Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following components of a business continuity
plan is PRIMARILY the responsibility of an organization?s IS
department?
A. Developing the business continuity plan
B. Selecting and approving the strategy for business
continuity plan
C. Declaring a disaster
D. Restoring the IS systems and data after a disaster
- 1 Answers
- 7322 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: D
The correct choice is restoring the IT systems and data
after a disaster. The IT department of an organization is
primarily responsible for restoring the IT systems and data
after a disaster at the earliest possible time. The senior
management of the organization is primarily responsible for
developing the business continuity plan for an organization.
They are also responsible for selecting and approving the
strategy for developing and implementing a detailed business
continuity plan. The organization should identify a person
in management as responsible for declaring a disaster.
Although IT is involved in all the other three components,
it is not primarily responsible for them.
| Is This Answer Correct ? | 4 Yes | 0 No |
What is a risk associated with attempting to control physical access to sensitive areas, such as computer rooms, through card keys, locks, etc.? A. Unauthorized individuals wait for controlled doors to open and walk in behind those authorized. B. The contingency plan for the organization cannot effectively test controlled access practices. C. Access cards, keys, and pads can be easily duplicated allowing easy compromise of the control. D. Removing access for people no longer authorized is complex.
An IS auditor conducting a review of disaster recovery planning at a financial processing organization has discovered the following: * The existing disaster recovery plan was compiled two years ago by a systems analyst in the organization's IT department using transaction flow projections from the operations department. * The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his attention. * The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for their area in the event of a disruptive incident. The IS auditor's report should recommend that: A. the deputy CEO be censured for his failure to approve the plan. B. a board of senior managers be set up to review the existing plan. C. the existing plan be approved and circulated to all key management and staff. D. a manager coordinate the creation of a new or revised plan within a defined time limit.
Which of the following would contribute MOST to an effective business continuity plan (BCP)? The BCP: A. document was circulated to all interested parties. B. planning involved all user departments. C. was approved by senior management. D. was audited by an external IS auditor.
Which of the following functions, if performed by scheduling and operations personnel, would be in conflict with a policy requiring a proper segregation of duties? A. Job submission B. Resource management C. Code correction D. Output distribution
Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same? A. A substantive test of program library controls B. A compliance test of program library controls C. A compliance test of the program compiler controls D. A substantive test of the program compiler controls
The responsibility, authority and accountability of the IS audit function is documented appropriately in an audit charter and MUST be: A. approved by the highest level of management. B. approved by audit department management. C. approved by user department management. D. changed every year before commencement of IS audits.
Which of the following would provide a mechanism whereby IS management can determine if the activities of the organization have deviated from the planned or expected levels? A. Quality management B. IS assessment methods C. Management principles D. Industry standards/benchmarking
The extent to which data will be collected during an IS audit should be determined, based on the: A. availability of critical and required information. B. auditor's familiarity with the circumstances. C. auditee's ability to find relevant evidence. D. purpose and scope of the audit being done.
Which of the following can consume valuable network bandwidth? A. Trojan horses B. Trap doors C. Worms D. Vaccines
While reviewing an ongoing project, the IS auditor notes that the development team has spent eight hours of activity on the first day against a budget of 24 hours (over three days). The projected time to complete the remainder of the activity is 20 hours. The IS auditor should report that the project: A. is behind schedule. B. is ahead of schedule. C. is on schedule. D. cannot be evaluated until the activity is completed.
Which of the following controls would BEST detect intrusion? A. User ids and user privileges are granted through authorized procedures. B. Automatic logoff is used when a workstation is inactive for a particular period of time. C. Automatic logoff of the system after a specified number of unsuccessful attempts. D. Unsuccessful logon attempts are monitored by the security administrator.
When reviewing the implementation of a LAN the IS auditor should FIRST review the: A. node list. B. acceptance test report. C. network diagram. D. user's list.
Cisco Certifications 
