An IS auditor should be involved in:
A. observing tests of the disaster recovery plan.
B. developing the disaster recovery plan.
C. maintaining the disaster recovery plan.
D. reviewing the disaster recovery requirements of supplier
contracts.
- 1 Answers
- 9110 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
The IS auditor should always be present when disaster
recovery plans are tested, to ensure that the test meets the
required targets for restoration and recovery procedures are
effective and efficient, reporting on the results as
appropriate. IS auditors may be involved in overseeing plan
development, but they are unlikely to be involved in the
actual development process. Similarly, an audit of plan
maintenance may be conducted, but the IS auditor would not
normally have any responsibility for the actual maintenance.
An IS auditor may be asked to comment upon various elements
of a supplier contract but, again, this is not always the case.
| Is This Answer Correct ? | 8 Yes | 0 No |
Access rules normally are included in which of the following documentation categories? A. Technical reference documentation B. User manuals C. Functional design specifications D. System development methodology documents
Following the development of an application system, it is determined that several design objectives have not been achieved. This is MOST likely to have been caused by: A. insufficient user involvement. B. early dismissal of the project manager. C. inadequate quality assurance (QA) tools. D. noncompliance with defined approval points.
Which of the following is the initial step in creating a firewall policy? A. A cost-benefits analysis of methods for securing the applications B. Identification of network applications to be externally accessed C. Identification of vulnerabilities associated with network applications to be externally accessed D. Creation of an applications traffic matrix showing protection methods
Which of the following represents the GREATEST potential risk in an EDI environment? A. Transaction authorization B. Loss or duplication of EDI transmissions C. Transmission delay D. Deletion or manipulation of transactions prior to or after establishment of application controls
Which of the following components is responsible for the collection of data in an intrusion detection system (IDS)? A. Analyzer B. Administration console C. User interface D. Sensor
Failure to adequately define or manage the requirements for a system can result in a number of risks. The GREATEST risk is: A. inadequate user involvement. B. inadequate allocation of resources. C. scope creep. D. an incorrect estimation of the critical path.
Which of the following would normally be found in application run manuals? A. Details of source documents B. Error codes and their recovery actions C. Program flowcharts and file definitions D. Change records for the application source code
A malicious code that changes itself with each file it infects is called a: A. logic bomb. B. stealth virus. C. trojan horse. D. polymorphic virus.
Which of the following offsite information processing facility conditions would cause an IS auditor the GREATEST concern? The facility A. is identified clearly on the outside with the company name. B. is located more than an hour driving distance from the originating site. C. does not have any windows to let in natural sunlight. D. entrance is located in the back of the building rather than the front.
E-cash is a form of electronic money that: A. can be used over any computer network. B. utilizes reusable e-cash coins to make payments. C. does not require the use of an Internet digital bank. D. contains unique serial numbering to track the identity of the buyer.
Which of the following situations would increase the likelihood of fraud? A. Application programmers are implementing changes to production programs. B. Application programmers are implementing changes to test programs. C. Operations support staff are implementing changes to batch schedules. D. Database administrators are implementing changes to data structures.
When reviewing the IT strategic planning process, an IS auditor should ensure that the plan: A. incorporates state of the art technology. B. addresses the required operational controls. C. articulates the IT mission and vision. D. specifies project management practices.
Cisco Certifications 
