Which of the following issues should be included in the
business continuity plan?
A. The staff required to maintain critical business
functions in the short, medium and long term
B. The potential for a natural disaster to occur, such as an
earthquake
C. Disastrous events impacting information systems
processing and end-user functions
D. A risk analysis that considers systems malfunctions,
accidental file deletions or other failures
- 1 Answers
- 4600 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
Where a unified business continuity plan does not exist, the
plan for information systems processing should be extended
to include planning for all units that are dependent upon
information systems processing functions. But, when
formulating a thorough business continuity plan, a very
important issue to be considered is the staff that will be
required to maintain critical business functions over time,
until the organization is fully operational again. Another
important issue is the configuration of the business
facilities, e.g., desks, chairs, telephones, etc., that will
be needed to maintain critical business functions in the
short, medium and long term. Choice B is incorrect because
it has to do with what a good business continuity plan will
take into account in case of disastrous events happening.
This could be considered as a subset of a business
continuity plan, but it does not have the same impact as the
staff required and trained to perform in the event of a
natural disaster. Choice C is incorrect because, like in the
natural disaster case, this could be considered a subset of
a business continuity plan, but it does not have the same
impact as the staff required and trained to perform in the
event of a disaster that would impact information systems
processing and end-user functions. Choice A would be the
subject and choices B and C would be the cause to deploy the
business continuity plan. Choice D is incorrect because it
deals with disruptions in service having their roots in
systems malfunctions; but again, this would be another
aspect dealt with in the business continuity plan, but not a
main issue included in it.
| Is This Answer Correct ? | 1 Yes | 0 No |
Which of the following controls would be MOST effective in ensuring that production source code and object code are synchronized? A. Release-to-release source and object comparison reports B. Library control software restricting changes to source code C. Restricted access to source code and object code D. Date and time-stamp reviews of source and object code
In large corporate networks having supply partners across the globe, network traffic may continue to rise. The infrastructure components in such environments should be scalable. Which of the following firewall architectures limits future scalability? A. Appliances B. Operating system based C. Host based D. Demilitarized
Responsibility and reporting lines cannot always be established when auditing automated systems since: A. diversified control makes ownership irrelevant. B. staff traditionally change jobs with greater frequency. C. ownership is difficult to establish where resources are shared. D. duties change frequently in the rapid development of technology.
Access rules normally are included in which of the following documentation categories? A. Technical reference documentation B. User manuals C. Functional design specifications D. System development methodology documents
A universal serial bus (USB) port: A. connects the network without a network card. B. connects the network with an Ethernet adapter. C. replaces all existing connections. D. connects the monitor.
Which of the following is a practice that should be incorporated into the plan for testing disaster recovery procedures? A. Invite client participation. B. Involve all technical staff. C. Rotate recovery managers. D. Install locally stored backup.
Which of the following is a network architecture configuration that links each station directly to a main hub? A. Bus B. Ring C. Star D. Completed connected
A distinction that can be made between compliance testing and substantive testing is that compliance testing tests: A. details, while substantive testing tests procedures. B. controls, while substantive testing tests details. C. plans, while substantive testing tests procedures. D. for regulatory requirements, while substantive testing tests validations.
Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same? A. A substantive test of program library controls B. A compliance test of program library controls C. A compliance test of the program compiler controls D. A substantive test of the program compiler controls
In regard to moving an application program from the test environment to the production environment, the BEST control would be provided by having the: A. application programmer copy the source program and compiled object module to the production libraries. B. as paul says, C. production control group compile the object module to the production libraries using the source program in the test environment. D. production control group copy the source program to the production libraries and then compile the program.
Which of the following is an example of a passive attack, initiated through the Internet? A. Traffic analysis B. Masquerading C. Denial of service D. E-mail spoofing
1. which of the following is used to achieve accountability. a.identification b. authentication c. authorization d. iniation
Cisco Certifications 
