Which of the following is the MOST important criterion for
the selection of a location for an offsite storage facility
for IS backup files? The offsite facility must be:
A. physically separated from the data center and not subject
to the same risks.
B. given the same level of protection as that of the
computer data center.
C. outsourced to a reliable third party.
D. equipped with surveillance capabilities.
- 3 Answers
- 8521 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: A
It is important that there be an offsite storage location
for IS files and that it be in a location not subject to the
same risks as the primary data center. The other choices are
all issues that must be considered when establishing the
offsite location, but they are not as critical as the
location selection.
| Is This Answer Correct ? | 7 Yes | 0 No |
Answer / andreas
Choice A is the most critical. Offsite stodarge should be
primarily shot of same physical risks. All other choices
are important considerations that should be considered
afterwards.
| Is This Answer Correct ? | 1 Yes | 0 No |
When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensure that:
Which of the following goals would you expect to find in an organization's strategic plan? A. Test a new accounting package. B. Perform an evaluation of information technology needs. C. Implement a new project planning system within the next 12 months. D. Become the supplier of choice within a given time period for the product offered.
Classification of information systems is essential in business continuity planning. Which of the following system types can not be replaced by manual methods? A. Critical system B. Vital system C. Sensitive system D. Non-critical system
An IS auditor auditing hardware monitoring procedures should review A. system availability reports. B. cost-benefit reports. C. response time reports. D. database utilization reports.
Functionality is a characteristic associated with evaluating the quality of software products throughout their lifecycle, and is BEST described as the set of attributes that bear on the: A. existence of a set of functions and their specified properties. B. ability of the software to be transferred from one environment to another. C. capability of software to maintain its level of performance under stated conditions. D. relationship between the performance of the software and the amount of resources used.
An IS auditor performing a review of an application's controls would evaluate the: A. efficiency of the application in meeting the business processes. B. impact of any exposures discovered. C. business processes served by the application. D. the application's optimization.
An IT steering committee would MOST likely perform which of the following functions? A. Placement of a purchase order with the approved IT vendor B. Installation of systems software and application software C. Provide liaison between IT department and user department D. Interview staff for the IT department
The management of an organization has decided to establish a security awareness program. Which of the following would MOST likely be a part of the program? A. Utilization of an intrusion detection system to report incidents. B. Mandating the use of passwords to access all software. C. Installing an efficient user log system to track the actions of each user D. Provide training on a regular basis to all current and new employees.
Which of the following should concern an IS auditor when reviewing security in a client-server environment? A. Data is protected by an encryption technique. B. Diskless workstations prevent unauthorized access. C. Ability of users to access and modify the database directly. D. Disabling floppy drives on the users machines.
Sign-on procedures include the creation of a unique user ID and password. However, an IS auditor discovers that in many cases the user name and password are the same. The BEST control to mitigate this risk is to: A. change the company's security policy. B. educate users about the risk of weak passwords. C. build in validations to prevent this during user creation and password change. D. require a periodic review of matching user ID and passwords for detection and correction.
Which of the following is the MOST likely reason why e-mail systems have become a useful source of evidence for litigation? A. Multiple cycles of backup files remain available. B. Access controls establish accountability for e-mail activity. C. Data classification regulates what information should be communicated via e-mail. D. Within the enterprise, a clear policy for using e-mail ensures that evidence is available.
Which of the following security techniques is the BEST method for authenticating a user's identity? A. Smart card B. Biometrics C. Challenge-response token D. User ID and password
Cisco Certifications 
