Interested to Buy Any Domain ? << Click Here >> for more details...
While reviewing the business continuity plan of an
organization, the IS auditor observed that the
organization's data and software files are backed up on a
periodic basis. Which characteristic of an effective plan
does this demonstrate?
A. Deterrence
B. Mitigation
C. Recovery
D. Response
- 1 Answers
- 4249 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
An effective business continuity plan includes steps to
mitigate the effects of a disaster. Files must be restored
on a timely basis for a backup plan to be effective. An
example of deterrence is when a plan includes installation
of firewalls for information systems. An example of recovery
is when a plan includes an organization's hot site to
restore normal business operations.
| Is This Answer Correct ? | 1 Yes | 0 No |
During a review of the controls over the process of defining IT service levels, an IS auditor would MOST likely interview the: A. systems programmer. B. legal staff. C. business unit manager. D. application programmer.
Change control procedures to prevent scope creep during an application development project should be defined during: A. design. B. feasibility. C. implementation. D. requirements definition.
An IS auditor should use statistical sampling and not judgmental (nonstatistical) sampling, when: A. the probability of error must be objectively quantified. B. the auditor wants to avoid sampling risk. C. generalized audit software is unavailable. D. the tolerable error rate cannot be determined.
Which of the following controls would be MOST effective in ensuring that production source code and object code are synchronized? A. Release-to-release source and object comparison reports B. Library control software restricting changes to source code C. Restricted access to source code and object code D. Date and time-stamp reviews of source and object code
IS auditors who have participated in the development of an application system might have their independence impaired if they: A. perform an application development review. B. recommend control and other system enhancements. C. perform an independent evaluation of the application after its implementation. D. are involved actively in the design and implementation of the application system.
Using test data as part of a comprehensive test of program controls in a continuous online manner is called a/an: A. test data/deck. B. base case system evaluation. C. integrated test facility (ITF). D. parallel simulation.
Antivirus software should be used as a: A. detective control. B. preventive control. C. corrective control. D. compensating control.
Data flow diagrams are used by IS auditors to: A. order data hierarchically. B. highlight high-level data definitions. C. graphically summarize data paths and storage. D. portray step-by-step details of data generation.
Without causing a conflict of interest, a duty compatible with those of a security administrator would be: A. quality assurance. B. application programming. C. systems programming. D. data entry.
Which of the following types of data validation editing checks is used to determine if a field contains data, and not zeros or blanks? A. Check digit B. Existence check C. Completeness check D. Reasonableness check
To identify the value of inventory that has been kept for more than eight weeks, an IS auditor would MOST likely use: A. test data. B. statistical sampling. C. an integrated test facility. D. generalized audit software.
To review access to ceratin data base to determine whether the "new user" forms were correctly authorized. This is an example of:
Cisco Certifications 
