Interested to Buy Any Domain ? << Click Here >> for more details...
An IS auditor conducting a review of disaster recovery
planning at a financial processing organization has
discovered the following:
* The existing disaster recovery plan was compiled two years
ago by a systems analyst in the organization's IT department
using transaction flow projections from the operations
department.
* The plan was presented to the deputy CEO for approval and
formal issue, but it is still awaiting his attention.
* The plan has never been updated, tested or circulated to
key management and staff, though interviews show that each
would know what action to take for their area in the event
of a disruptive incident.
The IS auditor's report should recommend that:
A. the deputy CEO be censured for his failure to approve the
plan.
B. a board of senior managers be set up to review the
existing plan.
C. the existing plan be approved and circulated to all key
management and staff.
D. a manager coordinate the creation of a new or revised
plan within a defined time limit.
- 1 Answers
- 4394 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: D
The primary concern is to establish a workable disaster
recovery plan, which reflects current processing volumes to
protect the organization from any disruptive incident.
Censuring the deputy CEO will not achieve this and is
generally not within the scope of an IS auditor to
recommend. Establishing a board to review the plan, which is
two years out of date, may achieve an updated plan, but is
not likely to be a speedy operation and issuing the existing
plan would be folly without first ensuring that it is
workable. The best way to achieve a disaster recovery plan
in a short timescale is to make an experienced manager
responsible for coordinating the knowledge of other managers
into a single, formal document within a defined time limit.
| Is This Answer Correct ? | 2 Yes | 0 No |
An IS auditor is assigned to help design the data security aspects of an application under development. Which of the following provides the MOST reasonable assurance that corporate assets are protected when the application is certified for production? A. A review conducted by the internal auditor B. A review conducted by the assigned IS auditor C. Specifications by the user on the depth and content of the review D. An independent review conducted by another equally experienced IS auditor
In a risk-based audit approach, an IS auditor, in addition to risk, would be influenced by: A. the availability of CAATs. B. management's representation. C. organizational structure and job responsibilities. D. the existence of internal and operational controls
An IS auditor evaluating data integrity in a transaction driven system environment should review atomicity, to determine whether: A. the database survives failures (hardware or software). B. each transaction is separated from other transactions. C. integrity conditions are maintained. D. a transaction is completed or not, or a database is updated or not.
Which of the following represents the GREATEST risk created by a reciprocal agreement for disaster recovery made between two companies? A. Developments may result in hardware and software incompatibility. B. Resources may not be available when needed. C. The recovery plan cannot be tested. D. The security infrastructures in each company may be different.
A referential integrity constraint consists of: A. ensuring the integrity of transaction processing. B. ensuring that data are updated through triggers. C. ensuring controlled user updates to database. D. rules for designing tables and queries.
In addition to the backup considerations for all systems, which of the following is an important consideration in providing backup for online systems? A. Maintaining system software parameters B. Ensuring periodic dumps of transaction logs C. Ensuring grandfather-father-son file backups D. Maintaining important data at an off-site location
Which of the following exposures associated with the spooling of sensitive reports for offline printing would an IS auditor consider to be the MOST serious? A. Sensitive data can be read by operators. B. Data can be amended without authorization. C. Unauthorized report copies can be printed. D. Output can be lost in the event of system failure.
Involvement of senior management is MOST important in the development of: A. strategic plans. B. IS policies. C. IS procedures. D. standards and guidelines.
To develop a successful business continuity plan, end user involvement is critical during which of the following phases? A. Business recovery strategy B. Detailed plan development C. Business impact analysis D. Testing and maintenance
The PRIMARY objective of conducting a post-implementation review is to assess whether the system A) achieved the desired objectives B) provides for backup and recovery C) provides for information security D) documentation is clear and understandable
Which of the following offsite information processing facility conditions would cause an IS auditor the GREATEST concern? The facility A. is identified clearly on the outside with the company name. B. is located more than an hour driving distance from the originating site. C. does not have any windows to let in natural sunlight. D. entrance is located in the back of the building rather than the front.
An IS auditor is reviewing a project that is using an agile software development approach. Which of the following should the IS auditor expect to find? A. Use of a capability maturity model (CMM) B. Regular monitoring of task-level progress against schedule C. Extensive use of software development tools to maximize team productivity D. Postiteration reviews that identify lessons learned for future use in the project
Cisco Certifications 
