Which of the following is the most reasonable option for recovering a non-critical system?
|
The activation of an enterprise's business continuity plan should be based on predetermined criteria that address the: After a disaster declaration, the media creation date at a warm recovery site is based on the: recovery point objective. (RPO) After completing the business impact analysis, what is the NEXT step in the business continuity planning process? Develop recovery strategies. Applying a retention date on a file will ensure that: data will not be deleted before that date. The BEST method for assessing the effectiveness of a business continuity plan is to review the: results from previous tests A company with a limited budget has a recovery time objective of 72 hours and a recovery point objective of 24 hours. Which of the following would BEST meet the requirements of the business? The cost of ongoing operations when a disaster recovery plan (DRP) is in place, compared to not having a DRP, will MOST likely: Depending on the complexity of an organization's business continuity plan (BCP), it may be developed as a set of plans to address various aspects of business continuity and disaster recovery. In such an environment, it is essential that: each plan is consistent with one another. Determining the service delivery objective should be based PRIMARILY on: the minimum acceptable operational capability. A disaster recovery plan for an organization's financial system specifies that the recovery point objective is zero and the recovery time objective is 72 hours. Which of the following is the MOST cost-effective solution? Synchronous remote copy of the data in a warm site that can be operational in 48 hours Disaster recovery planning addresses the: technological aspect of business continuity planning (BCP). Due to changes in IT, the disaster recovery plan of a large organization has been changed. What is the PRIMARY risk if the new plan is not tested? Catastrophic service interruption During a disaster recovery test, an IS auditor observes that the performance of the disaster recovery site's server is slow. To find the root cause of this, the IS auditor should FIRST review the: configurations and alignment of the primary and disaster recovery sites. During an audit of a business continuity plan (BCP), an IS auditor found that, although all departments were housed in the same building, each department had a separate BCP. The IS auditor recommended that the BCPs be reconciled. Which of the following areas should be reconciled FIRST? During an IS audit of the disaster recovery plan of a global enterprise, the auditor observes that some remote offices have very limited local IT resources. Which of the following observations would be the MOST critical for the IS auditor? A test has not been made to ensure that local resources could maintain security and service standards when recovering from a disaster or incident. During a review of a business continuity plan, an IS auditor noticed that the point at which a situation is declared to be a crisis has not been defined. The MAJOR risk associated with this is that: execution of the disaster recovery plan could be impacted. During the design of a business continuity plan, the business impact analysis identifies critical processes and supporting applications. This will PRIMARILY influence the: A financial institution that processes millions of transactions each day has a central communications processor (switch) for connecting to automated teller machines. Which of the following would be the BEST contingency plan for the communications processor? Alternate processor at another network node For effective implementation after a business continuity plan (BCP) has been developed, it is MOST important that the BCP be: communicated to appropriate personnel. he frequent updating of which of the following is key to the continued effectiveness of a disaster recovery plan? Contact information of key personnel A hot site should be implemented as a recovery strategy when the: disaster downtime tolerance is low. If the recovery time objective increases: the disaster tolerance increases. In a contract with a hot, warm or cold site, contractual provisions should PRIMARILY cover which of the following considerations? Number of subscribers permitted to use a site at one time In addition to the backup considerations for all systems, which of the following is an important consideration in providing backup for online systems? Ensuring periodic dumps of transaction logs In a disaster recovery situation, which of the following is the MOST important metric to ensure that data are synchronized between critical systems? In determining the acceptable time period for the resumption of critical business processes: both downtime costs and recovery costs need to be evaluated. Integrating the business continuity plan into IT project management aids in: the development of a more comprehensive set of requirements. In the event of a data center disaster, which of the following would be the MOST appropriate strategy to enable a complete recovery of a critical database? Real-time replication to a remote site In which of the following situations is it MOST appropriate to implement data mirroring as the recovery strategy? The recovery point objective is low. An IS auditor can verify that an organization's business continuity plan (BCP) is effective by reviewing the: results of business continuity tests performed by IS and end-user personnel. An IS auditor discovers that the disaster recovery plan (DRP) for a company does not include a critical application hosted in the cloud. Management's response states that the cloud vendor is responsible for disaster recovery (DR) and DR-related testing. What is the NEXT course of action for the IS auditor to pursue? Review the vendor contract to determine its DR capabilities. An IS auditor evaluating the resilience of a high-availability network should be MOST concerned if: the servers are clustered in one site. An IS auditor is auditing an IT disaster recovery plan. The IS auditor should PRIMARILY ensure that the plan covers: analysis and prioritization of business functions. An IS auditor is conducting a review of the disaster recovery procedures for a data center. Which of the following indicators BEST shows that the procedures meet the requirements? A tabletop exercise using the procedures was conducted. An IS auditor is performing an audit in the data center when the fire alarm begins sounding. The audit scope includes disaster recovery, so the auditor observes the data center staff response to the alarm. Which of the following is the MOST important action for the data center staff to complete in this scenario? Ensure all persons in the data center are evacuated. An IS auditor is performing a review of the disaster recovery hot site used by a financial institution. Which of the following would be the GREATEST concern? Disk space utilization data are not kept current. An IS auditor is reviewing an organization's recovery from a disaster in which not all the critical data needed to resume business operations were retained. Which of the following was incorrectly defined? The recovery point objective An IS auditor is reviewing the most recent disaster recovery plan of an organization. Which approval is the MOST important when determining the availability of system resources required for the plan? An IS auditor
notes during an audit that an organization's business continuity plan does not adequately address information confidentiality during the recovery the level of information security required when business recovery procedures are invoked. An IS auditor observed that multiple applications are hosted on the same server. The recovery time objective (RTO) for the server will be: based on the application with the shortest RTO. An IS auditor reviewing an organization's disaster recovery plan should PRIMARILY verify that it is: regularly reviewed and updated. It is MOST appropriate to implement an incremental backup scheme when: there is limited media capacity. IT management has decided to install a level 1 Redundant Array of Inexpensive Disks (RAID) system in all servers to compensate for the elimination of offsite backups. The IS auditor should recommend: reinstating the offsite backups. A large chain of shops with electronic funds transfer at point-of-sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communications processor? Alternative standby processor at another network node A live test of a mutual agreement for IT system recovery has been carried out, including a four-hour test of intensive usage by the business units. The test has been successful, but gives only partial assurance that the: system and the IT operations team can sustain operations in the emergency environment. A lower recovery time objective results in: The MAIN criterion for determining the severity level of a service disruption incident is: The MAIN purpose for periodically testing offsite disaster recovery facilities is to: ensure the continued compatibility of the contingency facilities. Management considered two projections for its disaster recovery plan: plan A with two months to fully recover and plan B with eight months to fully recover. The recovery point objectives are the same in both plans. It is reasonable to expect that plan B projected higher: A medium-sized organization, whose IT disaster recovery measures have been in place and regularly tested for years, has just developed a formal business continuity plan (BCP). A basic BCP tabletop exercise has been performed successfully. Which testing should an IS auditor recommend be performed NEXT to verify the adequacy of the new BCP? Functional test of a scenario with limited IT involvement An offsite information processing facility with electrical wiring, air conditioning and flooring, but no computer or communications equipment, is a: An optimized disaster recovery plan for an organization should: reduce the length of the recovery time and the cost of recovery. An organization completed a business impact analysis as part of business continuity planning. The NEXT step in the process is to develop: a business continuity strategy. An organization has a business process with a recovery time objective equal to zero and a recovery point objective close to one minute. This implies that the process can tolerate: a data loss of up to one minute, but the processing must be continuous. An organization has just completed its annual risk assessment. Regarding the business continuity plan, what should an IS auditor recommend as the next step for the organization? Review and evaluate the business continuity plan for adequacy An organization having a number of offices across a wide geographical area has developed a disaster recovery plan. Using actual resources, which of the following is the MOST cost-effective test of the disaster recovery plan? An organization's disaster recovery plan should address early recovery of: processing in priority order, as defined by business management. The PRIMARY objective of business continuity and disaster recovery plans should be to: The PRIMARY objective of testing a business continuity plan is to: identify limitations of the business continuity plan. The PRIMARY purpose of a business impact analysis is to: define recovery strategies. The PRIMARY purpose of implementing Redundant Array of Inexpensive Disks level 1 in a file server is to: ensure availability of data. Recovery procedures for an information processing facility are BEST based on: Segmenting a highly sensitive database results in: There are several methods of providing telecommunication continuity. The method of routing traffic through split cable or duplicate cable facilities is called: To address an organization's disaster recovery requirements, backup intervals should not exceed the: recovery point objective. To ensure structured disaster recovery, it is MOST important that the business continuity plan and disaster recovery plan are: To optimize an organization's business continuity plan, an IS auditor should recommend a business impact analysis to determine: the business processes that must be recovered following a disaster to ensure the organization's survival. What is the BEST backup strategy for a large database with data supporting online sales? When an organization's disaster recovery plan has a reciprocal agreement, which of the following risk treatment approaches is being applied? When auditing the archiving process of emails, the IS auditor should pay the MOST attention to: the existence of a data retention policy. When developing a business continuity plan, which of the following tools should be used to gain an understanding of the organization's business processes? When developing a disaster recovery plan, the criteria for determining the acceptable downtime should be the: maximum tolerable outage. When reviewing a disaster recovery plan, an IS auditor should be MOST concerned with the lack of: process owner involvement. Which of the following backup techniques is the MOST appropriate when an organization requires extremely granular data restore points, as defined in the recovery point objective? Which of the following BEST helps define disaster recovery strategies? Maximum tolerable downtime and data loss Which of the following BEST mitigates the risk arising from using reciprocal agreements as a recovery alternative? Ensure that partnering organizations are separated geographically. Which of the following BEST mitigates the risk of backup media containing irreplaceable information being lost or stolen while in transit? Maintain a duplicate copy. Which of the following business continuity plan tests involves participation of relevant members of the crisis management/response team to practice proper coordination? Which of the following choices would MOST likely ensure that a disaster recovery effort is successful? Data restoration was completed. Which of the following disaster recovery testing techniques is the MOST efficient way to determine the effectiveness of the plan? Which of the following distinguishes a business impact analysis from a risk assessment? A determination of acceptable downtime Which of the following ensures the availability of transactions in the event of a disaster? Transmit transactions offsite in real time. Which of the following groups is the BEST source of information for determining the criticality of application systems as part of a business impact analysis? Business processes owners Which of the following inputs would PRIMARILY help in designing the data backup strategy in case of potential natural disasters? Which of the following is a continuity plan test that simulates a system crash and uses actual resources to cost-effectively obtain evidence about the plan's effectiveness? Which of the following is an appropriate test method to apply to a business continuity plan? Which of the following is MOST important to determine the recovery point objective for a critical process in an enterprise? Extent of data loss that is acceptable Which of the following issues should be the GREATEST concern to the IS auditor when reviewing an IT disaster recovery test? During the test, some of the backup systems were defective or not working, causing the test of these systems to fail. Which of the following is the BEST indicator of the effectiveness of backup and restore procedures while restoring data after a disaster? Recovery time objectives were met. Which of the following is the BEST method for determining the criticality of each application system in the production environment? Perform a business impact analysis. Which of the following is the BEST method to ensure that critical IT system failures do not recur? Perform root cause analysis. Which of the following is the BEST method to ensure that the business continuity plan remains up to date? The group walks through the different scenarios of the plan from beginning to end. Which of the following is the BEST reason for integrating the testing of noncritical systems in disaster recovery plans (DRPs) with business continuity plans (BCPs)? BCPs may assume the existence of capabilities that are not in DRPs. Which of the following is the GREATEST risk of an organization using reciprocal agreements for disaster recovery between two business units? Both entities are vulnerable to the same incident. Which of the following is the GREATEST risk when storage growth in a critical file server is not managed properly? Server recovery work may not meet the recovery time objective. Which of the following is the MOST critical element to effectively execute a disaster recovery plan? Offsite storage of backup data Which of the following is the MOST effective method for disposing of magnetic media that contains confidential information? Which of the following is the MOST efficient strategy for the backup of large quantities of mission-critical data when the systems need to be online to take sales orders 24 hours a day? Implementing a fault-tolerant disk-to-disk backup solution Which of the following is the MOST important consideration when defining recovery point objectives? Which of the following is the MOST important criterion when selecting a location for an offsite storage facility for IS backup files? The offsite facility must be: physically separated from the data center and not subject to the same risk. Which of the following is the MOST reasonable option for recovering a non- critical system? Which of the following is the PRIMARY objective of the business continuity plan process? To manage risk while recovering from an event that adversely affected operations Which of the following must exist to ensure the viability of a duplicate information processing facility? The workload of the primary site is monitored to ensure adequate backup is available. Which of the following provides the BEST evidence of an organization's disaster recovery capability readiness? Results of tests and exercises Which of the following recovery strategies is MOST appropriate for a business having multiple offices within a region and a limited recovery budget? A reciprocal arrangement between its offices Which of the following represents the GREATEST risk created by a reciprocal agreement for disaster recovery made between two companies? Developments may result in hardware and software incompatibility. Which of the following scenarios provides the BEST disaster recovery plan to implement for critical applications? Daily data backups that are stored offsite and a hot site located 140 kilometers from the main data center Which of the following should be a MAJOR concern for an IS auditor reviewing a business continuity plan? Test results are not adequately documented. Which of the following should be of MOST concern to an IS auditor reviewing the business continuity plan (BCP)? The responsibility for declaring a disaster is not identified. Which of the following stakeholders is the MOST important in terms of developing a business continuity plan? Which of the following statements is useful while drafting a disaster recovery plan Downtime costs increase with time. Which of the following tasks should be performed FIRST when preparing a disaster recovery plan? Perform a business impact analysis. Which of the following would be MOST important for an IS auditor to verify while conducting a business continuity audit? Human safety procedures are in place. Which of the following would BEST ensure uninterrupted operations in an organization with IT operation centers in several countries? Employee training on the business continuity plan Which of the following would BEST support 24/7 availability? Which of the following would be the MOST appropriate recovery strategy for a sensitive system with a high recovery time objective (RTO)? Which of the following would contribute MOST to an effective business continuity plan? Planning involves all user departments. While observing a full simulation of the business continuity plan, an IS auditor notices that the notification systems within the organizational facilities could be severely impacted by infrastructure damage. The BEST recommendation the IS auditor can provide to the organization is to ensure: redundancies are built into the notification system. While reviewing the IT infrastructure, an IS auditor notices that storage resources are continuously being added. The IS auditor should: review the capacity management process. With respect to business continuity strategies, an IS auditor interviews key stakeholders in an organization to determine whether they understand their roles and responsibilities. The IS auditor is attempting to evaluate the: clarity and simplicity of the business continuity plans. |
