CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 320
1. An organization has implemented a disaster recovery plan. Which of the following steps should be carried out next?
A) Obtain senior management sponsorship.
B) Identify business needs.
C) Conduct a paper test.
D) Perform a system restore test.
2. When auditing a disaster recovery plan for a critical business area, an IS auditor finds that it does not cover all the systems. Which of the following is the MOST appropriate action for the IS auditor?
A) Alert management and evaluate the impact of not covering all systems.
B) Cancel the audit.
C) Complete the audit of the systems covered by the existing disaster recovery plan.
D) Postpone the audit until the systems are added to the disaster recovery plan.
3. Which of the following should be of MOST concern to an IS auditor reviewing the BCP?
A) The disaster levels are based on scopes of damaged functions, but not on duration.
B) The difference between low-level disaster and software incidents is not clear.
C) The overall BCP is documented, but detailed recovery steps are not specified.
D) The responsibility for declaring a disaster is not identified.
4. Of the following alternatives, the FIRST approach to developing a disaster recovery strategy would be to assess whether:
A) all threats can be completely removed.
B) a cost-effective, built-in resilience can be implemented.
C) the recovery time objective can be optimized.
D) the cost of recovery can be minimized.
5. An organization has a number of branches across a wide geographical area. To ensure that all aspects of the disaster recovery plan are evaluated in a cost effective manner, an IS auditor should recommend the use of a:
A) data recovery test.
B) full operational test.
C) posttest.
D) preparedness test.
A) Obtain senior management sponsorship.
B) Identify business needs.
C) Conduct a paper test.
D) Perform a system restore test.
2. When auditing a disaster recovery plan for a critical business area, an IS auditor finds that it does not cover all the systems. Which of the following is the MOST appropriate action for the IS auditor?
A) Alert management and evaluate the impact of not covering all systems.
B) Cancel the audit.
C) Complete the audit of the systems covered by the existing disaster recovery plan.
D) Postpone the audit until the systems are added to the disaster recovery plan.
3. Which of the following should be of MOST concern to an IS auditor reviewing the BCP?
A) The disaster levels are based on scopes of damaged functions, but not on duration.
B) The difference between low-level disaster and software incidents is not clear.
C) The overall BCP is documented, but detailed recovery steps are not specified.
D) The responsibility for declaring a disaster is not identified.
4. Of the following alternatives, the FIRST approach to developing a disaster recovery strategy would be to assess whether:
A) all threats can be completely removed.
B) a cost-effective, built-in resilience can be implemented.
C) the recovery time objective can be optimized.
D) the cost of recovery can be minimized.
5. An organization has a number of branches across a wide geographical area. To ensure that all aspects of the disaster recovery plan are evaluated in a cost effective manner, an IS auditor should recommend the use of a:
A) data recovery test.
B) full operational test.
C) posttest.
D) preparedness test.
1. Right Answer: C
Explanation: A best practice would be to conduct a paper test. Senior management sponsorship and business needs identification should have been obtained prior to implementing the plan. A paper test should be conducted first, followed by system or full testing.
2. Right Answer: A
Explanation: An IS auditor should make management aware that some systems are omitted from the disaster recovery plan. An IS auditor should continue the audit and include an evaluation of the impact of not including all systems in the disaster recovery plan. Cancelling the audit, ignoring the fact that some systems are not covered or postponing the audit are inappropriate actions to take.
3. Right Answer: D
Explanation: If nobody declares the disaster, the response and recovery plan would not be invoked, making all other concerns mute. Although failure to consider duration could be a problem, it is not as significant as scope, and neither is as critical as the need to have someone invoke the plan. The difference between incidents and low- level disasters is always unclear and frequently revolves around the amount of time required to correct the damage. The lack of detailed steps should be documented, but their absence does not mean a lack of recovery, if in fact someone has invoked the plan.
4. Right Answer: B
Explanation: It is critical to initially identify information assets that can be made more resilient to disasters, e.g., diverse routing, alternate paths or multiple communication carriers. It is impossible to remove all existing and future threats. The optimization of the recovery time objective and efforts to minimize the cost of recovery come later in the development of the disaster recovery strategy.
5. Right Answer: D
Explanation: A preparedness test should be performed by each local office/area to test the adequacy of the preparedness of local operations in the event of a disaster. This test should be performed regularly on different aspects of the plan and can be a cost-effective way to gradually obtain evidence of the plan's adequacy. A data recovery test is a partial test and will not ensure that all aspects are evaluated. A full operational test is not the most cost effective test in light of the geographical dispersion of the branches, and a posttest is a phase of the test execution process.
Explanation: A best practice would be to conduct a paper test. Senior management sponsorship and business needs identification should have been obtained prior to implementing the plan. A paper test should be conducted first, followed by system or full testing.
2. Right Answer: A
Explanation: An IS auditor should make management aware that some systems are omitted from the disaster recovery plan. An IS auditor should continue the audit and include an evaluation of the impact of not including all systems in the disaster recovery plan. Cancelling the audit, ignoring the fact that some systems are not covered or postponing the audit are inappropriate actions to take.
3. Right Answer: D
Explanation: If nobody declares the disaster, the response and recovery plan would not be invoked, making all other concerns mute. Although failure to consider duration could be a problem, it is not as significant as scope, and neither is as critical as the need to have someone invoke the plan. The difference between incidents and low- level disasters is always unclear and frequently revolves around the amount of time required to correct the damage. The lack of detailed steps should be documented, but their absence does not mean a lack of recovery, if in fact someone has invoked the plan.
4. Right Answer: B
Explanation: It is critical to initially identify information assets that can be made more resilient to disasters, e.g., diverse routing, alternate paths or multiple communication carriers. It is impossible to remove all existing and future threats. The optimization of the recovery time objective and efforts to minimize the cost of recovery come later in the development of the disaster recovery strategy.
5. Right Answer: D
Explanation: A preparedness test should be performed by each local office/area to test the adequacy of the preparedness of local operations in the event of a disaster. This test should be performed regularly on different aspects of the plan and can be a cost-effective way to gradually obtain evidence of the plan's adequacy. A data recovery test is a partial test and will not ensure that all aspects are evaluated. A full operational test is not the most cost effective test in light of the geographical dispersion of the branches, and a posttest is a phase of the test execution process.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment