Interested to Buy Any Domain ? << Click Here >> for more details...
After a full operational contingency test, the IS auditor
performs a review of the recovery steps and concludes that
the elapsed time until the technological environment and
systems were actually functioning, exceeded the required
critical recovery time. Which of the following should the
auditor recommend?
A. Perform an integral review of the recovery tasks.
B. Broaden the processing capacity to gain recovery time.
C. Make improvements in the facility's circulation structure.
D. Increase the amount of human resources involved in the
recovery.
- 1 Answers
- 5118 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
Performing an exhaustive review of the recovery tasks would
be appropriate to identify the way these tasks were
performed, the time allocated to each of the steps required
to accomplish recovery, and determine where adjustments can
be made. Choices B, C, and D could be actions after the
described review has been completed.
| Is This Answer Correct ? | 6 Yes | 0 No |
During a review of the controls over the process of defining IT service levels, an IS auditor would MOST likely interview the: A. systems programmer. B. legal staff. C. business unit manager. D. application programmer.
While copying files from a floppy disk a user introduced a virus into the network. Which of the following would MOST effectively detect the existence of the virus? A: A. scan of all floppy disks before use B. virus monitor on the network file server C. scheduled daily scan of all network drives D. virus monitor on the user's personal computer
When performing a general controls review, an IS auditor checks the relative location of the computer room inside the building. What potential threat is the IS auditor trying to identify? A. Social engineering B. Windstorm C. Earthquake D. Flooding
Accountability for the maintenance of appropriate security measures over information assets resides with the: A. security administrator. B. systems administrator. C. data and systems owners. D. systems operations group.
Which of the following is the BEST audit procedure to determine if a firewall is configured in compliance with an organization's security policy? A. Review the parameter settings B. Interview the firewall administrator C. Review the actual procedures D. Review the device's log file for recent attacks
In a small organization, where segregation of duties is not practical, an employee performs the function of computer operator and application programmer. Which of the following controls should the IS auditor recommend? A. Automated logging of changes to development libraries B. Additional staff to provide segregation of duties C. Procedures that verify that only approved program changes are implemented D. Access controls to prevent the operator from making program modifications
When reviewing a system development project at the project initiation stage, an IS auditor finds that the project team is following the organization's quality manual. To meet critical deadlines the project team proposes to fast track the validation and verification processes, commencing some elements before the previous deliverable is signed off. Under these circumstances, the IS auditor would MOST likely: A. report this as a critical finding to senior management. B. accept that different quality processes can be adopted for each project. C. report to IS management the team's failure to follow quality procedures. D. report the risks associated with fast tracking to the project steering committee.
The interface that allows access to lower or higher level network services is called: A. firmware. B. middleware. C. X.25 interface. D. utilities.
Connection-oriented protocols in the TCP/IP suite are implemented in the: A. transport layer. B. application layer. C. physical layer. D. network layer.
Which of the following would enable an enterprise to provide access to its intranet (i.e., extranet) across the Internet to its business partners? A. Virtual private network B. Client-server C. Dial-in access D. Network service provider
A PRIMARY benefit derived from an organization employing control self-assessment (CSA) techniques is that it: A. can identify high-risk areas that might need a detailed review later. B. allows IS auditors to independently assess risk. C. can be used as a replacement for traditional audits. D. allows management to relinquish responsibility for control.
The responsibility, authority and accountability of the IS audit function is documented appropriately in an audit charter and MUST be: A. approved by the highest level of management. B. approved by audit department management. C. approved by user department management. D. changed every year before commencement of IS audits.
Cisco Certifications 
