CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 327
1. While observing a full simulation of the business continuity plan, an IS auditor notices that the notification systems within the organizational facilities could be severely impacted by infra structural damage. The BEST recommendation the IS auditor can provide to the organization is to ensure:
A) the salvage team is trained to use the notification system.
B) the notification system provides for the recovery of the backup.
C) redundancies are built into the notification system.
D) the notification systems are stored in a vault.
2. The activation of an enterprise's business continuity plan should be based on predetermined criteria that address the:
A) duration of the outage.
B) type of outage.
C) probability of the outage.
D) cause of the outage.
3. An organization has outsourced its wide area network (WAN) to a third-party service provider. Under these circumstances, which of the following is the PRIMARY task the IS auditor should perform during an audit of business continuity (BCP) and disaster recovery planning (DRP)?
A) Review whether the service provider's BCP process is aligned with the organization's BCP and contractual obligations.
B) Review whether the service level agreement (SLA) contains a penalty clause in case of failure to meet the level of service in case of a disaster.
C) Review the methodology adopted by the organization in choosing the service provider.
D) Review the accreditation of the third-party service provider's staff.
4. An IS auditor can verify that an organization's business continuity plan (BCP) is effective by reviewing the:
A) alignment of the BCP with industry best practices.
B) results of business continuity tests performed by IS and end-user personnel.
C) off-site facility, its contents, security and environmental controls.
D) annual financial cost of the BCP activities versus the expected benefit of implementation of the plan.
5. To optimize an organization's business contingency plan (BCP), an IS auditor should recommend conducting a business impact analysis (BlA) in order to determine:
A) the business processes that generate the most financial value for the organization and therefore must be recovered first.
B) the priorities and order for recovery to ensure alignment with the organization's business strategy.
C) the business processes that must be recovered following a disaster to ensure the organization's survival.
D) he priorities and order of recovery which will recover the greatest number of systems in the shortest time frame.
A) the salvage team is trained to use the notification system.
B) the notification system provides for the recovery of the backup.
C) redundancies are built into the notification system.
D) the notification systems are stored in a vault.
2. The activation of an enterprise's business continuity plan should be based on predetermined criteria that address the:
A) duration of the outage.
B) type of outage.
C) probability of the outage.
D) cause of the outage.
3. An organization has outsourced its wide area network (WAN) to a third-party service provider. Under these circumstances, which of the following is the PRIMARY task the IS auditor should perform during an audit of business continuity (BCP) and disaster recovery planning (DRP)?
A) Review whether the service provider's BCP process is aligned with the organization's BCP and contractual obligations.
B) Review whether the service level agreement (SLA) contains a penalty clause in case of failure to meet the level of service in case of a disaster.
C) Review the methodology adopted by the organization in choosing the service provider.
D) Review the accreditation of the third-party service provider's staff.
4. An IS auditor can verify that an organization's business continuity plan (BCP) is effective by reviewing the:
A) alignment of the BCP with industry best practices.
B) results of business continuity tests performed by IS and end-user personnel.
C) off-site facility, its contents, security and environmental controls.
D) annual financial cost of the BCP activities versus the expected benefit of implementation of the plan.
5. To optimize an organization's business contingency plan (BCP), an IS auditor should recommend conducting a business impact analysis (BlA) in order to determine:
A) the business processes that generate the most financial value for the organization and therefore must be recovered first.
B) the priorities and order for recovery to ensure alignment with the organization's business strategy.
C) the business processes that must be recovered following a disaster to ensure the organization's survival.
D) he priorities and order of recovery which will recover the greatest number of systems in the shortest time frame.
1. Right Answer: C
Explanation: If the notification system has been severely impacted by the damage, redundancy would be the best control. The salvage team would not be able to use a severely damaged notification system, even if they are trained to use it. The recovery of the backups has no bearing on the notification system and storing the notification system in a vault would be of little value if the building is damaged.
2. Right Answer: A
Explanation: The initiation of a business continuity plan (action) should primarily be based on the maximum period for which a business function can be disrupted before the disruption threatens the achievement of organizational objectives.
3. Right Answer: A
Explanation: Reviewing whether the service provider's business continuity plan (BCP) process is aligned with the organization's BCP and contractual obligations is the correct answer since an adverse effect or disruption to the business of the service provider has a direct bearing on the organization and its customers. Reviewing whether the service level agreement (SLA) contains a penalty clause in case of failure to meet the level of service in case of a disaster is not the correct answer since the presence of penalty clauses, although an essential element of a SLA, is not a primary concern.Choices C and D are possible concerns, but of lesser importance.
4. Right Answer: B
Explanation: The effectiveness of the business continuity plan (BCP) can best be evaluated by reviewing the results from previous business continuity tests for thoroughness and accuracy in accomplishing their stated objectives. All other choices do not provide the assurance of the effectiveness of the BCP.
5. Right Answer: C
Explanation: To ensure the organization's survival following a disaster, it is important to recover the most critical business processes first, it is a common mistake to overemphasize value (A) rather than urgency. For example, while the processing of incoming mortgage loan payments is important from a financial perspective, it could be delayed for a few days in the event of a disaster. On the other hand, wiring funds to close on a loan, while not generating direct revenue, is far more critical because of the possibility of regulatory problems, customer complaints and reputation issues. Choices B and D are not correct because neither the long- term business strategy nor the mere number of recovered systems has a direct impact at this point in time.
Explanation: If the notification system has been severely impacted by the damage, redundancy would be the best control. The salvage team would not be able to use a severely damaged notification system, even if they are trained to use it. The recovery of the backups has no bearing on the notification system and storing the notification system in a vault would be of little value if the building is damaged.
2. Right Answer: A
Explanation: The initiation of a business continuity plan (action) should primarily be based on the maximum period for which a business function can be disrupted before the disruption threatens the achievement of organizational objectives.
3. Right Answer: A
Explanation: Reviewing whether the service provider's business continuity plan (BCP) process is aligned with the organization's BCP and contractual obligations is the correct answer since an adverse effect or disruption to the business of the service provider has a direct bearing on the organization and its customers. Reviewing whether the service level agreement (SLA) contains a penalty clause in case of failure to meet the level of service in case of a disaster is not the correct answer since the presence of penalty clauses, although an essential element of a SLA, is not a primary concern.Choices C and D are possible concerns, but of lesser importance.
4. Right Answer: B
Explanation: The effectiveness of the business continuity plan (BCP) can best be evaluated by reviewing the results from previous business continuity tests for thoroughness and accuracy in accomplishing their stated objectives. All other choices do not provide the assurance of the effectiveness of the BCP.
5. Right Answer: C
Explanation: To ensure the organization's survival following a disaster, it is important to recover the most critical business processes first, it is a common mistake to overemphasize value (A) rather than urgency. For example, while the processing of incoming mortgage loan payments is important from a financial perspective, it could be delayed for a few days in the event of a disaster. On the other hand, wiring funds to close on a loan, while not generating direct revenue, is far more critical because of the possibility of regulatory problems, customer complaints and reputation issues. Choices B and D are not correct because neither the long- term business strategy nor the mere number of recovered systems has a direct impact at this point in time.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment