Which of the following is necessary to have FIRST in the
development of a business continuity plan?

A. Risk-based classification of systems

B. Inventory of all assets

C. Complete documentation of all disasters

D. Availability of hardware and software



Which of the following is necessary to have FIRST in the development of a business continuity plan?..

Answer / guest

Answer: A

A well-defined, risk-based classification system for all
assets and processes of the organization is one of the most
important component for initializing the business continuity
planning efforts. A well-defined risk-based classification
system would assist in identifying the criticality of each
of the key processes and assets used by the organization.
This would assist in the easy identification of key assets
and processes to be secured and plans to be made to recover
these processes and assets at the earliest after a disaster.
Inventory of critical assets and not all assets is required
for initiating a business continuity plan. Complete
documentation of all disasters is not a prerequisite for
initiating a business continuity plan, rather various
disasters are considered while developing the plan and only
the one having an impact on the organization is addressed in
the plan. The availability of hardware and software is not
required for initiating the development of a plan; however,
it is considered when developing the detailed plan in
accordance with the strategy adopted.

Is This Answer Correct ?    4 Yes 1 No

Post New Answer

More CISA Certification Interview Questions

The success of control self-assessment (CSA) depends highly on: A. Having line managers assume a portion of the responsibility for control monitoring. B. Assigning staff managers the responsibility for building, but not monitoring, controls. C. The implementation of stringent control policy and rule- driven controls. D. The implementation of supervision and the monitoring of control assigned duties

2 Answers  


Which of the following functions would be acceptable for the security administrator to perform in addition to his/her normal functions? A. Systems analyst B. Quality assurance C. Computer operator D. Systems programmer

1 Answers  


Which of the following is the MOST effective type of antivirus software to detect an infected application? A. Scanners B. Active monitors C. Integrity checkers D. Vaccines

1 Answers  


Antivirus software should be used as a: A. detective control. B. preventive control. C. corrective control. D. compensating control.

1 Answers  


The MOST appropriate person to chair the steering committee for a system development project with significant impact on a business area would be the: A. business analyst. B. chief information officer. C. project manager. D. executive level manager.

1 Answers  






Which of the following controls would provide the GREATEST assurance of database integrity? A. Audit log procedures B. Table link/reference checks C. Query/table access time checks D. Rollback and rollforward database features

1 Answers  


Which of the following audit techniques would an IS auditor place the MOST reliance on when determining whether an employee practices good preventive and detective security measures? A. Observation B. Detail testing C. Compliance testing D. Risk assessment

1 Answers  


Which of the following provisions in a contract for external information systems services would an IS auditor consider to be LEAST significant? A. Ownership of program and files B. Statement of due care and confidentiality C. Continued service of outsourcer in the event of a disaster D. Detailed description of computer hardware used by the vendor

1 Answers  


While designing the business continuity plan (BCP) for an airline reservation system, the MOST appropriate method of data transfer/back up at an offsite location would be: A. shadow file processing. B. electronic vaulting. C. hard-disk mirroring. D. hot-site provisioning.

2 Answers  


A team conducting a risk analysis is having difficulty projecting the financial losses that could result from a risk. To evaluate the potential losses the team should: A. compute the amortization of the related assets. B. calculate a return on investment (ROI). C. apply a qualitative approach. D. spend the time needed to define exactly the loss amount.

1 Answers  


E-cash is a form of electronic money that: A. can be used over any computer network. B. utilizes reusable e-cash coins to make payments. C. does not require the use of an Internet digital bank. D. contains unique serial numbering to track the identity of the buyer.

1 Answers  


An existing system is being extensively enhanced by extracting and reusing design and program components. This is an example of: A. reverse engineering. B. prototyping. C. software reuse. D. reengineering.

2 Answers  


Categories
  • Cisco Certifications Interview Questions Cisco Certifications (2321)
  • Microsoft Certifications Interview Questions Microsoft Certifications (171)
  • Sun Certifications Interview Questions Sun Certifications (45)
  • CISA Certification Interview Questions CISA Certification (744)
  • Oracle Certifications Interview Questions Oracle Certifications (64)
  • ISTQB Certification Interview Questions ISTQB Certification (109)
  • Certifications AllOther Interview Questions Certifications AllOther (295)