Which of the following is a practice that should be
incorporated into the plan for testing disaster recovery
procedures?
A. Invite client participation.
B. Involve all technical staff.
C. Rotate recovery managers.
D. Install locally stored backup.
- 4 Answers
- 7266 Views
- Microsoft, I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: C
Recovery managers should be rotated to ensure the experience
of the recovery plan is spread. Clients may be involved but
not necessarily in every case. Not all technical staff
should be involved in each test. Remote or offsite backup
should always be used.
| Is This Answer Correct ? | 10 Yes | 0 No |
Answer / andreas
Answer: C
Recovery managers should be rotated in order to get the
experience required in all aspects of recovery. Not all
technical staff is needed, nor install locally stored
backup is an action of testing DR.
Referencen CISA Review Manual 2007
| Is This Answer Correct ? | 3 Yes | 0 No |
Answer / venki
D Install locally stored backup
Retrieve the backup data and install it in the local drive
so as to verify that the data is correct.
There is no need for client participation, nor require all
tech. staff and recovery managers. SQA can do this work at
regular intervals and can verify the locally stored backup
for its correctness.
| Is This Answer Correct ? | 0 Yes | 5 No |
Analysis of which of the following would MOST likely enable the IS auditor to determine if a non-approved program attempted to access sensitive data? A. Abnormal job termination reports B. Operator problem reports C. System logs D. Operator work schedules
The extent to which data will be collected during an IS audit should be determined, based on the: A. availability of critical and required information. B. auditor's familiarity with the circumstances. C. auditee's ability to find relevant evidence. D. purpose and scope of the audit being done.
Security administration procedures require read-only access to: A. access control tables. B. security log files. C. logging options. D. user profiles.
Which of the following IS functions may be performed by the same individual, without compromising on control or violating segregation of duties? A. Job control analyst and applications programmer B. Mainframe operator and system programmer C. Change/problem and quality control administrator D. Applications and system programmer
A proposed transaction processing application will have many data capture sources and outputs in both paper and electronic form. To ensure that transactions are not lost during processing, the IS auditor should recommend the inclusion of: A. validation controls. B. internal credibility checks. C. clerical control procedures. D. automated systems balancing.
When an employee is terminated from service, the MOST important action is to: A. hand over all of the employee's files to another designated employee. B. take a back up of the employee's work. C. notify other employees of the termination. D. disable the employee's logical access.
The MOST effective method for limiting the damage of an attack by a software virus is: A. software controls. B. policies, standards and procedures. C. logical access controls. D. data communication standards.
Digital signatures require the: A. signer to have a public key and the receiver to have a private key. B. signer to have a private key and the receiver to have a public key. C. signer and receiver to have a public key. D. signer and receiver to have a private key.
Which of the following would an IS auditor consider the MOST relevant to short-term planning for the IS department? A. Allocating resources B. Keeping current with technology advances C. Conducting control self-assessment D. Evaluating hardware needs
A MAJOR risk of using single sign-on (SSO) is that it: A. has a single authentication point. B. represents a single point of failure. C. causes an administrative bottleneck. D. leads to a lockout of valid users.
Without compensating controls, which of the following functions would represent a risk if combined with that of a system analyst? A. Application programming B. Data entry C. Quality assurance D. Database administrator
Which of the following offsite information processing facility conditions would cause an IS auditor the GREATEST concern? The facility A. is identified clearly on the outside with the company name. B. is located more than an hour driving distance from the originating site. C. does not have any windows to let in natural sunlight. D. entrance is located in the back of the building rather than the front.
Cisco Certifications 
