Which of the following would not prevent the loss of an
asset but would assist in recovery by transferring part of
the risk to a third party?
A. Full system backups
B. Insurance
C. Testing
D. Business impact analysis
- 1 Answers
- 4554 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Insurance assists by involving a third party in sharing the
risks. In case of the destruction of an asset, the third
party would compensate for the loss based on the contract.
This would assist in reinstating the asset to the
pre-disaster condition. A business impact analysis (BIA) is
the first step in developing a business continuity plan.
This step would assist in the classification of assets based
on risk and would not assist in either preventing a disaster
or reinstating an asset to a pre-disaster condition. Backups
would assist in recovering a system in case of a disaster
but do not necessarily involve a third party. Testing of the
plan would help to ensure that the business continuity plan
works as intended, but testing would not reinstate an asset
to a pre-disaster condition.
| Is This Answer Correct ? | 5 Yes | 0 No |
The knowledge base of an expert system that uses questionnaires to lead the user through a series of choices before a conclusion is reached is known as: A. rules. B. decision trees. C. semantic nets. D. data flow diagrams.
To check the performance of flow and error control, an IS auditor should focus the use of a protocol analyzer on which of the following layers? A. Network B. Transport C. Data link D. Application
Which of the following techniques would provide the BEST assurance that the estimate of program development effort is reliable? A. Function point analysis B. Estimates by business area C. A computer-based project schedule D. An estimate by experienced programmer
Which of the following data entry controls provides the GREATEST assurance that the data is entered correctly? A. Using key verification B. Segregating the data entry function from data entry verification C. Maintaining a log/record detailing the time, date, employee's initials/user id and progress of various data preparation and verification tasks D. Adding check digits
Which of the following message services provides the strongest protection that a specific action has occurred? A. Proof of delivery B. Nonrepudiation C. Proof of submission D. Message origin authentication
Which of the following should be in place to protect the purchaser of an application package in the event that the vendor ceases to trade? A. Source code held in escrow. B. Object code held by a trusted third party. C. Contractual obligation for software maintenance. D. Adequate training for internal programming staff.
Which of the following would an IS auditor expect to find in a console log? A. Names of system users B. Shift supervisor identification C. System errors D. Data edit errors
With the help of the security officer, granting access to data is the responsibility of: A. data owners. B. programmers. C. system analysts. D. librarians.
A primary function of risk management is the identification of cost-effective controls. In selecting appropriate controls, which of the following methods is best to study the effectiveness of adding various safeguards in reducing vulnerabilities? A. "What if" analysis B. Traditional cost/benefit analysis C. Screening analysis D. A "back-of-the-envelope" analysis
The process of using interpersonal communication skills to get unauthorized access to company assets is called: A. wire tapping. B. trap doors. C. war dialing. D. social engineering.
A long-term IS employee with a strong technical background and broad managerial experience has applied for a vacant position in the IS audit department. Determining whether to hire this individual for this position should be based on the individual's experience and: A. the length of service since this will help ensure technical competence. B. age as training in audit techniques may be impractical. C. IS knowledge since this will bring enhanced credibility to the audit function. D. ability, as an IS auditor, to be independent of existing IS relationships.
A team conducting a risk analysis is having difficulty projecting the financial losses that could result from a risk. To evaluate the potential losses the team should: A. compute the amortization of the related assets. B. calculate a return on investment (ROI). C. apply a qualitative approach. D. spend the time needed to define exactly the loss amount.
Cisco Certifications 
