Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following is necessary to have FIRST in the
development of a business continuity plan?
A. Risk-based classification of systems
B. Inventory of all assets
C. Complete documentation of all disasters
D. Availability of hardware and software
- 1 Answers
- 5468 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
A well-defined, risk-based classification system for all
assets and processes of the organization is one of the most
important component for initializing the business continuity
planning efforts. A well-defined risk-based classification
system would assist in identifying the criticality of each
of the key processes and assets used by the organization.
This would assist in the easy identification of key assets
and processes to be secured and plans to be made to recover
these processes and assets at the earliest after a disaster.
Inventory of critical assets and not all assets is required
for initiating a business continuity plan. Complete
documentation of all disasters is not a prerequisite for
initiating a business continuity plan, rather various
disasters are considered while developing the plan and only
the one having an impact on the organization is addressed in
the plan. The availability of hardware and software is not
required for initiating the development of a plan; however,
it is considered when developing the detailed plan in
accordance with the strategy adopted.
| Is This Answer Correct ? | 4 Yes | 1 No |
An IS auditor performing an audit of the company's IS strategy would be LEAST likely to: A. assess IS security procedures. B. review both short- and long-term IS strategies. C. interview appropriate corporate management personnel. D. ensure that the external environment has been considered.
The MOST effective method for limiting the damage of an attack by a software virus is: A. software controls. B. policies, standards and procedures. C. logical access controls. D. data communication standards.
An IS auditor involved as a team member in the detailed system design phase of a system under development would be MOST concerned with: A. internal control procedures. B. user acceptance test schedules. C. adequacy of the user training program. D. clerical processes for resubmission of rejected items.
An internal audit department, that organizationally reports exclusively to the chief financial officer (CFO) rather than to an audit committee, is MOST likely to: A. have its audit independence questioned. B. report more business-oriented and relevant findings. C. enhance the implementation of the auditor's recommendations. D. result in more effective action being taken on the recommendations.
Which of the following represents the GREATEST potential risk in an EDI environment? A. Transaction authorization B. Loss or duplication of EDI transmissions C. Transmission delay D. Deletion or manipulation of transactions prior to or after establishment of application controls
For an online transaction processing system, transactions per second is a measure of: A. throughput. B. response time. C. turnaround time. D. uptime.
A TCP/IP-based environment is exposed to the Internet. Which of the following BEST ensures that complete encryption and authentication protocols exist for protecting information while transmitted? A. Work is completed in tunnel mode with IP security using the nested services of authentication header (AH) and encapsulating security payload (ESP). B. A digital signature with RSA has been implemented. C. Digital certificates with RSA are being used. D. Work is being completed in TCP services.
IS management has recently informed the IS auditor of its decision to disable certain referential integrity controls in the payroll system to provide users with a faster report generator. This will MOST likely increase the risk of: A. data entry by unauthorized users. B. a nonexistent employee being paid. C. an employee receiving an unauthorized raise. D. duplicate data entry by authorized users.
When performing a review of the structure of an electronic funds transfer (EFT) system, an IS auditor observes that the technological infrastructure is based on a centralized processing scheme that has been outsourced to a provider in another country. Based on this information, which of the following conclusions should be the main concern of the IS auditor? A. There could be a question with regards to the legal jurisdiction. B. Having a provider abroad will cause excesive costs in future audits. C. The auditing process will be difficult because of the distances. D. There could be different auditing norms.
Which of the following applet intrusion issues poses the GREATEST risk of disruption to an organization? A. A program that deposits a virus on a client machine B. Applets recording keystrokes and, therefore, passwords C. Downloaded code that reads files on a client's hard drive D. Applets opening connections from the client machine
An IS auditor is assigned to help design the data security aspects of an application under development. Which of the following provides the MOST reasonable assurance that corporate assets are protected when the application is certified for production? A. A review conducted by the internal auditor B. A review conducted by the assigned IS auditor C. Specifications by the user on the depth and content of the review D. An independent review conducted by another equally experienced IS auditor
An advantage of using sanitized live transactions in test data is that: A. all transaction types will be included. B. every error condition is likely to be tested. C. no special routines are required to assess the results. D. test transactions are representative of live processing.
Cisco Certifications 
