An IS auditor reviewing an organization's IS disaster
recovery plan should verify that it is:
A. tested every 6 months.
B. regularly reviewed and updated.
C. approved by the chief executive officer (CEO).
D. communicated to every departmental head in the organization.
Answers were Sorted based on User's Feedback
Answer / guest
Answer: B
The plan should be reviewed at appropriate intervals,
depending upon the nature of the business and the rate of
change of systems and personnel, otherwise it may become out
of date and may no longer be effective. The plan must be
subjected to regular testing, but the period between tests
will again depend on the nature of the organization and the
relative importance of IS. Three months or even annually may
be appropriate in different circumstances. Although the
disaster recovery plan should receive the approval of senior
management, it need not be the CEO if another executive
officer is equally, or more appropriate. For a purely
IS-related plan, the executive responsible for technology
may have approved the plan. Similarly, although a business
continuity plan is likely to be circulated throughout an
organization, the IS disaster recovery plan will usually be
a technical document and only relevant to IS and
communications staff.
Is This Answer Correct ? | 7 Yes | 0 No |
Answer / vineet aggarwal
In my opinion the answer should be
C. approved by the chief executive officer (CEO).coz it is
top most important that the BCP / DRP is supported by the
top management. Of course, the NEXT best is its regular
review and testing
Is This Answer Correct ? | 2 Yes | 1 No |
To make an electronic funds transfer (EFT), one employee enters the amount field and another employee reenters the same data again, before the money is transferred. The control adopted by the organization in this case is: A. sequence check. B. key verification. C. check digit. D. completeness check.
Which of the following is a control over database administration activities? A. A database checkpoint to restart processing after a system failure B. Database compression to reduce unused space C. Supervisory review of access logs D. Backup and recovery procedures to ensure database availability
Which of the following audit tools is MOST useful to an IS auditor when an audit trail is required? A. Integrated test facility (ITF) B. Continuous and intermittent simulation (CIS) C. Audit hooks D. Snapshots
IT governance ensures that an organization aligns its IT strategy with: A. Enterprise objectives. B. IT objectives. C. Audit objectives. D. Finance objectives.
An IS auditor, in evaluating proposed biometric control devices reviews the false rejection rates (FRRs), false acceptance rates (FARs) and equal error rates (ERRs) of three different devices. The IS auditor should recommend acquiring the device having the: A. least ERR. B. most ERR. C. least FRR but most FAR. D. least FAR but most FRR.
When a PC that has been used for the storage of confidential data is sold on the open market the: A. hard disk should be demagnetized. B. hard disk should be mid-level formatted.s C. data on the hard disk should be deleted. D. data on the hard disk should be defragmented.
Which of the following logical access exposures involves changing data before, or as it is entered into the computer? A. Data diddling B. Trojan horse C. Worm D. Salami technique
In reviewing the IS short-range (tactical) plan, the IS auditor should determine whether: A. there is an integration of IS and business staffs within projects. B. there is a clear definition of the IS mission and vision. C. there is a strategic information technology planning methodology in place. D. the plan correlates business objectives to IS goals and objectives.
The risk of an IS auditor using an inadequate test procedure and concluding that material errors do not exist when, in fact, they exist is:
Sales orders are automatically numbered sequentially at each of a retailer's multiple outlets. Small orders are processed directly at the outlets, with large orders sent to a central production facility. The MOST appropriate control to ensure that all orders transmitted to production are received and processed would be to: A. send and reconcile transaction counts and totals. B. have data transmitted back to the local site for comparison. C. compare data communications protocols with parity checking. D. track and account for the numerical sequence of sales orders at the production facility.
Which of the following is the MOST critical element of an effective disaster recovery plan (DRP)? A. Offsite storage of backup data B. Up-to-date list of key disaster recovery contacts C. Availability of a replacement data center D. Clearly defined recovery time objective (RTO)
Which of the following represents the MOST pervasive control over application development? A. IS auditors B. Standard development methodologies C. Extensive acceptance testing D. Quality assurance groups