Answer / guest

Answer: A

Where a unified business continuity plan does not exist, the
plan for information systems processing should be extended
to include planning for all units that are dependent upon
information systems processing functions. But, when
formulating a thorough business continuity plan, a very
important issue to be considered is the staff that will be
required to maintain critical business functions over time,
until the organization is fully operational again. Another
important issue is the configuration of the business
facilities, e.g., desks, chairs, telephones, etc., that will
be needed to maintain critical business functions in the
short, medium and long term. Choice B is incorrect because
it has to do with what a good business continuity plan will
take into account in case of disastrous events happening.
This could be considered as a subset of a business
continuity plan, but it does not have the same impact as the
staff required and trained to perform in the event of a
natural disaster. Choice C is incorrect because, like in the
natural disaster case, this could be considered a subset of
a business continuity plan, but it does not have the same
impact as the staff required and trained to perform in the
event of a disaster that would impact information systems
processing and end-user functions. Choice A would be the
subject and choices B and C would be the cause to deploy the
business continuity plan. Choice D is incorrect because it
deals with disruptions in service having their roots in
systems malfunctions; but again, this would be another
aspect dealt with in the business continuity plan, but not a
main issue included in it.

The MAJOR advantage of the risk assessment approach over the baseline approach to information security management is that it ensures: A. information assets are over protected. B. a basic level of protection is applied regardless of asset value. C. appropriate levels of protection are applied to information assets. D. an equal proportion of resources are devoted to protecting all information assets.

1 Answers  

---

An IS auditor should be involved in: A. observing tests of the disaster recovery plan. B. developing the disaster recovery plan. C. maintaining the disaster recovery plan. D. reviewing the disaster recovery requirements of supplier contracts.

1 Answers  

---

An IS auditor discovers that programmers have update access to the live environment. In this situation, the IS auditor is LEAST likely to be concerned that programmers can: A. authorize transactions. B. add transactions directly to the database. C. make modifications to programs directly. D. access data from live environment and provide faster maintenance.

1 Answers  

---

When reviewing a system development project at the project initiation stage, an IS auditor finds that the project team is following the organization's quality manual. To meet critical deadlines the project team proposes to fast track the validation and verification processes, commencing some elements before the previous deliverable is signed off. Under these circumstances, the IS auditor would MOST likely: A. report this as a critical finding to senior management. B. accept that different quality processes can be adopted for each project. C. report to IS management the team's failure to follow quality procedures. D. report the risks associated with fast tracking to the project steering committee.

1 Answers  

---

Software maintainability BEST relates to which of the following software attributes? A. Resources needed to make specified modifications. B. Effort needed to use the system application. C. Relationship between software performance and the resources needed. D. Fulfillment of user needs.

2 Answers  

---

---

Which of the following is the MOST important objective of data protection? A. Identifying persons who need access to information B. Ensuring the integrity of information C. Denying or authorizing access to the IS system D. Monitoring logical accesses

1 Answers  

---

Which of the following is a control over database administration activities? A. A database checkpoint to restart processing after a system failure B. Database compression to reduce unused space C. Supervisory review of access logs D. Backup and recovery procedures to ensure database availability

1 Answers  

---

Which of the following fire suppressant systems would an IS auditor expect to find when conducting an audit of an unmanned computer center? A. Carbon dioxide B. Halon C. Dry-pipe sprinkler D. Wet-pipe sprinkler

1 Answers  

---

Functional acknowledgements are used: A. as an audit trail for EDI transactions. B. to functionally describe the IS department. C. to document user roles and responsibilities. D. as a functional description of application software.

1 Answers   CISA,

---

An organization's disaster recovery plan should address early recovery of: A. all information systems processes. B. all financial processing applications. C. only those applications designated by the IS manager. D. processing in priority order, as defined by business management.

1 Answers  

---

An IS auditor is reviewing the database administration function to ascertain whether adequate provision has been made for controlling data. The IS auditor should determine that the: A. function reports to data processing operations. B. responsibilities of the function are well defined. C. database administrator is a competent systems programmer. D. audit software has the capability of efficiently accessing the database.

1 Answers  

---

A web-based bookstore has included the customer relationship management (CRM) system in its operations. An IS auditor has been assigned to perform a call center review. Which of the following is the MOST appropriate first step for the IS auditor to take? A. Review the company's performance since the CRM was implemented. B. Review the IT strategy. C. Understand the business focus of the bookstore. D. Interview salespeople and supervisors.

1 Answers  

---