1. This question refers to the following information. An IS auditor conducting a review of disaster recovery planning at a financial processing organization has discovered the following: The existing disaster recovery plan was compiled two years earlier by a systems analyst in the organization’s IT department using transaction flow projections from the operations department. The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his/her attention. The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for its area in the event of a disruptive incident. The basis of an organization’s disaster recovery plan is to reestablish live processing at an alternative site where a similar, but not identical, hardware configuration is already established. The IS auditor should: A. take no action as the lack of a current plan is the only significant finding. B. recommend that the hardware configuration at each site is identical. C. perform a review to verify that the second configuration can support live processing. D. report that the financial expenditure on the alternative site is wasted without an effective plan. The correct answer is: C. perform a review to verify that the second configuration can support live processing. Explanation: The IS auditor does not have a finding unless it can be shown that the alternative hardware cannot support the live processing system. Even though the primary finding is the lack of a proven and communicated disaster recovery plan, it is essential that this aspect of recovery is included in the audit. If it is found to be inadequate, the finding will materially support the overall audit opinion. It is certainly not appropriate to take no action at all, leaving this important factor untested, and unless it is shown that the alternative site is inadequate, there can be no comment on the expenditure (even if this is considered a proper c omment for the IS auditor to make). Similarly, there is no need for the configurations to be identical. The alternative site could actually exceed the recovery requirements if it is also used for other work, such as other processing or systems development and testing. The only proper course of action at this point would be to find out if the recovery site can actually cope with a recovery. 2. Which of the following disaster recovery/continuity plan components provides the GREATEST assurance of recovery after a disaster? A. The alternate facility will be available until the original information processing facility is restored. B. User management is involved in the identification of critical systems and their associated critical recovery times. C. Copies of the plan are kept at the homes of key decision-making personnel. D. Feedback is provided to management assuring them that the business continuity plans are indeed workable and that the procedures are current. The correct answer is: A. The alternate facility will be available until the original information processing facility is restored. Explanation: The alternate facility should be made available until the original site is restored to provide the greatest assurance of recovery after a disaster. Without this assurance, the plan will not be successful. All other choices ensure prioritization or the execution of the plan. 3. Disaster recovery planning for a company’s computer system usually focuses on: A. operations turnover procedures. B. strategic long-range planning. C. the probability that a disaster will occur. D. alternative procedures to process transactions. The correct answer is: D. alternative procedures to process transactions. Explanation: It is important that disaster recovery identifies alternative processes that can be put in place while the system is not available. 4. Which of the following recovery strategies is MOST appropriate for a business having multiple offices within a region and a limited recovery budget? A. A hot site maintained by the business B. A commercial cold site C. Reciprocal arrangement between its offices D. A third-party hot site The correct answer is: C. Reciprocal arrangement between its offices Explanation: For a business having many offices within a region, a reciprocal arrangement among its offices would be most appropriate. Each office could be designated as a recovery site for some other office. This would be the least expensive approach to providing an acceptable level of confidence. A hot site maintained by the business would be a costly solution but would provide a high degree of confidence. Multiple cold sites leased for the multiple offices would lead to a costly solution with a high degree of confidence. A third-party facility for recovery is provided by a traditional hot site. This would be a costly approach providing a high degree of confidence. 5. As part of the business continuity planning process, which of the following should be identified FIRST in the business impact analysis? A. Organizational risks, such as single point-of-failure and infrastructure risk B. Threats to critical business processes C. Critical business processes for ascertaining the priority for recovery D. Resources required for resumption of business The correct answer is: C. Critical business processes for ascertaining the priority for recovery Explanation: The identification of the priority for recovering critical business processes should be addressed first. Organizational risks should be identified next, followed by the identification of threats to critical business processes. Identification of resources for business resumption will occur after the tasks mentioned. 6. Of the following, the MAIN purpose for periodically testing offsite facilities is to: A. ensure the integrity of the data in the database. B. eliminate the need to develop detailed contingency plans. C. ensure the continued compatibility of the contingency facilities. D. ensure that program and system documentation remains current. The correct answer is: C. ensure the continued compatibility of the contingency facilities. Explanation: The main purpose of offsite hardware testing is to ensure the continued compatibility of the contingency facilities. Specific software tools are available to ensure the ongoing integrity of the database. Contingency plans should not be eliminated and program and system documentation should be reviewed continuously for currency. 7. Which of the following would BEST ensure continuity of a wide area network (WAN) across the organization? A. Built-in alternative routing B. Completing full system backup daily C. A repair contract with a service provider D. A duplicate machine alongside each server The correct answer is: A. Built-in alternative routing Explanation: Alternative routing would ensure the network would continue if a server is lost or if a link is severed as message rerouting could be automatic. System backup will not afford immediate protection. The repair contract is not as effective as permanent alternative routing. Standby servers will not provide continuity if a link is severed. 8. An offsite information processing facility with electrical wiring, air conditioning and flooring, but no computer or communications equipment is a: A. cold site. B. warm site. C. dial-up site. D. duplicate processing facility. The correct answer is: A. cold site. Explanation: A cold site is ready to receive equipment but does not offer any components at the site in advance of the need. A warm site is an offsite backup facility that is partially configured with network connections and selected peripheral equipment, such as disk and tape units, controllers and CPUs, to operate an information processing facility. A duplicate information processing facility is a dedicated, self-developed recovery site that can back up critical applications. 9. When developing a backup strategy the FIRST step is to: A. identify the data. B. select the storage location. C. specify the storage media. D. define the retention period. The correct answer is: A. identify the data. Explanation: Archiving data and backups is essential for the continuity of business. Selection of the data to be backed up is the first step in the process. Once the data has been identified an appropriate retention period, storage media and location can be selected. 10. Which of the following represents the GREATEST risk created by a reciprocal agreement for disaster recovery made between two companies? A. Developments may result in hardware and software incompatibility. B. Resources may not be available when needed. C. The recovery plan cannot be tested. D. The security infrastructures in each company may be different. The correct answer is: A. Developments may result in hardware and software incompatibility. Explanation: If one organization updates its hardware and software configuration, it may mean that it is no longer compatible with the systems of the other party in the agreement. This may mean that each company is unable to use the facilities at the other company to recover their processing following a disaster. Resources being unavailable when needed are an intrinsic risk in any reciprocal agreement, but this is a contractual matter and is not the greatest risk. The plan can be tested by paper-based walk-throughs and, possibly, by agreement between the companies. The difference in security infrastructures, while a risk, is not insurmountable. 11. Facilitating telecommunications continuity by providing redundant combinations of local carrier T-1 lines, microwaves and/or coaxial cables to access the local communication loop is: A. last-mile circuit protection. B. long-haul network diversity. C. diverse routing. D. alternative routing. The correct answer is: A. last-mile circuit protection. Explanation: The method of providing telecommunication continuity through the use of many recovery facilities, providing redundant combinations of local carrier T-1s, microwave and/or coaxial cable to access the local communication loop in the event of a disaster, is called last-mile circuit protection. Providing diverse longdistance network availability utilizing T-1 circuits among major long-distance carriers is called long-haul network diversity. This ensures long-distance access should any one carrier experience a network failure. The method of routing traffic through split-cable facilities or duplicate-cable facilities is called diverse routing. Alternative routing is the method of routing information via an alternative medium, such as copper cable or fiber optics. 12. An organization having a number of offices across a wide geographical area has developed a disaster recovery plan (DRP). Using actual resources, which of the following is the MOST cost-effective test of the DRP? A. Full operational test B. Preparedness test C. Paper test D. Regression test The correct answer is: B. Preparedness test Explanation: A preparedness test is performed by each local office/area to test the adequacy of the preparedness of local operations for the disaster recovery. A paper test is a structured walk-through of the DRP and should be conducted before a preparedness test. A full operational test is conducted after the paper and preparedness test. A regression test is not a DRP test and is used in software maintenance. 13. Which of the following is the GREATEST concern when an organization’s backup facility is at a warm site? A. Timely availability of hardware B. Availability of heat, humidity and air conditioning equipment C. Adequacy of electrical power connections D. Effectiveness of the telecommunications network The correct answer is: A. Timely availability of hardware Explanation: A warm site has the basic infrastructure facilities, such as power, air conditioning and networking, implemented but is normally lacking computing equipment. Therefore, the availability of hardware becomes a primary concern. 14. The responsibilities of a disaster recovery relocation team include: A. obtaining, packaging and shipping media and records to the recovery facilities, as well as establishing and overseeing an offsite storage schedule. B. locating a recovery site, if one has not been predetermined, and coordinating the transport of company employees to the recovery site. C. managing the relocation project and conducting a more detailed assessment of the damage to the facilities and equipment. D. coordinating the process of moving from the hot site to a new location or to the restored original location. The correct answer is: D. coordinating the process of moving from the hot site to a new location or to the restored original location. Explanation: Choice A describes an offsite storage team, choice B defines a transportation team and choice C defines a salvage team 15. An offsite information processing facility: A. should have the same amount of physical access restrictions as the primary processing site. B. should be easily identified from the outside so that, in the event of an emergency, it can be easily found. C. should be located in proximity to the originating site, so it can quickly be made operational. D. need not have the same level of environmental monitoring as the originating site. The correct answer is: A. should have the same amount of physical access restrictions as the primary processing site. Explanation: An offsite information processing facility should have the same amount of physical control as the originating site. It should not be easily identified from the outside to prevent intentional sabotage. The offsite facility should not be subject to the same natural disaster that could affect the originating site and thus should not be located in proximity of the original site, and the offsite facility should possess the same level of environmental monitoring and control as the originating site. 16. A structured walk-through test of a disaster recovery plan involves: A. representatives from each of the functional areas coming together to go over the plan. B. all employees who participate in the day-to-day operations coming together to practice executing the plan. C. moving the systems to the alternate processing site and performing processing operations. D. distributing copies of the plan to the various functional areas for review. The correct answer is: A. representatives from each of the functional areas coming together to go over the plan. Explanation: A structured walk-through test of a disaster recovery plan involves representatives from each of the functional areas coming together to review the plan to determine if the plan pertaining to their area is accurate and complete and can be implemented when required. Choice B is a simulation test to prepare and train the personnel who will be required to respond to disasters and disruptions. Choice C is a form of parallel testing to ensure that critical systems will perform satisfactorily in the alternate site. Choice D is a checklist test. 17. If a database is restored using before-image dumps, where should the process be started following an interruption? A. Before the last transaction B. After the last transaction C. As the first transaction after the latest checkpoint D. As the last transaction before the latest checkpoint The correct answer is: A. Before the last transaction Explanation: If before images are used, the last transaction in the dump will not have updated the database prior to the dump being taken. The last transaction will not have updated the database and must be reprocessed. Program checkpoints are irrelevant in this situation. 18. Which of the following is the MOST important criterion for the selection of a location for an offsite storage facility for IS backup files? The offsite facility must be: A. physically separated from the data center and not subject to the same risks. B. given the same level of protection as that of the computer data center. C. outsourced to a reliable third party. D. equipped with surveillance capabilities. The correct answer is: A. physically separated from the data center and not subject to the same risks. Explanation: It is important that there be an offsite storage location for IS files and that it be in a location not subject to the same risks as the primary data center. The other choices are all issues that must be considered when establishing the offsite location, but they are not as critical as the location selection. 19. The cost of ongoing operations when a disaster recovery plan (DRP) is in place, compared to not having a DRP, will MOST likely: A. increase. B. decrease. C. remain the same. D. be unpredictable. The correct answer is: A. increase. Explanation: Due to the additional cost of DRP measures, the cost of normal operations for any organization will always increase after a DRP implementation, i.e., the cost of normal operations during a nondisaster period will be more than the cost of operations during a nondisaster period when no DRP was in place. 20. Which of the following procedures would BEST determine whether adequate recovery/restart procedures exist? A. Reviewing program code B. Reviewing operations documentation C. Turning off the UPS, then the power D. Reviewing program documentation The correct answer is: B. Reviewing operations documentation Explanation: Operations documentation should contain recovery/restart procedures, so operations can return to normal processing in a timely manner. Turning off the uninterruptible power supply (UPS) and then turning off the power might create a situation for recovery and restart, but the negative effect on operations would prove this method to be undesirable. The review of program code and documentation generally does not provide evidence regarding recovery/restart procedures. 21. An IS auditor has audited a business continuity plan (BCP). Which of the following findings is the MOST critical? A. Nonavailability of an alternate private branch exchange (PBX) system B. Absence of a backup for the network backbone C. Lack of backup systems for the users’ PCs D. Failure of the access card system The correct answer is: B. Absence of a backup for the network backbone Explanation: Failure of a network backbone will result in the failure of the complete network and impact the ability of all users to access information on the network. The nonavailability of an alternate PBX system will result in users not being able to make or receive telephone calls or faxes; however, users may have alternate means of communication, such as a mobile phone or e-mail. Lack of backup systems for user PCs will impact only the specific users not all users. Failure of the access card system impacts the ability to maintain records of the users who are entering the specified work areas; however, this could be mitigated by manual monitoring controls. 22. This question refers to the following information. An IS auditor conducting a review of disaster recovery planning at a financial processing organization has discovered the following: The existing disaster recovery plan was compiled two years earlier by a systems analyst in the organization’s IT department using transaction flow projections from the operations department. The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his/her attention. The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for its area in the event of a disruptive incident. The IS auditor’s report should recommend that: A. the deputy CEO is censured for his/her failure to approve the plan. B. a board of senior managers is set up to review the existing plan. C. the existing plan is approved and circulated to all key management and staff. D. a manager coordinates the creation of a new or revised plan within a defined time limit. The correct answer is: D. a manager coordinates the creation of a new or revised plan within a defined time limit. Explanation: The primary concern is to establish a workable disaster recovery plan, which reflects current processing volumes to protect the organization from any disruptive incident. Censuring the deputy CEO will not achieve this and is generally not within the scope of an IS auditor to recommend. Establishing a board to review the plan, which is two years out of date, may achieve an updated plan, but is not likely to be a speedy operation and issuing the existing plan would be folly without first ensuring that it is workable. The best way to achieve a disaster recovery plan in a short timescale is to make an experienced manager responsible for coordinating the knowledge of other managers into a single, formal document within a defined time limit. 23. The PRIMARY purpose of a business impact analysis (BIA) is to: A. provide a plan for resuming operations after a disaster. B. identify the events that could impact the continuity of an organization’s operations. C. publicize the commitment of the organization to physical and logical security. D. provide the framework for an effective disaster recovery plan (DRP). The correct answer is: B. identify the events that could impact the continuity of an organization’s operations. Explanation: A business impact analysis (BIA) is one of the key steps in the development of a business continuity plan (BCP). A BIA will identify the diverse events that could impact the continuity of the operations of an organization. 24. Disaster recovery planning addresses the: A. technological aspect of business continuity planning. B. operational piece of business continuity planning. C. functional aspect of business continuity planning. D. overall coordination of business continuity planning. The correct answer is: A. technological aspect of business continuity planning. Explanation: Disaster recovery planning is the technological aspect of business continuity planning. Business resumption planning addresses the operational part of business continuity planning. 25. An IS auditor reviewing an organization’s IS disaster recovery plan should verify that it is: A. tested every six months. B. regularly reviewed and updated. C. approved by the chief executive officer (CEO). D. communicated to every departmental head in the organization. The correct answer is: B. regularly reviewed and updated. Explanation: The plan should be reviewed at appropriate intervals, depending upon the nature of the business and the rate of change of systems and personnel. Otherwise, it may become out of date and may no longer be effective. The plan must be subjected to regular testing, but the period between tests will again depend on the nature of the organization and the relative importance of IS. Three months or even annually may be appropriate in different circumstances. Although the disaster recovery plan should receive the approval of senior management, it need not be the CEO if another executive officer is equally or more appropriate. For a purely IS-related plan, the executive responsible for technology may have approved the plan. Similarly, although a business continuity plan is likely to be circulated throughout an organization, the IS disaster recovery plan will usually be a technical document and only relevant to IS and communications staff . 26. An organization’s disaster recovery plan should address early recovery of: A. all information systems processes. B. all financial processing applications. C. only those applications designated by the IS manager. D. processing in priority order, as defined by business management. The correct answer is: D. processing in priority order, as defined by business management. Explanation: Business management should know which systems are critical and when they need to process well in advance of a disaster. It is management’s responsibility to develop and maintain the plan. Adequate time will not be available for this determination once the disaster occurs. IS and the information processing facility are service organizations that exist for the purpose of assisting the general user management in successfully performing their jobs. 27. Which of the following is MOST important to provide for in a disaster recovery plan? A. Backup of compiled object programs B. Reciprocal processing agreement C. Phone contact list D. Supply of special forms The correct answer is: A. Backup of compiled object programs Explanation: Of the choices, a backup of compiled object programs is the most important in a successful recovery. A reciprocal processing agreement is not as important, because alternative equipment can be found after a disaster occurs. A phone contact list may aid in the immediate aftermath, as would an accessible supply of special forms, but neither is as important as having access to required programs. 28. Which of the following is a practice that should be incorporated into the plan for testing disaster recovery procedures? A. Invite client participation. B. Involve all technical staff. C. Rotate recovery managers. D. Install locally stored backup. The correct answer is: C. Rotate recovery managers. Explanation: Recovery managers should be rotated to ensure the experience of the recovery plan is spread among the managers. Clients may be involved but not necessarily in every case. Not all technical staff should be involved in each test. Remote or offsite backup should always be used. 29. A disaster recovery plan (DRP) for an organization's financial system specifies that the recovery point objective (RPO) is no data loss and the recovery time objective (RTO) is 72 hours. Which of the following is the MOST cost-effective solution? A. A hot site that can be operational in eight hours with asynchronous backup of the transaction logs B. Distributed database systems in multiple locations updated asynchronously C. Synchronous updates of the data and standby active systems in a hot site D. Synchronous remote copy of the data in a warm site that can be operational in 48 hours The correct answer is: D. Synchronous remote copy of the data in a warm site that can be operational in 48 hours Explanation: The synchronous copy of the storage achieves the RPO objective and a warm site operational in 48 hours meets the required RTO. Asynchronous updates of the database in distributed locations do not meet the RPO. Synchronous updates of the data and standby active systems in a hot site meet the RPO and RTO requirements but are more costly than a warm site solution. 30. Which of the following is the MOST reasonable option for recovering a noncritical system? A. Warm site B. Mobile site C. Hot site D. Cold site The correct answer is: D. Cold site Explanation: Generally a cold site is contracted for a longer period at a lower cost. Since it requires more time to make a cold site operational, it is generally used for noncritical applications. A warm site is generally available at a medium cost, requires less time to become operational and is suitable for sensitive operations. A mobile site is a vehicle ready with all necessary computer equipment, and it can be moved to any cold or warm site depending upon the need. The need for a mobile site depends upon the scale of operations and a hot site is contracted for a shorter time period at a higher cost and is better suited for recovery of vital and critical applications. 31. The PRIMARY purpose of implementing Redundent Array of Inexpensive Disks (RAID) level 1 in a file server is to: A. achieve performance improvement. B. provide user authentication. C. ensure availability of data. D. ensure the confidentiality of data. The correct answer is: C. ensure availability of data. Explanation: RAID level 1 provides disk mirroring. Data written to one disk are also written to another disk. Users in the network access data in the first disk. If disk one fails, the second disk takes over. This redundancy ensures the availability of data. RAID level 1 does not improve performance, has no relevance to authentication and does nothing to provide for data confidentiality. 32. Which of the following must exist to ensure the viability of a duplicate information processing facility? A. The site is near the primary site to ensure quick and efficient recovery. B. The site contains the most advanced hardware available. C. The workload of the primary site is monitored to ensure adequate backup is available. D. The hardware is tested when it is installed to ensure it is working properly. The correct answer is: C. The workload of the primary site is monitored to ensure adequate backup is available. Explanation: Resource availability must be assured. The workload of the site must be monitored to ensure that availability for emergency backup use is not impaired. The site chosen should not be subject to the same natural disaster as the primary site. In addition, a reasonable compatibility of hardware/software must exist to serve as a basis for backup. The latest or newest hardware may not adequately serve this need. Testing the hardware when the site is established is essential, but regular testing of the actual backup data is necessary to ensure the operation will continue to perform as planned. 33. The FIRST step in developing a business continuity plan (BCP) is to: A. classify the importance of systems. B. establish a disaster recovery strategy. C. determine the critical recovery time period. D. perform a risk ranking. The correct answer is: A. classify the importance of systems. Explanation: Determining the classification of systems is the foremost step in a BCP exercise. Without determining the classification of the systems, the other steps cannot be performed. Choices B, C and D are carried out later in the process. 34. While reviewing the business continuity plan of an organization, the IS auditor observed that the organization’s data and software files are backed up on a periodic basis. Which characteristic of an effective plan does this demonstrate? A. Deterrence B. Mitigation C. Recovery D. Response The correct answer is: B. Mitigation Explanation: An effective business continuity plan includes steps to mitigate the effects of a disaster. Files must be restored on a timely basis for a backup plan to be effective. An example of deterrence is when a plan includes installation of firewalls for information systems. An example of recovery is when a plan includes an organization’s hot site to restore normal business operations. 35. To develop a successful business continuity plan, end-user involvement is critical during which of the following phases? A. Business recovery strategy B. Detailed plan development C. Business impact analysis (BIA) D. Testing and maintenance The correct answer is: C. Business impact analysis (BIA) Explanation: End-user involvement is critical in the BIA phase. During this phase the current operations of the business needs to be understood and the impact on the business of various disasters must be evaluated. End users are the appropriate persons to provide relevant information for these tasks. Inadequate end user involvement in this stage could result in an inadequate understanding of business priorities and the plan not meeting the requirements of the organization. 36. Which of the following would not prevent the loss of an asset but would assist in recovery by transferring part of the risk to a third party? A. Full system backups B. Insurance C. Testing D. Business impact analysis (BIA) The correct answer is: B. Insurance Explanation: Insurance assists by involving a third party in sharing the risks. In case of the destruction of an asset, the third party would compensate for the loss based on the contract. This would assist in reinstating the asset to the predisaster condition. A BIA is the first step in developing a business continuity plan. This step would assist in the classification of assets based on risk and would not assist in either preventing a disaste r or reinstating an asset to a predisaster condition. Backups would assist in recovering a system in case of a disaster but do not necessarily involve a third party. Testing the plan would help to ensure that the business continuity plan works as intended, but testing would not reinstate an asset to a predisaster condition. 37. Which of the following tasks should be performed FIRST when preparing a disaster recovery plan? A. Develop a recovery strategy. B. Perform a business impact analysis. C. Map software systems, hardware and network components. D. Appoint recovery teams with defined personnel, roles and hierarchy. The correct answer is: B. Perform a business impact analysis. Explanation: The first step in any disaster recovery plan is to perform a business impact analysis. All other tasks come afterwards. 38. To provide protection for media backup stored at an offsite location the storage site should be: A. located on a different floor of the building. B. easily accessible by everyone. C. clearly labeled for emergency access. D. protected from unauthorized access. The correct answer is: D. protected from unauthorized access. Explanation: The offsite storage site should always be protected against unauthorized accesses and at least have the same security requirements as the primary site. Choice A is incorrect because, if the backup is in the same building, it may suffer the same event and may be inaccessible. Choices B and C represent access risks. 39. Which of the following would contribute MOST to an effective business continuity plan (BCP)? The BCP: A. document is circulated to all interested parties. B. planning involves all user departments. C. is approved by senior management. D. is audited by an external IS auditor. The correct answer is: B. planning involves all user departments. Explanation: The involvement of user departments in the BCP is crucial for the identification of the business processing priorities. The BCP circulation will ensure that the BCP document is received by all users; though essential, this does not contribute significantly to the success of the BCP. A BCP approved by senior management would not ensure the quality of the BCP, nor would an audit necessarily improve the quality of the BCP. 40. There are several methods of providing telecommunications continuity. The method of routing traffic through split cable or duplicate cable facilities is: A. alternative routing. B. diverse routing. C. long-haul network diversity. D. last-mile circuit protection. The correct answer is: B. diverse routing. Explanation: Diverse routing routes traffic through split-cable facilities or duplicate-cable facilities. This can be accomplished with different and/or duplicate cable sheaths. If different cable sheaths are used, the cable may be in the same conduit and, therefore, subject to the same interruptions as the cable it is backing up. The communication service subscriber can duplicate the facilities by having alternate routes, although the entrance to and from the customer premises may be in the same conduit. The subscriber can obtain diverse routing and alternate routing from the local carrier, including dual-entrance facilities. This type of access is timeconsuming and costly. Alternative routing is a method of routing information via an alternate medium, such as copper cable or fiber optics. This involves use of different networks, circuits or end points should the normal network be unavailable. Long-haul network diversity is a diverse, long-distance network utilizing T-1 circuits among the major long-distance carriers. It ensures long-distance access should any carrier experience a network failure. Last-mile circuit protection is a redundant combination of local carrier T-1s, microwave and/or coaxial cable access to the local communications loop. This enables the facility to have access during a local carrier communication disaster. Alternate local-carrier routing is also utilized. 41. A disaster recovery plan (DRP) for an organization should: A. reduce the length of the recovery time and the cost of recovery. B. increase the length of the recovery time and the cost of recovery. C. reduce the duration of the recovery time and increase the cost of recovery. D. not affect the recovery time nor the cost of recovery. The correct answer is: A. reduce the length of the recovery time and the cost of recovery. Explanation: One of the objectives of a DRP is to reduce both the duration and cost of recovering from a disaster. DRP would increase the cost of operations before and after the disaster occurs, but should reduce the time to return to normal operations and the cost that could result from a disaster. 42. While designing the business continuity plan (BCP) for an airline reservation system, the MOST appropriate method of data transfer/backup at an offsite location would be: A. shadow file processing. B. electronic vaulting. C. hard-disk mirroring. D. hot-site provisioning. The correct answer is: A. shadow file processing. Explanation: In shadow file processing, exact duplicates of the files are maintained at the same site or at a remote site. The two files are processed concurrently. This is used for critical data files, such as airline booking systems. Electronic vaulting electronically transmits data either to direct access storage , an optical disc or another storage medium. This is a method used by banks. Hard-disk mirroring provides redundancy in case the primary hard disk fails. All transactions and operations occur on two hard disks in the same server. A hot site is an alternate site ready to take over business operations within a few hours of any business interruption and is not a method for backing up data. 43. A company performs full backup of data and programs on a regular basis. The primary purpose of this practice is to: A. maintain data integrity in the applications. B. restore application processing after a disruption. C. prevent unauthorized changes to programs and data. D. ensure recovery of data processing in case of a disaster. The correct answer is: B. restore application processing after a disruption. Explanation: Backup procedures are designed to restore programs and data to a previous state prior to computer or system disruption. These backup procedures merely copy data and do not test or validate integrity. Backup procedures will also not prevent changes to program and data. On the contrary, changes will simply be copied. Although backup procedures are a necessary part of the recovery process following a disaster, they are not sufficient in themselves. 44. As updates to an online order entry system are processed, the updates are recorded on a transaction tape and a hard copy transaction log. At the end of the day, the order entry files are backed up on tape. During the backup procedure, a drive malfunctions and the order entry files are lost. Which of the following are necessary to restore these files? A. The previous day’s backup file and the current transaction tape B. The previous day’s transaction file and the current transaction tape C. The current transaction tape and the current hard copy transaction log D. The current hard copy transaction log and the previous day’s transaction file The correct answer is: A. The previous day’s backup file and the current transaction tape Explanation: The previous day’s backup will be the most current historical backup of activity in the system. The current day’s transaction file will contain all of the day’s activity. Therefore, the combination of these two files will enable full recovery up to the point of interruption. 45. In a contract with a hot, warm or cold site, contractual provisions should cover which of the following considerations? A. Physical security measures B. Total number of subscribers C. Number of subscribers permitted to use a site at one time D. References by other users The correct answer is: C. Number of subscribers permitted to use a site at one time Explanation: The contract should specify the number of subscribers permitted to use the site at any one time. Physical security measures are not a part of the contract, although they are an important consideration when choosing a third-party site. The total number of subscribers is not a consideration; what is important is whether the agreement limits the number of subscribers in a building or in a specific area. The references that other users can provide is a consideration taken before signing the contract, it is by no means part of the contractual provisions. 46. IS management has decided to install a level 1 Redundant Array of Inexpensive Disks (RAID) system in all servers to compensate for the elimination of offsite backups. The IS auditor should recommend: A. upgrading to a level 5 RAID. B. increasing the frequency of onsite backups. C. reinstating the offsite backups. D. establishing a cold site in a secure location. The correct answer is: C. reinstating the offsite backups. Explanation: A RAID system, at any level, will not protect against a natural disaster. The problem will not be alleviated without offsite backups, more frequent onsite backups or even setting up a cold site. Choices A, B and D do not compensate for the lack of offsite backup. 47. After completing the business impact analysis (BIA) which of the following is the next step in the business continuity planning process? A. Test and maintain the plan. B. Develop a specific plan. C. Develop recovery strategies. D. Implement the plan. The correct answer is: C. Develop recovery strategies. Explanation: The next phase in the continuity plan development is to identify the various recovery strategies and select the most appropriate strategy for recovering from a disaster. After selecting a strategy, a specific plan can be developed, tested and implemented. 48. A financial institution that processes millions of transactions each day has a central communications processor (switch) for connecting to ATMs (automated teller machines). Which of the following would be the BEST contingency plan for the communications processor? A. Reciprocal agreement with another organization B. Alternate processor in the same location C. Alternate processor at another network node D. Installation of duplex communication links The correct answer is: C. Alternate processor at another network node Explanation: The unavailability of the central communications processor would disrupt all access to the banking network. This could be caused by an equipment, power or communications failure. Reciprocal agreements make an organization dependent on the other organization and raise privacy, competition and regulatory issues. Having an alternate processor in the same location, resolves the equipment problem, but would not be effective if the failure was caused by environmental conditions (i.e., power disruption). The installation of duplex communication links would only be appropriate if the failure were limited to the communication link. 49. The PRIMARY objective of a business continuity and disaster recovery plan should be to: A. safeguard critical IS assets. B. provide for continuity of operations. C. minimize the loss to an organization. D. protect human life. The correct answer is: D. protect human life. Explanation: Since human life is invaluable, the main priority of any business continuity and disaster recovery plan should be to protect people. All other priorities are important but are secondary objectives of a business continuity and disaster recovery plan. 50. After implementation of a disaster recovery plan (DRP), predisaster and post-disaster operational cost for an organization will: A. decrease. B. not change (remain the same). C. increase. D. increase or decrease depending upon the nature of the business. The correct answer is: C. increase. Explanation: There are costs associated with all activities and DRP is not an exception. Although there are costs associated with a DRP, there are unknown costs that are incurred if a DRP is not implemented. 51. Which of the following is a continuity plan test that uses actual resources to simulate a system crash to costeffectively obtain evidence about the plan’s effectiveness? A. Paper test B. Post test C. Preparedness test D. Walk-through The correct answer is: C. Preparedness test Explanation: A preparedness test is a localized version of a full test, wherein resources are expended in the simulation of a system crash. This test is performed regularly on different aspects of the plan and can be a cost-effective way to gradually obtain evidence about the plan’s effectiveness. It also provides a means to improve the plan in increments. A paper test is a walk-through of the plan, involving major players, who attempt to determine what might happen in a particular type of service disruption, in the plan’s execution. A paper test usually precedes the preparedness test. A post-test is actually a test phase and is comprised of a group of activities, such as returning all resources to their proper place, disconnecting equipment, returning personnel and deleting all company data from third-party systems. A walk-through is a test involving a simulated disaster situation that tests the preparedness and understanding of management and staff, rather than the actual resources. 52. Which of the following would have the HIGHEST priority in a business continuity plan (BCP)? A. Resuming critical processes B. Recovering sensitive processes C. Restoring the site D. Relocating operations to an alternative site The correct answer is: A. Resuming critical processes Explanation: The resumption of critical processes has the highest priority as it enables business processes to begin immediately after the interruption and not later than the declared mean time between failures (MTBF). Recovery of sensitive processes refers to recovering the vital and sensitive processes that can be performed manually at a tolerable cost for an extended period of time and those that are not marked as high priority. Repairing and restoring the site to original status and resuming the business operations is a time-consuming operation and is not the highest priority. Relocating operations to an alternative site, either temporarily or permanently depending on the interruption, is a time-consuming process and moreover relocation may not be required. 53. An advantage of the use of hot sites as a backup alternative is that: A. the costs associated with hot sites are low. B. hot sites can be used for an extended amount of time. C. hot sites can be made ready for operation within a short period of time. D. they do not require that equipment and systems software be compatible with the primary site. The correct answer is: C. hot sites can be made ready for operation within a short period of time. Explanation: Hot sites can be made ready for operation normally within hours. However, the use of hot sites is expensive, should not be considered as a long-term solution, and does require that equipment and systems software be compatible with the primary installation being backed up. 54. A large chain of shops with electronic funds transfer (EFT) at point-of-sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communications processor? A. Offsite storage of daily backups B. Alternative standby processor onsite C. Installation of duplex communication links D. Alternative standby processor at another network node The correct answer is: D. Alternative standby processor at another network node Explanation: Having an alternative standby processor at another network node would be the best. The unavailability of the central communications processor would disrupt all access to the banking network, resulting in the disruption of operations for all of the shops. This could be caused by failure of equipment, power or communications. Offsite storage of backups would not help, since EFT tends to be an online process and offsite storage will not replace the dysfunctional processor. The provision of an alternate processor onsite would be fine if it were an equipment problem, but would not help if the outage were caused by power, for example. Installation of duplex communication links would be most appropriate if it were only the communication link that failed. 55. Which of the following ensures the availability of transactions in the event of a disaster? A. Send tapes hourly containing transactions offsite. B. Send tapes daily containing transactions offsite. C. Capture transactions to multiple storage devices. D. Transmit transactions offsite in real time. The correct answer is: D. Transmit transactions offsite in real time. Explanation: The only way to ensure availability of all transactions is to perform a real-time transmission to an offsite facility. Choices A and B are not in real time and, therefore, would not include all the transactions. Choice C does not ensure availability at an offsite location. 56. Which of the following is an appropriate test method to apply to a business continuity plan (BCP)? A. Pilot B. Paper C. Unit D. System The correct answer is: B. Paper Explanation: A paper test is appropriate for testing a BCP. It is a walk-through of the entire plan, or part of the plan, involving major players in the plan’s execution, who reason out what may happen in a particular disaster. Choices A, C and D are not appropriate for a BCP. 57. An IS auditor performing a review of the backup processing facilities should be MOST concerned that: A. adequate fire insurance exists. B. regular hardware maintenance is performed. C. offsite storage of transaction and master files exists. D. backup processing facilities are fully tested. The correct answer is: C. offsite storage of transaction and master files exists. Explanation: Adequate fire insurance and fully tested backup processing facilities are important elements for recovery, but without the offsite storage of transaction and master files, it is generally impossible to recover. Regular hardware maintenance does not relate to recovery. 58. Which of the following processes is the FIRST step in developing a business continuity and disaster recovery plan for an organization? A. Alternate site selection B. Business impact analysis C. Test procedures and frequency D. Information classification The correct answer is: B. Business impact analysis Explanation: All four processes are essential for developing the business continuity plan; however, a business impact analysis is the first process used to determine the impact of a disaster on the business operations. Information classification helps to determine the priorities of application recovery while recovering from a disaster event. Alternate site requirements are decided and the site is selected based on the business impact analysis and recovery priorities. The testing of the plan is completed after the above processes are complete. 59. Which of the following activities should the business continuity manager perform FIRST after the replacement of hardware at the primary information processing facility? A. Verify compatibility with the hot site. B. Review the implementation report. C. Perform a walk-through of the DRP. D. Update the IS assets inventory. The correct answer is: D. Update the IS assets inventory. Explanation: An IS assets inventory is the basic input for the business continuity/disaster recovery plan, and the plan must be updated to reflect changes in the IS infrastructure. The other choices are procedures required to update the disaster recovery plan after having updated the required assets inventory. 60. After a full operational contingency test, the IS auditor performs a review of the recovery steps. He concludes that the time it took for the technological environment and systems to return to full-functioning exceeded the required critical recovery time. Which of the following should the auditor recommend? A. Perform an integral review of the recovery tasks. B. Broaden the processing capacity to gain recovery time. C. Make improvements in the facility’s circulation structure. D. Increase the amount of human resources involved in the recovery. The correct answer is: A. Perform an integral review of the recovery tasks. Explanation: Performing an exhaustive review of the recovery tasks would be appropriate to identify the way these tasks were performed, identify the time allocated to each of the steps required to accomplish recovery, and determine where adjustments can be made. Choices B, C and D could be actions after the described review has been completed. 61. Which of the following findings would an IS auditor be MOST concerned about when performing an audit of backup and recovery and the offsite storage vault? A. There are three individuals with a key to enter the area. B. Paper documents are also stored in the offsite vault. C. Data files that are stored in the vault are synchronized. D. The offsite vault is located in a separate facility. The correct answer is: C. Data files that are stored in the vault are synchronized. Explanation: Choice A is incorrect because more than one person would typically need to have a key to the vault to ensure that individuals responsible for the offsite vault can take vacations and rotate duties. Choice B is not correct because the IS auditor would not be concerned with whether paper documents are stored in the offsite vault. In fact, paper documents, such as procedural documents and a copy of the contingency plan, would most likely be stored in the offsite vault, and the location of the vault is important, but not as important as the files being synchronized. 62. In addition to the backup considerations for all systems, which of the following is an important consideration in providing backup for online systems? A. Maintaining system software parameters B. Ensuring periodic dumps of transaction logs C. Ensuring grandfather-father-son file backups D. Maintaining important data at an offsite location The correct answer is: B. Ensuring periodic dumps of transaction logs Explanation: Ensuring periodic dumps of transaction logs is the only safe way of preserving timely historical data. The volume of activity usually associated with an online system makes other more traditional methods of backup impractical. 63. Which of the following provides the BEST evidence of an organization's disaster recovery readiness? A. The disaster recovery plan B. Customer references for the alternate site provider C. The process for maintaining the disaster recovery plan D. The results of tests and drills The correct answer is: D. The results of tests and drills Explanation: Plans are important, but mere plans do not provide reasonable assurance unless tested. References for the alternate site provider and the existence and maintenance of a disaster recovery plan are important but only tests and drills would demonstrate the adequacy of the plans and provide reasonable assurance of an organization's disaster recovery readiness. 64. Which of the following would an IS auditor consider to be the MOST important to review when conducting a business continuity audit? A. A hot site is contracted for and available as needed. B. A business continuity manual is available and current. C. Insurance coverage is adequate and premiums are current. D. Media backups are performed on a timely basis and stored offsite. The correct answer is: D. Media backups are performed on a timely basis and stored offsite. Explanation: Without data to process, all other components of the recovery effort are in vain. Even in the absence of a plan, recovery efforts of any type would not be practical without data to process. 65. An IS auditor evaluating the resilience of a high-availability network would be MOST concerned if: A. the setup is geographically dispersed. B. the network servers are clustered in a site. C. a hot site is ready for activation. D. diverse routing is implemented for the network. The correct answer is: B. the network servers are clustered in a site. Explanation: A clustered setup in one location makes the entire network vulnerable to natural disasters or other disruptive events. Dispersed geographical locations and diverse routing provide backups if a site has been destroyed. A hot site would also be a good alternative for a single-point-of-failure site. -------------------------------------------------------------------------------- Close Window | Instruction Page Copyright © 2002-5 Information Systems Audit and Control Association. All rights reserved. USE RESTRICTIONS The Question Database and Software ("CISA Sample Exam") is copyrighted. Licensee may not and Licensee may not permit others to (a) disassemble, decompile, or otherwise derive source code from the CISA Sample Exam, (b) reverse engineer the CISA Sample Exam, (c) modify or prepare derivative works of the CISA Sample Exam, (d) copy the CISA Sample Exam (e) rent or lease the CISA Sample Exam, (f) use the CISA Sample Exam in an on-line system, (g) use the CISA Sample Exam in any manner that infringes the intellectual property or other rights of another party, or (h) transfer the CISA Sample Exam or any copy thereof to another party. Unauthorized copying of the CISA Sample Exam is expressly forbidden. Licensee may not reproduce the CISA Sample Exam or any part thereof. You may not create derivative works, including translations, of the CISA Sample Exam or any part thereof without the prior written consent of ISACA. Licensee may make printed media copies of the quiz and scored results, so long as such copies do not include any part of the Software, for non-commercial, personal use including transmission by any means including electronic, mechanical, recording, or otherwise.