestoragefacilityforISbackupfiles?Theoffsitefacilitymustbe:
(A) physicallyseparatedfromthedatacenterandnotsubjecttothesamerisks.
(B) giventhesamelevelofprotectionasthatofthecomputerdatacenter.
(C) outsourcedtoareliablethirdparty.
(D) equippedwithsurveillancecapabilities.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
691 Ifadatabaseisrestoredusingbeforeimagedumps,whereshouldtheprocessbeginfollowinganinterruption?
(A) Beforethelasttransaction
(B) Afterthelasttransaction
(C) Asthefirsttransactionafterthelatestcheckpoint
(D) Asthelasttransactionbeforethelatestcheckpoint
-
CISAQuestions
2
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
692 Inadditiontothebackupconsiderationsforallsystems,whichofthefollowingisanimportantconsiderationinprovidingbackupforonlinesystems?
(A) Maintainingsystemsoftwareparameters
(B) Ensuringperiodicdumpsoftransactionlogs
(C) Ensuringgrandfatherfathersonfilebackups
(D) Maintainingimportantdataatanoffsitelocation
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
693 Asupdatestoanonlineorderentrysystemareprocessed,theupdatesarerecordedonatransactiontapeandahardcopytransactionlog.Attheendoftheday,theorderentryfilesarebackedupontape.Duringthebackupprocedure,adrivemalfunctionsandtheorderentryfilesarelost.Whichofthefollowingisnecessarytorestorethesefiles?
(A) Thepreviousday'sbackupfileandthecurrenttransactiontape
(B) Thepreviousday'stransactionfileandthecurrenttransactiontape
(C) Thecurrenttransactiontapeandthecurrenthardcopytransactionlog
(D) Thecurrenthardcopytransactionlogandthepreviousday'stransactionfile
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
694 Anoffsiteinformationprocessingfacility:
(A) shouldhavethesameamountofphysicalaccessrestrictionsastheprimaryprocessingsite.
(B) shouldbeeasilyidentifiedfromtheoutsidesothat,intheeventofanemergency,itcanbeeasilyfound.
(C) shouldbelocatedinproximitytotheoriginatingsite,soitcanquicklybemadeoperational.
(D) neednothavethesamelevelofenvironmentalmonitoringastheoriginatingsite.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
695 AnISauditorperformingareviewofthebackupprocessingfacilitiesshouldbeMOSTconcernedthat:
(A) adequatefireinsuranceexists.
(B) regularhardwaremaintenanceisperformed.
(C) offsitestorageoftransactionandmasterfilesexists.
(D) backupprocessingfacilitiesarefullytested.
-
CISAQuestions
3
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
696 WhichofthefollowingprocedureswouldBESTdeterminewhetheradequaterecovery/restartproceduresexist?
(A) Reviewingprogramcode
(B) Reviewingoperationsdocumentation
(C) TurningofftheUPS,thenthepower
(D) Reviewingprogramdocumentation
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
697 WhichofthefollowingfindingsshouldanISauditorbeMOSTconcernedaboutwhenperforminganauditofbackupandrecoveryandtheoffsitestoragevault?
(A) Therearethreeindividualswithakeytoenterthearea.
(B) Paperdocumentsarealsostoredintheoffsitevault.
(C) Datafilesthatarestoredinthevaultaresynchronized.
(D) Theoffsitevaultislocatedinaseparatefacility.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
698 Onlinebankingtransactionsarebeingpostedtothedatabasewhenprocessingsuddenlycomestoahalt.TheintegrityofthetransactionprocessingisBESTensuredby:
(A) databaseintegritychecks.
(B) validationchecks.
(C) inputcontrols.
(D) databasecommitsandrollbacks.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
699 Toprovideprotectionformediabackupstoredatanoffsitelocation,thestoragesiteshouldbe:
(A) locatedonadifferentfloorofthebuilding.
(B) easilyaccessiblebyeveryone.
(C) clearlylabeledforemergencyaccess.
(D) protectedfromunauthorizedaccess.
-
CISAQuestions
4
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
700 Whichofthefollowingensurestheavailabilityoftransactionsintheeventofadisaster?
(A) Sendtapeshourlycontainingtransactionsoffsite.
(B) Sendtapesdailycontainingtransactionsoffsite.
(C) Capturetransactionstomultiplestoragedevices.
(D) Transmittransactionsoffsiteinrealtime.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
701 ISmanagementhasdecidedtoinstallalevel1RedundantArrayofInexpensiveDisks(RAID)systeminallserverstocompensatefortheeliminationofoffsitebackups.TheISauditorshouldrecommend:
(A) upgradingtoalevel5RAID.
(B) increasingthefrequencyofonsitebackups.
(C) reinstatingtheoffsitebackups.
(D) establishingacoldsiteinasecurelocation.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
702 InwhichofthefollowingsituationsisitMOSTappropriatetoimplementdatamirroringastherecoverystrategy?
(A) Disastertoleranceishigh.
(B) Recoverytimeobjectiveishigh.
(C) Recoverypointobjectiveislow.
(D) Recoverypointobjectiveishigh.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
703 NetworkDataManagementProtocol(NDMP)technologyshouldbeusedforbackupif:
(A) anetworkattachedstorage(NAS)applianceisrequired.
(B) theuseofTCP/IPmustbeavoided.
(C) filepermissionsthatcannotbehandledbylegacybackupsystemsmustbebackedup.
(D) backupconsistencyoverseveralrelateddatavolumesmustbeensured.
-
CISAQuestions
5
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
704 Anorganizationcurrentlyusingtapebackupstakesonefullbackupweeklyandincrementalbackupsdaily.Theyrecentlyaugmentedtheirtapebackupprocedureswithabackuptodisksolution.Thisisappropriatebecause:
(A) fastsyntheticbackupsforoffsitestoragearesupported.
(B) backuptodiskisalwayssignificantlyfasterthanbackuptotape.
(C) tapelibrariesarenolongerneeded.
(D) datastorageondisksismorereliablethanontapes.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
705 WhichofthefollowingshouldbetheMOSTimportantcriterioninevaluatingabackupsolutionforsensitivedatathatmustberetainedforalongperiodoftimeduetoregulatoryrequirements?
(A) Fullbackupwindow
(B) Mediacosts
(C) Restorewindow
(D) Mediareliability
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
706 Intheeventofadatacenterdisaster,whichofthefollowingwouldbetheMOSTappropriatestrategytoenableacompleterecoveryofacriticaldatabase?
(A) Dailydatabackuptotapeandstorageataremotesite
(B) Realtimereplicationtoaremotesite
(C) Harddiskmirroringtoalocalserver
(D) Realtimedatabackuptothelocalstorageareanetwork(SAN)
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
707 WhichofthefollowingbackuptechniquesistheMOSTappropriatewhenanorganizationrequiresextremelygranulardatarestorepoints,asdefinedintherecoverypointobjective(RPO)?
(A) Virtualtapelibraries
(B) Diskbasedsnapshots
(C) Continuousdatabackup
(D) Disktotapebackup
-
CISAQuestions
6
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1
708 WhatistheBESTbackupstrategyforalargedatabasewithdatasupportingonlinesales?
(A) Weeklyfullbackupwithdailyincrementalbackup
(B) Dailyfullbackup
(C) Clusteredservers
(D) Mirroredharddisks
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1 NEW2009
709 Duringanaudit,anISauditornotesthatanorganization'sbusinesscontinuityplan(BCP)doesnotadequatelyaddressinformationconfidentialityduringarecoveryprocess.TheISauditorshouldrecommendthattheplanbemodifiedtoinclude:
(A) thelevelofinformationsecurityrequiredwhenbusinessrecoveryproceduresareinvoked.
(B) informationsecurityrolesandresponsibilitiesinthecrisismanagementstructure.
(C) informationsecurityresourcerequirements.
(D) changemanagementproceduresforinformationsecuritythatcouldaffectbusinesscontinuityarrangements.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1 NEW2009
710 WhichofthefollowingistheGREATESTriskwhenstoragegrowthinacriticalfileserverisnotmanagedproperly?
(A) Backuptimewouldsteadilyincrease
(B) Backupoperationalcostwouldsignificantlyincrease
(C) Storageoperationalcostwouldsignificantlyincrease
(D) Serverrecoveryworkmaynotmeettherecoverytimeobjective(RTO)
BUSINESSCONTINUITYANDDISASTERRECOVERY6.1 NEW2009
711 WhichofthefollowingistheMOSTimportantconsiderationwhendefiningrecoverypointobjectives(RPOs)?
(A) Minimumoperatingrequirements
(B) Acceptabledataloss
(C) Meantimebetweenfailures
(D) Acceptabletimeforrecovery
-
CISAQuestions
7
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
712 Astructuredwalkthroughtestofadisasterrecoveryplaninvolves:
(A) representativesfromeachofthefunctionalareascomingtogethertogoovertheplan.
(B) allemployeeswhoparticipateinthedaytodayoperationscomingtogethertopracticeexecutingtheplan.
(C) movingthesystemstothealternateprocessingsiteandperformingprocessingoperations.
(D) distributingcopiesoftheplantothevariousfunctionalareasforreview.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
713 Inacontractwithahot,warmorcoldsite,contractualprovisionsshouldcoverwhichofthefollowingconsiderations?
(A) Physicalsecuritymeasures
(B) Totalnumberofsubscribers
(C) Numberofsubscriberspermittedtouseasiteatonetime
(D) Referencesbyotherusers
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
714 WhichofthefollowingistheGREATESTconcernwhenanorganization'sbackupfacilityisatawarmsite?
(A) Timelyavailabilityofhardware
(B) Availabilityofheat,humidityandairconditioningequipment
(C) Adequacyofelectricalpowerconnections
(D) Effectivenessofthetelecommunicationsnetwork
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
715 WhichofthefollowingrecoverystrategiesisMOSTappropriateforabusinesshavingmultipleofficeswithinaregionandalimitedrecoverybudget?
(A) Ahotsitemaintainedbythebusiness
(B) Acommercialcoldsite
(C) Areciprocalarrangementbetweenitsoffices
(D) Athirdpartyhotsite
-
CISAQuestions
8
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
716 ThePRIMARYpurposeofabusinessimpactanalysis(BIA)isto:
(A) provideaplanforresumingoperationsafteradisaster.
(B) identifytheeventsthatcouldimpactthecontinuityofanorganization'soperations.
(C) publicizethecommitmentoftheorganizationtophysicalandlogicalsecurity.
(D) providetheframeworkforaneffectivedisasterrecoveryplan.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
717 Afterimplementationofadisasterrecoveryplan,predisasterandpostdisasteroperationalcostsforanorganizationwill:
(A) decrease.
(B) notchange(remainthesame).
(C) increase.
(D) increaseordecreasedependinguponthenatureofthebusiness.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
718 WhichofthefollowingistheMOSTreasonableoptionforrecoveringanoncriticalsystem?
(A) Warmsite
(B) Mobilesite
(C) Hotsite
(D) Coldsite
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
719 Anorganizationhavinganumberofofficesacrossawidegeographicalareahasdevelopedadisasterrecoveryplan.Usingactualresources,whichofthefollowingistheMOSTcosteffectivetestofthedisasterrecoveryplan?
(A) Fulloperationaltest
(B) Preparednesstest
(C) Papertest
(D) Regressiontest
-
CISAQuestions
9
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
720 Anorganization'sdisasterrecoveryplanshouldaddressearlyrecoveryof:
(A) allinformationsystemsprocesses.
(B) allfinancialprocessingapplications.
(C) onlythoseapplicationsdesignatedbytheISmanager.
(D) processinginpriorityorder,asdefinedbybusinessmanagement.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
721 Anadvantageoftheuseofhotsitesasabackupalternativeisthat:
(A) thecostsassociatedwithhotsitesarelow.
(B) hotsitescanbeusedforanextendedamountoftime.
(C) hotsitescanbemadereadyforoperationwithinashortperiodoftime.
(D) theydonotrequirethatequipmentandsystemssoftwarebecompatiblewiththeprimarysite.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
722 Whichofthefollowingisapracticethatshouldbeincorporatedintotheplanfortestingdisasterrecoveryprocedures?
(A) Inviteclientparticipation.
(B) Involvealltechnicalstaff.
(C) Rotaterecoverymanagers.
(D) Installlocallystoredbackup.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
723 Disasterrecoveryplanning(DRP)addressesthe:
(A) technologicalaspectofbusinesscontinuityplanning.
(B) operationalpieceofbusinesscontinuityplanning.
(C) functionalaspectofbusinesscontinuityplanning.
(D) overallcoordinationofbusinesscontinuityplanning.
-
CISAQuestions
10
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
724 AnISauditorconductingareviewofdisasterrecoveryplanning(DRP)atafinancialprocessingorganizationhasdiscoveredthefollowing:
Theexistingdisasterrecoveryplanwascompiledtwoyearsearlierbyasystemsanalystintheorganization'sITdepartmentusingtransactionflowprojectionsfromtheoperationsdepartment.
TheplanwaspresentedtothedeputyCEOforapprovalandformalissue,butitisstillawaitingtheirattention.
Theplanhasneverbeenupdated,testedorcirculatedtokeymanagementandstaff,thoughinterviewsshowthateachwouldknowwhatactiontotakeforitsareaintheeventofadisruptiveincident.
TheISauditor'sreportshouldrecommendthat:
(A) thedeputyCEObecensuredfortheirfailuretoapprovetheplan.
(B) aboardofseniormanagersissetuptoreviewtheexistingplan.
(C) theexistingplanisapprovedandcirculatedtoallkeymanagementandstaff.
(D) amanagercoordinatesthecreationofaneworrevisedplanwithinadefinedtimelimit.
-
CISAQuestions
11
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
725 AnISauditorconductingareviewofdisasterrecoveryplanning(DRP)atafinancialprocessingorganizationhasdiscoveredthefollowing:
Theexistingdisasterrecoveryplanwascompiledtwoyearsearlierbyasystemsanalystintheorganization'sITdepartmentusingtransactionflowprojectionsfromtheoperationsdepartment.
TheplanwaspresentedtothedeputyCEOforapprovalandformalissue,butitisstillawaitinghis/herattention.
Theplanhasneverbeenupdated,testedorcirculatedtokeymanagementandstaff,thoughinterviewsshowthateachwouldknowwhatactiontotakeforitsareaintheeventofadisruptiveincident.
Thebasisofanorganization'sdisasterrecoveryplanistoreestablishliveprocessingatanalternativesitewhereasimilar,butnotidentical,hardwareconfigurationisalreadyestablished.AnISauditorshould:
(A) takenoactionasthelackofacurrentplanistheonlysignificantfinding.
(B) recommendthatthehardwareconfigurationateachsiteisidentical.
(C) performareviewtoverifythatthesecondconfigurationcansupportliveprocessing.
(D) reportthatthefinancialexpenditureonthealternativesiteiswastedwithoutaneffectiveplan.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
726 Disasterrecoveryplanning(DRP)foracompany'scomputersystemusuallyfocuseson:
(A) operationsturnoverprocedures.
(B) strategiclongrangeplanning.
(C) theprobabilitythatadisasterwilloccur.
(D) alternativeprocedurestoprocesstransactions.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
727 TheMAINpurposeforperiodicallytestingoffsitefacilitiesisto:
(A) protecttheintegrityofthedatainthedatabase.
(B) eliminatetheneedtodevelopdetailedcontingencyplans.
(C) ensurethecontinuedcompatibilityofthecontingencyfacilities.
(D) ensurethatprogramandsystemdocumentationremainscurrent.
-
CISAQuestions
12
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
728 Alargechainofshopswithelectronicfundstransfer(EFT)atpointofsaledeviceshasacentralcommunicationsprocessorforconnectingtothebankingnetwork.WhichofthefollowingistheBESTdisasterrecoveryplanforthecommunicationsprocessor?
(A) Offsitestorageofdailybackups
(B) Alternativestandbyprocessoronsite
(C) Installationofduplexcommunicationlinks
(D) Alternativestandbyprocessoratanothernetworknode
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
729 FacilitatingtelecommunicationscontinuitybyprovidingredundantcombinationsoflocalcarrierT1lines,microwavesand/orcoaxialcablestoaccessthelocalcommunicationloopis:
(A) lastmilecircuitprotection.
(B) longhaulnetworkdiversity.
(C) diverserouting.
(D) alternativerouting.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
730 WhichofthefollowingrepresentstheGREATESTriskcreatedbyareciprocalagreementfordisasterrecoverymadebetweentwocompanies?
(A) Developmentsmayresultinhardwareandsoftwareincompatibility.
(B) Resourcesmaynotbeavailablewhenneeded.
(C) Therecoveryplancannotbetested.
(D) Thesecurityinfrastructuresineachcompanymaybedifferent.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
731 WhichofthefollowingwouldBESTensurecontinuityofawideareanetwork(WAN)acrosstheorganization?
(A) Builtinalternativerouting
(B) Completingfullsystembackupdaily
(C) Arepaircontractwithaserviceprovider
(D) Aduplicatemachinealongsideeachserver
-
CISAQuestions
13
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
732 AnISauditorreviewinganorganization'sISdisasterrecoveryplanshouldverifythatitis:
(A) testedeverysixmonths.
(B) regularlyreviewedandupdated.
(C) approvedbythechiefexecutiveofficer(CEO).
(D) communicatedtoeverydepartmentheadintheorganization.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
733 Thereareseveralmethodsofprovidingtelecommunicationscontinuity.Themethodofroutingtrafficthroughsplitcableorduplicatecablefacilitiesiscalled:
(A) alternativerouting.
(B) diverserouting.
(C) longhaulnetworkdiversity.
(D) lastmilecircuitprotection.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
734 Theresponsibilitiesofadisasterrecoveryrelocationteaminclude:
(A) obtaining,packagingandshippingmediaandrecordstotherecoveryfacilities,aswellasestablishingandoverseeinganoffsitestorageschedule.
(B) locatingarecoverysite,ifonehasnotbeenpredetermined,andcoordinatingthetransportofcompanyemployeestotherecoverysite.
(C) managingtherelocationprojectandconductingamoredetailedassessmentofthedamagetothefacilitiesandequipment.
(D) coordinatingtheprocessofmovingfromthehotsitetoanewlocationortotherestoredoriginallocation.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
735 Whilereviewingthebusinesscontinuityplanofanorganization,anISauditorobservedthattheorganization'sdataandsoftwarefilesarebackeduponaperiodicbasis.Whichcharacteristicofaneffectiveplandoesthisdemonstrate?
(A) Deterrence
(B) Mitigation
(C) Recovery
(D) Response
-
CISAQuestions
14
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
736 Whichofthefollowingdisasterrecovery/continuityplancomponentsprovidestheGREATESTassuranceofrecoveryafteradisaster?
(A) Thealternatefacilitywillbeavailableuntiltheoriginalinformationprocessingfacilityisrestored.
(B) Usermanagementisinvolvedintheidentificationofcriticalsystemsandtheirassociatedcriticalrecoverytimes.
(C) Copiesoftheplanarekeptatthehomesofkeydecisionmakingpersonnel.
(D) Feedbackisprovidedtomanagementassuringthemthatthebusinesscontinuityplansareindeedworkableandthattheproceduresarecurrent.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
737 Whichofthefollowingmustexisttoensuretheviabilityofaduplicateinformationprocessingfacility?
(A) Thesiteisneartheprimarysitetoensurequickandefficientrecovery.
(B) Thesitecontainsthemostadvancedhardwareavailable.
(C) Theworkloadoftheprimarysiteismonitoredtoensureadequatebackupisavailable.
(D) Thehardwareistestedwhenitisinstalledtoensureitisworkingproperly.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
738 Anoffsiteinformationprocessingfacilitywithelectricalwiring,airconditioningandflooring,butnocomputerorcommunicationsequipment,isa:
(A) coldsite.
(B) warmsite.
(C) dialupsite.
(D) duplicateprocessingfacility.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
739 Adisasterrecoveryplanforanorganizationshould:
(A) reducethelengthoftherecoverytimeandthecostofrecovery.
(B) increasethelengthoftherecoverytimeandthecostofrecovery.
(C) reducethedurationoftherecoverytimeandincreasethecostofrecovery.
(D) affectneithertherecoverytimenorthecostofrecovery.
-
CISAQuestions
15
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
740 Adisasterrecoveryplanforanorganization'sfinancialsystemspecifiesthattherecoverypointobjective(RPO)isnodatalossandtherecoverytimeobjective(RTO)is72hours.WhichofthefollowingistheMOSTcosteffectivesolution?
(A) Ahotsitethatcanbeoperationalineighthourswithasynchronousbackupofthetransactionlogs
(B) Distributeddatabasesystemsinmultiplelocationsupdatedasynchronously
(C) Synchronousupdatesofthedataandstandbyactivesystemsinahotsite
(D) Synchronousremotecopyofthedatainawarmsitethatcanbeoperationalin48hours
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
741 Afinancialinstitutionthatprocessesmillionsoftransactionseachdayhasacentralcommunicationsprocessor(switch)forconnectingtoautomatedtellermachines(ATMs).WhichofthefollowingwouldbetheBESTcontingencyplanforthecommunicationsprocessor?
(A) Reciprocalagreementwithanotherorganization
(B) Alternateprocessorinthesamelocation
(C) Alternateprocessoratanothernetworknode
(D) Installationofduplexcommunicationlinks
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
742 Thecostofongoingoperationswhenadisasterrecoveryplanisinplace,comparedtonothavingadisasterrecoveryplan,willMOSTlikely:
(A) increase.
(B) decrease.
(C) remainthesame.
(D) beunpredictable.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
743 WhichofthefollowingtasksshouldbeperformedFIRSTwhenpreparingadisasterrecoveryplan?
(A) Developarecoverystrategy.
(B) Performabusinessimpactanalysis.
(C) Mapsoftwaresystems,hardwareandnetworkcomponents.
(D) Appointrecoveryteamswithdefinedpersonnel,rolesandhierarchy.
-
CISAQuestions
16
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
744 WhichofthefollowingprovidestheBESTevidenceofanorganization'sdisasterrecoveryreadiness?
(A) Adisasterrecoveryplan
(B) Customerreferencesforthealternatesiteprovider
(C) Processesformaintainingthedisasterrecoveryplan
(D) Resultsoftestsanddrills
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
745 WhichofthefollowingistheBESTmethodfordeterminingthecriticalityofeachapplicationsystemintheproductionenvironment?
(A) Interviewtheapplicationprogrammers.
(B) Performagapanalysis.
(C) Reviewthemostrecentapplicationaudits.
(D) Performabusinessimpactanalysis.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
746 Ahotsiteshouldbeimplementedasarecoverystrategywhenthe:
(A) disastertoleranceislow.
(B) recoverypointobjective(RPO)ishigh.
(C) recoverytimeobjective(RTO)ishigh.
(D) disastertoleranceishigh.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
747 Anorganizationhasimplementedadisasterrecoveryplan.Whichofthefollowingstepsshouldbecarriedoutnext?
(A) Obtainseniormanagementsponsorship.
(B) Identifybusinessneeds.
(C) Conductapapertest.
(D) Performasystemrestoretest.
-
CISAQuestions
17
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
748 Whenauditingadisasterrecoveryplanforacriticalbusinessarea,anISauditorfindsthatitdoesnotcoverallthesystems.WhichofthefollowingistheMOSTappropriateactionfortheISauditor?
(A) Alertmanagementandevaluatetheimpactofnotcoveringallsystems.
(B) Canceltheaudit.
(C) Completetheauditofthesystemscoveredbytheexistingdisasterrecoveryplan.
(D) Postponetheaudituntilthesystemsareaddedtothedisasterrecoveryplan.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
749 WhichofthefollowingshouldbeofMOSTconcerntoanISauditorreviewingtheBCP?
(A) Thedisasterlevelsarebasedonscopesofdamagedfunctions,butnotonduration.
(B) Thedifferencebetweenlowleveldisasterandsoftwareincidentsisnotclear.
(C) TheoverallBCPisdocumented,butdetailedrecoverystepsarenotspecified.
(D) Theresponsibilityfordeclaringadisasterisnotidentified.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
750 Ofthefollowingalternatives,theFIRSTapproachtodevelopingadisasterrecoverystrategywouldbetoassesswhether:
(A) allthreatscanbecompletelyremoved.
(B) acosteffective,builtinresiliencecanbeimplemented.
(C) therecoverytimeobjectivecanbeoptimized.
(D) thecostofrecoverycanbeminimized.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
751 Anorganizationhasanumberofbranchesacrossawidegeographicalarea.Toensurethatallaspectsofthedisasterrecoveryplanareevaluatedinacosteffectivemanner,anISauditorshouldrecommendtheuseofa:
(A) datarecoverytest.
(B) fulloperationaltest.
(C) posttest.
(D) preparednesstest.
-
CISAQuestions
18
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
752 Iftherecoverytimeobjective(RTO)increases:
(A) thedisastertoleranceincreases.
(B) thecostofrecoveryincreases.
(C) acoldsitecannotbeused.
(D) thedatabackupfrequencyincreases.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
753 DuetochangesinIT,thedisasterrecoveryplanofalargeorganizationhasbeenchanged.WhatisthePRIMARYriskifthenewplanisnottested?
(A) Catastrophicserviceinterruption
(B) Highconsumptionofresources
(C) Totalcostoftherecoverymaynotbeminimized
(D) Usersandrecoveryteamsmayfaceseveredifficultieswhenactivatingtheplan
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
754 Whendevelopingadisasterrecoveryplan,thecriteriafordeterminingtheacceptabledowntimeshouldbethe:
(A) annualizedlossexpectancy(ALE).
(B) servicedeliveryobjective.
(C) quantityoforphandata.
(D) maximumtolerableoutage.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
755 Alowerrecoverytimeobjective(RTO)resultsin:
(A) higherdisastertolerance.
(B) highercost.
(C) widerinterruptionwindows.
(D) morepermissivedataloss.
-
CISAQuestions
19
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2
756 Regardingadisasterrecoveryplan,theroleofanISauditorshouldinclude:
(A) identifyingcriticalapplications.
(B) determiningtheexternalserviceprovidersinvolvedinarecoverytest.
(C) observingthetestsofthedisasterrecoveryplan.
(D) determiningthecriteriaforestablishingarecoverytimeobjective(RTO).
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2 NEW2009
757 Duringadisasterrecoverytest,anISauditorobservesthattheperformanceofthedisasterrecoverysite'sserverisslow.Tofindtherootcauseofthis,theISauditorshouldFIRSTreviewthe:
(A) eventerrorloggeneratedatthedisasterrecoverysite.
(B) disasterrecoverytestplan.
(C) disasterrecoveryplan(DRP).
(D) configurationsandalignmentoftheprimaryanddisasterrecoverysites.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2 NEW2009
758 Anorganizationhasarecoverytimeobjective(RTO)equaltozeroandarecoverypointobjective(RPO)closeto1minuteforacriticalsystem.Thisimpliesthatthesystemcantolerate:
(A) adatalossofupto1minute,buttheprocessingmustbecontinuous.
(B) a1minuteprocessinginterruptionbutcannottolerateanydataloss.
(C) aprocessinginterruptionof1minuteormore.
(D) bothadatalossandaprocessinginterruptionlongerthan1minute.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2 NEW2009
759 WhichofthefollowingissuesshouldbetheGREATESTconcerntotheISauditorwhenreviewinganITdisasterrecoverytest?
(A) Duetothelimitedtesttimewindow,onlythemostessentialsystemsweretested.Theothersystemsweretestedseparatelyduringtherestoftheyear.
(B) Duringthetestitwasnoticedthatsomeofthebackupsystemsweredefectiveornotworking,causingthetestofthesesystemstofail.
(C) Theprocedurestoshutdownandsecuretheoriginalproductionsitebeforestartingthebackupsiterequiredfarmoretimethanplanned.
(D) Everyyear,thesameemployeesperformthetest.Therecoveryplandocumentsarenotusedsinceeverystepiswellknownbyallparticipants.
-
CISAQuestions
20
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2 NEW2009
760 Thefrequentupdatingofwhichofthefollowingiskeytothecontinuedeffectivenessofadisasterrecoveryplan(DRP)?
(A) Contactinformationofkeypersonnel
(B) Serverinventorydocumentation
(C) Individualrolesandresponsibilities
(D) Proceduresfordeclaringadisaster
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2 NEW2009
761 AlivetestofamutualagreementforITsystemrecoveryhasbeencarriedout,includingafourhourtestofintensiveusagebythebusinessunits.Thetesthasbeensuccessful,butgivesonlypartialassurancethatthe:
(A) systemandtheIToperationsteamcansustainoperationsintheemergencyenvironment.
(B) resourcesandtheenvironmentcouldsustainthetransactionload.
(C) connectivitytotheapplicationsattheremotesitemeetsresponsetimerequirements.
(D) workflowofactualbusinessoperationscanusetheemergencysystemincaseofadisaster.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.2 NEW2009
762 Toaddressanorganization'sdisasterrecoveryrequirements,backupintervalsshouldnotexceedthe:
(A) servicelevelobjective(SLO).
(B) recoverytimeobjective(RTO).
(C) recoverypointobjective(RPO).
(D) maximumacceptableoutage(MAO).
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
763 WhichofthefollowingwouldhavetheHIGHESTpriorityinabusinesscontinuityplan(BCP)?
(A) Resumingcriticalprocesses
(B) Recoveringsensitiveprocesses
(C) Restoringthesite
(D) Relocatingoperationstoanalternativesite
-
CISAQuestions
21
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
764 Aftercompletingthebusinessimpactanalysis(BIA),whatisthenextstepinthebusinesscontinuityplanningprocess?
(A) Testandmaintaintheplan.
(B) Developaspecificplan.
(C) Developrecoverystrategies.
(D) Implementtheplan.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
765 Whichofthefollowingisanappropriatetestmethodtoapplytoabusinesscontinuityplan(BCP)?
(A) Pilot
(B) Paper
(C) Unit
(D) System
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
766 AnISauditorhasauditedabusinesscontinuityplan(BCP).WhichofthefollowingfindingsistheMOSTcritical?
(A) Nonavailabilityofanalternateprivatebranchexchange(PBX)system
(B) Absenceofabackupforthenetworkbackbone
(C) Lackofbackupsystemsfortheusers'PCs
(D) Failureoftheaccesscardsystem
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
767 Aspartofthebusinesscontinuityplanningprocess,whichofthefollowingshouldbeidentifiedFIRSTinthebusinessimpactanalysis?
(A) Organizationalrisks,suchassinglepointoffailureandinfrastructurerisk
(B) Threatstocriticalbusinessprocesses
(C) Criticalbusinessprocessesforascertainingthepriorityforrecovery
(D) Resourcesrequiredforresumptionofbusiness
-
CISAQuestions
22
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
768 WhichofthefollowingactivitiesshouldthebusinesscontinuitymanagerperformFIRSTafterthereplacementofhardwareattheprimaryinformationprocessingfacility?
(A) Verifycompatibilitywiththehotsite.
(B) Reviewtheimplementationreport.
(C) Performawalkthroughofthedisasterrecoveryplan.
(D) UpdatetheISassetsinventory.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
769 WhichofthefollowingwouldcontributeMOSTtoaneffectivebusinesscontinuityplan(BCP)?
(A) Documentiscirculatedtoallinterestedparties
(B) Planninginvolvesalluserdepartments
(C) Approvalbyseniormanagement
(D) AuditbyanexternalISauditor
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
770 Todevelopasuccessfulbusinesscontinuityplan,enduserinvolvementiscriticalduringwhichofthefollowingphases?
(A) Businessrecoverystrategy
(B) Detailedplandevelopment
(C) Businessimpactanalysis(BIA)
(D) Testingandmaintenance
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
771 WhichofthefollowingwouldanISauditorconsidertobetheMOSTimportanttoreviewwhenconductingabusinesscontinuityaudit?
(A) Ahotsiteiscontractedforandavailableasneeded.
(B) Abusinesscontinuitymanualisavailableandcurrent.
(C) Insurancecoverageisadequateandpremiumsarecurrent.
(D) Mediabackupsareperformedonatimelybasisandstoredoffsite.
-
CISAQuestions
23
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
772 ThePRIMARYobjectiveofbusinesscontinuityanddisasterrecoveryplansshouldbeto:
(A) safeguardcriticalISassets.
(B) provideforcontinuityofoperations.
(C) minimizethelosstoanorganization.
(D) protecthumanlife.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
773 Afterafulloperationalcontingencytest,anISauditorperformsareviewoftherecoverysteps.Theauditorconcludesthatthetimeittookforthetechnologicalenvironmentandsystemstoreturntofullfunctioningexceededtherequiredcriticalrecoverytime.Whichofthefollowingshouldtheauditorrecommend?
(A) Performanintegralreviewoftherecoverytasks.
(B) Broadentheprocessingcapacitytogainrecoverytime.
(C) Makeimprovementsinthefacility'scirculationstructure.
(D) Increasetheamountofhumanresourcesinvolvedintherecovery.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
774 Whichofthefollowingisacontinuityplantestthatusesactualresourcestosimulateasystemcrashtocosteffectivelyobtainevidenceabouttheplan'seffectiveness?
(A) Papertest
(B) Posttest
(C) Preparednesstest
(D) Walkthrough
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
775 Whiledesigningthebusinesscontinuityplan(BCP)foranairlinereservationsystem,theMOSTappropriatemethodofdatatransfer/backupatanoffsitelocationwouldbe:
(A) shadowfileprocessing.
(B) electronicvaulting.
(C) harddiskmirroring.
(D) hotsiteprovisioning.
-
CISAQuestions
24
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
776 Dependingonthecomplexityofanorganization'sbusinesscontinuityplan(BCP),theplanmaybedevelopedasasetofmorethanoneplantoaddressvariousaspectsofbusinesscontinuityanddisasterrecovery.Insuchanenvironment,itisessentialthat:
(A) eachplanisconsistentwithoneanother.
(B) allplansareintegratedintoasingleplan.
(C) eachplanisdependentononeanother.
(D) thesequenceforimplementationofallplansisdefined.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
777 DuringabusinesscontinuityauditanISauditorfoundthatthebusinesscontinuityplan(BCP)coveredonlycriticalprocesses.TheISauditorshould:
(A) recommendthattheBCPcoverallbusinessprocesses.
(B) assesstheimpactoftheprocessesnotcovered.
(C) reportthefindingstotheITmanager.
(D) redefinecriticalprocesses.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
778 AnISauditornotedthatanorganizationhadadequatebusinesscontinuityplans(BCPs)foreachindividualprocess,butnocomprehensiveBCP.WhichwouldbetheBESTcourseofactionfortheISauditor?
(A) RecommendthatanadditionalcomprehensiveBCPbedeveloped.
(B) DeterminewhethertheBCPsareconsistent.
(C) AccepttheBCPsaswritten.
(D) RecommendthecreationofasingleBCP.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
779 Whendevelopingabusinesscontinuityplan(BCP),whichofthefollowingtoolsshouldbeusedtogainanunderstandingoftheorganization'sbusinessprocesses?
(A) Businesscontinuityselfaudit
(B) Resourcerecoveryanalysis
(C) Riskassessment
(D) Gapanalysis
-
CISAQuestions
25
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
780 Duringanauditofabusinesscontinuityplan(BCP),anISauditorfoundthat,althoughalldepartmentswerehousedinthesamebuilding,eachdepartmenthadaseparateBCP.TheISauditorrecommendedthattheBCPsbereconciled.WhichofthefollowingareasshouldbereconciledFIRST?
(A) Evacuationplan
(B) Recoverypriorities
(C) Backupstorages
(D) Calltree
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
781 Managementconsideredtwoprojectionsforitsbusinesscontinuityplan;planAwithtwomonthstorecoverandplanBwitheightmonthstorecover.Therecoveryobjectivesarethesameinbothplans.ItisreasonabletoexpectthatplanBprojectedhigher:
(A) downtimecosts.
(B) resumptioncosts.
(C) recoverycosts.
(D) walkthroughcosts.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
782 Theoptimumbusinesscontinuitystrategyforanentityisdeterminedbythe:
(A) lowestdowntimecostandhighestrecoverycost.
(B) lowestsumofdowntimecostandrecoverycost.
(C) lowestrecoverycostandhighestdowntimecost.
(D) averageofthecombineddowntimeandrecoverycost.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
783 ThePRIMARYobjectiveoftestingabusinesscontinuityplanisto:
(A) familiarizeemployeeswiththebusinesscontinuityplan.
(B) ensurethatallresidualrisksareaddressed.
(C) exerciseallpossibledisasterscenarios.
(D) identifylimitationsofthebusinesscontinuityplan.
-
CISAQuestions
26
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
784 Indeterminingtheacceptabletimeperiodfortheresumptionofcriticalbusinessprocesses:
(A) onlydowntimecostsneedtobeconsidered.
(B) recoveryoperationsshouldbeanalyzed.
(C) bothdowntimecostsandrecoverycostsneedtobeevaluated.
(D) indirectdowntimecostsshouldbeignored.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
785 Intheeventofadisruptionordisaster,whichofthefollowingtechnologiesprovidesforcontinuousoperations?
(A) Loadbalancing
(B) Faulttoleranthardware
(C) Distributedbackups
(D) Highavailabilitycomputing
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
786 WhichofthefollowingwouldbeMOSTimportantforanISauditortoverifywhenconductingabusinesscontinuityaudit?
(A) Databackupsareperformedonatimelybasis
(B) Arecoverysiteiscontractedforandavailableasneeded
(C) Humansafetyproceduresareinplace
(D) Insurancecoverageisadequateandpremiumsarecurrent
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
787 Whichofthefollowinginsurancetypesprovideforalossarisingfromfraudulentactsbyemployees?
(A) Businessinterruption
(B) Fidelitycoverage
(C) Errorsandomissions
(D) Extraexpense
-
CISAQuestions
27
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
788 TheBESTmethodforassessingtheeffectivenessofabusinesscontinuityplanistoreviewthe:
(A) plansandcomparethemtoappropriatestandards.
(B) resultsfromprevioustests.
(C) emergencyproceduresandemployeetraining.
(D) offsitestorageandenvironmentalcontrols.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
789 Withrespecttobusinesscontinuitystrategies,anISauditorinterviewskeystakeholdersinanorganizationtodeterminewhethertheyunderstandtheirrolesandresponsibilities.TheISauditorisattemptingtoevaluatethe:
(A) clarityandsimplicityofthebusinesscontinuityplans.
(B) adequacyofthebusinesscontinuityplans.
(C) effectivenessofthebusinesscontinuityplans.
(D) abilityofISandenduserpersonneltorespondeffectivelyinemergencies.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
790 Duringthedesignofabusinesscontinuityplan,thebusinessimpactanalysis(BIA)identifiescriticalprocessesandsupportingapplications.ThiswillPRIMARILYinfluencethe:
(A) responsibilityformaintainingthebusinesscontinuityplan.
(B) criteriaforselectingarecoverysiteprovider.
(C) recoverystrategy.
(D) responsibilitiesofkeypersonnel.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
791 Duringareviewofabusinesscontinuityplan,anISauditornoticedthatthepointatwhichasituationisdeclaredtobeacrisishasnotbeendefined.TheMAJORriskassociatedwiththisisthat:
(A) assessmentofthesituationmaybedelayed.
(B) executionofthedisasterrecoveryplancouldbeimpacted.
(C) notificationoftheteamsmightnotoccur.
(D) potentialcrisisrecognitionmightbeineffective.
-
CISAQuestions
28
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
792 Anorganizationhasjustcompletedtheirannualriskassessment.Regardingthebusinesscontinuityplan,whatshouldanISauditorrecommendasthenextstepfortheorganization?
(A) Reviewandevaluatethebusinesscontinuityplanforadequacy
(B) Performafullsimulationofthebusinesscontinuityplan
(C) Trainandeducateemployeesregardingthebusinesscontinuityplan
(D) Notifycriticalcontactsinthebusinesscontinuityplan
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
793 Integratingbusinesscontinuityplanning(BCP)intoanITprojectaidsin:
(A) theretrofittingofthebusinesscontinuityrequirements.
(B) thedevelopmentofamorecomprehensivesetofrequirements.
(C) thedevelopmentofatransactionflowchart.
(D) ensuringtheapplicationmeetstheuser'sneeds.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
794 Whileobservingafullsimulationofthebusinesscontinuityplan,anISauditornoticesthatthenotificationsystemswithintheorganizationalfacilitiescouldbeseverelyimpactedbyinfrastructuraldamage.TheBESTrecommendationtheISauditorcanprovidetotheorganizationistoensure:
(A) thesalvageteamistrainedtousethenotificationsystem.
(B) thenotificationsystemprovidesfortherecoveryofthebackup.
(C) redundanciesarebuiltintothenotificationsystem.
(D) thenotificationsystemsarestoredinavault.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3
795 Theactivationofanenterprise'sbusinesscontinuityplanshouldbebasedonpredeterminedcriteriathataddressthe:
(A) durationoftheoutage.
(B) typeofoutage.
(C) probabilityoftheoutage.
(D) causeoftheoutage.
-
CISAQuestions
29
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3 NEW2009
796 Anorganizationhasoutsourceditswideareanetwork(WAN)toathirdpartyserviceprovider.Underthesecircumstances,whichofthefollowingisthePRIMARYtasktheISauditorshouldperformduringanauditofbusinesscontinuity(BCP)anddisasterrecoveryplanning(DRP)?
(A) Reviewwhethertheserviceprovider'sBCPprocessisalignedwiththeorganization'sBCPandcontractualobligations.
(B) Reviewwhethertheservicelevelagreement(SLA)containsapenaltyclauseincaseoffailuretomeetthelevelofserviceincaseofadisaster.
(C) Reviewthemethodologyadoptedbytheorganizationinchoosingtheserviceprovider.
(D) Reviewtheaccreditationofthethirdpartyserviceprovider'sstaff.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3 NEW2009
797 AnISauditorcanverifythatanorganization'sbusinesscontinuityplan(BCP)iseffectivebyreviewingthe:
(A) alignmentoftheBCPwithindustrybestpractices.
(B) resultsofbusinesscontinuitytestsperformedbyISandenduserpersonnel.
(C) offsitefacility,itscontents,securityandenvironmentalcontrols.
(D) annualfinancialcostoftheBCPactivitiesversustheexpectedbenefitofimplementationoftheplan.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3 NEW2009
798 Tooptimizeanorganization'sbusinesscontingencyplan(BCP),anISauditorshouldrecommendconductingabusinessimpactanalysis(BIA)inordertodetermine:
(A) thebusinessprocessesthatgeneratethemostfinancialvaluefortheorganizationandthereforemustberecoveredfirst.
(B) theprioritiesandorderforrecoverytoensurealignmentwiththeorganization'sbusinessstrategy.
(C) thebusinessprocessesthatmustberecoveredfollowingadisastertoensuretheorganization'ssurvival.
(D) theprioritiesandorderofrecoverywhichwillrecoverthegreatestnumberofsystemsintheshortesttimeframe.
-
CISAQuestions
30
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3 NEW2009
799 Afinancialservicesorganizationisdevelopinganddocumentingbusinesscontinuitymeasures.InwhichofthefollowingcaseswouldanISauditorMOSTlikelyraiseanissue?
(A) Theorganizationusesgoodpracticeguidelinesinsteadofindustrystandardsandreliesonexternaladvisorstoensuretheadequacyofthemethodology.
(B) Thebusinesscontinuitycapabilitiesareplannedaroundacarefullyselectedsetofscenarioswhichdescribeeventsthatmighthappenwithareasonableprobability.
(C) Therecoverytimeobjectives(RTOs)donottakeITdisasterrecoveryconstraintsintoaccount,suchaspersonnelorsystemdependenciesduringtherecoveryphase.
(D) Theorganizationplanstorentasharedalternatesitewithemergencyworkplaceswhichhasonlyenoughroomforhalfofthenormalstaff.
BUSINESSCONTINUITYANDDISASTERRECOVERY6.3 NEW2009
800 Amediumsizedorganization,whoseITdisasterrecoverymeasureshavebeeninplaceandregularlytestedforyears,hasjustdevelopedaformalbusinesscontinuityplan(BCP).AbasicBCPtabletopexercisehasbeenperformedsuccessfully.WhichtestingshouldanISauditorrecommendbeperformedNEXTtoverifytheadequacyofthenewBCP?
(A) Fullscaletestwithrelocationofalldepartments,includingIT,tothecontingencysite
(B) Walkthroughtestofaseriesofpredefinedscenarioswithallcriticalpersonnelinvolved
(C) ITdisasterrecoverytestwithbusinessdepartmentsinvolvedintestingthecriticalapplications
(D) FunctionaltestofascenariowithlimitedITinvolvement