In an audit of a business continuity plan, which of the
following findings is of MOST concern?
A. There is no insurance for the addition of assets during
B. BCP manual is not updated on a regular basis.
C. Testing of the backup of data has not been done regularly.
D. Records for maintenance of access system have not been
Which of the following issues should be included in the
business continuity plan?
A. The staff required to maintain critical business
functions in the short, medium and long term
B. The potential for a natural disaster to occur, such as an
C. Disastrous events impacting information systems
processing and end-user functions
D. A risk analysis that considers systems malfunctions,
accidental file deletions or other failures
Which of the following components of a business continuity
plan is PRIMARILY the responsibility of an organization?s IS
A. Developing the business continuity plan
B. Selecting and approving the strategy for business
C. Declaring a disaster
D. Restoring the IS systems and data after a disaster
An IS auditor discovers that an organization?s business
continuity plan provides for an alternate processing site
that will accommodate fifty percent of the primary
processing capability. Based on this, which of the following
actions should the IS auditor take?
A. Do nothing, because generally, less than twenty-five
percent of all processing is critical to an organization?s
survival and the backup capacity, therefore is adequate.
B. Identify applications that could be processed at the
alternate site and develop manual procedures to backup other
C. Ensure that critical applications have been identified
and that the alternate site could process all such applications.
D. Recommend that the information processing facility
arrange for an alternate processing site with the capacity
to handle at least seventy-five percent of normal processing.
During an audit of a reciprocal disaster recovery agreement
between two companies, the IS auditor would be PRIMARILY
A. the soundness of the impact analysis.
B. hardware and software compatibility.
C. differences in IS policies and procedures.
D. frequency of system testing.
A B-to-C e-commerce web site as part of its information
security program wants to monitor, detect and prevent
hacking activities and alert the system administrator when
suspicious activities occur. Which of the following
infrastructure components could be used for this purpose?
A. Intrusion detection systems
D. Asymmetric encryption
An organization is proposing to install a single sign-on
facility giving access to all systems. The organization
should be aware that:
A. Maximum unauthorized access would be possible if a
password is disclosed.
B. User access rights would be restricted by the additional
C. The security administrator?s workload would increase.
D. User access rights would be increased.
An IS auditor has just completed a review of an organization
that has a mainframe and a client-server environment where
all production data reside. Which of the following
weaknesses would be considered the MOST serious?
A. The security officer also serves as the database
B. Password controls are not administered over the
C. There is no business continuity plan for the mainframe
system?s non-critical applications.
D. Most LANs do not back up file server fixed disks regularly.
The PRIMARY objective of a firewall is to protect:
A. internal systems from exploitation by external threats.
B. external systems from exploitation by internal threats.
C. internal systems from exploitation by internal threats.
D. itself and attached systems against being used to attack
Which of the following would be MOST appropriate to ensure
the confidentiality of transactions initiated via the Internet?
A. Digital signature
B. Data encryption standard (DES)
C. Virtual private network (VPN)
D. Public key encryption
Which of the following BEST determines that complete
encryption and authentication protocols exist for protecting
information while transmitted?
A. A digital signature with RSA has been implemented.
B. Work is being done in tunnel mode with the nested
services of AH and ESP
C. Digital certificates with RSA are being used.
D. Work is being done in transport mode, with the nested
services of AH and ESP
The MOST effective method for limiting the damage of an
attack by a software virus is:
A. software controls.
B. policies, standards and procedures.
C. logical access controls.
D. data communication standards.
Which of the following BEST provides access control to
payroll data being processed on a local server?
A. Logging of access to personal information
B. Separate password for sensitive transactions
C. Software restricts access rules to authorized staff
D. System access restricted to business hours
Hi Every One,
This is K.Srinivasarao. I am in teradata side. i am
interested to do certifications in teradata. please help
me. for this i want teradata dumps. please mail me teradata
dumps to email@example.com
Thanks in advance
What is the procedure to install the crital patch/package on
the SVM ( root mirroring ).
I have my NCFM certification-beginner's level exam at 20th
if anybody has any dump/test paper except those, present is
nse-india site please send it to me at
thanks in advance
I am currently into Telecom Testing doing some Protocol-
level testing(SIP,SS7,CAP protocols) and some Black-Box
testing.Is there any certifications which I can do related