Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following would not prevent the loss of an
asset but would assist in recovery by transferring part of
the risk to a third party?
A. Full system backups
B. Insurance
C. Testing
D. Business impact analysis
- 1 Answers
- 5308 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Insurance assists by involving a third party in sharing the
risks. In case of the destruction of an asset, the third
party would compensate for the loss based on the contract.
This would assist in reinstating the asset to the
pre-disaster condition. A business impact analysis (BIA) is
the first step in developing a business continuity plan.
This step would assist in the classification of assets based
on risk and would not assist in either preventing a disaster
or reinstating an asset to a pre-disaster condition. Backups
would assist in recovering a system in case of a disaster
but do not necessarily involve a third party. Testing of the
plan would help to ensure that the business continuity plan
works as intended, but testing would not reinstate an asset
to a pre-disaster condition.
| Is This Answer Correct ? | 5 Yes | 0 No |
Which of the following functions is performed by a virtual private network (VPN)? A. Hiding information from sniffers on the net B. Enforcing security policies C. Detecting misuse or mistakes D. Regulating access
When conducting a review of business process re-engineering, an IS auditor found that a key preventive control had been removed. In this case, the IS auditor should: A. inform management of the finding and determine if management is willing to accept the potential material risk of not having that preventing control. B. determine if a detective control has replaced the preventive control during the process and if so, not report the removal of the preventive control. C. recommend that this and all control procedures that existed before the process was reengineered be included in the new process. D. develop a continuous audit approach to monitor the effects of the removal of the preventive control.
The purpose for requiring source code escrow in a contractual agreement is to: A. ensure the source code is available if the vendor ceases to exist. B. permit customization of the software to meet specified business requirements. C. review the source code for adequacy of controls. D. ensure the vendor has complied with legal requirements.
During the review of an organization's disaster recovery and business continuity plan, the IS auditor found that a paper test was performed to verify the existence of all necessary procedures and actions within the recovery plan. This is a: A. preparedness test. B. module test. C. full test. D. walk-through test.
An offsite information processing facility: A. should have the same amount of physical access restrictions as the primary processing site. B. should be easily identified from the outside so that in the event of an emergency it can be easily found. C. should be located in proximity to the originating site so that it can quickly be made operational. D. need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive.
A company has contracted with an external consulting firm to implement a commercial financial system to replace its existing in-house developed system. In reviewing the proposed development approach, which of the following would be of GREATEST concern? A. Acceptance testing is to be managed by users. B. A quality plan is not part of the contracted deliverables. C. Not all business functions will be available on initial implementation. D. Prototyping is being used to confirm that the system meets business requirements.
The PRIMARY purpose of undertaking a parallel run of a new system is to: A. verify that the system provides required business functionality. B. validate the operation of the new system against its predecessor. C. resolve any errors in the program and file interfaces. D. verify that the system can process the production load.
Which of the following imaging technologies captures handwriting from a preprinted form and converts it into an electronic format? A. Magnetic ink character recognition (MICR) B. Intelligent voice recognition (IVR) C. Bar code recognition (BCR) D. Optical character recognition (OCR)
The PRIMARY purpose of compliance tests is to verify whether: A. controls are implemented as prescribed. B. documentation is accurate and current. C. access to users is provided as specified. D. data validation procedures are provided.
Which of the following would be the LEAST helpful in restoring service from an incident currently underway? A. Developing a database repository of past incidents and actions to facilitate future corrective actions B. Declaring the incident, which not only helps to carry out corrective measures, but also improves the awareness level C. Developing a detailed operations plan that outlines specific actions to be taken to recover from an incident D. Establishing multidisciplinary teams consisting of executive management, security staff, information systems staff, legal counsel, public relations, etc., to carry out the response.
Security administration procedures require read-only access to: A. access control tables. B. security log files. C. logging options. D. user profiles.
A goal of processing controls is to ensure that: A. the data are delivered without compromised confidentiality. B. all transactions are authorized. C. accumulated data are accurate and complete through authorized routines. D. only authorized individuals perform sensitive functions.
Cisco Certifications 
