Which of the following issues should be included in the
business continuity plan?
A. The staff required to maintain critical business
functions in the short, medium and long term
B. The potential for a natural disaster to occur, such as an
earthquake
C. Disastrous events impacting information systems
processing and end-user functions
D. A risk analysis that considers systems malfunctions,
accidental file deletions or other failures
- 1 Answers
- 5527 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
Where a unified business continuity plan does not exist, the
plan for information systems processing should be extended
to include planning for all units that are dependent upon
information systems processing functions. But, when
formulating a thorough business continuity plan, a very
important issue to be considered is the staff that will be
required to maintain critical business functions over time,
until the organization is fully operational again. Another
important issue is the configuration of the business
facilities, e.g., desks, chairs, telephones, etc., that will
be needed to maintain critical business functions in the
short, medium and long term. Choice B is incorrect because
it has to do with what a good business continuity plan will
take into account in case of disastrous events happening.
This could be considered as a subset of a business
continuity plan, but it does not have the same impact as the
staff required and trained to perform in the event of a
natural disaster. Choice C is incorrect because, like in the
natural disaster case, this could be considered a subset of
a business continuity plan, but it does not have the same
impact as the staff required and trained to perform in the
event of a disaster that would impact information systems
processing and end-user functions. Choice A would be the
subject and choices B and C would be the cause to deploy the
business continuity plan. Choice D is incorrect because it
deals with disruptions in service having their roots in
systems malfunctions; but again, this would be another
aspect dealt with in the business continuity plan, but not a
main issue included in it.
| Is This Answer Correct ? | 1 Yes | 0 No |
Which of the following should be of MOST concern to an IS auditor? A. Lack of reporting of a successful attack on the network B. Failure to notify police of an attempted intrusion C. Lack of periodic examination of access rights D. Lack of notification to the public of an intrusion
Which of the following is MOST effective in controlling application maintenance? A. Informing users of the status of changes B. Establishing priorities on program changes C. Obtaining user approval of program changes D. Requiring documented user specifications for changes
Which of the following is the MOST effective technique for providing security during data transmission? A. Communication log B. Systems software log C. Encryption D. Standard protocol
An Internet-based attack using password sniffing can: A. enable one party to act as if they are another party. B. cause modification to the contents of certain transactions. C. be used to gain access to systems containing proprietary information. D. result in major problems with billing systems and transaction processing agreements.
Neural networks are effective in detecting fraud because they can: A. discover new trends since they are inherently linear. B. solve problems where large and general sets of training data are not obtainable. C. attack problems that require consideration of a large number of input variables. D. make assumptions about the shape of any curve relating variables to the output.
A consulting firm has created a File Transfer Protocol (FTP) site for the purpose of receiving financial data and has communicated the site's address, user ID and password to the financial services company in separate email messages. The company is to transmit its data to the FTP site after manually encrypting the data. The IS auditor's GREATEST concern with this process is that: A. the users may not remember to manually encrypt the data before transmission. B. the site credentials were sent to the financial services company via email. C. personnel at the consulting firm may obtain access to sensitive data. D. the use of a shared user ID to the FTP site does not allow for user accountability.
Peer reviews to detect software errors during a program development activity are called: A. emulation techniques. B. structured walk-throughs. C. modular program techniques. D. top-down program construction.
Which of the following is a substantive test?
Which of the following findings would an IS auditor be MOST concerned about when performing an audit of backup and recovery and the offsite storage vault? A. There are three individuals with a key to enter the area. B. Paper documents also are stored in the offsite vault. C. Data files, which are stored in the vault, are synchronized. D. The offsite vault is located in a separate facility.
The phases and deliverables of a systems development life cycle (SDLC) project should be determined: A. during the initial planning stages of the project. B. after early planning has been completed, but before work has begun. C. through out the work stages based on risks and exposures. D. only after all risks and exposures have been identified and the IS auditor has recommended appropriate controls.
The MAJOR concern for an IS auditor when reviewing an organization's business process reengineering (BRP) efforts is: A. cost overrun of the project. B. employees resistance to change. C. key controls may be removed from a business process. D. lack of documentation of new processes.
An IS auditor reviews an organization chart PRIMARILY for: A. an understanding of workflows. B. investigating various communication channels. C. understanding the responsibilities and authority of individuals. D. investigating the network connected to different employees.
Cisco Certifications 
