An IS auditor discovers that an organization?s business
continuity plan provides for an alternate processing site
that will accommodate fifty percent of the primary
processing capability. Based on this, which of the following
actions should the IS auditor take?
A. Do nothing, because generally, less than twenty-five
percent of all processing is critical to an organization?s
survival and the backup capacity, therefore is adequate.
B. Identify applications that could be processed at the
alternate site and develop manual procedures to backup other
processing.
C. Ensure that critical applications have been identified
and that the alternate site could process all such applications.
D. Recommend that the information processing facility
arrange for an alternate processing site with the capacity
to handle at least seventy-five percent of normal processing.
Answer / guest
Answer: C
Business continuity plans should provide for the recovery of
critical systems, not necessarily all systems. Perhaps only
fifty percent of the company's systems are critical.
Therefore, careful assessment of critical systems and
capacity requirements should be part of the IS auditor's
test of the plan.
Is This Answer Correct ? | 3 Yes | 0 No |
The Primary purpose of audit trails is to
An IS auditor is reviewing the database administration function to ascertain whether adequate provision has been made for controlling data. The IS auditor should determine that the: A. function reports to data processing operations. B. responsibilities of the function are well defined. C. database administrator is a competent systems programmer. D. audit software has the capability of efficiently accessing the database.
Which of the following would be of MOST concern to an IS auditor reviewing a VPN implementation? Computers on the network that are located: A. on the enterprise's facilities. B. at the backup site. C. in employees' homes. D. at the enterprise's remote offices.
52. Which of the following tests confirm that the new system can operate in its target environment?
Which of the following is the MOST important consideration when developing a business continuity plan for a bank? A. Antivirus software B. Naming standards C. Customer balance list D. Password policy
To detect attack attempts that the firewall is unable to recognize, an IS auditor should recommend placing a network intrusion detection system (IDS) between the:
In regard to moving an application program from the test environment to the production environment, the BEST control would be provided by having the: A. application programmer copy the source program and compiled object module to the production libraries. B. as paul says, C. production control group compile the object module to the production libraries using the source program in the test environment. D. production control group copy the source program to the production libraries and then compile the program.
To prevent an organization's computer systems from becoming part of a distributed denial-of-service attack, IP packets containing addresses that are listed as unroutable can be isolated by: A. establishing outbound traffic filtering. B. enabling broadcast blocking. C. limiting allowable services. D. network performance monitoring.
Which of the following is an advantage of an integrated test facility (ITF)? A. It uses actual master files or dummies and the IS auditor does not have to review the source of the transaction. B. Periodic testing does not require separate test processes. C. It validates application systems and tests the ongoing operation of the system. D. It eliminates the need to prepare test data.
When auditing the requirements phase of a software acquisition, the IS auditor should: A. assess the feasibility of the project timetable. B. assess the vendor?s proposed quality processes. C. ensure that the best software package is acquired. D. review the completeness of the specifications.
Which of the following access control functions is LEAST likely to be performed by a database management system (DBMS) software package? A. User access to field data B. User sign-on at the network level C. User authentication at the program level D. User authentication at the transaction level
Which of the following is the MOST likely reason why e-mail systems have become a useful source of evidence for litigation? A. Multiple cycles of backup files remain available. B. Access controls establish accountability for e-mail activity. C. Data classification regulates what information should be communicated via e-mail. D. Within the enterprise, a clear policy for using e-mail ensures that evidence is available.