ACC 516 - Exam 4
For which of the following applications would rapid recovery be MOST crucial? A. Point-of-sale system B. Corporate planning C. Regulatory reporting D. Departmental chargeback
A. Point-of-sale system
Which of the following is the GREATEST concern when an organization's backup facility is at a warm site? A. Timely availability of hardware B Availability of heat, humidity and air conditioning equipment C. Adequacy of electrical power connections D. Effectiveness of the telecommunications network
A. Timely availability of hardware
The FIRST step in developing a business continuity plan (BCP) is to: A. classify the importance of systems. B. establish a disaster recovery strategy. C. determine the critical recovery time period. D. perform a risk ranking.
A. classify the importance of systems.
An offsite information processing facility having electrical wiring, air conditioning and flooring, but no computer or communications equipment is a: A. cold site. B. warm site. C. dial-up site. D. duplicate processing facility.
A. cold site.
While designing the business continuity plan (BCP) for an airline reservation system, the MOST appropriate method of data transfer/back up at an offsite location would be: A. shadow file processing. B. electronic vaulting. C. hard-disk mirroring. D. hot-site provisioning.
A. shadow file processing.
An IS auditor performing a review of the backup processing facilities should be MOST concerned that: A. adequate fire insurance exists. B. regular hardware maintenance is performed. C. offsite storage of transaction and master files exists. D. backup processing facilities are tested fully.
C. offsite storage of transaction and master files exists.
Of the following, the MAIN purpose for periodically testing offsite backup facilities is to: A. ensure the integrity of the data in the database. B. eliminate the need to develop detailed contingency plans. C. ensure the continued compatibility of the contingency facilities. D. ensure that program and system documentation remains current.
C. ensure the continued compatibility of the contingency facilities.
An advantage of the use of hot sites as a backup alternative is that: A. the costs associated with hot sites are low. B. hot sites can be used for an extended amount of time. C. hot sites can be made ready for operation within a short period of time. D. they do not require that equipment and systems software be compatible with the primary site.
C. hot sites can be made ready for operation within a short period of time.
After implementation of a disaster recovery plan (DRP), pre-disaster and post-disaster operational cost for an organization will: A. decrease. B. not change (remain the same). C. increase. D. increase or decrease depending upon nature of the business.
C. increase.
Which of the following processes is the FIRST step in developing a business continuity and disaster recovery plan for an organization? A. Alternate site selection B. Business impact analysis C. Test procedures and frequency D. Information classification
B. Business impact analysis
A company performs full backup of data and programs on a regular basis. The primary purpose of this practice is to: A. maintain data integrity in the applications. B. restore application processing after a disruption. C. prevent unauthorized changes to programs and data. D. ensure recovery of data processing in case of a disaster.
B. restore application processing after a disruption.
An IS auditor evaluating the resilience of a high-availability network would be MOST concerned if: A. the setup is geographically dispersed. B. the network servers are clustered in a site. C. a hot site is ready for activation. D. diverse-routing is implemented for the network.
B. the network servers are clustered in a site.
In a contract with a hot, warm or cold site, contractual provisions should cover which of the following considerations? A. Physical security measures B. Total number of subscribers C. Number of subscribers permitted to use a site at one time D. References by other users
C. Number of subscribers permitted to use a site at one time
At the end of a simulation of an operational contingency test, the IS auditor performed a review of the recovery process. The IS auditor concluded that the recovery took more than the critical time frame allows. Which of the following actions should the auditor recommend? A. Widen the physical capacity to accomplish better mobility in a shorter time. B. Shorten the distance to reach the hot site. C. Perform an integral review of the recovery tasks. D. Increase the number of human resources involved in the recovery process.
C. Perform an integral review of the recovery tasks.
Disaster recovery planning for a company's computer system usually focuses on: A. operations turnover procedures. B. strategic long-range planning. C. the probability that a disaster will occur. D. alternative procedures to process transactions.
D. alternative procedures to process transactions.
The responsibilities of a disaster recovery relocation team include: A. obtaining, packaging and shipping media and records to the recovery facilities, as well as establishing and overseeing an offsite storage schedule. B. locating a recovery site if one has not been predetermined and coordinating the transport of company employees to the recovery site. C. managing the relocation project and conducting a more detailed assessment of the damage to the facilities and equipment. D. coordinating the process of moving from the hot site to a new location or to the restored original location.
D. coordinating the process of moving from the hot site to a new location or to the restored original location.
Business continuity/disaster recovery is PRIMARILY the responsibility of: A. IS management. B. business unit managers. C. the security administrator. D. the board of directors.
D. the board of directors.
What do Tableau and QlikView specialize in? a. Data visualization b. Data analytics c. Condensing data d. Fraud prevention
a. Data visualization
The initial risk of zero-day attacks is best mitigated by: a. File analysis by updated antivirus software b. Virus signatures c. Examining security vulnerabilities d. Patching the affected software
a. File analysis by updated antivirus software
In reviewing the information for this project, what would be the MOST important concern regarding the use of microwave radio systems based on the above scenario? a. Susceptibility for interception of transmitted data b. Lack of available data transmission encryption solutions c. Likelihood of a service outage d. Cost overruns in implementation
a. Susceptibility for interception of transmitted data
Which of the following is the MOST effective method for an IS auditor to use in testing the program change management process? a. Trace from system-generated information to the change management documentation b. Examine change management documentation for evidence of accuracy c. Trace from the change management documentation to a system-generated audit trail d. Examine change management documentation for evidence of completeness
a. Trace from system-generated information to the change management documentation
Which of the following would allow an enterprise to extend its intranet across the Internet to its business partners? a. Virtual private network b. Client-server c. Dial-up access d. Network service provider
a. Virtual private network
The classification based on criticality of a software application as part of an IS business continuity plan is determined by the: a. nature of the business and the value of the application to the business b. replacement cost of the application c. vendor support available for the application d. associated threats and vulnerabilities of the application
a. nature of the business and the value of the application to the business
An IS auditor should be involved in: a. observing tests of the disaster recovery plan. b. developing the disaster recovery plan. c. maintaining the disaster recovery plan. d. reviewing the disaster recovery requirements of supplier contracts.
a. observing tests of the disaster recovery plan.
Data mirroring should be implemented as a recovery strategy when: a. recovery point objective (RPO) is low. b. recovery point objective (RPO) is high. c. recovery time objective (RTO) is high. d. disaster tolerance is high.
a. recovery point objective (RPO) is low.
When conducting an audit of client-server database security, the IS auditor should be MOST concerned about the availability of: a. system utilities b. application program generators c. systems security documentation d. access to stored procedures
a. system utilities
Which is not a duty typically performed by Certified Valuation Analysts? a. Provide guidance on business mergers and acquisitions b. Documenting and assessing the operating effectiveness of internal controls c. Valuing businesses so that can receive better credit or funding d. Providing advice on exit strategies to business owners or partners
b. Documenting and assessing the operating effectiveness of internal controls
When negotiating new contracts with the vendor, which of the following should the IS auditor recommend to management concerning branch office recovery? a. Add each of the branches to the existing hot site contract. b. Ensure branches have sufficient capacity to back each other up. c. Relocate all branch mail and file/print servers to the data center. d. Add additional capacity to the hot site contract equal to the largest branch.
b. Ensure branches have sufficient capacity to back each other up.
Which is a type of malware that gains unauthorized access to an individual or organization's data or information system and blocks access until a fee is paid? a. Spyware b. Ransomware c. Hacking Denial of Service (DDOS)
b. Ransomware
Which of the following would BEST reduce the likelihood of business systems being successfully attacked from the public internet through the wireless network? a. Scanning all connected devices for malware b. Segmenting internal network & public internet access though a firewalled subnet c. Logging all access and issuing alerts for failed logon attempts d. Limiting all network access to regular business hours and standard protocols
b. Segmenting internal network & public internet access though a firewalled subnet
Which of the following provides the BEST method for determining the level of performance provided by similar information processing facility environments? a. User satisfaction b. Goal accomplishment c. Benchmarking d. Capacity and growth planning
c. Benchmarking
The automation capabilities provided by Robotic Process Automation (RPA)are NOT ideal for tasks that are: a. Manual b. Rules-based c. Complex d. Repetitive
c. Complex
When reviewing a network used for Internet communications, an IS auditor will FIRST examine the: a. validity of password change occurrences. b. architecture of the client-server application. c. network architecture and design. d. firewall protection and proxy servers.
c. network architecture and design.
When negotiating new contracts with the vendor, which of the following should the IS auditor recommend to management concerning the hot site in this situation? a. Desktops at the hot site should be increased to 750. b. An additional 35 servers should be added to the hot site contract. c. All backup media should be stored at the hot site to shorten the RTO. d. Desktop and server equipment requirements should be reviewed quarterly.
d. Desktop and server equipment requirements should be reviewed quarterly.
For mission critical systems with a low tolerance to interruption and a high cost of recovery, the IS auditor, in principle, recommends the use of which of the following recovery options? a. Mobile site b. Warm site c. Cold site d. Hot site
d. Hot site
Which of the following components of a business continuity plan is PRIMARILY the responsibility of an organization's IS department? a. Developing the business continuity plan b. Selecting and approving the recovery strategies used in the business continuity plan c. Declaring a disaster d. Restoring the IT systems and data after a disaster
d. Restoring the IT systems and data after a disaster