Interested to Buy Any Domain ? << Click Here >> for more details...
An IS auditor discovers that an organization?s business
continuity plan provides for an alternate processing site
that will accommodate fifty percent of the primary
processing capability. Based on this, which of the following
actions should the IS auditor take?
A. Do nothing, because generally, less than twenty-five
percent of all processing is critical to an organization?s
survival and the backup capacity, therefore is adequate.
B. Identify applications that could be processed at the
alternate site and develop manual procedures to backup other
processing.
C. Ensure that critical applications have been identified
and that the alternate site could process all such applications.
D. Recommend that the information processing facility
arrange for an alternate processing site with the capacity
to handle at least seventy-five percent of normal processing.
- 1 Answers
- 5348 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
Business continuity plans should provide for the recovery of
critical systems, not necessarily all systems. Perhaps only
fifty percent of the company's systems are critical.
Therefore, careful assessment of critical systems and
capacity requirements should be part of the IS auditor's
test of the plan.
| Is This Answer Correct ? | 3 Yes | 0 No |
An IS auditor should use statistical sampling and not judgmental (nonstatistical) sampling, when: A. the probability of error must be objectively quantified. B. the auditor wants to avoid sampling risk. C. generalized audit software is unavailable. D. the tolerable error rate cannot be determined.
During a post-implementation review of an enterprise resource management system, an IS auditor would MOST likely: A. review access control configuration. B. evaluate interface testing. C. review detailed design documentation. D. evaluate system testing.
Which of the following activities should the business continuity manager perform FIRST after the replacement of hardware at the primary information processing facility? A. Verify compatibility with the hot site. B. Review the implementation report. C. Perform a walk-through of the DRP. D. Update the IS assets inventory.
A malicious code that changes itself with each file it infects is called a: A. logic bomb. B. stealth virus. C. trojan horse. D. polymorphic virus.
Which of the following methods of providing telecommunication continuity involves routing traffic through split- or duplicate-cable facilities? A. Diverse routing B. Alternative routing C. Redundancy D. Long haul network diversity
What is a risk associated with attempting to control physical access to sensitive areas, such as computer rooms, through card keys, locks, etc.? A. Unauthorized individuals wait for controlled doors to open and walk in behind those authorized. B. The contingency plan for the organization cannot effectively test controlled access practices. C. Access cards, keys, and pads can be easily duplicated allowing easy compromise of the control. D. Removing access for people no longer authorized is complex.
In planning a software development project, which of the following is the MOST difficult to determine? A. Project slack times B. The project's critical path C. Time and resource requirements for individual tasks D. Relationships that preclude the start of an activity before others are complete
The most common reason for the failure of information systems to meet the needs of users is that: A. user needs are constantly changing. B. the growth of user requirements was forecast inaccurately. C. the hardware system limits the number of concurrent users. D. user participation in defining the system's requirements was inadequate.
An IS auditor performing a review of the EFT operations of a retailing company would verify that the customers credit limit is checked before funds are transferred by reviewing the EFT: A. system's interface. B. switch facility. C. personal identification number generating procedure. D. operation backup procedures.
Which of the following is the MOST effective technique for providing security during data transmission? A. Communication log B. Systems software log C. Encryption D. Standard protocol
An IS steering committee should: A. include a mix of members from different departments and staff levels. B. ensure that IS security policies and procedures have been executed properly. C. have formal terms of reference and maintain minutes of its meetings. D. be briefed about new trends and products at each meeting by a vendor.
An advantage in using a bottom-up versus a top-down approach to software testing is that: A. interface errors are detected earlier. B. confidence in the system is achieved earlier. C. errors in critical modules are detected earlier. D. major functions and processing are tested earlier.
Cisco Certifications 
