Interested to Buy Any Domain ? << Click Here >> for more details...
During an IS audit of the disaster recovery plan (DRP) of a global enterprise, the auditor observes that some remote offices have very limited local IT resources. Which of the following observations would be the MOST critical for the IS auditor?
A. A test has not been made to ensure that local resources could maintain security and service standards when recovering from a disaster or incident.
B. The corporate business continuity plan (BCP) does not accurately document the systems that exist at remote offices.
C. Corporate security measures have not been incorporated into the test plan.
D. A test has not been made to ensure that tape backups from the remote offices are usable.
- 1 Answers
- 8727 Views
- I also Faced
- E-Mail Answers
the answer is A.
A. Regardless of the capability of local IT resources, the most critical risk would be the lack of testing, which would identify quality issues in the recovery process.
B. The corporate business continuity plan (BCP) may not include disaster recovery plan (DRP) details for remote offices. It is important to ensure that the local plans have been tested.
C. Security is an important issue because many controls may be missing during a disaster. However, not having a tested plan is more important.
D. The backups cannot be trusted until they have been tested. However, this should be done as part of the overall tests of the DRP.
| Is This Answer Correct ? | 9 Yes | 0 No |
An IS auditor finds that not all employees are aware of the enterprise's information security policy. The IS auditor should conclude that: A. this lack of knowledge may lead to unintentional disclosure of sensitive information. B. information security is not critical to all functions. C. IS audit should provide security training to the employees. D. the audit finding will cause management to provide continuous training to staff.
Which of the following audit tools is MOST useful to an IS auditor when an audit trail is required? A. Integrated test facility (ITF) B. Continuous and intermittent simulation (CIS) C. Audit hooks D. Snapshots
Which of the following is the MOST important criterion for the selection of a location for an offsite storage facility for IS backup files? The offsite facility must be: A. physically separated from the data center and not subject to the same risks. B. given the same level of protection as that of the computer data center. C. outsourced to a reliable third party. D. equipped with surveillance capabilities.
Which of the following risks would be increased by the installation of a database system? A. Programming errors B. Data entry errors C. Improper file access D. Loss of parity
A tax calculation program maintains several hundred tax rates. The BEST control to ensure that tax rates entered into the program are accurate is: A. an independent review of the transaction listing. B. a programmed edit check to prevent entry of invalid data. C. programmed reasonableness checks with 20 percent data entry range. D. a visual verification of data entered by the processing department.
Which of the following is an IS control objective? A. Output reports are locked in a safe place. B. Duplicate transactions do not occur. C. System backup/recovery procedures are updated periodically. D. System design and development meet users' requirements.
When auditing a mainframe operating system, what would the IS auditor do to establish which control features are in operation? A. Examine the parameters used when the system was generated B. Discuss system parameter options with the vendor C. Evaluate the systems documentation and installation guide D. Consult the systems programmers
With regard to sampling it can be said that: A. sampling is generally applicable when the population relates to an intangible or undocumented control. B. if an auditor knows internal controls are strong, the confidence coefficient may be lowered. C. attribute sampling would help prevent excessive sampling of an attribute by stopping an audit test at the earliest possible moment. D. variable sampling is a technique to estimate the rate of occurrence of a given control or set of related controls.
A team conducting a risk analysis is having difficulty projecting the financial losses that could result from a risk. To evaluate the potential losses the team should: A. compute the amortization of the related assets. B. calculate a return on investment (ROI). C. apply a qualitative approach. D. spend the time needed to define exactly the loss amount.
To identify the value of inventory that has been kept for more than eight weeks, an IS auditor would MOST likely use: A. test data. B. statistical sampling. C. an integrated test facility. D. generalized audit software.
The primary goal of a web site certificate is: A. authentication of the web site to be surfed through. B. authentication of the user who surfs through that site. C. preventing surfing of the web site by hackers. D. the same purpose as that of a digital certificate.
Creation of an electronic signature: A. encrypts the message. B. verifies where the message came from. C. cannot be compromised when using a private key. D. cannot be used with e-mail systems.
Cisco Certifications 
