Sign Up Login


  1. Categories >> Certifications >> CISA Certification
  2. Suggest New Category

An IS auditor reviewing an organization's IS disaster
recovery plan should verify that it is:

A. tested every 6 months.

B. regularly reviewed and updated.

C. approved by the chief executive officer (CEO).

D. communicated to every departmental head in the organization.

Question Posted / guest

Answers were Sorted based on User's Feedback



An IS auditor reviewing an organization's IS disaster recovery plan should verify that it is: ..

Answer / guest

Answer: B

The plan should be reviewed at appropriate intervals,
depending upon the nature of the business and the rate of
change of systems and personnel, otherwise it may become out
of date and may no longer be effective. The plan must be
subjected to regular testing, but the period between tests
will again depend on the nature of the organization and the
relative importance of IS. Three months or even annually may
be appropriate in different circumstances. Although the
disaster recovery plan should receive the approval of senior
management, it need not be the CEO if another executive
officer is equally, or more appropriate. For a purely
IS-related plan, the executive responsible for technology
may have approved the plan. Similarly, although a business
continuity plan is likely to be circulated throughout an
organization, the IS disaster recovery plan will usually be
a technical document and only relevant to IS and
communications staff.

Is This Answer Correct ?    7 Yes 0 No

An IS auditor reviewing an organization's IS disaster recovery plan should verify that it is: ..

Answer / vineet aggarwal

In my opinion the answer should be
C. approved by the chief executive officer (CEO).coz it is
top most important that the BCP / DRP is supported by the
top management. Of course, the NEXT best is its regular
review and testing

Is This Answer Correct ?    2 Yes 1 No

Post New Answer

More CISA Certification Interview Questions

The use of statistical sampling procedures helps minimize: A. sampling risk. B. detection risk. C. inherent risk. D. control risk.

1 Answers  

The PRIMARY reason for separating the test and development environments is to: A. restrict access to systems under test. B. segregate user and development staff. C. control the stability of the test environment. D. secure access to systems under development.

1 Answers  

The responsibilities of a disaster recovery relocation team include: A. obtaining, packaging and shipping media and records to the recovery facilities, as well as establishing and overseeing an offsite storage schedule. B. locating a recovery site if one has not been predetermined and coordinating the transport of company employees to the recovery site. C. managing the relocation project and conducting a more detailed assessment of the damage to the facilities and equipment. D. coordinating the process of moving from the hot site to a new location or to the restored original location.

1 Answers  

Which of the following would be included in an IS strategic plan?

7 Answers   Deloitte,

Which of the following is the MOST reasonable option for recovering a noncritical system? A. Warm site B. Mobile site C. Hot site D. Cold site

2 Answers  




Which of the following line media would provide the BEST security for a telecommunication network? A. Broad band network digital transmission B. Baseband network C. Dial-up D. Dedicated lines

1 Answers  

Which of the following is the FIRST thing an IS auditor should do after the discovery of a trojan horse program in a computer system? A. Investigate the author. B. Remove any underlying threats. C. Establish compensating controls. D. Have the offending code removed.

1 Answers  

Which of the following is an objective of a control self-assessment (CSA) program? A. Concentration on areas of high risk B. Replacement of audit responsibilities C. Completion of control questionnaires D. Collaborative facilitative workshops

1 Answers  

Which of the following would an IS auditor consider a weakness when performing an audit of an organization that uses a public key infrastructure (PKI) with digital certificates for its business-to-consumer transactions via the Internet? A. Customers are widely dispersed geographically, but the certificate authorities (CAs) are not. B. Customers can make their transactions from any computer or mobile device. C. The CA has several data processing subcenters to administer certificates. D. The organization is the owner of the CA.

1 Answers  

Which of the following would be of MOST concern to an IS auditor reviewing a VPN implementation? Computers on the network that are located: A. on the enterprise's facilities. B. at the backup site. C. in employees' homes. D. at the enterprise's remote offices.

1 Answers  

A vendor/contractor?s performance against service level agreements must be evaluated by the: A. customer. B. contractor. C. third-party. D. contractor?s management.

1 Answers  

A strength of an implemented quality system based on ISO 9001 is that it: A. guarantees quality solutions to business problems. B. results in improved software life cycle activities. C. provides clear answers to questions concerning cost-effectiveness. D. does not depend on the maturity of the implemented quality system.

2 Answers  

For more CISA Certification Interview Questions Click Here
Categories
  • Cisco Certifications Interview Questions Cisco Certifications (2321)
  • Microsoft Certifications Interview Questions Microsoft Certifications (171)
  • Sun Certifications Interview Questions Sun Certifications (45)
  • CISA Certification Interview Questions CISA Certification (744)
  • Oracle Certifications Interview Questions Oracle Certifications (64)
  • ISTQB Certification Interview Questions ISTQB Certification (109)
  • Certifications AllOther Interview Questions Certifications AllOther (295)