Which of the following is necessary to have FIRST in the
development of a business continuity plan?
A. Risk-based classification of systems
B. Inventory of all assets
C. Complete documentation of all disasters
D. Availability of hardware and software
Answer / guest
Answer: A
A well-defined, risk-based classification system for all
assets and processes of the organization is one of the most
important component for initializing the business continuity
planning efforts. A well-defined risk-based classification
system would assist in identifying the criticality of each
of the key processes and assets used by the organization.
This would assist in the easy identification of key assets
and processes to be secured and plans to be made to recover
these processes and assets at the earliest after a disaster.
Inventory of critical assets and not all assets is required
for initiating a business continuity plan. Complete
documentation of all disasters is not a prerequisite for
initiating a business continuity plan, rather various
disasters are considered while developing the plan and only
the one having an impact on the organization is addressed in
the plan. The availability of hardware and software is not
required for initiating the development of a plan; however,
it is considered when developing the detailed plan in
accordance with the strategy adopted.
Is This Answer Correct ? | 4 Yes | 1 No |
When an information security policy has been designed, it is MOST important that the information security policy be: A. stored offsite. B. written by IS management. C. circulated to users. D. updated frequently.
An IS auditor performing an audit of the company's IS strategy would be LEAST likely to: A. assess IS security procedures. B. review both short- and long-term IS strategies. C. interview appropriate corporate management personnel. D. ensure that the external environment has been considered.
Which of the following would be a MAJOR disadvantage of using prototyping as a systems development methodology? A. User expectations of project timescales may be overly optimistic. B. Effective change control and management is impossible to implement. C. User participation in day-to-day project management may be too extensive. D. Users usually are not sufficiently knowledgeable to assist in system development.
When reviewing an organization's logical access security, which of the following would be of the MOST concern to an IS auditor? A. Passwords are not shared. B. Password files are encrypted. C. Redundant logon IDs are deleted. D. The allocation of logon IDs is controlled.
Which of the following should concern an IS auditor when reviewing security in a client-server environment? A. Data is protected by an encryption technique. B. Diskless workstations prevent unauthorized access. C. Ability of users to access and modify the database directly. D. Disabling floppy drives on the users machines.
At the end of the testing phase of software development, an IS auditor observes that an intermittent software error has not been corrected. No action has been taken to resolve the error. The IS auditor should: A. report the error as a finding and leave further exploration to the auditee's discretion. B. attempt to resolve the error. C. recommend that problem resolution be escalated. D. ignore the error, as it is not possible to get objective evidence for the software error.
Which of the following is the MOST effective type of antivirus software? A. Scanners B. Active monitors C. Integrity checkers D. Vaccines
Which of the following network configuration options contains a direct link between any two host machines? A. Bus B. Ring C. Star D. Completely connected (mesh)
Which of the following methods of suppressing a fire in a data center is the MOST effective and environmentally friendly? A. Halon gas B. Wet-pipe sprinklers C. Dry-pipe sprinklers D. Carbon dioxide gas
An IS steering committee should: A. include a mix of members from different departments and staff levels. B. ensure that IS security policies and procedures have been executed properly. C. have formal terms of reference and maintain minutes of its meetings. D. be briefed about new trends and products at each meeting by a vendor.
The PRIMARY objective of a logical access controls review is to: A. review access controls provided through software. B. ensure access is granted per the organization's authorities. C. walkthrough and assess access provided in the IT environment. D. provide assurance that computer hardware is protected adequately against abuse.
With reference to the risk management process, which of the following statements is correct? A. Vulnerabilities can be exploited by a threat. B. Vulnerabilities are events with the potential to cause harm to IS resources. C. Vulnerability exists because of threats associated with use of information resources. D. Lack of user knowledge is an example of a threat.