Answer / guest

Answer: C

The most vital asset for a company is data. In a business
continuity plan, it is critical to ensure that data is
available. Hence, regular testing of the backup of data must
be done. If testing is not done, the organization may not be
able to retrieve data when required during a disaster;
hence, the company may lose its most valuable asset and may
not be able to recover from the disaster. The loss on
account of lack of insurance is limited to the value of
assets. If the BCP manual is not updated, the company may
find the BCP manual not fully relevant for recovery during a
disaster. However, recovery could be still possible. Non
maintenance of records in an access system will not directly
impact the relevance of the business continuity plan.

A critical function of a firewall is to act as a: A. special router that connects the Internet to a LAN. B. device for preventing authorized users from accessing the LAN. C. server used to connect authorized users to private trusted network resources. D. proxy server to increase the speed of access to authorized users.

2 Answers  

---

When reviewing a service level agreement for an outsourced computer center an IS auditor should FIRST determine that: A. the cost proposed for the services is reasonable. B. security mechanisms are specified in the agreement. C. the services in the agreement are based on an analysis of business needs. D. audit access to the computer center is allowed under the agreement.

1 Answers  

---

During an audit of a reciprocal disaster recovery agreement between two companies, the IS auditor would be PRIMARILY concerned about: A. the soundness of the impact analysis. B. hardware and software compatibility. C. differences in IS policies and  procedures. D. frequency of system testing.

1 Answers  

---

Which of the following is an object-oriented technology characteristic that permits an enhanced degree of security over data? A. Inheritance B. Dynamic warehousing C. Encapsulation D. Polymorphism

3 Answers  

---

The MAJOR concern for an IS auditor when reviewing an organization's business process reengineering (BRP) efforts is: A. cost overrun of the project. B. employees resistance to change. C. key controls may be removed from a business process. D. lack of documentation of new processes.

1 Answers  

---

Information for detecting unauthorized input from a terminal would be BEST provided by the: A. console log printout. B. transaction journal. C. automated suspense file listing. D. user error report.

1 Answers  

---

Which of the following would an IS auditor consider to be the MOST helpful when evaluating the effectiveness and adequacy of a computer preventive maintenance program? A. A system downtime log B. Vendors' reliability figures C. Regularly scheduled maintenance log D. A written preventive maintenance schedule

1 Answers  

---

Which of the following would be of MOST concern to an IS auditor reviewing a VPN implementation? Computers on the network that are located: A. on the enterprise's facilities. B. at the backup site. C. in employees' homes. D. at the enterprise's remote offices.

1 Answers  

---

The MOST effective method of preventing unauthorized use of data files is: A. automated file entry. B. tape librarian. C. access control software. D. locked library.

1 Answers  

---

Which of the following testing methods is MOST effective during the initial phases of prototyping? A. System B. Parallel C. Volume D. Top-down

2 Answers  

---

In a web server, a common gateway interface (CGI) is MOST often used as a(n): A. consistent way for transferring data to the application program and back to the user. B. computer graphics imaging method for movies and TV. C. graphic user interface for web design. D. interface to access the private gateway domain.

1 Answers  

---

Which of the following is a threat? A. Lack of security B. Loss of goodwill C. Power outage D. Information services

1 Answers  

---