Interested to Buy Any Domain ? << Click Here >> for more details...
An IS auditor conducting a review of disaster recovery
planning at a financial processing organization has
discovered the following:
* The existing disaster recovery plan was compiled two years
ago by a systems analyst in the organization's IT department
using transaction flow projections from the operations
department.
* The plan was presented to the deputy CEO for approval and
formal issue, but it is still awaiting his attention.
* The plan has never been updated, tested or circulated to
key management and staff, though interviews show that each
would know what action to take for their area in the event
of a disruptive incident.
The basis of an organization's disaster recovery plan is to
reestablish live processing at an alternative site where a
similar, but not identical hardware configuration is already
established. The IS auditor should:
A. take no action as the lack of a current plan is the only
significant finding.
B. recommend that the hardware configuration at each site
should be identical.
C. perform a review to verify that the second configuration
can support live processing.
D. report that the financial expenditure on the alternative
site is wasted without an effective plan.
- 1 Answers
- 5096 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
The IS auditor does not have a finding unless it can be
shown that the alternative hardware cannot support the live
processing system. Even though the primary finding is the
lack of a proven and communicated disaster recovery plan, it
is essential that this aspect of recovery is included in the
audit. Since, if it is found to be inadequate the finding
will materially support the overall audit opinion. It is
certainly not appropriate to take no action at all, leaving
this important factor untested, and unless it is shown that
the alternative site is inadequate, there can be no comment
on the expenditure (even if this is considered a proper
comment for the IS auditor to make). Similarly, there is no
need for the configurations to be identical. The alternative
site could actually exceed the recovery requirements if it
is also used for other work, such as other processing or
systems development and testing. The only proper course of
action at this point would be to find out if the recovery
site can actually cope with a recovery.
| Is This Answer Correct ? | 2 Yes | 0 No |
As a result of a business process reengineering (BPR) project: A. an IS auditor would be concerned with the key controls that existed in the prior business process and not those in the new process. B. system processes are automated in such a way that there are more manual interventions and manual controls. C. the newly designed business processes usually do not involve changes in the way(s) of doing business. D. advantages usually are realized when the reengineering process appropriately suits the business and risk.
Facilitating telecommunications continuity by providing redundant combinations of local carrier T-1 lines, microwaves and/or coaxial cables to access the local communication loop is: A. last mile circuit protection. B. long haul network diversity. C. diverse routing. D. alternative routing.
A manufacturer has been purchasing materials and supplies for its business through an e-commerce application. Which of the following should this manufacturer rely on to prove that the transactions were actually made? A. Reputation B. Authentication C. Encryption D. Nonrepudiation
In a risk-based audit approach, an IS auditor, in addition to risk, would be influenced by: A. the availability of CAATs. B. management's representation. C. organizational structure and job responsibilities. D. the existence of internal and operational controls
Applying a digital signature to data traveling in a network provides: A. confidentiality and integrity. B. security and nonrepudiation. C. integrity and nonrepudiation. D. confidentiality and nonrepudiation.
In reviewing the IS short-range (tactical) plan, the IS auditor should determine whether: A. there is an integration of IS and business staffs within projects. B. there is a clear definition of the IS mission and vision. C. there is a strategic information technology planning methodology in place. D. the plan correlates business objectives to IS goals and objectives.
In a risk-based audit approach an IS auditor should FIRST complete a/an: A. inherent risk assessment. B. control risk assessment. C. test of control assessment. D. substantive test assessment.
Which of the following types of data validation editing checks is used to determine if a field contains data, and not zeros or blanks? A. Check digit B. Existence check C. Completeness check D. Reasonableness check
Which of the following database administrator (DBA) activities is unlikely to be recorded on detective control logs? A. Deletion of a record B. Change of a password C. Disclosure of a password D. Changes to access rights
An organization acquiring other businesses continues using its legacy EDI systems, and uses three separate value added network (VAN) providers. No written VAN agreements exist. The IS auditor should recommend that management: A. obtain independent assurance of the third party service providers. B. set up a process for monitoring the service delivery of the third party. C. ensure that formal contracts are in place. D. consider agreements with third party service providers in the development of continuity plans.
Which of the following LAN physical layouts is subject to total loss if one device fails? A. Star B. Bus C. Ring D. Completely connected
A universal serial bus (USB) port: A. connects the network without a network card. B. connects the network with an Ethernet adapter. C. replaces all existing connections. D. connects the monitor.
Cisco Certifications 
