After implementation of a disaster recovery plan (DRP),
pre-disaster and post-disaster operational cost for an
organization will:
A. decrease.
B. not change (remain the same).
C. increase.
D. increase or decrease depending upon nature of the business.
- 1 Answers
- 6113 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
There are costs associated with all activities and DRP is
not an exception. Although there are costs associated with a
DRP there are unknown costs that would be incurred if a DRP
were not implemented.
| Is This Answer Correct ? | 9 Yes | 2 No |
Confidential data residing on a PC is BEST protected by: A. a password. B. file encryption. C. removable diskettes. D. a key operated power source.
An IS auditor's primary concern when application developers wish to use a copy of yesterday's production transaction file for volume tests is that: A. users may prefer to use contrived data for testing. B. unauthorized access to sensitive data may result. C. error handling and credibility checks may not be fully proven. D. full functionality of the new process is not necessarily tested.
Classification of information systems is essential in business continuity planning. Which of the following system types can not be replaced by manual methods? A. Critical system B. Vital system C. Sensitive system D. Non-critical system
An offsite information processing facility having electrical wiring, air conditioning and flooring, but no computer or communications equipment is a: A. cold site. B. warm site. C. dial-up site. D. duplicate processing facility.
The IS department of an organization wants to ensure that the computer files, used in the information processing facility, are backed up adequately to allow for proper recovery. This is a/an: A. control procedure. B. control objective. C. corrective control. D. operational control.
Which of the following is an IS control objective? A. Output reports are locked in a safe place. B. Duplicate transactions do not occur. C. System backup/recovery procedures are updated periodically. D. System design and development meet users' requirements.
An IS auditor who has discovered unauthorized transactions during a review of EDI transactions is likely to recommend improving the: A. EDI trading partner agreements. B. physical controls for terminals. C. authentication techniques for sending and receiving messages. D. program change control procedures.
When performing a review of the structure of an electronic funds transfer (EFT) system, an IS auditor observes that the technological infrastructure is based on a centralized processing scheme that has been outsourced to a provider in another country. Based on this information, which of the following conclusions should be the main concern of the IS auditor? A. There could be a question with regards to the legal jurisdiction. B. Having a provider abroad will cause excesive costs in future audits. C. The auditing process will be difficult because of the distances. D. There could be different auditing norms.
Automated teller machines (ATMs) are a specialized form of a point-of-sale terminal that: A. allows for cash withdrawal and financial deposits only. B. are usually located in populous areas to deter theft or vandalism. C. utilizes protected telecommunication lines for data transmissions. D. must include high levels of logical and physical security.
An IS auditor discovers evidence of fraud perpetrated with a manager's user id. The manager had written the password, allocated by the system administrator, inside his/her desk drawer. The IS auditor should conclude that the: A. manager's assistant perpetrated the fraud. B. perpetrator cannot be established beyond doubt. C. fraud must have been perpetrated by the manager. D. system administrator perpetrated the fraud.
The act that describes a computer intruder capturing a stream of data packets and inserting these packets into the network as if it were another genuine message stream is called: A. eavesdropping. B. message modification. C. a brute-force attack. D. packet replay.
An IS auditor evaluating data integrity in a transaction driven system environment should review atomicity, to determine whether: A. the database survives failures (hardware or software). B. each transaction is separated from other transactions. C. integrity conditions are maintained. D. a transaction is completed or not, or a database is updated or not.
Cisco Certifications 
