Interested to Buy Any Domain ? << Click Here >> for more details...
An IS auditor reviewing an organization's IS disaster
recovery plan should verify that it is:
A. tested every 6 months.
B. regularly reviewed and updated.
C. approved by the chief executive officer (CEO).
D. communicated to every departmental head in the organization.
- 2 Answers
- 10771 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: B
The plan should be reviewed at appropriate intervals,
depending upon the nature of the business and the rate of
change of systems and personnel, otherwise it may become out
of date and may no longer be effective. The plan must be
subjected to regular testing, but the period between tests
will again depend on the nature of the organization and the
relative importance of IS. Three months or even annually may
be appropriate in different circumstances. Although the
disaster recovery plan should receive the approval of senior
management, it need not be the CEO if another executive
officer is equally, or more appropriate. For a purely
IS-related plan, the executive responsible for technology
may have approved the plan. Similarly, although a business
continuity plan is likely to be circulated throughout an
organization, the IS disaster recovery plan will usually be
a technical document and only relevant to IS and
communications staff.
| Is This Answer Correct ? | 7 Yes | 0 No |
Answer / vineet aggarwal
In my opinion the answer should be
C. approved by the chief executive officer (CEO).coz it is
top most important that the BCP / DRP is supported by the
top management. Of course, the NEXT best is its regular
review and testing
| Is This Answer Correct ? | 2 Yes | 1 No |
Which of the following access control functions is LEAST likely to be performed by a database management system (DBMS) software package? A. User access to field data B. User sign-on at the network level C. User authentication at the program level D. User authentication at the transaction level
Which of the following is the initial step in creating a firewall policy? A. A cost-benefits analysis of methods for securing the applications B. Identification of network applications to be externally accessed C. Identification of vulnerabilities associated with network applications to be externally accessed D. Creation of an applications traffic matrix showing protection methods
To develop a successful business continuity plan, end user involvement is critical during which of the following phases? A. Business recovery strategy B. Detailed plan development C. Business impact analysis D. Testing and maintenance
The information that requires special precaution to ensure integrity is termed? A. Public data B. Private data C. Personal data D. Sensitive data
Which of the following types of data validation editing checks is used to determine if a field contains data, and not zeros or blanks? A. Check digit B. Existence check C. Completeness check D. Reasonableness check
Which of the following would be of the LEAST value to an IS auditor attempting to gain an understanding of an organization's IT process? A. IT planning documents with deliverables and performance results B. Policies and procedures relating to planning, managing, monitoring and reporting on performance C. Prior audit reports D. Reports of IT functional activities
Which of the following integrity tests examines the accuracy, completeness, consistency and authorization of data? A. Data B. Relational C. Domain D. Referential
Which of the following is the FIRST thing an IS auditor should do after the discovery of a trojan horse program in a computer system? A. Investigate the author. B. Remove any underlying threats. C. Establish compensating controls. D. Have the offending code removed.
When an information security policy has been designed, it is MOST important that the information security policy be: A. stored offsite. B. written by IS management. C. circulated to users. D. updated frequently.
To share data in a multivendor network environment, it is essential to implement program-to-program communication. With respect to program-to-program communication features that can be implemented in this environment, which of the following makes implementation and maintenance difficult? A. User isolation B. Controlled remote access C. Transparent remote access D. The network environments
To detect attack attempts that the firewall is unable to recognize, an IS auditor should recommend placing a network intrusion detection system (IDS) between the:
Which of the following functions, if combined, would be the GREATEST risk to an organization? A. Systems analyst and database administrator B. Quality assurance and computer operator C. Tape librarian and data entry clerk D. Application programmer and tape librarian
Cisco Certifications 
