Interested to Buy Any Domain ? << Click Here >> for more details...
An IS auditor conducting a review of disaster recovery
planning at a financial processing organization has
discovered the following:
* The existing disaster recovery plan was compiled two years
ago by a systems analyst in the organization's IT department
using transaction flow projections from the operations
department.
* The plan was presented to the deputy CEO for approval and
formal issue, but it is still awaiting his attention.
* The plan has never been updated, tested or circulated to
key management and staff, though interviews show that each
would know what action to take for their area in the event
of a disruptive incident.
The IS auditor's report should recommend that:
A. the deputy CEO be censured for his failure to approve the
plan.
B. a board of senior managers be set up to review the
existing plan.
C. the existing plan be approved and circulated to all key
management and staff.
D. a manager coordinate the creation of a new or revised
plan within a defined time limit.
- 1 Answers
- 4518 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: D
The primary concern is to establish a workable disaster
recovery plan, which reflects current processing volumes to
protect the organization from any disruptive incident.
Censuring the deputy CEO will not achieve this and is
generally not within the scope of an IS auditor to
recommend. Establishing a board to review the plan, which is
two years out of date, may achieve an updated plan, but is
not likely to be a speedy operation and issuing the existing
plan would be folly without first ensuring that it is
workable. The best way to achieve a disaster recovery plan
in a short timescale is to make an experienced manager
responsible for coordinating the knowledge of other managers
into a single, formal document within a defined time limit.
| Is This Answer Correct ? | 2 Yes | 0 No |
Web and e-mail filtering tools are PRIMARILY valuable to an organization because they: A. Safeguard the organization’s image. B. Maximize employee performance. C. Protect the organization from viruses and nonbusiness materials. D. Assist the organization in preventing legal issues.
An IS auditor reviewing operating system access discovers that the system is not secured properly. In this situation, the IS auditor is LEAST likely to be concerned that the user might: A. create new users. B. delete database and log files. C. access the system utility tools. D. access the system writeable directories.
An IS auditor reviews an organization chart PRIMARILY for: A. an understanding of workflows. B. investigating various communication channels. C. understanding the responsibilities and authority of individuals. D. investigating the network connected to different employees.
Which of these has the potential to improve security incident response processes? A. Review the incident response procedures. B. Post-mortem or post-event reviews by the security team. C. Getting the hot-site ready. D. Reviw the BCP plan every six months
When performing an audit of access rights, an IS auditor should be suspicious of which of the following if allocated to a computer operator? A. READ access to data B. DELETE access to transaction data files C. Logged READ/EXECUTE access to programs D. UPDATE access to job control language/script files
An IS auditor involved as a team member in the detailed system design phase of a system under development would be MOST concerned with: A. internal control procedures. B. user acceptance test schedules. C. adequacy of the user training program. D. clerical processes for resubmission of rejected items.
Which of the following is a form of an Internet attack? A. Searching for software design errors B. Guessing user passwords based on their personal information C. Breaking the deadman's door to gain entry D. Planting a trojan horse
When a new system is to be implemented within a short time frame, it is MOST important to: A. finish writing user manuals. B. perform user acceptance testing. C. add last-minute enhancements to functionalities. D. ensure that code has been documented and reviewed.
An independent software program that connects two otherwise separate applications sharing computing resources across heterogeneous technologies is known as: A. middleware. B. firmware. C. application software. D. embedded systems.
When planning an audit of a network set up, the IS auditor should give highest priority to obtaining which of the following network documentation? A. Wiring and schematic diagram B. Users list and responsibilities C. Applications list and their details D. Backup and recovery procedures
An IS auditor who is participating in a systems development project should: A. recommend appropriate control mechanisms regardless of cost. B. obtain and read project team meeting minutes to determine the status of the project. C. ensure that adequate and complete documentation exists for all project phases. D. not worry about his/her own ability to meet target dates since work will progress regardless.
Which of the following is a disadvantage of image processing? A. Verifies signatures B. Improves service C. Relatively inexpensive to use D. Reduces deterioration due to handling
Cisco Certifications 
