BUSINESS CONTINUITY AND DISASTER RECOVERY

An organization has a recovery time objective (RTO) equal to zero and a recovery point objective (RPO) close to 1 minute for a critical system. This implies that the system can tolerate: A. a data loss of up to 1 minute, but the processing must be continuous. B. a 1-minute processing interruption but cannot tolerate any data loss. C. a processing interruption of 1 minute or more. D. both a data loss and a processing interruption longer than 1 minute.

A. A data loss of up to 1 minute but the processing must be continuous. Answer:A Explanation: The recovery time objective (RTO) measures an organization's tolerance for downtime and the recovery point objective (RPO) measures how much data loss can be accepted. Choices B, C and D are incorrect since they exceed the RTO limits set by the scenario.

An organization has outsourced its wide area network (WAN) to a third-party service provider. Under these circumstances, which of the following is the PRIMARY task the IS auditor should perform during an audit of business continuity (BCP) and disaster recovery planning (DRP)? A. Review whether the service provider's BCP process is aligned with the organization's BCP and contractual obligations. B. Review whether the service level agreement (SLA) contains a penalty clause in case of failure to meet the level of service in case of a disaster. C. Review the methodology adopted by the organization in choosing the service provider. D. Review the accreditation of the third-party service provider's staff.

A. Review whether the service provider's BCP process is aligned with the organization's BCP and contractual obligations Answer:A Explanation: Reviewing whether the service provider's business continuity plan (BCP) process is aligned with the organization's BCP and contractual obligations is the correct answer since an adverse effect or disruption to the business of the service provider has a direct bearing on the organization and its customers. Reviewing whether the service level agreement (SLA) contains a penalty clause in case of failure to meet the level of service in case of a disaster is not the correct answer since the presence of penalty clauses, although an essential element of a SLA, is not a primary concern. Choices C and D are possible concerns, but of lesser importance.

Facilitating telecommunications continuity by providing redundant combinations of local carrier T-1 lines, microwaves and/or coaxial cables to access the local communication loop: A. last-mile circuit protection. B. long-haul network diversity. C. diverse routing. D. alternative routing.

A. Last mile circuit protection Answer: A Explanation: The method of providing telecommunication continuity through the use of many recovery facilities, providing redundant combinations of local carrier T-ls, microwave and/or coaxial cable to access the local communication loop in the event of a disaster, is called last-mile circuit protection. Providing diverse long-distance network availability utilizing T-l circuits among major long-distance carriers is called long-haul network diversity. This ensures long-distance access should any one carrier experience a network failure. The method of routing traffic through split-cable facilities or duplicate-cable facilities is called diverse routing. Alternative routing is the method of routing information via an alternative medium, such as copper cable or fiber optics.

After a full operational contingency test, an IS auditor performs a review of the recovery steps. The auditor concludes that the time it took for the technological environment and systems to return to full-functioning exceeded the required critical recovery time. Which of the following should the auditor recommend? A. Perform an integral review of the recovery tasks. B. Broaden the processing capacity to gain recovery time. C. Make improvements in the facility's circulation structure. D. increase the amount of human resources involved in the recovery.

A. Perform an integral review of the recovery tasks. Answer: A Explanation: Performing an exhaustive review of the recovery tasks would be appropriate to identify the way these tasks were performed, identify the time allocated to each of the steps required to accomplish recovery, and determine where adjustments can be made. Choices B, C and D could be actions after the described review has been completed.

Which of the following is the MOST important criterion when selecting a location for an offsite storage facility for IS backup files? The offsite facility must be: A. physically separated from the data center and not subject to the same risks. B. given the same level of protection as that of the computer data center. C. outsourced to a reliable third party. D. equipped with surveillance capabilities.

A. Physcially separated from the data center and not subject to the same risks. Answer: A Explanation: It is important that there be an offsite storage location for IS files and that it be in a location not subject to the same risks as the primary data center. The other choices are all issues that must be considered when establishing the offsite location, but they are not as critical as the location selection.

A disaster recovery plan for an organization should: A. reduce the length of the recovery time and the cost of recovery. B. increase the length of the recovery time and the cost of recovery. C. reduce the duration of the recovery time and increase the cost of recovery. D. affect neither the recovery time nor the cost of recovery.

A. Reduce the length of the recovery time and the cost of recovery Answer: A Explanation: One of the objectives of a disaster recovery plan is to reduce the duration and cost of recovering from a disaster. A disaster recovery plan would increase the cost of operations before and after the disaster occurs, but should reduce the time to return to normal operations and the cost that could result from a disaster.

Which of the following would have the HIGHEST priority in a business continuity plan (BCP)? A. Resuming critical processes B. Recovering sensitive processes C. Restoring the site D. Relocating operations to an alternative site

A. Resuming critical processes. Answer: A Explanation: The resumption of critical processes has the highest priority as it enables business processes to begin immediately after the interruption and not later than the declared mean time between failure (MTBF). Recovery of sensitive processes refers to recovering the vital and sensitive processes that can be performed manually at a tolerable cost for an extended period of time and those that are not marked as high priority. Repairing and restoring the site to original status and resuming the business operations are time consuming operations and are not the highest priority. Relocating operations to an alternative site, either temporarily or permanently depending on the interruption, is a time consuming process; moreover, relocation may not be required.

An organization has just completed their annual risk assessment. Regarding the business continuity plan, what should an IS auditor recommend as the next step for the organization? A. Review and evaluate the business continuity plan for adequacy B. Perform a full simulation of the business continuity plan C. Train and educate employees regarding the business continuity plan D. Notify critical contacts in the business continuity plan

A. Review and evaluate the business continuity plan for adequacy. Explanation: The business continuity plan should be reviewed every time a risk assessment is completed for the organization. Training of the employees and a simulation should be performed after the business continuity plan has been deemed adequate for the organization. There is no reason to notify the business continuity plan contacts at this time.

As updates to an online order entry system are processed, the updates are recorded on a transaction tape and a hard copy transaction log. At the end of the day, the order entry files are backed up on tape. During the backup procedure, a drive malfunctions and the order entry files are lost. Which of the following is necessary to restore these files? A. The previous day's backup file and the current transaction tape B. The previous day's transaction file and the current transaction tape C. The current transaction tape and the current hard copy transaction log D. The current hard copy transaction log and the previous day's transaction file

A. The previous day's backup file and the current transaction tape. Answer: A Explanation: The previous day's backup file will be the most current historical backup of activity in the system. The current day's transaction file will contain all of the day's activity. Therefore, the combination of these two files will enable full recovery upto the point of interruption.

Which of the following is the GREATEST concern when an organization's backup facility is at a warm site? A. Timely availability of hardware B. Availability of heat, humidity and air conditioning equipment C. Adequacy of electrical power connections D. Effectiveness of the telecommunications network

A. Timely availability of hardware Answer: A Answer: A Explanation: A warm site has the basic infrastructure facilities implemented, such as power, air conditioning and networking, but is normally lacking computing equipment. Therefore, the availability of hardware becomes a primary concern

A structured walk-through test of a disaster recovery plan involves: A. representatives from each of the functional areas coming together to go over the plan. B. all employees who participate in the day-to-day operations coming together to practice executing the plan. C. moving the systems to the alternate processing site and performing processing operations. D. distributing copies of the plan to the various functional areas for review.

A. representatives from each of the functional areas coming together to go over the plan. Explanation: A structured walk-through test of a disaster recovery plan involves representatives from each of the functional areas coming together to review the plan to determine if the plan pertaining to their area is accurate and complete and can be implemented when required. Choice B is a simulation test to prepare and train the personnel who will be required to respond to disasters and disruptions. Choice C is a form of parallel testing to ensure that critical systems will perform satisfactorily in the alternate site. Choice D is a checklist test.

While designing the business continuity plan (BCP) for an airline reservation system, the MOST appropriate method of data transfer/backup at an offsite location would be: A. shadow file processing. B. electronic vaulting. C. hard-disk mirroring. D. hot-site provisioning.

A. shadow file processing Answer: A Explanation: In shadow file processing, exact duplicates of the files are maintained at the same site or at a remote site. The two files are processed concurrently. This is used for critical data files, such as airline booking systems. Electronic vaulting electronically transmits data either to direct access storage, an optical disc or another storage medium; this is a method used by banks. Hard-disk mirroring provides redundancy in case the primary hard disk fails. All transactions and operations occur on two hard disks in the same server. A hot site is an alternate site ready to take over business operations within a few hours of any business interruption and is not a method for backing up data.

Of the following alternatives, the FIRST approach to developing a disaster recovery strategy would be to assess whether: A. all threats can be completely removed. B. a cost-effective, built-in resilience can be implemented. C. the recovery time objective can be optimized. D. the cost of recovery can be minimized.

B. A cost effective, built in resilience can be implemented. Answer: B Explanation: It is critical to initially identify information assets that can be made more resilient to disasters, e.g., diverse routing, alternate paths or multiple communication carriers. It is impossible to remove all existing and future threats. The optimization of the recovery time objective and efforts to minimize the cost of recovery come later in the development of the disaster recovery strategy.

An IS auditor has audited a business continuity plan (BCP). Which of the following findings is the MOST critical? A. Nonavailability of an alternate private branch exchange (PBX) system B. Absence of a backup for the network backbone C. Lack of backup systems for the users' PCs D. Failure of the access card system

B. Absense of a backup for the network backbone. Answer: B Explanation: Failure of a network backbone will result in the failure of the complete network and impact the ability of all users to access information on the network. The nonavailability of an alternate PBX system will result in users not being able to make or receive telephone calls or faxes; however, users may have alternate means of communication, such as a mobile phone or e-mail. Lack of backup systems for user PCs will impact only the specific users, not all users. Failure of the access card system impacts the ability to maintain records of the users who are entering the specified work areas; however, this could be mitigated by manual monitoring controls.

Which of the following is the MOST important consideration when defining recovery point objectives (RPOs)? A. Minimum operating requirements B. Acceptable data loss C. Mean time between failures D. Acceptable time for recovery

B. Acceptable data loss. Answer: B Explanation: Recovery time objectives (RTOs) are the acceptable time delay in availability of business operations, while recovery point objectives (RPOs) are the level of data loss/reworking an organization is willing to accept. Mean time between failures and minimum operating requirements help in defining recovery strategies.

During a business continuity audit an IS auditor found that the business continuity plan (BCP) covered only critical processes. The IS auditor should: A. recommend that the BCP cover all business processes. B. assess the impact of the processes not covered. C. report the findings to the IT manager. D. redefine critical processes.

B. Assess the impact of the processes not covered Answer: B Explanation: The business impact analysis needs to be either updated or revisited to assess the risk of not covering all processes in the plan. It is possible that the cost of including all processes might exceed the value of those processes; therefore, they should not be covered. An IS auditor should substantiate this by analyzing the risk.

An IS auditor noted that an organization had adequate business continuity plans (BCPs) for each individual process, but no comprehensive BCP. Which would be the BEST course of action for the IS auditor? A. Recommend that an additional comprehensive BCP be developed. B. Determine whether the BCPs are consistent. C. Accept the BCPs as written. D. Recommend the creation of a single BCP.

B. Determine whether the BCPs are consistent Answer: B Explanation: Depending on the complexity of the organization, there could be more than one plan to address various aspects of business continuity and disaster recovery. These do not necessarily have to be integrated into one single plan; however, each plan should be consistent with other plans to have a viable business continuity planning strategy.

In addition to the backup considerations for all systems, which of the following is an important consideration in providing backup for online systems? A. Maintaining system software parameters B. Ensuring periodic dumps of transaction logs C. Ensuring grandfather-father-son file backups D. Maintaining important data at an offsite location

B. Ensuring periodic dumps of transaction logs. Answer: B Explanation: Ensuring periodic dumps of transaction logs is the only safe way of preserving timely historical datA. The volume of activity usually associated with an online system makes other more traditional methods of backup impractical.

In the event of a disruption or disaster, which of the following technologies provides for continuous operations? A. Load balancing B. Fault-tolerant hardware C. Distributed backups D. High-availability computing

B. Fault- tolerant hardware Answer: B Explanation: Fault-tolerant hardware is the only technology that currently supports continuous, uninterrupted service. Load balancing is used to improve the performance of the server by splitting the work between several servers based on workloads. High-availability (HA) computing facilities provide a quick but not continuous recovery, while distributed backups require longer recovery times.

Which of the following insurance types provide for a loss arising from fraudulent acts by employees? A. Business interruption B. Fidelity coverage C. Errors and omissions D. Extra expense

B. Fidelity coverage Answer: B Explanation: Fidelity insurance covers the loss arising from dishonest or fraudulent acts by employees. Business interruption insurance covers the loss of profit due to the disruption in the operations of an organization. Errors and omissions insurance provides legal liability protection in the event that the professional practitioner commits an act that results in financial loss to a client. Extra expense insurance is designed to cover the extra costs of continuing operations following a disaster/disruption within an organization.

A lower recovery time objective (RTO) results in: A. higher disaster tolerance. B. higher cost. C. wider interruption windows. D. more permissive data loss.

B. Higher cost Answer: B Explanation: A recovery time objective (RTO) is based on the acceptable downtime in case of a disruption of operations. The lower the RTO, the higher the cost of recovery strategies. The lower the disaster tolerance, the narrower the interruption windows, and thelesserthe permissive data loss.

The PRIMARY purpose of a business impact analysis (BIA) is to: A. provide a plan for resuming operations after a disaster. B. identify the events that could impact the continuity of an organization's operations. C. publicize the commitment of the organization to physical and logical security. D. provide the framework for an effective disaster recovery plan

B. Identify the events taht could impact the continuity of an organization's operations Answer: B Explanation: A business impact analysis (BIA) is one of the key steps in the development of a business continuity plan (BCP). A BIA will identify the diverse events that could impact the continuity of the operations of an organization.

The optimum business continuity strategy for an entity is determined by the: A. lowest downtime cost and highest recovery cost. B. lowest sum of downtime cost and recovery cost. C. lowest recovery cost and highest downtime cost. D. average of the combined downtime and recovery cost

B. Lowest sum of downtime cost and recovery cost. Answer: B Explanation: Both costs have to be minimized, and the strategy for which the costs are lowest is the optimum strategy. The strategy with the highest recovery cost cannot be the optimum strategy. The strategy with the highest downtime cost cannot be the optimum strategy. The average of the combined downtime and recovery cost will be higher than the lowest combined cost of downtime and recovery.

While reviewing the business continuity plan of an organization, an IS auditor observed that the organization's data and software files are backed up on a periodic basis. Which characteristic of an effective plan does this demonstrate? A. Deterrence B. Mitigation C. Recovery D. Response

B. Mitigation Answer: B Explanation: An effective business continuity plan includes steps to mitigate the effects of a disaster. Files must be restored on a timely basis for a backup plan to be effective. An example of deterrence is when a plan includes installation of firewalls for information systems. An example of recovery is when a plan includes an organization's hot site to restore normal business operations.

Which of the following is an appropriate test method to apply to a business continuity plan (BCP)? A. Pilot B. Paper C. Unit D. System

B. Paper Answer: B Explanation: A paper test is appropriate for testing a BCP. it is a walkthrough of the entire plan, or part of the plan, involving major players in the plan's execution, who reason out what may happen in a particular disaster. Choices A, C and D are not appropriate for a BCP.

Which of the following tasks should be performed FIRST when preparing a disaster recovery plan? A. Develop a recovery strategy. B. Perform a business impact analysis. C. Map software systems, hardware and network components. D. Appoint recovery teams with defined personnel, roles and hierarchy.

B. Perform a business impact analysis Answer: B Explanation: The first step in any disaster recovery plan is to perform a business impact analysis. All other tasks come afterwards.

An IS auditor can verify that an organization's business continuity plan (BCP) is effective by reviewing the: A. alignment of the BCP with industry best practices. B. results of business continuity tests performed by IS and end-user personnel. C. off-site facility, its contents, security and environmental controls. D. annual financial cost of the BCP activities versus the expected benefit of implementation

B. REsults of business continuity tests performed by IS and end-user personnel. Answer: B Explanation: The effectiveness of the business continuity plan (BCP) can best be evaluated by reviewing the results from previous business continuity tests for thoroughness and accuracy in accomplishing their stated objectives. All other choices do not provide the assurance of the effectiveness of the BCP.

In the event of a data center disaster, which of the following would be the MOST appropriate strategy to enable a complete recovery of a critical database? A. Daily data backup to tape and storage at a remote site B. Real-time replication to a remote site C. Hard disk mirroring to a local server D. Real-time data backup to the local storage area network (SAN)

B. Real time replication to a remote site. Answer: B Explanation: With real-time replication to a remote site, data are updated simultaneously in two separate locations; therefore, a disaster in one site would not damage the information located in the remote site. This assumes that both sites were not affected by the disaster. Daily tape backup recovery could lose up to a day's work of datA. Choices C and D take place in the same data center and could possibly be affected by the same disaster.

An IS auditor reviewing an organization's IS disaster recovery plan should verify that it is: A. tested every six months. B. regularly reviewed and updated. C. approved by the chief executive officer (CEO). D. communicated to every department head in the organization.

B. Regularly reviewed and updated. Answer: B Explanation: The plan should be reviewed at appropriate intervals, depending upon the nature of the business and the rate of change of systems and personnel. Otherwise, it may become out of date and may no longer be effective. The plan must be subjected to regular testing, but the period between tests will again depend on the nature of the organization and the relative importance of IS. Three months or even annually may be appropriate in different circumstances. Although the disaster recovery plan should receive the approval of senior management, it need not be the CEO if another executive officer is equally or more appropriate. For a purely IS-related plan, the executive responsible for technology may have approved the plan. Similarly, although a business continuity plan is likely to be circulated throughout an organization, the IS disaster recovery plan will usually be a technical document and only relevant to IS and communications staff.

The BEST method for assessing the effectiveness of a business continuity plan is to review the: A. plans and compare them to appropriate standards. B. results from previous tests. C. emergency procedures and employee training. D. offsite storage and environmental controls.

B. Results from previous tests. Answer: B Explanation: Previous test results will provide evidence of the effectiveness of the business continuity plan. Comparisons to standards will give some assurance that the plan addresses the critical aspects of a business continuity plan but will not reveal anything about its effectiveness. Reviewing emergency procedures, offsite storage and environmental controls would provide insight into some aspects of the plan but would fall short of providing assurance of the plan's overall effectiveness.

Which of the following procedures would BEST determine whether adequate recovery/restart procedures exist? A. Reviewing program code B. Reviewing operations documentation C. Turning off the UPS, then the power D. Reviewing program documentation

B. Reviewing operations documenation Answer: B Explanation: Operations documentation should contain recovery/restart procedures, so operations can return to normal processing in a timely manner. Turning off the uninterruptible power supply (UPS) and then turning off the power might create a situation for recovery and restart, but the negative effect on operations would prove this method to be undesirable. The review of program code and documentation generally does not provide evidence regarding recovery/restart procedures.

A financial services organization is developing and documenting business continuity measures. In which of the following cases would an IS auditor MOST likely raise an issue? A. The organization uses good practice guidelines instead of industry standards and relies on external advisors to ensure the adequacy of the methodology. B. The business continuity capabilities are planned around a carefully selected set of scenarios which describe events that might happen with a reasonable probability. C. The recovery time objectives (RTOs) do not take IT disaster recovery constraints into account, such as personnel or system dependencies during the recovery phase. D. The organization plans to rent a shared alternate site with emergency workplaces which has only enough room for half of the normal staff.

B. The business continutiy capabilities are planned around a carefully selected set of scenarios which describe events that might happen with a reasonable probability. Answer: B Explanation: It is a common mistake to use scenario planning for business continuity. The problem is that it is impossible to plan and document actions for every possible scenario. Planning for just selected scenarios denies the fact that even improbable events can cause an organization to break down. Best practice planning addresses the four possible areas of impact in a disaster: premises, people, systems, and suppliers and other dependencies. All scenarios can be reduced to these four categories and can be handled simultaneously. There are very few special scenarios which justify an additional separate analysis, it is a good idea to use best practices and external advice for such an important topic, especially since knowledge of the right level of preparedness and the judgment about adequacy of the measures taken is not available in every organization. The recovery time objectives (RTOs) are based on the essential business processes required to ensure the organization's survival, therefore it would be inappropriate for them to be based on IT capabilities. Best practice guidelines recommend having 20%-40% of normal capacity available at an emergency site; therefore, a value of 50% would not be a problem if there are no additional factors.

Integrating business continuity planning (BCP) into an IT project aids in: A. the retrofitting of the business continuity requirements. B. the development of a more comprehensive set of requirements. C. the development of a transaction flowchart. D. ensuring the application meets the user's needs.

B. The development of a more comprehensive set of requirements. Answer: B Explanation: Integrating business continuity planning (BCP) into the development process ensures complete coverage of the requirements through each phase of the project. Retrofitting of the business continuity plan's requirements occurs when BCP is not integrating into the development methodology. Transaction flowcharts aid in analyzing an application's controls. A business continuity plan will not directly address the detailed processing needs of the users.

Which of the following recovery strategies is MOST appropriate for a business having multiple offices within a region and a limited recovery budget? A. A hot site maintained by the business B. A commercial cold site C. A reciprocal arrangement between its offices D. A third-party hot site

C. A reciprocal arrangement between its offices. Answer: C Explanation: For a business having many offices within a region, a reciprocal arrangement among its offices would be most appropriate. Each office could be designated as a recovery site for some other office. This would be the least expensive approach to providing an acceptable level of confidence. A hot site maintained by the business would be a costly solution but would provide a high degree of confidence. Multiple cold sites leased for the multiple offices would lead to a costly solution with a high degree of confidence. A third-party facility for recovery is provided by a traditional hot site. This would be a costly approach providing a high degree of confidence.

A financial institution that processes millions of transactions each day has a central communications processor (switch) for connecting to automated teller machines (ATMs). Which of the following would be the BEST contingency plan for the communications processor? A. Reciprocal agreement with another organization B. Alternate processor in the same location C. Alternate processor at another network node D. Installation of duplex communication links

C. Alternate processor at another network node. Answer: C Explanation: The unavailability of the central communications processor would disrupt all access to the banking network. This could be caused by an equipment, power or communications failure. Reciprocal agreements make an organization dependent on the other organization and raise privacy, competition and regulatory issues. Having an alternate processor in the same location resolves the equipment problem, but would not be effective if the failure was caused by environmental conditions (i.e., power disruption). The installation of duplex communication links would only be appropriate if the failure were limited to the communication link.

The MAIN purpose for periodically testing offsite facilities is to: A. protect the integrity of the data in the database. B. eliminate the need to develop detailed contingency plans. C. ensure the continued compatibility of the contingency facilities. D. ensure that program and system documentation remains current.

C. Ensure the continued compatibility of the contingency facilities Answer: C Explanation: The main purpose of offsite hardware testing is to ensure the continued compatibility of the contingency facilities. Specific software tools are available to protect the ongoing integrity of the database. Contingency plans should not be eliminated and program and system documentation should be reviewed continuously for currency.

An advantage of the use of hot sites as a backup alternative is that: A. the costs associated with hot sites are low. B. hot sites can be used for an extended amount of time. C. hot sites can be made ready for operation within a short period of time. D. they do not require that equipment and systems software be compatible with the primary site.

C. Hot sites can be made ready for operation within a short period of time. Answer: C Explanation: Hot sites can be made ready for operation normally within hours. However, the use of hot sites is expensive, should not be considered as a long-term solution, and requires that equipment and systems software be compatible with the primary installation being backed up.

After implementation of a disaster recovery plan, pre-disaster and post-disaster operational costs for an organization will: A. decrease. B. not change (remain the same). C. increase. D. increase or decrease depending upon the nature of the business.

C. Increase Answer: C Explanation: There are costs associated with all activities and disaster recovery planning (DRP) is not an exception. Although there are costs associated with a disaster recovery plan, there are unknown costs that are incurred if a disaster recovery plan is not implemented.

In a contract with a hot, warm or cold site, contractual provisions should cover which of the following considerations? A. Physical security measures B. Total number of subscribers C. Number of subscribers permitted to use a site at one time D. References by other users

C. Number of subscribers permitted to use a site at one time Answer: C Explanation: The contract should specify the number of subscribers permitted to use the site at any one time. Physical security measures are not a part of the contract, although they are an important consideration when choosing a third-party site. The total number of subscribers is not a consideration; what is important is whether the agreement limits the number of subscribers in a building or in a specific areA. The references that other users can provide is a consideration taken before signing the contract; it is by no means part of the contractual provisions.

Regarding a disaster recovery plan, the role of an IS auditor should include: A. identifying critical applications. B. determining the external service providers involved in a recovery test. C. observing the tests of the disaster recovery plan. D. determining the criteria for establishing a recovery time objective (RTO).

C. Obesrving the tests of the disaster recovery plan Answer: C Explanation: The IS auditor should be present when disaster recovery plans are tested, to ensure that the test meets the targets for restoration, and the recovery procedures are effective and efficient. As appropriate, the auditor should provide a report of the test results. All other choices are a responsibility of management.

Which of the following is a practice that should be incorporated into the plan for testing disaster recovery procedures? A. Invite client participation. B. involve all technical staff. C. Rotate recovery managers. D. install locally-stored backup.

C. Rotate recovery managers. Answer: C Explanation: Recovery managers should be rotated to ensure the experience of the recovery plan is spread among the managers. Clients may be involved but not necessarily in every case. Not all technical staff should be involved in each test. Remote or offsite backup should always be used.

Which of the following would an IS auditor consider to be the MOST important to review when conducting a business continuity audit? A. A hot site is contracted for and available as needed. B. A business continuity manual is available and current. C. insurance coverage is adequate and premiums are current. D. Media backups are performed on a timely basis and stored offsite.

D. "Media backups are performed on a timely basis and stored offsite. Answer: D Explanation: Without data to process, all other components of the recovery effort are in vain. Even in the absence of a plan, recovery efforts of any type would not be practical without data to process.

A disaster recovery plan for an organization's financial system specifies that the recovery point objective (RPO) is no data loss and the recovery time objective (RTO) is 72 hours. Which of the following is the MOST cost-effective solution? A. A hot site that can be operational in eight hours with asynchronous backup of the transaction logs B. Distributed database systems in multiple locations updated asynchronously C. Synchronous updates of the data and standby active systems in a hot site D. Synchronous remote copy of the data in a warm site that can be operational in 48 hours

D. A Synchronous remote copy of the data in a warm site that can be operational in 48 hours. Answer: D Explanation: The synchronous copy of the storage achieves the RPO objective and a warm site operational in 48 hours meets the required RTO. Asynchronous updates of the database in distributed locations do not meet the RPO. Synchronous updates of the data and standby active systems in a hot site meet the RPO and RTO requirements but are more costly than a warm site solution.

An IS auditor conducting a review of disaster recovery planning (DRP) at a financial processing organization has discovered the following: • The existing disaster recovery plan was compiled two years earlier by a systems analyst in the organization's IT department using transaction flow projections from the operations department. • The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting their attention. • The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for its area in the event of a disruptive incident. The IS auditor's report should recommend that: A. the deputy CEO be censured for their failure to approve the plan. B. a board of senior managers is set up to review the existing plan. C. the existing plan is approved and circulated to all key management and staff. D. a manager coordinates the creation of a new or revised plan within a defined time limit

D. A manager coordinates the creation of a new or revised plan within a defined time limit. Answer: D Explanation: The primary concern is to establish a workable disaster recovery plan, which reflects current processing volumes to protect the organization from any disruptive incident. Censuring the deputy CEO will not achieve this and is generally not within the scope of an IS auditor to recommend. Establishing a board to review the plan, which is two years out of date, may achieve an updated plan, but is not likely to be a speedy operation, and issuing the existing plan would be folly without first ensuring that it is workable. The best way to achieve a disaster recovery plan in a short time is to make an experienced manager responsible for coordinating the knowledge of other managers into a single, formal document within a defined time limit.

A large chain of shops with electronic funds transfer (EFT) at point-of-sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communications processor? A. Offsite storage of daily backups B. Alternative standby processor onsite C. installation of duplex communication links D. Alternative standby processor at another network node

D. Alternative standby processor at another network. Answer: D Explanation: Having an alternative standby processor at another network node would be the best solution. The unavailability of the central communications processor would disrupt all access to the banking network, resulting in the disruption of operations for allof the shops. This could be caused by failure of equipment, power or communications. Offsite storage of backups would not help, since EFT tends to be an online process and offsite storage will not replace the dysfunctional processor. The provision ofan alternate processor onsite would be fine if it were an equipment problem, but would not help in the case of a power outage, installation of duplex communication links would be most appropriate if it were only the communication link that failed.

Which of the following is the MOST reasonable option for recovering a noncritical system? A. Warm site B. Mobile site C. Hot site D. Cold site

D. Cold Site Answer: D Explanation: Generally a cold site is contracted for a longer period at a lower cost. Since it requires more time to make a cold site operational, it is generally used for noncritical applications. A warm site is generally available at a medium cost, requires less time to become operational and is suitable for sensitive operations. A mobile site is a vehicle ready with all necessary computer equipment that can be moved to any cold or warm site depending upon the need. The need for a mobile site depends uponthe scale of operations. A hot site is contracted for a shorter time period at a higher cost and is better suited for recovery of vital and critical applications.

The responsibilities of a disaster recovery relocation team include: A. obtaining, packaging and shipping media and records to the recovery facilities, as well as establishing and overseeing an offsite storage schedule. B. locating a recovery site, if one has not been predetermined, and coordinating the transport of company employees to the recovery site. C. managing the relocation project and conducting a more detailed assessment of the damage to the facilities and equipment. D. coordinating the process of moving from the hot site to a new location or to the restored original location.

D. Coordination the process of moving from the hot site to a new location or to the restored orignal location. Answer: D Explanation: Choice A describes an offsite storage team, choice B defines a transportation team and choice C defines a salvage team.

Online banking transactions are being posted to the database when processing suddenly comes to a halt. The integrity of the transaction processing is BEST ensured by: A. database integrity checks. B. validation checks. C. input controls. D. database commits and rollbacks

D. Database commits and rollbacks. Answer: D Explanation: Database commits ensure the data are saved to disk, while the transaction processing is underway or complete. Rollback ensures that the already completed processing is reversed back, and the data already processed are not saved to the disk in the event of the failure of the completion of the transaction processing. All other options do not ensure integrity while processing is underway.

The PRIMARY objective of business continuity and disaster recovery plans should be to: A. safeguard critical IS assets. B. provide for continuity of operations. C. minimize the loss to an organization. D. protect human life.

D. Protect human life Answer: D Explanation: Since human life is invaluable, the main priority of any business continuity and disaster recovery plan should be to protect people. All other priorities are important but are secondary objectives of a business continuity and disaster recovery plan.

To provide protection for media backup stored at an offsite location, the storage site should be: A. located on a different floor of the building. B. easily accessible by everyone. C. clearly labeled for emergency access. D. protected from unauthorized access.

D. Protected from unauthorized access. Answer: D Explanation: The offsite storage site should always be protected against unauthorized access and have at least the same security requirements as the primary site. Choice A is incorrect because, if the backup is in the same building, it may suffer the same event and may be inaccessible. Choices B and C represent access risks.

Which of the following provides the BEST evidence of an organization's disaster recovery readiness? A. A disaster recovery plan B. Customer references for the alternate site provider C. Processes for maintaining the disaster recovery plan D. Results of tests and drills

D. Results of tests and drills Answer: D Explanation: Plans are important, but mere plans do not provide reasonable assurance unless tested. References for the alternate site provider and the existence and maintenance of a disaster recovery plan are important, but only tests and drills demonstrate the adequacy of the plans and provide reasonable assurance of an organization's disaster recovery readiness.

Which of the following is the GREATEST risk when storage growth in a critical file server is not managed properly? A. Backup time would steadily increase B. Backup operational cost would significantly increase C. Storage operational cost would significantly increase D. Server recovery work may not meet the recovery time objective (RTO)

D. Server recovery work may not meet the recovery time objective (RTO) Answer: D Explanation: In case of a crash, recovering a server with an extensive amount of data could require a significant amount of time. If the recovery cannot meet the recovery time objective (RTO), there will be a discrepancy in IT strategies. It's important to ensurethat server restoration can meet the RTO. Incremental backup would only take the backup of the daily differential, thus a steady increase in backup time is not always true. The backup and storage costs issues are not as significant as not meeting the RTO.

Which of the following should be of MOST concern to an IS auditor reviewing the BCP? A. The disaster levels are based on scopes of damaged functions, but not on duration. B. The difference between low-level disaster and software incidents is not clear. C. The overall BCP is documented, but detailed recovery steps are not specified. D. The responsibility for declaring a disaster is not identified.

D. The responsibility for declaring a disaster is not identified Answer: D Explanation: If nobody declares the disaster, the response and recovery plan would not be invoked, making all other concerns mute. Although failure to consider duration could be a problem, it is not as significant as scope, and neither is as critical as the need to have someone invoke the plan. The difference between incidents and low-level disasters is always unclear and frequently revolves around the amount of time required to correct the damage. The lack of detailed steps should be documented, but their absence does not mean a lack of recovery, if in fact someone has invoked the plan.

Which of the following ensures the availability of transactions in the event of a disaster? A. Send tapes hourly containing transactions offsite, B. Send tapes daily containing transactions offsite. C. Capture transactions to multiple storage devices. D. Transmit transactions offsite in real time.

D. Transmit transactions offsite in real time. Answer: D Explanation: The only way to ensure availability of all transactions is to perform a real-time transmission to an offsite facility. Choices A and B are not in real time and, therefore, would not include all the transactions. Choice C does not ensure availabilityat an offsite location.

Which of the following activities should the business continuity manager perform FIRST after the replacement of hardware at the primary information processing facility? A. Verify compatibility with the hot site. B. Review the implementation report. C. Perform a walk-through of the disaster recovery plan. D. Update the IS assets inventory.

D. Update the IS assets inventory Answer: D Explanation: An IS assets inventory is the basic input for the business continuity/disaster recovery plan, and the plan must be updated to reflect changes in the IS infrastructure. The other choices are procedures required to update the disaster recovery plan after having updated the required assets inventory.

When developing a disaster recovery plan, the criteria for determining the acceptable downtime should be the: A. annualized loss expectancy (ALE). B. service delivery objective. C. quantity of orphan data. D. maximum tolerable outage.

D. maximum tolerable outage. Answer: D Explanation: The recovery time objective is determined based on the acceptable downtime in case of a disruption of operations, it indicates the maximum tolerable outage that an organization considers to be acceptable before a system or process must resume following a disaster. Choice A is incorrect, because the acceptable downtime would not be determined by the annualized loss expectancy (ALE). Choices B and C are relevant to business continuity, but they are not determined by acceptable downtime.

Network Data Management Protocol (NDMP) technology should be used for backup if: A. a network attached storage (NAS) appliance is required. B. the use of TCP/I P must be avoided. C. file permissions that can not be handled by legacy backup systems must be backed up. D. backup consistency over several related data volumes must be ensured.

A. A network attached storage (NAS) applicance is required Answer: A Explanation: NDMP defines three kind of services: a data service that interfaces with the primary storage to be backed up or restored, a tape service that interfaces with the secondary storage (primarily a tape device), and a translator service performing translations including multiplexing multiple data streams into one data stream and vice versA. NDMP services interact with each other. The result of this interaction is the establishment of an NDMP control session if the session is being used to achieve control for the backup or restore operation. It would result in an NDMP data session if the session is being used to transfer actual file system or volume data (including metadata). Control sessions are always TCP/IP-based, but data streams can be TCP/lP-or SAN-based. NDMP is more or less NAS-centric and defines a way to back up and restore data from a device, such as a NAS appliance, on which it is difficult to install a backup software agent, in the absence of NDMP, this data must be backed up as a shared drive on the LAN, which is accessed via network file protocols, such as Common Internet File System (CIFS) or Network File System (NFS), degrading backup performance. NDMP works on a block level for transferring payload data (file content)but metadata and traditional file system information needs to be handled by legacy backup systems that initiate NDMP data movement. NDMP does not know about nor takes care of consistency issues regarding related volumes (e.g., a volume to store data

When auditing a disaster recovery plan for a critical business area, an IS auditor finds that it does not cover all the systems. Which of the following is the MOST appropriate action for the IS auditor? A. Alert management and evaluate the impact of not covering all systems. B. Cancel the audit. C. Complete the audit of the systems covered by the existing disaster recovery plan. D. Postpone the audit until the systems are added to the disaster recovery plan.

A. Alert management and evaluate the impact of not covering all systems. Answer: A Explanation: An IS auditor should make management aware that some systems are omitted from the disaster recovery plan. An IS auditor should continue the audit and include an evaluation of the impact of not including all systems in the disaster recovery plan. Cancelling the audit, ignoring the fact that some systems are not covered or postponing the audit are inappropriate actions to take.

If a database is restored using before-image dumps, where should the process begin following an interruption? A. Before the last transaction B. After the last transaction C. As the first transaction after the latest checkpoint D. As the last transaction before the latest checkpoint

A. Before the last transaction Answer: A Explanation: If before images are used, the last transaction in the dump will not have updated the database prior to the dump being taken. The last transaction will not have updated the database and must be reprocessed. Program checkpoints are irrelevant in this situation.

Which of the following would BEST ensure continuity of a wide area network (WAN) across the organization? A. Built-in alternative routing B. Completing full system backup daily C. A repair contract with a service provider D. A duplicate machine alongside each server

A. Built-in alternative routing Answer: A Explanation: Alternative routing would ensure the network would continue if a server is lost or if a link is severed as message rerouting could be automatic. System backup will not afford immediate protection. The repair contract is not as effective as perm a nentalte (native routing. Standby servers will not provide continuity if a link is severed.

Due to changes in IT, the disaster recovery plan of a large organization has been changed. What is the PRIMARY risk if the new plan is not tested? A. Catastrophic service interruption B. High consumption of resources C. Total cost of the recovery may not be minimized D. Users and recovery teams may face severe difficulties when activating the plan

A. Catastrophic service interruption Answer: A Explanation: Choices B, C and D are all possible problems that might occur, and would cause difficulties and financial losses or waste of resources. However, if a new disaster recovery plan is not tested, the possibility of a catastrophic service interruption is the most critical of all risks

With respect to business continuity strategies, an IS auditor interviews key stakeholders in an organization to determine whether they understand their roles and responsibilities. The IS auditor is attempting to evaluate the: A. clarity and simplicity of the business continuity plans. B. adequacy of the business continuity plans. C. effectiveness of the business continuity plans. D. ability of IS and end-user personnel to respond effectively in emergencies.

A. Clarity and simplicity of the business continuity plans. Answer: A Explanation: The IS auditor should interview key stakeholders to evaluate how well they understand their roles and responsibilities. When all stakeholders have a detailed understanding of their roles and responsibilities in the event of a disaster, an IS auditor can deem the business continuity plan to be clear and simple. To evaluate adequacy, the IS auditor should review the plans and compare them to appropriate standards. To evaluate effectiveness, the IS auditor should review the results from previous tests. This is the best determination for the evaluation of effectiveness. An understanding of roles and responsibilities by key stakeholders will assist in ensuring the business continuity plan is effective. To evaluate the response, the IS auditor should review results of continuity tests. This will provide the IS auditor with assurance that target and recovery times are met. Emergency procedures and employee training need to be reviewed to determine whether the organization had implemented plans to allow for the effective response.

An offsite information processing facility with electrical wiring, air conditioning and flooring, but no computer or communications equipment, is a: A. cold site. B. warm site. C. dial-up site. D. duplicate processing facility.

A. Cold site Answer: A Explanation: A cold site is ready to receive equipment but does not offer any components at the site in advance of the need. A warm site is an offsite backup facility that is partially configured with network connections and selected peripheral equipment-such as disk and tape units, controllers and CPUs-to operate an information processing facility. A duplicate information processing facility is a dedicated, self-developed recovery site that can back up critical applications.

Which of the following represents the GREATEST risk created by a reciprocal agreement for disaster recovery made between two companies? A. Developments may result in hardware and software incompatibility. B. Resources may not be available when needed. C. The recovery plan cannot be tested. D. The security infrastructures in each company may be different

A. Developments may result in hardware and software incompatibility Answer: A Explanation: If one organization updates its hardware and software configuration, it may mean that it is no longer compatible with the systems of the other party in the agreement. This may mean that each company is unable to use the facilities at the other company to recover their processing following a disaster. Resources being unavailable when needed are an intrinsic risk in any reciprocal agreement, but this is a contractual matter and is not the greatest risk. The plan can be tested by paper-based walkthroughs, and possibly by agreement between the companies. The difference in security infrastructures, while a risk, is not insurmountable.

A hot site should be implemented as a recovery strategy when the: A. disaster tolerance is low. B. recovery point objective (RPO) is high. C. recovery time objective (RTO) is high. D. disaster tolerance is high.

A. Disaster tolerance is low. Answer: A Explanation: Disaster tolerance is the time gap during which the business can accept nonavailability of IT facilities. If this time gap is low, recovery strategies that can be implemented within a short period of time, such as a hot site, should be used. The RPO is the earliest point in time at which it is acceptable to recover the datA. A high RPO means that the process can wait for a longer time. In such cases, other recovery alternatives, such as warm or cold sites, should be considered. A high RTO means that additional time would be available for the recovery strategy, thus making other recovery alternatives-such as warm or cold sitesviable alternatives.

Management considered two projections for its business continuity plan; plan A with two months to recover and plan B with eight months to recover. The recovery objectives are the same in both plans. It is reasonable to expect that plan B projected higher: A. downtime costs. B. resumption costs. C. recovery costs. D. walkthrough costs.

A. Dowtime costs. Answer: A Explanation: Since the recovery time is longer in plan B, resumption and recovery costs can be expected to be lower. Walkthrough costs are not a part of disaster recovery. Since the management considered a higher window for recovery in plan B, downtime costs included in the plan are likely to be higher.

The activation of an enterprise's business continuity plan should be based on predetermined criteria that address the: A. duration of the outage. B. type of outage. C. probability of the outage. D. cause of the outage.

A. Duration of the outage. Answer:A Explanation: The initiation of a business continuity plan (action) should primarily be based on the maximum period for which a business function can be disrupted before the disruption threatens the achievement of organizational objectives.

During an audit of a business continuity plan (BCP), an IS auditor found that, although all departments were housed in the same building, each department had a separate BCP. The IS auditor recommended that the BCPs be reconciled. Which of the following areas should be reconciled FIRST? A. Evacuation plan B. Recovery priorities C. Backup storages D. Call tree

A. Evacuation plan Answer: A Explanation: Protecting human resources during a disaster-related event should be addressed first. Having separate BCPs could result in conflicting evacuation plans, thus jeopardizing the safety of staff and clients. Choices B, C and D may be unique to each department and could be addressed separately, but still should be reviewed for possible conflicts and/or the possibility of cost reduction, but only after the issue of human safety has been analyzed.

The cost of ongoing operations when a disaster recovery plan is in place, compared to not having a disaster recovery plan, will MOST likely: A. increase. B. decrease. C. remain the same. D. be unpredictable.

A. Increase Answer: A Explanation: Due to the additional cost of disaster recovery planning (DRP) measures, the cost of normal operations for any organization will always increase after a DRP implementation, i.e., the cost of normal operations during a nondisaster period will be morethan the cost of operations during a nondisaster period when no disaster recovery plan was in place.

An offsite information processing facility: A. should have the same amount of physical access restrictions as the primary processing site. B. should be easily identified from the outside so that, in the event of an emergency, it can be easily found. C. should be located in proximity to the originating site, so it can quickly be made operational. D. need not have the same level of environmental monitoring as the originating site.

A. Should have the same amount of physcial access restrictions as the primary processing site. Answer: A Explanation: An offsite information processing facility should have the same amount of physical control as the originating site. It should not be easily identified from the outside to prevent intentional sabotage. The offsite facility should not be subject to the same natural disaster that could affect the originating site and thus should not be located in proximity of the original site. The offsite facility should possess the same level of environmental monitoring and control as the originating site.

A live test of a mutual agreement for IT system recovery has been carried out, including a four-hour test of intensive usage by the business units. The test has been successful, but gives only partial assurance that the: A. system and the IT operations team can sustain operations in the emergency environment. B. resources and the environment could sustain the transaction load. C. connectivity to the applications at the remote site meets response time requirements. D. workflow of actual business operations can use the emergency system in case of a disaster.

A. System and the IT operations team an sustain operations in the emergeny environment. Answer: A Explanation: The applications have been intensively operated, therefore choices B, C and D have been actually tested, but the capability of the system and the IT operations team to sustain and support this environment (ancillary operations, batch closing, error corrections, output distribution, etc.) is only partially tested.

Disaster recovery planning (DRP) addresses the: A. technological aspect of business continuity planning. B. operational piece of business continuity planning. C. functional aspect of business continuity planning. D. overall coordination of business continuity planning.

A. Technological aspect of business continuity planning. Answer: A Explanation: Disaster recovery planning (DRP) is the technological aspect of business continuity planning. Business resumption planning addresses the operational part of business continuity planning.

Which of the following disaster recovery/continuity plan components provides the GREATEST assurance of recovery after a disaster? A. The alternate facility will be available until the original information processing facility is restored. B. User management is involved in the identification of critical systems and their associated critical recovery times. C. Copies of the plan are kept at the homes of key decision-making personnel. D. Feedback is provided to management assuring them that the business continuity plans are indeed workable and that the procedures are current.

A. The alternate facility will be available until the original information processing facility is restored. Answer: A Explanation: The alternate facility should be made available until the original site is restored to provide the greatest assurance of recovery after a disaster. Without this assurance, the plan will not be successful. All other choices ensure prioritization or the execution of the plan.

If the recovery time objective (RTO) increases: A. the disaster tolerance increases. B. the cost of recovery increases. C. a cold site cannot be used. D. the data backup frequency increases.

A. The disaster tolerance increases. Answer: A Explanation: The longer the recovery time objective (RTO), the higher disaster tolerance and the lower the recovery cost. It cannot be concluded that a cold site is inappropriate or that the frequency of data backup would increase.

During an audit, an IS auditor notes that an organization's business continuity plan (BCP) does not adequately address information confidentiality during a recovery process. The IS auditor should recommend that the plan be modified to include: A. the level of information security required when business recovery procedures are invoked. B. information security roles and responsibilities in the crisis management structure. C. information security resource requirements. D. change management procedures for information security that could affect business continuity arrangements.

A. The level of information security required when business recovery procedures are invoked. Answer:A Explanation: Business should consider whether information security levels required during recovery should be the same, lower or higher than when business is operating normally. In particular, any special rules for access to confidential data during a crisis needto be identified. The other choices do not directly address the information confidentiality issue.

There are several methods of providing telecommunications continuity. The method of routing traffic through split cable or duplicate cable facilities is called: A. alternative routing. B. diverse routing. C. long-haul network diversity. D. last-mile circuit protection.

Answer: B Explanation: Diverse routing routes traffic through split-cable facilities or duplicate-cable facilities. This can be accomplished with different and/or duplicate cable sheaths, if different cable sheaths are used, the cable may be in the same conduit and, therefore, subject to the same interruptions as the cable it is backing up. The communication service subscriber can duplicate the facilities by having alternate routes, although the entrance to and from the customer premises may be in the same conduit. The subscriber can obtain diverse routing and alternate routing from the local carrier, including dual-entrance facilities. This type of access is time consuming and costly. Alternative routing is a method of routing information via an alternate medium, such as copper cable or fiber optics. This involves use of different networks, circuits or end points should the normal network be unavailable. Long-haul network diversity is a diverse, long-distance network utilizing T-l circuits among the major long-distance carriers. It ensures long-distance access should any carrier experience a network failure. Last-mile circuit protection is a redundant combination of local carrier T-ls, microwave and/or coaxial cable access to the local communications loop. This enables the facility to have access during a local carrier communication disaster. Alternate local-carrier routing is also utilized

While observing a full simulation of the business continuity plan, an IS auditor notices that the notification systems within the organizational facilities could be severely impacted by infra structural damage. The BEST recommendation the IS auditor can provide to the organization is to ensure: A: the salvage team is trained to use the notification system. B: the notification system provides for the recovery of the backup. C: redundancies are built into the notification system. D: the notification systems are stored in a vault.

Answer: C reduncancies are built into the notification system. Answer: C Explanation: If the notification system has been severely impacted by the damage, redundancy would be the best control. The salvage team would not be able to use a severely damaged notification system, even if they are trained to use it. The recovery of the backups has no bearing on the notification system and storing the notification system in a vault would be of little value if the building is damaged.

An organization's disaster recovery plan should address early recovery of: A. all information systems processes. B. all financial processing applications. C. only those applications designated by the IS manager. D. processing in priority order, as defined by business management.

Answer: D Explanation: Business management should know which systems are critical and when they need to process well in advance of a disaster. It is management's responsibility to develop and maintain the plan. Adequate time will not be available for this determination once the disaster occurs. IS and the information processing facility are service organizations that exist for the purpose of assisting the general user management in successfully performing their jobs.

In determining the acceptable time period for the resumption of critical business processes: A. only downtime costs need to be considered. B. recovery operations should be analyzed. C. both downtime costs and recovery costs need to be evaluated. D. indirect downtime costs should be ignored.

C. Both downtime costs and recovery costs need to be evaluated Answer: C Explanation: Both downtime costs and recovery costs need to be evaluated in determining the acceptable time period before the resumption of critical business processes. The outcome of the business impact analysis (BIA) should be a recovery strategy that represents the optimal balance. Downtime costs cannot be looked at in isolation. The quicker information assets can be restored and business processing resumed, the smaller the downtime costs. However, the expenditure needed to have the redundant capability required to recover information resources might be prohibitive for nonessential business processes. Recovery operations do not determine the acceptable time period for the resumption of critical business processes, and indirect downtime costs should be considered in addition to the direct cash outflows incurred due to business disruption. The indirect costs of a serious disruption to normal business activity, e.g., loss of customer and supplier goodwill and loss of market share, may actually be more significant than direct costs over time, thus reaching the point where business viability is threatened.

To develop a successful business continuity plan, end user involvement is critical during which of the following phases? A. Business recovery strategy B. Detailed plan development C. Business impact analysis (BIA) D. Testing and maintenance

C. Business impact analysis (BIA) Answer: C Explanation: End user involvement is critical in the BIA phase. During this phase the current operations of the business needs to be understood and the impact on the business of various disasters must be evaluated. End users are the appropriate persons to provide relevant information for these tasks, inadequate end user involvement in this stage could result in an inadequate understanding of business priorities and the plan not meeting the requirements of the organization.

An organization has implemented a disaster recovery plan. Which of the following steps should be carried out next? A. Obtain senior management sponsorship. B. Identify business needs. C. Conduct a paper test. D. Perform a system restore test.

C. Conduct a paper test. Answer: C Explanation: A best practice would be to conduct a paper test. Senior management sponsorship and business needs identification should have been obtained prior to implementing the plan. A paper test should be conducted first, followed by system or full testing.

Which of the following backup techniques is the MOST appropriate when an organization requires extremely granular data restore points, as defined in the recovery point objective (RPO)? A. Virtual tape libraries B. Disk-based snapshots C. Continuous data backup D. Disk-to-tape backup

C. Continuous backup Answer: C Explanation: The recovery point objective (RPO) is based on the acceptable data loss in the case of a disruption. In this scenario the organization needs a short RPO. Virtual tape libraries, diskbased snapshots and disk-to-tape backup would require time to complete the backup, while continuous data backup happens online (in real time).

As part of the business continuity planning process, which of the following should be identified FIRST in the business impact analysis? A. Organizational risks, such as single point-of-failure and infrastructure risk B. Threats to critical business processes C. Critical business processes for ascertaining the priority for recovery D. Resources required for resumption of business

C. Critical business processes for ascertaining the priority for recovery. Answer: C Explanation: The identification of the priority for recovering critical business processes should be addressed first. Organizational risks should be identified next, followed by the identification of threats to critical business processes. Identification of resources for business resumption will occur after the tasks mentioned.

After completing the business impact analysis (BIA), what is the next step in the business continuity planning process? A. Test and maintain the plan. B. Develop a specific plan. C. Develop recovery strategies. D. implement the plan.

C. Develop recovery strategies Answer: C Explanation: The next phase in the continuity plan development is to identify the various recovery strategies and select the most appropriate strategy for recovering from a disaster. After selecting a strategy, a specific plan can be developed, tested and implemented.

The PRIMARY purpose of implementing Redundant Array of Inexpensive Disks (RAID) level 1 in a file server is to: A. achieve performance improvement. B. provide user authentication. C. ensure availability of data. D. ensure the confidentiality of data.

C. Ensure availability of data. Answer: C Answer: C Explanation: RAID level 1 provides disk mirroring. Data written to one disk are also written to another disk. Users in the network access data in the first disk; if disk one fails, the second disk takes over. This redundancy ensures the availability of datA. RAID level 1 does not improve performance, has no relevance to authentication and does nothing to provide for data confidentiality.

An IS auditor conducting a review of disaster recovery planning (DRP) at a financial processing organization has discovered the following: • The existing disaster recovery plan was compiled two years earlier by a systems analyst in the organization's IT department using transaction flow projections from the operations department. • The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his/her attention. • The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for its area in the event of a disruptive incident. The basis of an organization's disaster recovery plan is to reestablish live processing at an alternative site where a similar, but not identical, hardware configuration is already established. An IS auditor should: A. take no action as the lack of a current plan is the only significant finding. B. recommend that the hardware configuration at each site is identical. C. perform a review to verify that the second configuration can support live processing. D. report that the financial expenditure on the alternative site is wasted without an effective plan.

C. Perform a review to verify that the second configuration can support live processing Answer: C Explanation: An IS auditor does not have a finding unless it can be shown that the alternative hardware cannot support the live processing system. Even though the primary finding is the lack of a proven and communicated disaster recovery plan, it is essential that this aspect of recovery is included in the audit. If it is found to be inadequate, the finding will materially support the overall audit opinion. It is certainly not appropriate to take no action at all, leaving this important factor untested. Unless it is shown that the alternative site is inadequate, there can be no comment on the expenditure, even if this is considered a proper comment for the IS auditor to make. Similarly, there is no need for the configurations to be identical. The alternative site could actually exceed the recovery requirements if it is also used for other work, such as other processing or systems development and testing. The only proper course of action at this point would be to find out if the recovery site can actually cope with a recovery.

Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost-effectively obtain evidence about the plan's effectiveness? A. Paper test B. Post test C. Preparedness test D. Walkthrough

C. Preparedness test. Answer: C Explanation: A preparedness test is a localized version of a full test, wherein resources are expended in the simulation of a system crash. This test is performed regularly on different aspects of the plan and can be a cost-effective way to gradually obtain evidence about the plan's effectiveness. It also provides a means to improve the plan in increments. A paper test is a walkthrough of the plan, involving major players, who attempt to determine what might happen in a particular type of service disruption in the plan's execution. A paper test usually precedes the preparedness test. A post-test is actually a test phase and is comprised of a group of activities, such as returning all resources to their proper place, disconnecting equipment, returning personnel and deleting all company data from thirdparty systems. A walkthrough is a test involving a simulated disaster situation that tests the preparedness and understanding of management and staff, rather than the actual resources.

To address an organization's disaster recovery requirements, backup intervals should not exceed the: A. service level objective (SLO). B. recovery time objective (RTO). C. recovery point objective (RPO). D. maximum acceptable outage (MAO).

C. Recovery point objective (RPO) Answer: C Explanation: The recovery point objective (RPO) defines the point in time to which data must be restored after a disaster so as to resume processing transactions. Backups should be performed in a way that the latest backup is no older than this maximum time frame. If service levels are not met, the usual consequences are penalty payments, not cessation of business. Organizations will try to set service level objectives (SLOs) so as to meet established targets. The resulting time for the service level agreement (SLA) will usually be longer than the RPO. The recovery time objective (RTO) defines the time period after the disaster in which normal business functionality needs to be restored. The maximum acceptable outage (MAO) is the maximum amount of system downtime that is tolerable. It can be used as a synonym for RTO. However, the RTO denotes an objective/target, while the MAO constitutes a vital necessity for an organization's survival.

In which of the following situations is it MOST appropriate to implement data mirroring as the recovery strategy? A. Disaster tolerance is high. B. Recovery time objective is high. C. Recovery point objective is low. D. Recovery point objective is high.

C. Recovery point objective is low. Answer: C Explanation: A recovery point objective (RPO) indicates the latest point in time at which it is acceptable to recover the datA. If the RPO is low, data mirroring should be implemented as the data recovery strategy. The recovery time objective (RTO) is an indicator of the disaster tolerance. The lower the RTO, the lower the disaster tolerance. Therefore, choice C is the correct answer.

During the design of a business continuity plan, the business impact analysis (BIA) identifies critical processes and supporting applications. This will PRIMARILY influence the: A. responsibility for maintaining the business continuity plan. B. criteria for selecting a recovery site provider. C. recovery strategy. D. responsibilities of key personnel.

C. Recovery strategy Answer: C Explanation: The most appropriate strategy is selected based on the relative risk level and criticality identified in the business impact analysis (BIA.) The other choices are made after the selection or design of the appropriate recovery strategy.

IS management has decided to install a level 1 Redundant Array of Inexpensive Disks (RAID) system in all servers to compensate for the elimination of offsite backups. The IS auditor should recommend: A. upgrading to a level 5 RAID. B. increasing the frequency of onsite backups. C. reinstating the offsite backups. D. establishing a cold site in a secure location

C. Reinstating the offsite backups Answer: C Explanation: A RAID system, at any level, will not protect against a natural disaster. The problem will not be alleviated without offsite backups, more frequent onsite backups or even setting up a cold site. Choices A, B and D do not compensate for the lack of offsite backup.

When developing a business continuity plan (BCP), which of the following tools should be used to gain an understanding of the organization's business processes? A. Business continuity self-audit B. Resource recovery analysis C. Risk assessment D. Gap analysis

C. Risk Assessment Answer: C Explanation: Risk assessment and business impact assessment are tools for understanding businessfor- business continuity planning. Business continuity self-audit is a tool for evaluating the adequacy of the BCP, resource recovery analysis is a tool for identifying a business resumption strategy, while the role gap analysis can play in business continuity planning is to identify deficiencies in a plan. Neither of these is used for gaining an understanding of the business.

To optimize an organization's business contingency plan (BCP), an IS auditor should recommend conducting a business impact analysis (BlA) in order to determine: A. the business processes that generate the most financial value for the organization and therefore must be recovered first. B. the priorities and order for recovery to ensure alignment with the organization's business strategy. C. the business processes that must be recovered following a disaster to ensure the organization's survival. D. the priorities and order of recovery which will recover the greatest number of systems in the shortest time frame.

C. The business processes that must be recovered following a disaster to ensure the organization's survival. Answer: C Explanation: To ensure the organization's survival following a disaster, it is important to recover the most critical business processes first, it is a common mistake to overemphasize value (A) rather than urgency. For example, while the processing of incoming mortgage loan payments is important from a financial perspective, it could be delayed for a few days in the event of a disaster. On the other hand, wiring funds to close on a loan, while not generating direct revenue, is far more critical because of the possibility of regulatory problems, customer complaints and reputation issues. Choices B and D are not correct because neither the long-term business strategy nor the mere number of recovered systems has a direct impact at this point in time.

Which of the following must exist to ensure the viability of a duplicate information processing facility? A. The site is near the primary site to ensure quick and efficient recovery. B. The site contains the most advanced hardware available. C. The workload of the primary site is monitored to ensure adequate backup is available. D. The hardware is tested when it is installed to ensure it is working properly.

C. The workload of the primary site is monitored to ensure adequate backup is available. Answer: C Explanation: Resource availability must be assured. The workload of the site must be monitored to ensure that availability for emergency backup use is not impaired. The site chosen should not be subject to the same natural disaster as the primary site. In addition, a reasonable compatibility of hardware/software must exist to serve as a basis for backup. The latest or newest hardware may not adequately serve this need. Testing the hardware when the site is established is essential, but regular testing of the actual backup data is necessary to ensure the operation will continue to perform as planned.

Which of the following issues should be the GREATEST concern to the IS auditor when reviewing an IT disaster recovery test? A. Due to the limited test time window, only the most essential systems were tested. The other systems were tested separately during the rest of the year. B. During the test it was noticed that some of the backup systems were defective or not working, causing the test of these systems to fail. C. The procedures to shut down and secure the original production site before starting the backup site required far more time than planned. D. Every year, the same employees perform the test. The recovery plan documents are not used since every step is well known by all participants.

D. Every year, the same employees perform the test. The recovery plan documents are not used since every step is well known by all participants. Answer: D Explanation: A disaster recovery test should test the plan, processes, people and IT systems. Therefore, if the plan is not used, its accuracy and adequacy cannot be verified. Disaster recovery should not rely on key staff since a disaster can occur when they arenot available. It is common that not all systems can be tested in a limited test time frame. It is important, however, that those systems which are essential to the business are tested, and that the other systems are eventually tested throughout theyear. One aim of the test is to identify and replace defective devices so that all systems can be replaced in the case of a disaster. Choice B would only be a concern if the number of discovered problems is systematically very high, in a real disaster, there is no need for a clean shutdown of the original production environment since the first priority is to bring the backup site up.

An organization has a number of branches across a wide geographical areA. To ensure that all aspects of the disaster recovery plan are evaluated in a cost effective manner, an IS auditor should recommend the use of a: A. data recovery test. B. full operational test. C. posttest. D. preparedness test.

D. Preparedness test, Answer: D Explanation: A preparedness test should be performed by each local office/area to test the adequacy of the preparedness of local operations in the event of a disaster. This test should be performed regularly on different aspects of the plan and can be a cost-effective way to gradually obtain evidence of the plan's adequacy. A data recovery test is a partial test and will not ensure that all aspects are evaluated. A full operational test is not the most cost effective test in light of the geographical dispersion of the branches, and a posttest is a phase of the test execution process.

A medium-sized organization, whose IT disaster recovery measures have been in place and regularly tested for years, has just developed a formal business continuity plan (BCP). A basic BCP tabletop exercise has been performed successfully. Which testing should an IS auditor recommend be performed NEXT to verify the adequacy of the new BCP? A. Full-scale test with relocation of all departments, including IT, to the contingency site B. Walk-through test of a series of predefined scenarios with all critical personnel involved C. IT disaster recovery test with business departments involved in testing the critical applications D. Functional test of a scenario with limited IT involvement

D. Functional test of a scenario with limited IT involvement. Answer: D Explanation: After a tabletop exercise has been performed, the next step would be a functional test, which includes the mobilization of staff to exercise the administrative and organizational functions of a recovery. Since the IT part of the recovery has been tested for years, it would be more efficient to verify and optimize the business continuity plan (BCP) before actually involving IT in a full-scale test. The full-scale test would be the last step of the verification process before entering into a regular annual testing schedule. A full-scale test in the situation described might fail because it would be the first time that the plan is actually exercised, and a number of resources (including IT) and time would be wasted. The walkthrough test is the most basic type of testing. Its intention is to make key staff familiar with the plan and discuss critical plan elements, rather than verifying its adequacy. The recovery of applications should always be verified and approved by the business instead of being purely IT-driven. A disaster recovery test would not help in verifying the administrative and organizational parts of the BCP which are not IT-related.

The PRIMARY objective of testing a business continuity plan is to: A. familiarize employees with the business continuity plan. B. ensure that all residual risks are addressed. C. exercise all possible disaster scenarios. D. identify limitations of the business continuity plan.

D. Identify limitations of the business continuity plan. Answer: D Explanation: Testing the business continuity plan provides the best evidence of any limitations that may exist. Familiarizing employees with the business continuity plan is a secondary benefit of a test. It is not cost effective to address residual risks in a business continuity plan, and it is not practical to test all possible disaster scenarios.

Which of the following should be the MOST important criterion in evaluating a backup solution for sensitive data that must be retained for a long period of time due to regulatory requirements? A. Full backup window B. Media costs C. Restore window D. Media reliability

D. Media reliability Answer: D Explanation: To comply with regulatory requirements, the media should be reliable enough to ensure an organization's ability to recovery the data should they be required for any reason. Media price is a consideration, but should not be more important than the ability to provide the required reliability. Choices A and C are less critical than reliability.

Which of the following is the BEST method for determining the criticality of each application system in the production environment? A. interview the application programmers. B. Perform a gap analysis. C. Review the most recent application audits. D. Perform a business impact analysis.

D. Perform a business impact analysis Answer: D Explanation: A business impact analysis will give the impact of the loss of each application. Interviews with the application programmers will provide limited information related to the criticality of the systems. A gap analysis is only relevant to systems development and project management. The audits may not contain the required information or may not have been done recently.