During an IS audit of the disaster recovery plan (DRP) of a global enterprise, the auditor observes that some remote offices have very limited local IT resources. Which of the following observations would be the MOST critical for the IS auditor?
A. A test has not been made to ensure that local resources could maintain security and service standards when recovering from a disaster or incident.
B. The corporate business continuity plan (BCP) does not accurately document the systems that exist at remote offices.
C. Corporate security measures have not been incorporated into the test plan.
D. A test has not been made to ensure that tape backups from the remote offices are usable.
the answer is A.
A. Regardless of the capability of local IT resources, the most critical risk would be the lack of testing, which would identify quality issues in the recovery process.
B. The corporate business continuity plan (BCP) may not include disaster recovery plan (DRP) details for remote offices. It is important to ensure that the local plans have been tested.
C. Security is an important issue because many controls may be missing during a disaster. However, not having a tested plan is more important.
D. The backups cannot be trusted until they have been tested. However, this should be done as part of the overall tests of the DRP.
Is This Answer Correct ? | 9 Yes | 0 No |
The Primary purpose of audit trails is to
An IS auditor when reviewing a network used for Internet communications, will FIRST examine the: A. validity of passwords change occurrences. B. architecture of the client-server application. C. network architecture and design. D. firewall protection and proxy servers.
The interface that allows access to lower or higher level network services is called: A. firmware. B. middleware. C. X.25 interface. D. utilities.
Various standards have emerged to assist IS organizations in achieving an operational environment that is predictable, measurable and repeatable. The standard that provides the definition of the characteristics and the associated quality evaluation process to be used when specifying the requirements for and evaluating the quality of software products throughout their life cycle is: A. ISO 9001. B. ISO 9002. C. ISO 9126. D. ISO 9003.
Which of the following Internet security threats could compromise integrity? A. Theft of data from the client B. Exposure of network configuration information C. A trojan horse browser D. Eavesdropping on the net
During which of the following steps in the business process reengineering should the benchmarking team visit the benchmarking partner? A. Observation B. Planning C. Analysis D. Adaptation
The use of coding standards is encouraged by IS auditors because they: A. define access control tables. B. detail program documentation. C. standardize dataflow diagram methodology. D. ensure compliance with field naming conventions.
After implementation of a disaster recovery plan (DRP), pre-disaster and post-disaster operational cost for an organization will: A. decrease. B. not change (remain the same). C. increase. D. increase or decrease depending upon nature of the business.
Which of the following environmental controls is appropriate to protect computer equipment against short-term reductions in electrical power? A. Power line conditioners B. A surge protective device C. An alternative power supply D. An interruptible power supply
While developing a risk-based audit program, which of the following would the IS auditor MOST likely focus on? A. Business processes B. Critical IT applications C. Corporate objectives D. Business strategies
An offsite information processing facility having electrical wiring, air conditioning and flooring, but no computer or communications equipment is a: A. cold site. B. warm site. C. dial-up site. D. duplicate processing facility.
Many IT projects experience problems because the development time and/or resource requirements are underestimated. Which of the following techniques would provide the GREATEST assistance in developing an estimate of project duration? A. Function point analysis B. PERT chart C. Rapid application development D. Object-oriented system development