CISA Exam-Test 14 /30 219 Sorry, Your time is over. CISA EXAM-TEST 14 1 / 30 1. Disaster recovery planning (DRP) addresses the: functional aspect of business continuity planning. operational part of business continuity planning. technological aspect of business continuity planning (BCP). overall coordination of business continuity planning. Disaster recovery planning (DRP) is the technological aspect of business continuity plan (BCP) that focuses on IT systems and operations. 2 / 30 2. For effective implementation after a business continuity plan (BCP) has been developed, it is MOST important that the BCP be: made available through the enterprise's intranet. communicated to appropriate personnel. approved by senior management stored in a secure, offsite facility. The implementation of a BCP will be effective only if appropriate personnel are informed and aware of all the aspects of the BCP. 3 / 30 3. As part of the business continuity planning (BCP) process, which of the following should be identified FIRST in the business impact analysis (BIA)? Risk such as single point-of-failure and infrastructure risk Threats to critical business processes Resources required for resumption of business Critical business processes for ascertaining the priority for recovery The identification of critical business processes should be addressed first so that the priorities and time lines for recovery can be documented. 4 / 30 4. When auditing a disaster recovery plan (DRP) for a critical business area, an IS auditor finds that it does not cover all of the systems. Which of the following is the MOST appropriate action for the IS auditor? Postpone the audit until the systems are added to the DRP. Cancel the audit. Alert management and evaluate the impact of not covering all systems. Complete the audit of the systems covered by the existing disaster recovery plan (DRP). An IS auditor should make management aware that some systems are omitted from the disaster recovery plan (DRP). An IS auditor should continue the audit and include an evaluation of the impact of not including all systems in the DRP. 5 / 30 5. During an audit of a business continuity plan (BCP), an IS auditor found that, although all departments were housed in the same building, each department had a separate BCP. The IS auditor recommended that the BCPs be reconciled. Which of the following areas should be reconciled FIRST? Evacuation plan Recovery priorities Backup storages Call tree Protecting human resources during a disaster-related event should be addressed first. Having separate business continuity plans (BCPs) could result in conflicting evacuation plans, thus jeopardizing the safety of staff and clients. 6 / 30 6. Which of the following ACID property in DBMS means that once a transaction has been committed, it will remain so, even in the event of power loss, crashes, or errors? Consistency Durability Isolation Atomicity 7 / 30 7. An organization having a number of offices across a wide geographical area has developed a disaster recovery plan. Using actual resources, which of the following is the MOST cost-effective test of the disaster recovery plan? Regression test Full operational test Paper test Preparedness test A preparedness test is performed by each local office/area to test the adequacy of the preparedness of local operations for disaster recovery. 8 / 30 8. On a public-key cryptosystem when there is no previous knowledge between parties, which of the following will BEST help to prevent one person from using a fictitious key to impersonate someone else? Send a certificate that can be verified by a certification authority with the public key Encrypt the message containing the sender's public key using a private-key Send the public key to the recipient prior to establishing the connection cryptosystem 1 Encrypt the message containing the sender's public key. using the recipient's public key 9 / 30 9. Which of the following would contribute MOST to an effective business continuity plan (BCP)? The plan is approved by senior management. The document is circulated to all interested parties. Planning involves all user departments. An audit is performed by an external IS auditor. The involvement of user departments in the BCP is crucial for the identification of the business processing priorities and the development of an effective plan. 10 / 30 10. Which of the following findings should be of GREATEST concern to an IS auditor reviewing system deployment tools for a critical enterprise application system? Change requests do not contain backout plans. There are no documented instructions for using the tool. Access to the tool is not restricted Access to the tool is not approved by senior management. 11 / 30 11. Depending on the complexity of an organization's business continuity plan (BCP), it may be developed as a set of plans to address various aspects of business continuity and disaster recovery. In such an environment, it is essential that: all plans are integrated into a single plan. each plan is dependent on one another. the sequence for implementation of all plans is defined. each plan is consistent with one another. Depending on the complexity of an organization, there could be more than one plan to address various aspects of business continuity and disaster recovery, but the plans must be consistent to be effective. 12 / 30 12. Which of the following is the process of repeating a portion of a test scenario or test plan to ensure that changes in information system have not introduced any errors? Regression Testing Black box testing Pilot Testing Parallel Test 13 / 30 13. Which of the following statements is valid while drafting a disaster recovery plan (DRP)? Recovery costs can only be controlled on a short-term basis. Downtime costs increase with time. Downtime costs decrease as the recovery point objective (RPO) increases. Recovery costs are independent of time. Downtime costs—such as loss of sales, idle resources, salaries—increase with time. A disaster recovery plan (DRP) should be drawn to achieve the lowest downtime costs possible. 14 / 30 14. Which of the following is an appropriate test method to apply to a business continuity plan (BCP)? Paper Pilot System Unit A paper test (sometimes called a deskcheck) is appropriate for testing a BCP. It is a walk-through of the entire BCP, or part of the BCP, involving major players in the BCP's execution who reason out what may happen in a particular disaster. 15 / 30 15. Which of the following should be of GREATEST concern to an IS auditor reviewing actions taken during a forensic investigation? The handling procedures of the attacked system are not documented. The investigation report does not indicate a conclusion. The proper authorities were not notified. An image copy of the attacked system was not taken. 16 / 30 16. The PRIMARY objective of business continuity and disaster recovery plans should be to: provide for continuity of operations. safeguard critical IS assets. minimize the loss to an organization. protect human life. Because human life is invaluable, the main priority of any business continuity and disaster recovery plan should be to protect people. 17 / 30 17. Which of the following is the BEST method to ensure that the business continuity plan (BCP) remains up to date? The group is aware of full-interruption test procedures. The group ensures that specific systems can actually perform adequately at the alternate offsite facility. Interdepartmental communication is promoted to better respond in the case of a disaster. The group walks through the different scenarios of the plan from beginning to end. A structured walk-through test gathers representatives from each department who will review the plan and identify weaknesses. 18 / 30 18. Which of the following is the PRIMARY objective of the business continuity plan (BCP) process? To manage risk while recovering from an event that adversely affected operations To establish an alternate site for IT services to meet predefined recovery time objectives (RTOs) To meet the regulatory compliance requirements in the event of natural disaster To provide assurance to stakeholders that business operations will continue in the event of disaster The BCP process primarily focuses on managing and mitigating risk during recovery of operations due to an event that affected operations. 19 / 30 19. Which of the following should be a MAJOR concern for an IS auditor reviewing a business continuity plan (BCP)? Test results are not adequately documented. The plan is approved by the chief information officer (CIO). The plan contact lists have not been updated. The training schedule for recovery personnel is not included. The effectiveness of a BCP can best be determined through tests. If results of tests are not documented, then there is no basis for feedback, updates, etc. 20 / 30 20. An organization completed a business impact analysis (BIA) as part of business continuity planning. The NEXT step in the process is to develop: a test and exercise plan. the business continuity plan (BCP). a business continuity strategy. a user training program. A business continuity strategy is the next phase because it identifies the best way to recover. The criticality of the business process, the cost, the time required to recover and security must be considered during this phase. 21 / 30 21. Which of the following is the PRIMARY protocol for protecting outbound content from tampering and eavesdropping? Internet Key Exchange (IKE) Point-to-Point Protocol (PPP) Secure Shell (SSH) Transport Layer Security (TLS) Transport Layer Security is an encryption protocol designed to offer end-to-end security for web-based communications. The Internet Engineering Task Force (IETF) established TLS as the standard protocol to prevent tampering and eavesdropping. 22 / 30 22. Which of the following distinguishes a business impact analysis (BIA) from a risk assessment? An identification of vulnerabilities An inventory of critical assets A listing of threats A determination of acceptable downtime A determination of acceptable downtime is made only in a BIA. 23 / 30 23. Which of the following type of network service maps Domain Names to network IP addresses or network IP addresses to Domain Names? Network Management Directory Service DNS DHCP 24 / 30 24. When auditing the proposed acquisition of a new computer system, an IS auditor should FIRST ensure that: users will be involved in the implementation plan. the new system will meet all required user functionality a clear business case has been approved by management. corporate security standards will be met. The first concern of an IS auditor should be to ensure that the proposal meets the needs of the business, and this should be established by a clear business case. 25 / 30 25. Which of the following should be of MOST concern to an IS auditor reviewing the business continuity plan (BCP)? The overall BCP is documented, but detailed recovery steps are not specified. The disaster levels are based on scopes of damaged functions but not on duration. The difference between low-level disaster and software incidents is not clear. The responsibility for declaring a disaster is not identified. If nobody declares the disaster, the BCP would not be invoked, making all other concerns less important. 26 / 30 26. Which of the following tasks should be performed FIRST when preparing a disaster recovery plan (DRP)? Appoint recovery teams with defined personnel, roles and hierarchy. Map software systems, hardware and network components. Develop a recovery strategy. Perform a business impact analysis (BIA). The first step in any disaster recovery plan (DRP) is to perform a BIA. 27 / 30 27. A software development organization with offshore personnel has implemented a third-party virtual workspace to allow the teams to collaborate. Which of the following should be of GREATEST concern? Team collaboration sessions are not monitored. Exfiltration of data could occur through the virtual workspace. The virtual workspace is configured to interface with other applications. The team's work products are not properly classified as intellectual property. 28 / 30 28. After completing the business impact analysis (BIA), what is the NEXT step in the business continuity planning (BCP) process? Implement the plan. Develop a specific plan. Test and maintain the plan. Develop recovery strategies. Once the business impact analysis (BIA) is completed, the next phase in the BCP development is to identify the various recovery strategies and select the most appropriate strategy for recovering from a disaster that will meet the time lines and priorities defined through the BIA. 29 / 30 29. Which of the following layer of an OSI model transmits and receives the bit stream as electrical, optical or radio signals over an appropriate medium or carrier? Physical Layer Network Layer Data Link Layer Transport Layer 30 / 30 30. Which of the following ACID property in DBMS requires that each transaction is "all or nothing"? Consistency Isolation Durability Atomicity Your score is LinkedIn Facebook Twitter Exit Canvas Bags in Dubai | Canvas Bags in Sharjah | Canvas Bags in UAE