While designing the business continuity plan (BCP) for an airline reservation system, the MOST appropriate method of data transfer/backup at an offsite location would be:
Options are :
- hot-site provisioning.
- electronic vaulting.
- hard-disk mirroring.
- shadow file processing.
Answer : shadow file processing.
CISA Systems Infrastructure Life Cycle Management Exam Set 1
The PRIMARY objective of testing a business continuity plan is to:
Options are :
- ensure that all residual risks are addressed.
- identify limitations of the business continuity plan
- exercise all possible disaster scenarios.
- familiarize employees with the business continuity plan.
Answer : identify limitations of the business continuity plan
An IS auditor noted that an organization had adequate business continuity plans (BCPs) for each individual process, but no comprehensive BCP. Which would be the BEST course of action for the IS auditor?
Options are :
- Recommend the creation of a single BCP.
- Recommend that an additional comprehensive BCP be developed.
- Determine whether the BCPs are consistent.
- Accept the BCPs as written.
Answer : Determine whether the BCPs are consistent.
Depending on the complexity of an organization's business continuity plan (BCP), the plan may be developed as a set of more than one plan to address various aspects of business continuity and disaster recovery, in such an environment, it is essential that:
Options are :
- the sequence for implementation of all plans is defined.
- all plans are integrated into a single plan.
- each plan is consistent with one another
- each plan is dependent on one another
Answer : each plan is consistent with one another
CISA Certified Information Systems Auditor Practice Test Set 13
Which of the following would contribute MOST to an effective business continuity plan (BCP)?
Options are :
- Document is circulated to all interested parties
- Audit by an external IS auditor
- Approval by senior management
- Planning involves all user departments
Answer : Planning involves all user departments
Management considered two projections for its business continuity plan; plan A with two months to recover and plan B with eight months to recover. The recovery objectives are the same in both plans. It is reasonable to expect that plan B projected higher:
Options are :
- walkthrough costs.
- recovery costs.
- resumption costs.
- downtime costs
Answer : downtime costs
Which of the following would have the HIGHEST priority in a business continuity plan (BCP)?
Options are :
- Recovering sensitive processes
- Resuming critical processes
- Relocating operations to an alternative site
- Restoring the site
Answer : Resuming critical processes
CISA Protection of Information Assets Practice Test Set 4
Which of the following would an IS auditor consider to be the MOST important to review when conducting a business continuity audit?
Options are :
- Media backups are performed on a timely basis and stored offsite.
- insurance coverage is adequate and premiums are current.
- A hot site is contracted for and available as needed
- A business continuity manual is available and current.
Answer : Media backups are performed on a timely basis and stored offsite.
As part of the business continuity planning process, which of the following should be identified FIRST in the business impact analysis?
Options are :
- Resources required for resumption of business
- Critical business processes for ascertaining the priority for recovery
- Threats to critical business processes
- Organizational risks, such as single point-of-failure and infrastructure risk
Answer : Critical business processes for ascertaining the priority for recovery
In determining the acceptable time period for the resumption of critical business processes:
Options are :
- indirect downtime costs should be ignored.
- recovery operations should be analyzed
- both downtime costs and recovery costs need to be evaluated.
- only downtime costs need to be considered.
Answer : both downtime costs and recovery costs need to be evaluated.
CISA Systems Infrastructure Life Cycle Management Exam Set 3
Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost-effectively obtain evidence about the plan's effectiveness?
Options are :
- Paper test
- Post test
- Walkthrough
- Preparedness test
Answer : Preparedness test
During a business continuity audit an IS auditor found that the business continuity plan (BCP) covered only critical processes. The IS auditor should:
Options are :
- redefine critical processes.
- assess the impact of the processes not covered.
- recommend that the BCP cover all business processes.
- report the findings to the IT manager.
Answer : assess the impact of the processes not covered.
When developing a business continuity plan (BCP), which of the following tools should be used to gain an understanding of the organization's business processes?
Options are :
- Risk assessment
- Gap analysis
- Resource recovery analysis
- Business continuity self-audit
Answer : Risk assessment
CISA Protection of Information Assets Practice Exam Set 3
Which of the following is an appropriate test method to apply to a business continuity plan (BCP)?
Options are :
Answer : Paper
The optimum business continuity strategy for an entity is determined by the:
Options are :
- lowest downtime cost and highest recovery cost.
- average of the combined downtime and recovery cost.
- lowest sum of downtime cost and recovery cost
- lowest recovery cost and highest downtime cost.
Answer : lowest sum of downtime cost and recovery cost
Which of the following activities should the business continuity manager perform FIRST after the replacement of hardware at the primary information processing facility?
Options are :
- Perform a walk-through of the disaster recovery plan.
- Verify compatibility with the hot site
- Review the implementation report
- Update the IS assets inventory
Answer : Update the IS assets inventory
CISA Systems Infrastructure Life Cycle Management Exam Set 4
An IS auditor has audited a business continuity plan (BCP). Which of the following findings is the MOST critical
Options are :
- Failure of the access card system
- Lack of backup systems for the users' PCs
- Absence of a backup for the network backbone
- Nonavailability of an alternate private branch exchange (PBX) system
Answer : Absence of a backup for the network backbone
After a full operational contingency test, an IS auditor performs a review of the recovery steps. The auditor concludes that the time it took for the technological environment and systems to return to full-functioning exceeded the required critical recovery time. Which of the following should the auditor recommend?
Options are :
- Make improvements in the facility's circulation structure.
- increase the amount of human resources involved in the recovery.
- Perform an integral review of the recovery tasks.
- Broaden the processing capacity to gain recovery time
Answer : Perform an integral review of the recovery tasks.
Which of the following would be MOST important for an IS auditor to verify when conducting a business continuity audit?
Options are :
- Data backups are performed on a timely basis
- A recovery site is contracted for and available as needed
- Human safety procedures are in place
- insurance coverage is adequate and premiums are current
Answer : Human safety procedures are in place
CISA Protection of Information Assets Certification Test Set 1
To develop a successful business continuity plan, end user involvement is critical during which of the following phases?
Options are :
- Detailed plan development
- Business recovery strategy
- Business impact analysis (BIA)
- Testing and maintenance
Answer : Business impact analysis (BIA)
To address an organization's disaster recovery requirements, backup intervals should not exceed the:
Options are :
- service level objective (SLO).
- recovery time objective (RTO).
- maximum acceptable outage (MAO).
- recovery point objective (RPO).
Answer : recovery point objective (RPO).
The PRIMARY objective of business continuity and disaster recovery plans should be to:
Options are :
- minimize the loss to an organization.
- provide for continuity of operations.
- protect human life.
- safeguard critical IS assets.
Answer : protect human life.
CISA Protection of Information Assets Practice Exam Set 6
In the event of a disruption or disaster, which of the following technologies provides for continuous operations?
Options are :
- Distributed backups
- High-availability computing
- Load balancing
- Fault-tolerant hardware
Answer : Fault-tolerant hardware
During an audit of a business continuity plan (BCP), an IS auditor found that, although all departments were housed in the same building, each department had a separate BCP. The IS auditor recommended that the BCPs be reconciled. Which of the following areas should be reconciled FIRST?
Options are :
- Recovery priorities
- Backup storages
- Call tree
- Evacuation plan
Answer : Evacuation plan
After completing the business impact analysis (BIA), what is the next step in the business continuity planning process?
Options are :
- Develop recovery strategies.
- Develop a specific plan
- implement the plan.
- Test and maintain the plan.
Answer : Test and maintain the plan.
CISA Protection of Information Assets Practice Exam Set 7
IS management has decided to install a level 1 Redundant Array of Inexpensive Disks (RAID) system in all servers to compensate for the elimination of offsite backups. The IS auditor should recommend:
Options are :
- increasing the frequency of onsite backups.
- establishing a cold site in a secure location.
- upgrading to a level 5 RAID
- reinstating the offsite backups.
Answer : reinstating the offsite backups.
CISA Protection of Information Assets Practice Test Set 2
Which of the following is the GREATEST risk when storage growth in a critical file server is not managed properly?
Options are :
- Storage operational cost would significantly increase
- Backup time would steadily increase
- Server recovery work may not meet the recovery time objective (RTO)
- Backup operational cost would significantly increase
Answer : Server recovery work may not meet the recovery time objective (RTO)
In addition to the backup considerations for all systems, which of the following is an important consideration in providing backup for online systems?
Options are :
- Maintaining important data at an offsite location
- Ensuring periodic dumps of transaction logs
- Maintaining system software parameters
- Ensuring grandfather-father-son file backups
Answer : Ensuring periodic dumps of transaction logs
Which of the following procedures would BEST determine whether adequate recovery/restart procedures exist?
Options are :
- Reviewing operations documentation
- Reviewing program documentation
- Reviewing program code
- Turning off the UPS, then the power
Answer : Reviewing operations documentation
CISA Systems Infrastructure Life Cycle Management Exam Set 4
Network Data Management Protocol (NDMP) technology should be used for backup if:
Options are :
- a network attached storage (NAS) appliance is required.
- file permissions that can not be handled by legacy backup systems must be backed up
- backup consistency over several related data volumes must be ensured.
- the use of TCP/I P must be avoided.
Answer : a network attached storage (NAS) appliance is required.
The PRIMARY objective of business continuity and disaster recovery plans should be to:
Options are :
- minimize the loss to an organization.
- safeguard critical IS assets.
- protect human life.
- provide for continuity of operations.
Answer : protect human life.
CISA Protection of Information Assets Practice Test Set 5
Which of the following would an IS auditor consider to be the MOST important to review when conducting a business continuity audit?
Options are :
- Media backups are performed on a timely basis and stored offsite.
- A hot site is contracted for and available as needed
- insurance coverage is adequate and premiums are current.
- A business continuity manual is available and current.
Answer : Media backups are performed on a timely basis and stored offsite.
An IS auditor noted that an organization had adequate business continuity plans (BCPs) for each individual process, but no comprehensive BCP. Which would be the BEST course of action for the IS auditor?
Options are :
- Determine whether the BCPs are consistent.
- Recommend that an additional comprehensive BCP be developed.
- Accept the BCPs as written.
- Recommend the creation of a single BCP.
Answer : Determine whether the BCPs are consistent.
Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost-effectively obtain evidence about the plan's effectiveness?
Options are :
- Post test
- Walkthrough
- Paper test
- Preparedness test
Answer : Preparedness test
CISA Systems Infrastructure Life Cycle Management Exam Set 4
Which of the following would contribute MOST to an effective business continuity plan (BCP)?
Options are :
- Planning involves all user departments
- Audit by an external IS auditor
- Document is circulated to all interested parties
- Approval by senior management
Answer : Planning involves all user departments
During a business continuity audit an IS auditor found that the business continuity plan (BCP) covered only critical processes. The IS auditor should:
Options are :
- redefine critical processes.
- assess the impact of the processes not covered.
- report the findings to the IT manager.
- recommend that the BCP cover all business processes.
Answer : assess the impact of the processes not covered.
Management considered two projections for its business continuity plan; plan A with two months to recover and plan B with eight months to recover. The recovery objectives are the same in both plans. It is reasonable to expect that plan B projected higher:
Options are :
- recovery costs.
- resumption costs.
- downtime costs
- walkthrough costs.
Answer : downtime costs
CISA Protection of Information Assets Certification Test Set 2
After a full operational contingency test, an IS auditor performs a review of the recovery steps. The auditor concludes that the time it took for the technological environment and systems to return to full-functioning exceeded the required critical recovery time. Which of the following should the auditor recommend?
Options are :
- Perform an integral review of the recovery tasks.
- Make improvements in the facility's circulation structure.
- increase the amount of human resources involved in the recovery.
- Broaden the processing capacity to gain recovery time
Answer : Perform an integral review of the recovery tasks.
Which of the following is an appropriate test method to apply to a business continuity plan (BCP)?
Options are :
Answer : Paper
When developing a business continuity plan (BCP), which of the following tools should be used to gain an understanding of the organization's business processes?
Options are :
- Gap analysis
- Business continuity self-audit
- Resource recovery analysis
- Risk assessment
Answer : Risk assessment
CISA Protection of Information Assets Practice Test Set 7
An IS auditor has audited a business continuity plan (BCP). Which of the following findings is the MOST critical
Options are :
- Absence of a backup for the network backbone
- Nonavailability of an alternate private branch exchange (PBX) system
- Failure of the access card system
- Lack of backup systems for the users' PCs
Answer : Absence of a backup for the network backbone
As part of the business continuity planning process, which of the following should be identified FIRST in the business impact analysis?
Options are :
- Resources required for resumption of business
- Critical business processes for ascertaining the priority for recovery
- Organizational risks, such as single point-of-failure and infrastructure risk
- Threats to critical business processes
Answer : Critical business processes for ascertaining the priority for recovery
To address an organization's disaster recovery requirements, backup intervals should not exceed the:
Options are :
- recovery time objective (RTO).
- maximum acceptable outage (MAO).
- service level objective (SLO).
- recovery point objective (RPO).
Answer : recovery point objective (RPO).
CISA Certified Information Systems Auditor Certification Practice Test
Which of the following activities should the business continuity manager perform FIRST after the replacement of hardware at the primary information processing facility?
Options are :
- Perform a walk-through of the disaster recovery plan.
- Verify compatibility with the hot site
- Update the IS assets inventory
- Review the implementation report
Answer : Update the IS assets inventory
During an audit of a business continuity plan (BCP), an IS auditor found that, although all departments were housed in the same building, each department had a separate BCP. The IS auditor recommended that the BCPs be reconciled. Which of the following areas should be reconciled FIRST?
Options are :
- Call tree
- Evacuation plan
- Backup storages
- Recovery priorities
Answer : Evacuation plan
Depending on the complexity of an organization's business continuity plan (BCP), the plan may be developed as a set of more than one plan to address various aspects of business continuity and disaster recovery, in such an environment, it is essential that:
Options are :
- each plan is dependent on one another
- the sequence for implementation of all plans is defined.
- each plan is consistent with one another
- all plans are integrated into a single plan.
Answer : each plan is consistent with one another
CISA Protection of Information Assets Practice Exam Set 6
To develop a successful business continuity plan, end user involvement is critical during which of the following phases?
Options are :
- Testing and maintenance
- Business recovery strategy
- Business impact analysis (BIA)
- Detailed plan development
Answer : Business impact analysis (BIA)
Which of the following would have the HIGHEST priority in a business continuity plan (BCP)?
Options are :
- Resuming critical processes
- Relocating operations to an alternative site
- Recovering sensitive processes
- Restoring the site
Answer : Resuming critical processes
While designing the business continuity plan (BCP) for an airline reservation system, the MOST appropriate method of data transfer/backup at an offsite location would be:
Options are :
- hard-disk mirroring.
- hot-site provisioning.
- shadow file processing.
- electronic vaulting.
Answer : shadow file processing.
CISA IT Service Delivery and Support Certified Practice Exam Set 1
After completing the business impact analysis (BIA), what is the next step in the business continuity planning process?
Options are :
- Test and maintain the plan.
- implement the plan.
- Develop recovery strategies.
- Develop a specific plan
Answer : Test and maintain the plan.
The optimum business continuity strategy for an entity is determined by the:
Options are :
- lowest downtime cost and highest recovery cost.
- lowest sum of downtime cost and recovery cost
- lowest recovery cost and highest downtime cost.
- average of the combined downtime and recovery cost.
Answer : lowest sum of downtime cost and recovery cost
CISA Protection of Information Assets Practice Test Set 2
An IS auditor performing a review of the backup processing facilities should be MOST concerned that:
Options are :
- adequate fire insurance exists.
- regular hardware maintenance is performed.
- offsite storage of transaction and master files exists
- backup processing facilities are fully tested.
Answer : offsite storage of transaction and master files exists
If a database is restored using before-image dumps, where should the process begin following an interruption?
Options are :
- Before the last transaction
- After the last transaction
- As the last transaction before the latest checkpoint
- As the first transaction after the latest checkpoint
Answer : Before the last transaction
Online banking transactions are being posted to the database when processing suddenly comes to a halt. The integrity of the transaction processing is BEST ensured by
Options are :
- database commits and rollbacks
- input controls.
- database integrity checks.
- validation checks.
Answer : database commits and rollbacks
CISA Protection of Information Assets Practice Test Set 5
To provide protection for media backup stored at an offsite location, the storage site should be:
Options are :
- located on a different floor of the building.
- protected from unauthorized access.
- clearly labeled for emergency access.
- easily accessible by everyone.
Answer : protected from unauthorized access.
Which of the following ensures the availability of transactions in the event of a disaster?
Options are :
- Send tapes hourly containing transactions offsite,
- Capture transactions to multiple storage devices
- Send tapes daily containing transactions offsite.
- Transmit transactions offsite in real time.
Answer : Transmit transactions offsite in real time.
An offsite information processing facility:
Options are :
- should have the same amount of physical access restrictions as the primary processing site
- hould be easily identified from the outside so that, in the event of an emergency, it can be easily found.
- need not have the same level of environmental monitoring as the originating site.
- should be located in proximity to the originating site, so it can quickly be made operational
Answer : should have the same amount of physical access restrictions as the primary processing site
CISA Systems Infrastructure Life Cycle Management Exam Set 3
IS management has decided to install a level 1 Redundant Array of Inexpensive Disks (RAID) system in all servers to compensate for the elimination of offsite backups. The IS auditor should recommend:
Options are :
- reinstating the offsite backups.
- upgrading to a level 5 RAID
- establishing a cold site in a secure location.
- increasing the frequency of onsite backups.
Answer : reinstating the offsite backups.
Which of the following findings should an IS auditor be MOST concerned about when performing an audit of backup and recovery and the offsite storage vault?
Options are :
- The offsite vault is located in a separate facility.
- Data files that are stored in the vault are synchronized.
- Paper documents are also stored in the offsite vault
- There are three individuals with a key to enter the area.
Answer : Data files that are stored in the vault are synchronized.
Which of the following procedures would BEST determine whether adequate recovery/restart procedures exist?
Options are :
- Reviewing program code
- Reviewing program documentation
- Turning off the UPS, then the power
- Reviewing operations documentation
Answer : Reviewing operations documentation
