CISA Questions (501 - 600)

An IS auditor is reviewing the change management process for an enterprise resource planning (ERP) application. Which of the following is the BEST method for testing program changes? Select an answer: A. Select a sample of change tickets and review them for authorization. B. Perform a walk-through by tracing a program change from start to finish. C. Trace a sample of modified programs to supporting change tickets. D. Use query software to analyze all change tickets for missing fields.

You answered A. The correct answer is C. A. Selecting a sample of change tickets and reviewing them for authorization helps test for authorization controls; however, it does not identify program changes that were made without supporting change tickets. B. Performing a walk-through assists the IS auditor in understanding the process, but does not ensure that all changes adhere to the normal process. C. Tracing a sample of modified programs to supporting change tickets is the best way to test change management controls. This method is most likely to identify instances in which a change was made without supporting documentation. D. Using query software to analyze all change tickets for missing fields does not identify program changes that were made without supporting change tickets.

After a disaster declaration, the media creation date at a warm recovery site is based on the: Select an answer: A. recovery point objective (RPO). B. recovery time objective (RTO). C. service delivery objective (SDO). D. maximum tolerable outage (MTO).

You answered B. The correct answer is A. A. The recovery point objective (RPO) is determined based on the acceptable data loss in case of a disruption of operations. It indicates the earliest point in time that is acceptable to recover the data. The RPO effectively quantifies the permissible amount of data loss in case of interruption. The media creation date will reflect the point to which data are to be restored or the RPO. B. The recovery time objective (RTO) is the amount of time allowed for the recovery of a business function or resource after a disaster occurs. C. The service delivery objective (SDO) is directly related to the business needs, and is the level of service to be reached during the alternate process mode until the normal situation is restored. D. The maximum tolerable outage (MTO) is the maximum time that an organization can support processing in alternate mode.

A benefit of quality of service (QoS) is that the: Select an answer: A. entire network's availability and performance will be significantly improved. B. telecom carrier will provide the company with accurate service-level compliance reports. C. participating applications will have bandwidth guaranteed. D. communications link will be supported by security controls to perform secure online transactions.

You answered B. The correct answer is C. A. Quality of service (QoS) will not guarantee that the communication itself will be improved. While the speed of data exchange for specific applications could be faster, availability will not be improved. B. The QoS tools that many carriers are using do not provide reports of service levels; however, there are other tools that will generate service-level reports. C. The main function of QoS is to optimize network performance by assigning priority to business applications and end users through the allocation of dedicated parts of the bandwidth to specific traffic. D. Even when QoS is integrated with firewalls, virtual private networks (VPNs), encryption tools and others, the tool itself is not intended to provide security controls.

Which of the following is a network diagnostic tool that monitors and records network information? Select an answer: A. Online monitor B. Downtime report C. Help desk report D. Protocol analyzer

You answered B. The correct answer is D. A. Online monitors measure telecommunication transmissions and determine whether transmissions were accurate and complete. B. Downtime reports track the availability of telecommunication lines and circuits. C. Help desk reports are prepared by the help desk, which is staffed or supported by IS technical support personnel trained to handle problems occurring during the course of IS operations. D. Protocol analyzers are network diagnostic tools that monitor and record network information from packets traveling in the link to which the analyzer is attached.

When developing a disaster recovery plan (DRP), the criteria for determining the acceptable downtime should be the: Select an answer: A. annual loss expectancy (ALE). B. service delivery objective. C. quantity of orphan data. D. maximum tolerable outage.

You answered B. The correct answer is D. A. The acceptable downtime would not be determined by the annual loss expectancy (ALE); ALE is related to risk management calculations, not disaster recovery. B. The service delivery objective is relevant to business continuity, but it is not determined by acceptable downtime. C. The quantity of orphan data is relevant to business continuity, but it is not determined by acceptable downtime. D. Recovery time objective (RTO) is determined based on the acceptable downtime in case of a disruption of operations. It indicates the maximum tolerable outage that an organization considers to be acceptable before a system or process must resume following a disaster.

Which of the following controls would be MOST effective in ensuring that production source code and object code are synchronized? Select an answer: A. Release-to-release source and object comparison reports B. Library control software restricting changes to source code C. Restricted access to source code and object code D. Date and time-stamp reviews of source and object code

You answered B. The correct answer is D. A. Using version control software and comparing source and object code is good practice, but may not detect a problem where the source code is a different version than the object code. B. All production libraries should be protected with access controls, and this may protect source code from tampering. However, this will not ensure that source and object codes are based on the same version. C. It is a good practice to protect all source and object code—even in development. However, this will not ensure the synchronization of source and object code. D. Date and time-stamp reviews of source and object code would ensure that source code, which has been compiled, matches the production object code. This is the most effective way to ensure that the approved production source code is compiled and is the one being used.

Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization's change control procedures? Select an answer: A. Review software migration records and verify approvals. B. Identify changes that have occurred and verify approvals. C. Review change control documentation and verify approvals. D. Ensure that only appropriate staff can migrate changes into production.

You answered C. The correct answer is B. A. Software migration records may not have all changes listed—changes could have been made that were not included in the migration records. B. The most effective method is to determine what changes have been made (check logs and modified dates) and then verify that they have been approved. C. Change control records may not have all changes listed. D. Ensuring that only appropriate staff can migrate changes into production is a key control process but, in itself, does not verify compliance.

An organization has recently installed a security patch, which crashed the production server. To minimize the probability of this occurring again, an IS auditor should: Select an answer: A. apply the patch according to the patch's release notes. B. ensure that a good change management process is in place. C. thoroughly test the patch before sending it to production. D. approve the patch after doing a risk assessment.

You answered C. The correct answer is B. A. The IS auditor should not apply the patch. That is an administrator responsibility. B. An IS auditor must review the change management process, including patch management procedures, and verify that the process has adequate controls and make suggestions accordingly. C. The testing of the patch is the responsibility of the development or production support team, not the auditor. D. The IS auditor is not authorized to approve a patch. That is a responsibility of a steering committee.

An IS auditor discovers that developers have operator access to the command line of a production environment operating system. Which of the following controls would BEST mitigate the risk of undetected and unauthorized program changes to the production environment? Select an answer: A. Commands typed on the command line are logged. B. Hash keys are calculated periodically for programs and matched against hash keys calculated for the most recent authorized versions of the programs. C. Access to the operating system command line is granted through an access restriction tool with preapproved rights. D. Software development tools and compilers have been removed from the production environment.

You answered C. The correct answer is B. A. Having a log is not a control; reviewing the log is a control. B. The matching of hash keys over time would allow detection of changes to files. C. Because the access was already granted at the command line level, it will be possible for the developers to bypass the control. D. Removing the tools from the production environment will not mitigate the risk of unauthorized activity by the developers.

Of the following alternatives, the FIRST approach to developing a disaster recovery strategy would be to assess whether: A. all threats can be completely removed. B. a cost-effective, built-in resilience can be implemented. C. the recovery time objective (RTO) can be optimized. D. the cost of recovery can be minimized.

You answered C. The correct answer is B. A. It is impossible to remove all existing and future threats. B. It is critical to initially identify information assets that can be made more resilient to disasters (e.g., diverse routing, alternate paths or multiple communication carriers). Preventing a problem is always better than planning to address a problem when it happens. C. The optimization of the recovery time objective (RTO) comes later in the development of the disaster recovery strategy. D. Efforts to minimize the cost of recovery come later in the development of the disaster recovery strategy.

Which of the following would BEST maintain the integrity of a firewall log? Select an answer: A. Granting access to log information only to administrators B. Capturing log events in the operating system layer C. Writing dual logs onto separate storage media D. Sending log information to a dedicated third-party log server

You answered C. The correct answer is D. A. To enforce segregation of duties, administrators should not have access to log files. This primarily contributes to the assurance of confidentiality rather than integrity. B. There are many ways to capture log information: through the application layer, network layer, operating systems layer, etc.; however, there is no log integrity advantage in capturing events in the operating systems layer. C. If it is a highly mission-critical information system, it may be nice to run the system with a dual log mode. Having logs in two different storage devices will primarily contribute to the assurance of the availability of log information, rather than to maintaining its integrity. D. Establishing a dedicated third-party log server and logging events in it is the best procedure for maintaining the integrity of a firewall log. When access control to the log server is adequately maintained, the risk of unauthorized log modification will be mitigated, therefore improving the integrity of log information.

During an IS audit of the disaster recovery plan (DRP) of a global enterprise, the auditor observes that some remote offices have very limited local IT resources. Which of the following observations would be the MOST critical for the IS auditor? Select an answer: A. A test has not been made to ensure that local resources could maintain security and service standards when recovering from a disaster or incident. B. The corporate business continuity plan (BCP) does not accurately document the systems that exist at remote offices. C. Corporate security measures have not been incorporated into the test plan. D. A test has not been made to ensure that tape backups from the remote offices are usable.

You answered D. The correct answer is A. A. Regardless of the capability of local IT resources, the most critical risk would be the lack of testing, which would identify quality issues in the recovery process. B. The corporate business continuity plan (BCP) may not include disaster recovery plan (DRP) details for remote offices. It is important to ensure that the local plans have been tested. C. Security is an important issue because many controls may be missing during a disaster. However, not having a tested plan is more important. D. The backups cannot be trusted until they have been tested. However, this should be done as part of the overall tests of the DRP.

Which of the following is the MOST critical element of an effective disaster recovery plan (DRP)? Select an answer: A. Offsite storage of backup data B. Up-to-date list of key disaster recovery contacts C. Availability of a replacement data center D. Clearly defined recovery time objective (RTO)

You answered D. The correct answer is A. A. Remote storage of backups is the most critical disaster recovery plan (DRP) element of the items listed because access to backup data is required to restore systems. B. Having a list of key contacts is important but not as important as having adequate data backup. C. A DRP may use a replacement data center or some other solution such as a mobile site, reciprocal agreement or outsourcing agreement. D. Having a clearly defined recovery time objective (RTO) is especially important for business continuity planning (BCP), but the core element of disaster recovery (the recovery of IT infrastructure and capability) is data backup.

Doing which of the following during peak production hours could result in unexpected downtime? Select an answer: A. Performing data migration or tape backup B. Performing preventive maintenance on electrical systems C. Promoting applications from development to the staging environment D. Reconfiguring a standby router in the data center

You answered D. The correct answer is B. A. Performing data migration may impact performance but would not cause downtime. B. Preventive maintenance activities should be scheduled for non-peak times of the day, and preferably during a maintenance window time period. A mishap or incident caused by a maintenance worker could result in unplanned downtime. C. Promoting applications into a staging environment (not production) should not affect systems operations in any significant manner. D. Reconfiguring a standby router should not cause unexpected downtime because the router is not operational and any problems should not affect network traffic.

In auditing a database environment, an IS auditor will be MOST concerned if the database administrator (DBA) is performing which of the following functions? Select an answer: A. Performing database changes according to change management procedures B. Installing patches or upgrades to the operating system C. Sizing table space and consulting on table join limitations D. Performing backup and recovery procedures

You answered D. The correct answer is B. A. Performing database changes according to change management procedures would be a normal function of the database administrator (DBA) and would be compliant with the procedures of the organization. B. Installing patches or upgrades to the operating system is a function that should be performed by a systems administrator, not by a DBA. If a DBA were performing this function, there would be a risk based on inappropriate segregation of duties. C. A DBA is expected to support the business through helping design, create and maintain databases and the interfaces to the databases. D. The DBA often performs or supports database backup and recovery procedures.

During maintenance of a relational database, several values of the foreign key in a transaction table have been corrupted. The consequence is that: Select an answer: A. the detail of involved transactions may no longer be associated with master data, causing errors when these transactions are processed. B. there is no way of reconstructing the lost information, except by deleting the dangling tuples and reentering the transactions. C. the database will immediately stop execution and lose more information. D. the database will no longer accept input data.

You are correct, the answer is A. A. When the external key of a transaction is corrupted or lost, the application system will normally be incapable of directly attaching the master data to the transaction data. Normally, this will cause the system to undertake a sequential search and slow down the processing. If the concerned files are big, this slowdown will be unacceptable. This is a violation of referential integrity. B. A system can recover the corrupted external key by re-indexing the table. C. The corruption of a foreign key will not stop program execution. D. The corruption of a foreign key will not affect database input.

Which of the following is widely accepted as one of the critical components in networking management? Select an answer: A. Configuration management B. Topological mappings C. Application of monitoring tools D. Proxy server troubleshooting

You are correct, the answer is A. A. Configuration management is widely accepted as one of the key components of any network because it establishes how the network will function internally and externally. It also deals with the management of configuration and monitoring performance. Configuration management ensures that the setup and management of the network is done properly, including managing changes to the configuration, removal of default passwords and possibly hardening the network by disabling unneeded services. B. Topological mappings provide outlines of the components of the network and its connectivity. This is important to address issues such as single points of failure and proper network isolation but is not the most critical component of network management. C. Application monitoring is not a critical part of network management. D. Proxy server troubleshooting is used for troubleshooting purposes, and managing a proxy is only a small part of network management.

In a disaster recovery situation, which of the following is the MOST important metric to ensure that data are synchronized between critical systems? Select an answer: A. Recovery point objective (RPO) B. Recovery time objective (RTO) C. Recovery service resilience D. Recovery service scalability

You are correct, the answer is A. A. Establishing a common recovery point objective (RPO) is most critical for ensuring that interdependencies between systems are properly synchronized. It ensures that systems do not contain data from different points in time that may result in accounting transactions that cannot be reconciled and a loss of referential integrity. B. Recovery time objectives (RTOs) are not as important to synchronize because they normally vary depending on the level of effort and resources required to restore a system. C. Recovery service resilience measures the fault tolerance due to data exceptions and ability to restart and recover from internal failures. D. Recovery service scalability refers to the capacity constraints and limitations that a recovery solution may have relative to the original system configuration.

Due to changes in IT, the disaster recovery plan (DRP) of a large organization has been changed. What is the PRIMARY risk if the new plan is not tested? Select an answer: A. Catastrophic service interruption B. High consumption of resources C. Total cost of the recovery may not be minimized D. Users and recovery teams may face severe difficulties when activating the plan

You are correct, the answer is A. A. If a new disaster recovery plan (DRP) is not tested, the possibility of a catastrophic service interruption that the organization cannot recover from is the most critical of all risk. B. A DRP that has not been tested may lead to a higher consumption of resources than expected, but that is not the most critical risk. C. An untested DRP may be inefficient and lead to extraordinary costs, but the most serious risk is the failure of critical services. D. Testing educates users and recovery teams so that they can effectively execute the DRP, but the most critical risk is the failure of core business services.

If a database is restored using before-image dumps, where should the process begin following an interruption? Select an answer: A. Before the last transaction B. After the last transaction C. As the first transaction after the latest checkpoint D. As the last transaction before the latest checkpoint

You are correct, the answer is A. A. If before images are used, the last transaction in the dump will not have updated the database prior to the dump being taken. B. The last transaction will not have updated the database and must be reprocessed. C. Program checkpoints are irrelevant in this situation. Checkpoints are used in application failures. D. Program checkpoints are irrelevant in this situation. Checkpoints are used in application failures.

In a relational database with referential integrity, the use of which of the following keys would prevent deletion of a row from a customer table as long as the customer number of that row is stored with live orders on the orders table? Select an answer: A. Foreign key B. Primary key C. Secondary key D. Public key

You are correct, the answer is A. A. In a relational database with referential integrity, the use of foreign keys would prevent events such as primary key changes and record deletions, resulting in orphaned relations within the database. B. It should not be possible to delete a row from a customer table when the customer number (primary key) of that row is stored with live orders on the orders table (the foreign key to the customer table). A primary key works in one table, so it is not able to provide/ensure referential integrity by itself. C. Secondary keys that are not foreign keys are not subject to referential integrity checks. D. Public key is related to encryption and not linked in any way to referential integrity.

While designing the business continuity plan (BCP) for an airline reservation system, the MOST appropriate method of data transfer/backup at an offsite location would be: Select an answer: A. shadow file processing. B. electronic vaulting. C. hard-disk mirroring. D. hot-site provisioning.

You are correct, the answer is A. A. In shadow file processing, exact duplicates of the files are maintained at the same site or at a remote site. The two files are processed concurrently. This is used for critical data files such as airline booking systems. B. Electronic vaulting electronically transmits data either to direct access storage, an optical disc or another storage medium; this is a method used by banks. This is not usually in real time as much as a shadow file system is. C. Hard-disk mirroring provides redundancy in case the primary hard disk fails. All transactions and operations occur on two hard disks in the same server. D. A hot site is an alternate site ready to take over business operations within a few hours of any business interruption and is not a method for backing up data.

In a small organization, developers may release emergency changes directly to production. Which of the following will BEST control the risk in this situation? Select an answer: A. Approve and document the change the next business day. B. Limit developer access to production to a specific time frame. C. Obtain secondary approval before releasing to production. D. Disable the compiler option in the production machine.

You are correct, the answer is A. A. It may be appropriate to allow programmers to make emergency changes as long as they are documented and approved after the fact. B. Restricting release time frame may help somewhat; however, it would not apply to emergency changes and cannot prevent unauthorized release of the programs. C. Obtaining secondary approval before releasing to production is not relevant in an emergency situation. D. Disabling the compiler option in the production machine is not relevant in an emergency situation.

An IS auditor should recommend the use of library control software to provide reasonable assurance that: Select an answer: A. program changes have been authorized. B. only thoroughly tested programs are released. C. modified programs are automatically moved to production. D. source and executable code integrity is maintained.

You are correct, the answer is A. A. Library control software should be used to separate test from production libraries in mainframe and/or client server environments. The main objective of library control software is to provide assurance that program changes have been authorized. B. Library control software is concerned with authorized program changes and cannot determine whether programs have been thoroughly tested. C. Programs should not be moved automatically into production without proper authorization. D. Library control software provides reasonable assurance that the source code and executable code are matched at the time a source code is moved to production. Access control will ensure the integrity of the software, but the most important benefit of version control software is to ensure that all changes are authorized.

A database administrator (DBA) who needs to make emergency changes to a database after normal working hours should log in: Select an answer: A. with their named account to make the changes. B. with the shared DBA account to make the changes. C. to the server administrative account to make the changes. D. to the user's account to make the changes.

You are correct, the answer is A. A. Logging in using the named user account before using the database administrator (DBA) account provides accountability by noting the person making the changes. B. The DBA account is typically a shared user account. The shared account makes it difficult to establish the identity of the support user who is performing the database update. C. The server administrative accounts are shared and may be used by multiple support users. In addition, the server privilege accounts may not have the ability to perform database changes. D. The use of a normal user account would not have sufficient privileges to make changes on the database.

An IS auditor performing an application maintenance audit would review the log of program changes for the: Select an answer: A. authorization of program changes. B. creation date of a current object module. C. number of program changes actually made. D. creation date of a current source program.

You are correct, the answer is A. A. The auditor wants to ensure that only authorized changes have been made to the application. The auditor would therefore review the log of program changes to verify that all changes have been approved. B. The creation date of the current object module will not indicate earlier changes to the application. C. The auditor will review the system to notice the number of changes actually made but then will verify that all the changes were authorized. D. The creation date of the current source program will not identify earlier changes.

Vendors have released patches fixing security flaws in their software. Which of the following should an IS auditor recommend in this situation? Select an answer: A. Assess the impact of patches prior to installation. B. Ask the vendors for a new software version with all fixes included. C. Install the security patch immediately. D. Decline to deal with these vendors in the future.

You are correct, the answer is A. A. The effect of installing the patch should be immediately evaluated and installation should occur based on the results of the evaluation. There are numerous cases where a patch from one vendor has affected other systems; therefore, it is necessary to test the patches as much as possible before rolling them out to the entire organization. B. New software versions with all fixes included are not always available and a full installation could be time consuming. C. To install the patch without knowing what it might affect could easily cause problems. The installation of a patch may also affect system availability; therefore, the patch should be rolled out at a time that is acceptable to the business. D. Declining to deal with vendors does not take care of the flaw and may severely limit service options.

Recovery procedures for an information processing facility are BEST based on: Select an answer: A. recovery time objective (RTO). B. recovery point objective (RPO). C. maximum tolerable outage (MTO). D. information security policy.

You are correct, the answer is A. A. The recovery time objective (RTO) is the amount of time allowed for the recovery of a business function or resource after a disaster occurs; the RTO is the desired recovery timeframe based on maximum tolerable outage (MTO) and available recovery alternatives. B. The recovery point objective (RPO) has the greatest influence on the recovery strategies for given data. It is determined based on the acceptable data loss in case of a disruption of operations. The RPO effectively quantifies the permissible amount of data loss in case of interruption. C. MTO is the amount of time allowed for the recovery of a business function or resource after a disaster occurs; it represents the time by which the service must be restored before the organization is faced with the threat of collapse. D. An information security policy does not address recovery procedures.

The objective of concurrency control in a database system is to: Select an answer: A. restrict updating of the database to authorized users. B. prevent integrity problems when two processes attempt to update the same data at the same time. C. prevent inadvertent or unauthorized disclosure of data in the database. D. ensure the accuracy, completeness and consistency of data.

You are correct, the answer is B. A. Access controls restrict updating of the database to authorized users. B. Concurrency controls prevent data integrity problems, which can arise when two update processes access the same data item at the same time. C. Controls such as passwords prevent the inadvertent or unauthorized disclosure of data from the database. D. Quality controls such as edits ensure the accuracy, completeness and consistency of data maintained in the database.

Which of the following controls would provide the GREATEST assurance of database integrity? Select an answer: A. Audit log procedures B. Table link/reference checks C. Query/table access time checks D. Rollback and rollforward database features

You are correct, the answer is B. A. Audit log procedures enable recording of all events that have been identified and help in tracing the events. However, they only point to the event and do not ensure completeness or accuracy of the database contents. B. Performing table link/reference checks serves to detect table linking errors (such as completeness and accuracy of the contents of the database), and thus provides the greatest assurance of database integrity. C. Querying/monitoring table access time checks helps designers improve database performance but not integrity. D. Rollback and rollforward database features ensure recovery from an abnormal disruption. They assure the integrity of the transaction that was being processed at the time of disruption, but do not provide assurance on the integrity of the contents of the database.

Which of the following BEST limits the impact of server failures in a distributed environment? Select an answer: A. Redundant pathways B. Clustering C. Dial backup lines D. Standby power

You are correct, the answer is B. A. Redundant pathways will minimize the impact of channel communications failures but will not address the problem of server failure. B. Clustering allows two or more servers to work as a unit so that when one of them fails, the other takes over. C. Dial backup lines will minimize the impact of channel communications failures but not a server failure. D. Standby power provides an alternative power source in the event of an energy failure but does not address the problem of a server failure.

The MOST effective audit practice to determine whether the operational effectiveness of controls is properly applied to transaction processing is: Select an answer: A. control design testing. B. substantive testing. C. inspection of relevant documentation. D. perform tests on risk prevention.

You are correct, the answer is B. A. Testing of control design assesses whether the control is structured to meet a specific control objective. It does not help determine whether the control is operating effectively. B. Among other methods, such as document review or walk-through, tests of controls are the most effective procedure to assess whether controls accurately support operational effectiveness. C. Control documents may not always describe the actual process in an accurate manner. Therefore, auditors relying on document review have limited assurance that the control is operating as intended. D. Performing tests on risk prevention is considered compliance testing. This type of testing is used to determine whether policies are adhered to.

Which of the following is the BEST indicator of the effectiveness of backup and restore procedures while restoring data after a disaster? Select an answer: A. Members of the recovery team were available. B. Recovery time objectives (RTOs) were met. C. Inventory of backup tapes was properly maintained. D. Backup tapes were completely restored at an alternate site.

You are correct, the answer is B. A. The availability of key personnel does not ensure that backup and restore procedures will work effectively. B. The effectiveness of backup and restore procedures is best ensured by recovery time objectives (RTOs) being met because these are the requirements that are critically defined during the business impact analysis stage, with the inputs and involvement of all business process owners. C. The inventory of the backup tapes is only one element of the successful recovery. D. The restoration of backup tapes is a critical success, but only if they were able to be restored within the time frames set by the RTO.

An IS auditor observed that multiple applications are hosted on the same server. The recovery time objective (RTO) for the server will be: Select an answer: A. based on the application with the longest RTO. B. based on the application with the shortest RTO. C. based on the mean of each application's RTO. D. independent of the RTO and based on the criticality of the application.

You are correct, the answer is B. A. The longest recovery time objective (RTO) will be determined for noncritical applications, which will not help in meeting the objectives for critical systems. B. When several applications are hosted on a server, the server's RTO must be determined by taking the RTO of the most critical application, which is the shortest RTO. C. The mean value will be higher than the RTO for a critical application. D. Critical applications usually have the shortest RTOs. The RTO of the server cannot be independent of the application RTO.

Applying a retention date on a file will ensure that: Select an answer: A. data cannot be read until the date is set. B. data will not be deleted before that date. C. backup copies are not retained after that date. D. datasets having the same name are differentiated.

You are correct, the answer is B. A. The retention date will not affect the ability to read the file. B. A retention date will ensure that a file cannot be overwritten or deleted before that date has passed. C. Backup copies would be expected to have a different retention date and, therefore, may be retained after the file has been overwritten. D. The creation date, not the retention date, will differentiate files with the same name.

In the event of a data center disaster, which of the following would be the MOST appropriate strategy to enable a complete recovery of a critical database? Select an answer: A. Daily data backup to tape and storage at a remote site B. Real-time replication to a remote site C. Hard disk mirroring to a local server D. Real-time data backup to the local storage area network (SAN)

You are correct, the answer is B. A. Daily tape backup recovery could result in a loss of a day's work of data. B. With real-time replication to a remote site, data are updated simultaneously in two separate locations; therefore, a disaster in one site would not damage the information located in the remote site. This assumes that both sites were not affected by the same disaster. C. Hard disk mirroring to a local server takes place in the same data center and could possibly be affected by the same disaster. D. Real-time data backup to the local storage area network (SAN) takes place in the same data center and could possibly be affected by the same disaster.

The database administrator (DBA) suggests that database efficiency can be improved by denormalizing some tables. This would result in: Select an answer: A. loss of confidentiality. B. increased redundancy. C. unauthorized accesses. D. application malfunctions.

You are correct, the answer is B. A. Denormalization should not cause loss of confidentiality even though confidential data may be involved. The database administrator (DBA) should ensure that access controls to the databases remain effective. B. Normalization is a design or optimization process for a relational database that minimizes redundancy; therefore, denormalization would increase redundancy. Redundancy, which is usually considered positive when it is a question of resource availability, is negative in a database environment because it demands additional and otherwise unnecessary data handling efforts. Denormalization is sometimes advisable for functional reasons. C. Denormalization pertains to the structure of the database, not the access controls. It should not result in unauthorized access. D. Denormalization may require some changes to the calls between databases and applications, but should not cause application malfunctions.

A lower recovery time objective (RTO) results in: Select an answer: A. higher disaster tolerance. B. higher cost. C. wider interruption windows. D. more permissive data loss.

You are correct, the answer is B. A. Disaster tolerance relates the length of time that critical business processes can be interrupted. A higher disaster tolerance allows for a longer outage and, therefore, longer recovery time. B. Recovery time objective (RTO) is based on the acceptable down time in case of a disruption of operations. The lower the RTO, the higher the cost of recovery strategies. C. The lower the disaster tolerance, the narrower the interruption windows. The interruption window is the length of the outage of critical processes. D. Permissive data loss relates to recovery point objective (RPO), not disaster tolerance.

In addition to the backup considerations for all systems, which of the following is an important consideration in providing backup for online systems? Select an answer: A. Maintaining system software parameters B. Ensuring periodic dumps of transaction logs C. Ensuring grandfather-father-son file backups D. Maintaining important data at an offsite location

You are correct, the answer is B. A. Maintaining system software parameters is important for all systems, not just online systems. B. Ensuring periodic dumps of transaction logs is the only safe way of preserving timely historic data. Because online systems do not have a paper trail that can be used to recreate data, maintaining transaction logs is critically important to prevent data loss. The volume of activity usually associated with an online system may make other more traditional methods of backup impractical. C. Having generations of backups is good practice for all systems. D. All backups should consider offsite storage at a location that is accessible but not likely to be affected by the same disaster.

Which of the following is the MOST important consideration when defining recovery point objectives (RPOs)? Select an answer: A. Minimum operating requirements B. Acceptable data loss C. Mean time between failures D. Acceptable time for recovery

You are correct, the answer is B. A. Minimum operating requirements help define recovery strategies. B. Recovery point objectives (RPOs) are the level of data loss/reworking an organization is willing to accept. C. Mean time between failures helps define likelihood of system failure. D. Recovery time objectives (RTOs) are the acceptable time delay in availability of business operations.

Which of the following is MOST directly affected by network performance monitoring tools? A. Integrity B. Availability C. Completeness D. Confidentiality

You are correct, the answer is B. A. Network monitoring tools can be used to detect errors that are propagating through a network, but their primary focus is on network reliability so that the network is available when required. B. Network monitoring tools allow observation of network performance and problems. This allows the administrator to take corrective action when network problems are observed. Therefore, the characteristic that benefits the most from network monitoring is availability. C. Network monitoring tools will not measure completeness of the communication. This is measured by the end points in the communication. D. A network monitoring tool can violate confidentiality by allowing a network administrator to observe non-encrypted traffic. This requires careful protection and policies regarding the use of network monitoring tools, but this is not the primary benefit of such tools.

In a small organization, an employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend? Select an answer: A. Automated logging of changes to development libraries B. Additional staff to provide separation of duties C. Procedures that verify that only approved program changes are implemented D. Access controls to prevent the operator from making program modifications

You are correct, the answer is C. A. Logging of changes to production libraries would be good practice, but because the administrator could alter the logs, this would not be a sufficient control. B. While it would be preferred that strict separation of duties be adhered to and that additional staff is recruited, this practice is not always possible in small organizations. C. An IS auditor must consider recommending a better process. An IS auditor should recommend a formal change control process that manages and could detect changes to production source and object code, such as code comparisons, so the changes can be reviewed on a regular basis by a third party. This would be a compensating control process. D. Requiring a third party to do the changes may not be practical in a small organization where another person with adequate expertise may not be available.

An IS auditor needs to review the procedures used to restore a software application to its state prior to an upgrade. Therefore, the auditor needs to assess: Select an answer: A. problem management procedures. B. software development procedures. C. fallback procedures. D. incident management procedures.

You are correct, the answer is C. A. Problem management procedures are used to track user feedback and issues related to the operation of an application for trend analysis and problem resolution. B. Software development procedures such as the software development life cycle (SDLC) are used to manage the creation or acquisition of new or modified software. C. Fallback procedures are used to restore a system to a previous state and are an important element of the change control process. The other choices are not related to the change control process—a process which specifies what procedures should be followed when software is being upgraded but the upgrade does not work and requires a fallback to its former state. D. Incident management procedures are used to manage errors or problems with system operation. They are usually used by a help desk. One of the incident management procedures may be how to follow a fallback plan.

The PRIMARY purpose of implementing Redundant Array of Inexpensive Disks (RAID) level 1 in a file server is to: Select an answer: A. achieve performance improvement. B. provide user authentication. C. ensure availability of data. D. ensure the confidentiality of data.

You are correct, the answer is C. A. Redundant Array of Inexpensive Disks (RAID) level 1 does not improve performance. It writes the data to two separate disk drives. B. RAID level 1 has no relevance to authentication. C. RAID level 1 provides disk mirroring. Data written to one disk are also written to another disk. Users in the network access data in the first disk; if disk one fails, the second disk takes over. This redundancy ensures the availability of data. D. RAID level 1 does nothing to provide for data confidentiality.

Which of the following should an incident response team address FIRST after a major incident in an information processing facility? Select an answer: A. Restoration at the facility B. Documentation of the facility C. Containment at the facility D. Monitoring of the facility

You are correct, the answer is C. A. Restoration ensures that the affected systems or services are restored to a condition specified in the restore point objective. This action will be possible only after containment of the damage. B. Documentation of the facility should be prepared to inform management of the incident; however, damage must be contained first. C. The first priority (after addressing life safety) is the containment of the incident at the facility so that spread of the damage is minimized. The incident team must gain control of the situation. D. Monitoring of the facility is important, although containment must take priority to avoid spread of the damage.

During fieldwork, an IS auditor experienced a system crash caused by a security patch installation. To provide reasonable assurance that this event will not recur, the IS auditor should ensure that: Select an answer: A. only systems administrators perform the patch process. B. the client's change management process is adequate. C. patches are validated using parallel testing in production. D. an approval process of the patch, including a risk assessment, is developed.

You are correct, the answer is B. A. While system administrators would normally install patches, it is more important that changes be made according to a formal procedure that includes testing and implementing the change during nonproduction times. B. The change management process, which would include procedures regarding implementing changes during production hours, helps to ensure that this type of event does not recur. An IS auditor should review the change management process, including patch management procedures, to verify that the process has adequate controls and to make suggestions accordingly. C. While patches would normally undergo testing, it is often impossible to test all patches thoroughly. It is more important that changes be made during nonproduction times, and that a backout plan is in place in case of problems. D. An approval process alone could not directly prevent this type of incident from happening. There should be a complete change management process that includes testing, scheduling and approval.

While reviewing the IT infrastructure, an IS auditor notices that storage resources are continuously being added. The IS auditor should: Select an answer: A. recommend the use of disk mirroring. B. review the adequacy of offsite storage. C. review the capacity management process. D. recommend the use of a compression algorithm.

You are correct, the answer is C. A. A disk mirroring solution would increase storage requirements. This would not be advisable until a proper capacity management plan is in place. B. Offsite storage is unrelated to the problem. C. Capacity management is the planning and monitoring of computer resources to ensure that available IT resources are used efficiently and effectively. This will look at capacity from a strategic viewpoint and allow a plan to forecast and purchase additional equipment in a planned manner. D. Though data compression may save disk space, it could affect system performance. This is not the first choice—the auditor should recommend more investigation into the increased demand for storage before providing any recommended solutions.

It is MOST appropriate to implement an incremental backup scheme when: Select an answer: A. there is limited recovery time for critical data. B. online disk-based media are preferred. C. there is limited media capacity. D. a random selection of backup sets is required.

You are correct, the answer is C. A. A full backup or differential backup is preferred in this situation. B. Incremental backup could be used irrespective of the media adopted. C. In an incremental backup, after the full backup, only the files that have changed are backed up, thus minimizing media storage. D. A random selection of backup sets may not be possible with an incremental backup scheme because only fragments of the data are backed up on a daily basis.

An IS auditor finds that the data warehouse query performance decreases significantly at certain times of the day. Which of the following controls would be MOST relevant for the IS auditor to review? Select an answer: A. Permanent table-space allocation B. Commitment and rollback controls C. User spool and database limit controls D. Read/write access log controls

You are correct, the answer is C. A. Table-space allocation will not affect performance at different times of the day. B. Commitment and rollback will only apply to errors or failures and will not affect performance at different times of the day. C. User spool limits restrict the space available for running user queries. This prevents poorly formed queries from consuming excessive system resources and impacting general query performance. Limiting the space available to users in their own databases prevents them from building excessively large tables. This helps to control space utilization which itself acts to help performance by maintaining a buffer between the actual data volume stored and the physical device capacity. Additionally, it prevents users from consuming excessive resources in ad hoc table builds (as opposed to scheduled production loads that often can run overnight and are optimized for performance purposes). In a data warehouse, because you are not running online transactions, commitment and rollback does not have an impact on performance. D. Read/write access log controls will not affect performance at different times of the day.

Which of the following backup techniques is the MOST appropriate when an organization requires extremely granular data restore points, as defined in the recovery point objective (RPO)? Select an answer: A. Virtual tape libraries B. Disk-based snapshots C. Continuous data backup D. Disk-to-tape backup

You are correct, the answer is C. A. Virtual tape libraries would require time to complete the backup, while continuous data backup happens online (in real time). B. Disk-based snapshots would require time to complete the backup and would lose some data between the times of the backup and the failure, while continuous data backup happens online (in real time). C. Recovery point objective (RPO) is based on the acceptable data loss in the case of a disruption. In this scenario the organization needs a short RPO and continuous data backup is the best option. D. Disk-to-tape backup would require time to complete the backup, while continuous data backup happens online (in real time).

Which of the following would an IS auditor consider to be the MOST important to review when conducting a disaster recovery audit? Select an answer: A. A hot site is contracted for and available as needed. B. A business continuity manual is available and current. C. Insurance coverage is adequate and premiums are current. D. Media backups are performed on a timely basis and stored offsite.

You are correct, the answer is D. A. A hot site is important, but it is of no use if there are no data backups for it. B. A business continuity manual is advisable but not most important in a disaster recovery audit. C. Insurance coverage should be adequate to cover costs, but is not as important as having the data backup. D. Without data to process, all other components of the recovery effort are in vain. Even in the absence of a plan, recovery efforts of any type would not be practical without data to process.

A disaster recovery plan (DRP) for an organization's financial system specifies that the recovery point objective (RPO) is zero and the recovery time objective (RTO) is 72 hours. Which of the following is the MOST cost-effective solution? Select an answer: A. A hot site that can be operational in eight hours with asynchronous backup of the transaction logs B. Distributed database systems in multiple locations updated asynchronously C. Synchronous updates of the data and standby active systems in a hot site D. Synchronous remote copy of the data in a warm site that can be operational in 48 hours

You are correct, the answer is D. A. A hot site would meet the recovery time objective (RTO) but would incur higher costs than necessary. B. Asynchronous updates of the database in distributed locations do not meet the recovery point objective (RPO). C. Synchronous updates of the data and standby active systems in a hot site meet the RPO and RTO requirements, but are more costly than a warm site solution. D. The synchronous copy of the data storage achieves the RPO, and a warm site operational in 48 hours meets the required RTO.

A cyclic redundancy check (CRC) is commonly used to determine the: Select an answer: A. accuracy of data input. B. integrity of a downloaded program. C. adequacy of encryption. D. validity of data transfer.

You are correct, the answer is D. A. Accuracy of data input can be enforced by data validation controls such as picklists, cross checks, reasonableness checks, control totals, allowed character checks and others. B. A checksum or digital signature is commonly used to validate the integrity of a downloaded program or other transferred data. C. Encryption adequacy is driven by the sensitivity of the data to be protected and algorithms that determine how long it would take to break a specific encryption method. D. The accuracy of blocks of data transfers, such as data transfer from hard disks, is validated by a cyclic redundancy check (CRC).

When reviewing a hardware maintenance program, an IS auditor should assess whether: Select an answer: A. the schedule of all unplanned maintenance is maintained. B. it is in line with historical trends. C. it has been approved by the IS steering committee. D. the program is validated against vendor specifications.

You are correct, the answer is D. A. Unplanned maintenance cannot be scheduled. B. Hardware maintenance programs do not necessarily need to be in line with historic trends. C. Maintenance schedules normally are not approved by the steering committee. D. Although maintenance requirements vary based on complexity and performance workloads, a hardware maintenance schedule should be validated against the vendor-provided specifications.

What is the BEST backup strategy for a large database with data supporting online sales? Select an answer: A. Weekly full backup with daily incremental backup B. Daily full backup C. Clustered servers D. Mirrored hard disks

You are correct, the answer is D. A. Weekly full backup and daily incremental backup is a poor backup strategy for online transactions. Because this system supports online sales it can be difficult to recreate lost data and this solution may result in a loss of up to one day's worth of data. B. A full backup normally requires a couple of hours, and therefore, it can be impractical to conduct a full backup every day. C. Clustered servers provide a redundant processing capability, but are not a backup. D. Mirrored hard disks will ensure that all data are backed up to more than one disk so that a failure of one disk will not result in loss of data.

Which of the following ensures the availability of transactions in the event of a disaster? Select an answer: A. Send tapes hourly containing transactions offsite. B. Send tapes daily containing transactions offsite. C. Capture transactions to multiple storage devices. D. Transmit transactions offsite in real time.

You are correct, the answer is D. A. Sending hourly tapes containing transactions offsite is not in real time and, therefore, would possibly result in the loss of one hour's worth of transactional data. B. Sending daily tapes containing transactions offsite is not in real time and, therefore, could result in the loss of one day's worth of transactional data. C. Capturing transactions to multiple storage devices does not ensure availability at an offsite location. D. The only way to ensure availability of all transactions is to perform a real-time transmission to an offsite facility.

After discovering a security vulnerability in a third-party application that interfaces with several external systems, a patch is applied to a significant number of modules. Which of the following tests should an IS auditor recommend? Select an answer: A. Stress B. Black box C. Interface D. System

You are correct, the answer is D. A. Stress testing relates to capacity and availability and does not apply in these circumstances. B. Black box testing would be performed on the individual modules, but the entire system should be tested because more than one module was changed. C. Interface testing would test the interaction with external systems but would not validate the performance of the changed system. D. Given the extensiveness of the patch and its interfaces to external systems, system testing is most appropriate. System testing will test all the functionality and interfaces between modules.

Which of the following is the MOST efficient way to test the design effectiveness of a change control process? Select an answer: A. Test a sample population of change requests B. Test a sample of authorized changes C. Interview personnel in charge of the change control process D. Perform an end-to-end walk-through of the process

You are correct, the answer is D. A. Testing a sample population of changes is a test of operating effectiveness to ensure that users submitted the proper documentation/requests. It does not test the effectiveness of the design. B. Testing changes that have been authorized may not provide sufficient assurance of the entire process because it does not test the elements of the process related to authorization or detect changes that bypassed the controls. C. Interviewing personnel in charge of the change control process is not as effective as a walk-through of the change controls process because people may know the process but not follow it. D. Observation is the best and most effective method to test changes to ensure that the process is effectively designed.

When performing a database review, an IS auditor notices that some tables in the database are not normalized. The IS auditor should next: Select an answer: A. recommend that the database be normalized. B. review the conceptual data model. C. review the stored procedures. D. review the justification.

You are correct, the answer is D. A. The IS auditor should not recommend normalizing the database until further investigation takes place. B. Reviewing the conceptual data model will not provide information about normalization or the justification for the level of normalization. C. Reviewing the stored procedures will not provide information about normalization. D. If the database is not normalized, the IS auditor should review the justification because, in some situations, denormalization is recommended for performance reasons.

The MAIN criterion for determining the severity level of a service disruption incident is: Select an answer: A. cost of recovery. B. negative public opinion. C. geographic location. D. downtime.

You are correct, the answer is D. A. The cost of recovery could be minimal, yet the service downtime could have a major impact. B. Negative public opinion is a symptom of an incident; it is a factor in determining impact but not the most important one. C. Geographic location does not determine the severity of the incident. D. The longer the period of time a client cannot be serviced, the greater the severity (impact) of the incident.

Which of the following database controls would ensure that the integrity of transactions is maintained in an online transaction processing system's database? Select an answer: A. Authentication controls B. Data normalization controls C. Read/write access log controls D. Commitment and rollback controls

You are correct, the answer is D. A. Authentication controls would ensure that only authorized personnel can make changes but would not ensure the integrity of the changes. B. Data normalization is not used to protect the integrity of online transactions. C. Log controls are a detective control but will not ensure the integrity of the data in the database. D. Commitment and rollback controls are directly relevant to integrity. These controls ensure that database operations that form a logical transaction unit will be completed entirely or not at all, (i.e., if, for some reason, a transaction cannot be fully completed, then incomplete inserts/updates/deletes are rolled back so that the database returns to its pretransaction state).

Which of the following is the GREATEST risk when storage growth in a critical file server is not managed properly? Select an answer: A. Backup time would steadily increase. B. Backup operational costs would significantly increase. C. Storage operational costs would significantly increase. D. Server recovery work may not meet the recovery time objective (RTO).

You are correct, the answer is D. A. Backup time may increase, but that can be managed. The most important issue is the time taken to recover the data. B. The backup cost issues are not as significant as not meeting the recovery time objective (RTO). C. The storage cost issues are not as significant as not meeting the RTO. D. In case of a crash, recovering a server with an extensive amount of data could require a significant amount of time. If the recovery cannot meet the RTO, there will be a discrepancy in IT strategies. It is important to ensure that server restoration can meet the RTO.

Which of the following security measures BEST ensures the integrity of information stored in a data warehouse? Select an answer: A. Validated daily backups B. Change management procedures C. Data dictionary maintenance D. A read-only restriction

You are correct, the answer is D. A. Backups address availability, not integrity. Validated backups ensure that the backup will work when needed. B. Adequate change management procedures protect the data warehouse and the systems with which the data warehouse interfaces from unauthorized changes but are not usually concerned with the data. C. Data dictionary maintenance procedures provide for the definition and structure of data that are input to the data warehouse. This will not affect the integrity of data already stored. D. Because most data in a data warehouse are historic and do not need to be changed, applying read-only restrictions prevents data manipulation.

Which of the following processes should an IS auditor recommend to assist in the recording of baselines for software releases? Select an answer: A. Change management B. Backup and recovery C. Incident management D. Configuration management

You are correct, the answer is D. A. Change management is important to control changes to the configuration, but the baseline itself refers to a standard configuration. B. Backup and recovery of the configuration are important, but not used to create the baseline. C. Incident management will determine how to respond to an adverse event, but is not related to recording baseline configurations. D. The configuration management process may include automated tools that will provide an automated recording of software release baselines. Should the new release fail, the baseline will provide a point to which to return.

An IS auditor analyzing the audit log of a database management system (DBMS) finds that some transactions were partially executed as a result of an error and have not been rolled back. Which of the following transaction processing features has been violated? Select an answer: A. Consistency B. Isolation C. Durability D. Atomicity

You are correct, the answer is D. A. Consistency ensures that the database is in a proper state when the transaction begins and ends and that the transaction has not violated integrity rules. B. Isolation means that, while in an intermediate state, the transaction data are invisible to external operations. This prevents two transactions from attempting to access the same data at the same time. C. Durability guarantees that a successful transaction will persist, and cannot be undone. D. Atomicity guarantees that either the entire transaction is processed or none of it is.

Online banking transactions are being posted to the database when processing suddenly comes to a halt. The integrity of the transaction processing is BEST ensured by: Select an answer: A. database integrity checks. B. validation checks. C. input controls. D. database commits and rollbacks.

You are correct, the answer is D. A. Database integrity checks are important to ensure database consistency and accuracy. These include isolation, concurrency and durability controls, but the most important issue here is atomicity—the requirement for transactions to complete entirely and commit or else roll back to the last known good point. B. Validation checks will prevent introduction of corrupt data but will not address system failure. C. Input controls are important to protect the integrity of input data but will not address system failure. D. Database commits ensure that the data are saved after the transaction processing is completed. Rollback ensures that the processing that has been partially completed as part of the transaction is reversed back and not saved if the entire transaction does not complete successfully.

A database administrator has detected a performance problem with some tables, which could be solved through denormalization. This situation will increase the risk of: Select an answer: A. concurrent access. B. deadlocks. C. unauthorized access to data. D. a loss of data integrity.

You are correct, the answer is D. A. Denormalization will have no effect on concurrent access to data in a database; concurrent access is resolved through locking. B. Deadlocks are a result of locking of records. This is not related to normalization. C. Access to data is controlled by defining user rights to information and is not affected by denormalization. D. Normalization is the removal of redundant data elements from the database structure. Disabling normalization in relational databases will create redundancy and a risk of not maintaining consistency of data, with the consequent loss of data integrity.

Which of the following BEST mitigates the risk of backup media containing irreplaceable information being lost or stolen while in transit? Select an answer: A. Ensure that media are encrypted. B. Maintain a duplicate copy. C. Maintain chain of custody. D. Ensure that personnel are bonded.

You answered A. The correct answer is B. A. Although strong encryption protects against disclosure, it will not mitigate the loss of irreplaceable data. B. Sensitive data should always be fully backed up before being transmitted or moved. Backups of sensitive information should be treated with the same control considerations as the actual data. C. Chain of custody is an important control, but it will not mitigate a loss if a locked area is broken into and media removed or if media are lost while in an individual's custody. D. Bonded security, although good for preventing theft, will not protect against accidental loss or destruction.

A programmer maliciously modified a production program to change data and then restored the original code. Which of the following would MOST effectively detect the malicious activity? Select an answer: A. Comparing source code B. Reviewing system log files C. Comparing object code D. Reviewing executable and source code integrity

You answered A. The correct answer is B. A. Source code comparisons are ineffective because the original programs were restored and the changed program does not exist. B. Reviewing system log files is the only trail that may provide information about the unauthorized activities in the production library. C. Object code comparisons are ineffective because the original programs were restored and the changed program does not exist. D. Reviewing executable and source code integrity is an ineffective control, because the source code was changed back to the original and will agree with the current executable.

The FIRST step in the execution of a problem management mechanism should be: Select an answer: A. issue analysis. B. exception ranking. C. exception reporting. D. root cause analysis.

You answered A. The correct answer is C. A. Analysis and resolution are performed after logging and triage have been performed. B. Exception ranking can only be performed once the exceptions have been reported. C. The reporting of operational issues is normally the first step in tracking problems. D. Root cause analysis is performed once the exceptions have been identified and is not normally the first part of problem management.

During an application audit, the IS auditor finds several problems related to corrupt data in the database. Which of the following is a corrective control that the IS auditor should recommend? Select an answer: A. Define the standards, and closely monitor them for compliance. B. Ensure that only authorized personnel can update the database. C. Establish controls to handle concurrent access problems. D. Proceed with restore procedures.

You answered A. The correct answer is D. A. Establishing standards is a preventive control, and monitoring for compliance is a detective control. B. Ensuring that only authorized personnel can update the database is a preventive control. C. Establishing controls to handle concurrent access problems is a preventive control. D. Proceeding with restore procedures is a corrective control. Restore procedures can be used to recover databases to their last-known archived version.

Which of the following controls will MOST effectively detect the presence of bursts of errors in network transmissions? Select an answer: A. Parity check B. Echo check C. Block sum check D. Cyclic redundancy check (CRC)

You answered A. The correct answer is D. A. Parity check (known as vertical redundancy check) also involves adding a bit (known as the parity bit) to each character during transmission. In this case, where there is a presence of bursts of errors (i.e., impulsing noise during high transmission rates), it has a reliability of approximately 50 percent. In higher transmission rates, this limitation is significant. B. Echo checks detect line errors by retransmitting data to the sending device for comparison with the original transmission. C. A block sum check is a form of parity checking and has a low level of reliability. D. The cyclic redundancy check (CRC) can check for a block of transmitted data. The workstations generate the CRC and transmit it with the data. The receiving workstation computes a CRC and compares it to the transmitted CRC. If both of them are equal, then the block is assumed error free. In this case (such as in parity error or echo check), multiple errors can be detected. In general, CRC can detect all single-bit and double-bit errors.

Which of the following would an IS auditor consider to be MOST helpful when evaluating the effectiveness and adequacy of a preventive computer maintenance program? Select an answer: A. A system downtime log B. Vendors' reliability figures C. Regularly scheduled maintenance log D. A written preventive maintenance schedule

You answered B. The correct answer is A. A. A system downtime log provides information regarding the effectiveness and adequacy of computer preventive maintenance programs. The log is a detective control, but because it is validating the effectiveness of the maintenance program, it is validating a preventive control. B. Vendor's reliability figures are not an effective measure of a preventive maintenance program. C. Reviewing the log is a good detective control to ensure that maintenance is being done; however, only the system downtime will indicate whether the preventive maintenance is actually working well. D. A schedule is a good control to ensure that maintenance is scheduled and that no items are missed in the maintenance schedule; however, it is not a guarantee that the work is actually being done.

An IS auditor notes during an audit that an organization's business continuity plan (BCP) does not adequately address information confidentiality during the recovery process. The IS auditor should recommend that the plan be modified to include: Select an answer: A. the level of information security required when business recovery procedures are invoked. B. information security roles and responsibilities in the crisis management structure. C. information security resource requirements. D. change management procedures for information security that could affect business continuity arrangements.

You answered B. The correct answer is A. A. Business should consider whether information security levels required during recovery should be the same, lower or higher than when business is operating normally. In particular, any special rules for access to confidential data during a crisis need to be identified. B. During a time of crisis, the security needs of the organization may increase because many usual controls such as separation of duties are missing. Having security roles in the crisis management plan is important, but that is not the best answer to this scenario. C. Identifying the resource requirements for information security, as part of the business continuity plan (BCP), is important, but it is more important to set out the security levels that would be required for protected information. D. Change management procedures can help keep a BCP up to date but are not relevant to this scenario.

Which of the following is of GREATEST concern to an IS auditor when performing an audit of a client relationship management (CRM) system migration project? Select an answer: A. The technical migration is planned for a Friday preceding a long weekend, and the time window is too short for completing all tasks. B. Employees pilot-testing the system are concerned that the data representation in the new system is completely different from the old system. C. A single implementation is planned, immediately decommissioning the legacy system. D. Five weeks prior to the target date, there are still numerous defects in the printing functionality of the new system's software.

You answered B. The correct answer is C. A. A weekend can be used as a time buffer so that the new system will have a better chance of being up and running after the weekend. B. A different data representation does not mean different data presentation at the front end. Even when this is the case, this issue can be solved by adequate training and user support. C. Major system migrations should include a phase of parallel operation or a phased cut-over to reduce implementation risk. Decommissioning or disposing of the old hardware would complicate any fallback strategy, should the new system not operate correctly. D. The printing functionality is commonly one of the last functions to be tested in a new system because it is usually the last step performed in any business event. Thus, meaningful testing and the respective error fixing are only possible after all other parts of the software have been successfully tested.

During an audit of a small company that provides medical transcription services, an IS auditor observes several issues related to the backup and restore process. Which of the following should be the auditor's GREATEST concern? Select an answer: A. Restoration testing for backup media is not performed; however, all data restore requests have been successful. B. The policy for data backup and retention has not been reviewed by the business owner for the past three years. C. The company stores transcription backup tapes offsite using a third-party service provider, which inventories backup tapes annually. D. Failed backup alerts for the marketing department data files are not followed up on or resolved by the IT administrator.

You answered B. The correct answer is C. A. Lack of restoration testing does not increase the risk of unauthorized leakage of information. Not performing restoration tests on backup tapes poses a risk; however, this risk is somewhat mitigated because past data restore requests have been successful. B. Lack of review of the data backup and retention policy may be of a concern if systems and business processes have changed in the past three years. The IS auditor should perform additional procedures to verify the validity of existing procedures. In addition, lack of this control does not introduce a risk of unauthorized leakage of information. C. For a company working with confidential patient data, the loss of a backup tape is a significant incident. Privacy laws specify severe penalties for such an event, and the company's reputation could be damaged due to mandated reporting requirements. To gain assurance that tapes are being handled properly, the organization should perform audit tests that include frequent physical inventories and an evaluation of the controls in place at the third-party provider. D. Failed backup alerts that are not followed up on and resolved imply that certain data or files are not backed up. This is a concern if the files/data being backed up are critical in nature, but, typically, marketing data files are not regulated in the same way as medical transcription files. Lack of this control does not introduce a risk of unauthorized leakage of sensitive information.

An IS auditor is performing a review of a network, and users report that the network is slow and web pages periodically time out. The IS auditor confirms the users' feedback and reports the findings to the network manager. The most appropriate action for the network management team should be to FIRST: Select an answer: A. use a protocol analyzer to perform network analysis and review error logs of local area network (LAN) equipment. B. take steps to increase the bandwidth of the connection to the Internet. C. create a baseline using a protocol analyzer and implement quality of service (QoS) to ensure that critical business applications work as intended. D. implement virtual LANs (VLANs) to segment the network and ensure performance.

You answered C. The correct answer is A. A. In this case, the first step is to identify the problem through review and analysis of network traffic. Using a protocol analyzer and reviewing the log files of the related switches or routers will determine whether there is a configuration issue or hardware malfunction. B. While increasing Internet bandwidth may be required, this may not be needed if the performance issue is due to a different problem or error condition. C. While creating a baseline and implementing quality of service (QoS) will ensure that critical applications have the appropriate bandwidth, in this case the performance issue could be related to misconfiguration or equipment malfunction. D. While implementing virtual local area networks (VLANs) may be a good practice for ensuring adequate performance, in this case the issue could be related to misconfigurations or equipment malfunction.

During the audit of a database server, which of the following would be considered the GREATEST exposure? Select an answer: A. The password on the administrator account does not expire. B. Default global security settings for the database remain unchanged. C. Old data have not been purged. D. Database activity is not fully logged.

You are correct, the answer is B. A. A non-expiring password is a risk and an exposure but not as serious a risk as a weak password or the continued use of default settings. B. Default security settings for the database could allow issues such as blank user passwords or passwords that were the same as the username. C. Failure to purge old data may present a performance issue but is not an immediate security concern. D. Logging all database activity is a potential risk but not as serious a risk as default settings.

An IS auditor is performing a review of the disaster recovery hot site used by a financial institution. Which of the following would be the GREATEST concern? Select an answer: A. System administrators use shared accounts which never expire at the hot site. B. Disk space utilization data are not kept current. C. Physical security controls at the hot site are less robust than at the main site. D. Servers at the hot site do not have the same specifications as at the main site.

You answered D. The correct answer is B. A. While it is not a good practice for security administrators to share accounts that do not expire, the greater risk in this scenario would be running out of disk space. B. Not knowing how much disk space is in use and, therefore, how much is needed at the disaster recovery site could create major issues in the case of a disaster. C. Physical security controls are important and this would be a concern, but the more important concern would be running out of disk space. The particular physical characteristic of the disaster recovery site may call for different controls that may appear to be less robust than the main site; however, such a risk could be addressed through policy and procedures or by adding additional personnel if needed. D. As long as the servers at the hot site are capable of running the programs that are required in a disaster recovery situation, the precise capabilities of the servers at the hot site is not a major risk. It is necessary to ensure that software configuration and settings match the servers at the main site, but it is not unusual for newer and more powerful servers to exist at the main site for everyday production use while the standby servers are less powerful.

An IS auditor is evaluating the effectiveness of the organization's change management process. What is the MOST important control that the IS auditor should look for to ensure system availability? Select an answer: A. Changes are authorized by IT managers at all times. B. User acceptance testing (UAT) is performed and properly documented. C. Test plans and procedures exist and are closely followed. D. Capacity planning is performed as part of each development project.

You answered D. The correct answer is C. A. Changes are usually required to be signed off by a business analyst, member of the change control board or other authorized representative, not necessarily by IT management. B. User acceptance testing (UAT) is important but not a critical element of change control and would not usually address the topic of availability as asked in the question. C. The most important control for ensuring system availability is to implement a sound test plan and procedures that are followed consistently. D. While capacity planning should be considered in each development project, it will not ensure system availability, nor is it part of the change control process.

The BEST audit procedure to determine if unauthorized changes have been made to production code is to: Select an answer: A. examine the change control system records and trace them forward to object code files. B. review access control permissions operating within the production program libraries. C. examine object code to find instances of changes and trace them back to change control records. D. review change approved designations established within the change control system.

You answered D. The correct answer is C. A. Checking the change control system will not detect changes that were not recorded in the control system. B. Reviewing access control permissions will not identify unauthorized changes made previously. C. The procedure of examining object code files to establish instances of code changes and tracing these back to change control system records is a substantive test that directly addresses the risk of unauthorized code changes. D. Reviewing change approved designations will not identify unauthorized changes.

An offsite information processing facility with electrical wiring, air conditioning and flooring, but no computer or communications equipment, is a: Select an answer: A. cold site. B. warm site. C. dial-up site. D. duplicate processing facility.

You are correct, the answer is A. A. A cold site is ready to receive equipment but does not offer any components at the site in advance of the need. B. A warm site is an offsite backup facility that is partially configured with network connections and selected peripheral equipment—such as disk and tape units, controllers and central processing units (CPUs)—to operate an information processing facility. C. A dial-up site is used for remote access, but not for offsite information processing. D. A duplicate information processing facility is a dedicated, fully-developed recovery site that can back up critical applications.

The PRIMARY objective of performing a postincident review is that it presents an opportunity to: Select an answer: A. improve internal control procedures. B. harden the network to industry good practices. C. highlight the importance of incident response management to management. D. improve employee awareness of the incident response process.

You are correct, the answer is A. A. A postincident review examines both the cause and response to an incident. The lessons learned from the review can be used to improve internal controls. Understanding the purpose and structure of postincident reviews and follow-up procedures enables the information security manager to continuously improve the security program. Improving the incident response plan based on the incident review is an internal (corrective) control. B. A postincident review may result in improvements to controls, but its primary purpose is not to harden a network. C. The purpose of postincident review is to ensure that the opportunity is presented to learn lessons from the incident. It is not intended as a forum to educate management. D. An incident may be used to emphasize the importance of incident response, but that is not the intention of the postincident review.

Business units are concerned about the performance of a newly implemented system. Which of the following should an IS auditor recommend? Select an answer: A. Develop a baseline and monitor system usage. B. Define alternate processing procedures. C. Prepare the maintenance manual. D. Implement the changes users have suggested.

You are correct, the answer is A. A. An IS auditor should recommend the development of a performance baseline and monitor the system's performance against the baseline to develop empirical data upon which decisions for modifying the system can be made. B. Alternate processing procedures will not alter a system's performance, and no changes should be made until the reported issue has been examined more thoroughly. C. A maintenance manual will not alter a system's performance or address the user concerns. D. Implementing changes without knowledge of the cause(s) for the perceived poor performance may not result in a more efficient system.

Emergency changes that bypass the normal change control process are MOST acceptable if: Select an answer: A. management reviews and approves the changes after they have occurred. B. the changes are reviewed by a peer at the time of the change. C. the changes are documented in the change control system by the operations department. D. management has preapproved all emergency changes.

You are correct, the answer is A. A. Because management cannot always be available when a system failure occurs, it is acceptable for changes to be reviewed and approved within a reasonable time period after they occur. B. Although peer review provides some accountability, management should review and approve all changes, even if that review and approval must occur after the fact. C. Documenting the event does not replace the need for a review and approval process to occur. D. It is not a good control practice for management to ignore its responsibility by preapproving all emergency changes in advance without reviewing them. Unauthorized changes could then be made without management's knowledge.

Which of the following groups is the BEST source of information for determining the criticality of application systems as part of a business impact analysis (BIA)? Select an answer: A. Business processes owners B. IT management C. Senior business management D. Industry experts

You are correct, the answer is A. A. Business process owners have the most relevant information to contribute because the business impact analysis (BIA) is designed to evaluate criticality and recovery time lines, based on business needs. B. While IT management must be involved, they may not be fully aware of the business processes that need to be protected. C. While senior management must be involved, they may not be fully aware of the criticality of applications that need to be protected. D. The BIA is dependent on the unique business needs of the organization and the advice of industry experts is of limited value.

The purpose of code signing is to provide assurance that: Select an answer: A. the software has not been subsequently modified. B. the application can safely interface with another signed application. C. the signer of the application is trusted. D. the private key of the signer has not been compromised.

You are correct, the answer is A. A. Code signing ensures that the executable code came from a reputable source and has not been modified after being signed. B. The signing of code will not ensure that it will integrate with other applications. C. Code signing will provide assurance of the source but will not ensure that the source is trusted. The code signing will, however, ensure that the code has not been modified. D. The compromise of the sender's private key would result in a loss of trust and is not the purpose of code signing.

During an audit of a small enterprise, the IS auditor noted that the IS director has superuser-privilege access that allows the director to process requests for changes to the application access roles (access types). Which of the following should the IS auditor recommend? Select an answer: A. Implement a properly documented process for application role change requests. B. Hire additional staff to provide a segregation of duties (SoD) for application role changes. C. Implement an automated process for changing application roles. D. Document the current procedure in detail, and make it available on the enterprise intranet.

You are correct, the answer is A. A. The IS auditor should recommend implementation of processes that could prevent or detect improper changes from being made to the major application roles. The application role change request process should start and be approved by the business owner; then, the IS director can make the changes to the application. B. While it is preferred that a strict segregation of duties (SoD) be adhered to and that additional staff be recruited, this practice is not always possible in small enterprises. The IS auditor must look at recommended alternative processes. C. An automated process for managing application roles may not be practical to prevent improper changes being made by the IS director, who also has the most privileged access to the application. D. Making the existing process available on the enterprise intranet would not provide any value to protect the system.

Which of the following specifically addresses how to detect cyberattacks against an organization's IT systems and how to recover from an attack? Select an answer: A. An incident response plan (IRP) B. An IT contingency plan C. A business continuity plan (BCP) D. A continuity of operations plan (COOP)

You are correct, the answer is A. A. The incident response plan (IRP) determines the information security responses to incidents such as cyberattacks on systems and/or networks. This plan establishes procedures to enable security personnel to identify, mitigate and recover from malicious computer incidents such as unauthorized access to a system or data, denial of service (DoS) or unauthorized changes to system hardware or software. B. The IT contingency plan addresses IT system disruptions and establishes procedures for recovering from a major application or general support system failure. The contingency plan deals with ways to recover from an unexpected failure, but it does not address the identification or prevention of cyberattacks. C. The business continuity plan (BCP) addresses business processes and provides procedures for sustaining essential business operations while recovering from a significant disruption. While a cyberattack could be severe enough to require use of the BCP, the IRP would be used to determine which actions should be taken—both to stop the attack as well as to resume normal operations after the attack. D. The continuity of operations plan (COOP) addresses the subset of an organization's missions that are deemed most critical and contains procedures to sustain these functions at an alternate site for a short time period.

If the recovery time objective (RTO) increases: Select an answer: A. the disaster tolerance increases. B. the cost of recovery increases. C. a cold site cannot be used. D. the data backup frequency increases.

You are correct, the answer is A. A. The longer the recovery time objective (RTO), the higher disaster tolerance. The disaster tolerance is the amount of time the business can afford to be disrupted before resuming critical operations. B. The longer the RTO, the lower the recovery cost. C. It cannot be concluded that a cold site is inappropriate; with a longer RTO the use of a cold site may become feasible. D. RTO is not related to the frequency of data backups—that is related to recovery point objective (RPO).

A review of wide area network (WAN) usage discovers that traffic on one communication line between sites, synchronously linking the master and standby database, peaks at 96 percent of the line capacity. An IS auditor should conclude that: Select an answer: A. analysis is required to determine if a pattern emerges that results in a service loss for a short period of time. B. WAN capacity is adequate for the maximum traffic demands because saturation has not been reached. C. the line should immediately be replaced by one with a larger capacity to provide approximately 85 percent saturation. D. users should be instructed to reduce their traffic demands or distribute them across all service hours to flatten bandwidth consumption.

You are correct, the answer is A. A. The peak at 96 percent could be the result of a one-off incident (e.g., a user downloading a large amount of data); therefore, analysis to establish whether this is a regular pattern and what causes this behavior should be carried out before expenditure on a larger line capacity is recommended. B. A peak traffic load of 96 percent is approaching a critical level, and the auditor should not assume that capacity is adequate at this time or for the foreseeable future. Further investigation is required. C. If the peak is established to be a regular occurrence without any other opportunities for mitigation (usage of bandwidth reservation protocol or other types of prioritizing network traffic), the line should be replaced because there is the risk of loss of service as the traffic approaches 100 percent. At this point, further research is required. D. If the peak traffic load is a rare one-off occurrence or if traffic can be reengineered to transfer at other time frames, then user education may be an option. Further investigation will be required.

When reviewing system parameters, an IS auditor's PRIMARY concern should be that: Select an answer: A. they are set to meet security and performance requirements. B. changes are recorded in an audit trail and periodically reviewed. C. changes are authorized and supported by appropriate documents. D. access to parameters in the system is restricted.

You are correct, the answer is A. A. The primary concern is to find the balance between security and performance. Recording changes in an audit trail and periodically reviewing them is a detective control; however, if parameters are not set according to business rules, monitoring of changes may not be an effective control. B. Reviewing changes to ensure they are supported by appropriate documents is also a detective control. C. If parameters are set incorrectly, the related documentation and the fact that these are authorized does not reduce the impact. D. Restriction of access to parameters ensures that only authorized staff can access the parameters; however, if the parameters are set incorrectly, restricting access will still have an adverse impact.

An IS auditor is reviewing an organization's disaster recovery plan (DRP) implementation. The project was completed on time and on budget. During the review, the auditor uncovers several areas of concern. Which of the following presents the GREATEST risk? Select an answer: A. Testing of the DRP has not been performed. B. The disaster recovery strategy does not specify use of a hot site. C. The business impact analysis (BIA) was conducted, but the results were not used. D. The disaster recovery project manager for the implementation has recently left the organization.

You are correct, the answer is C. A. Although testing a disaster recovery plan (DRP) is a critical component of a successful disaster recovery strategy, this is not the biggest risk; the biggest risk comes from a plan that is not properly designed. B. Use of a hot site is a strategic determination based on tolerable downtime, cost and other factors. Although using a hot site may be considered a good practice, this is a very costly solution that may not be required for the organization. C. The risk of not using the results of the business impact analysis (BIA) for disaster recovery planning means that the DRP may not be designed to recover the most critical assets in the correct order. As a result, the plan may not be adequate to allow the organization to recover from a disaster. D. If the DRP is designed and documented properly, the loss of an experienced project manager should have minimal impact. The risk of a poorly designed plan that may not meet the requirements of the business is much more significant than the risk posed by loss of the project manager.

Which of the following is a MAJOR concern during a review of help desk activities? Select an answer: A. Certain calls could not be resolved by the help desk team. B. A dedicated line is not assigned to the help desk team. C. Resolved incidents are closed without reference to end users. D. The help desk instant messaging has been down for over six months.

You are correct, the answer is C. A. Although this is of concern, it should be expected. A problem escalation procedure should be developed to handle such scenarios. B. Ideally, a help desk team should have dedicated lines, but this exception is not as serious as the technical team unilaterally closing an incident. C. The help desk function is a service-oriented unit. The end users must sign off before an incident can be regarded as closed. D. Instant messaging is an add-on to improve the effectiveness of the help desk team. Its absence cannot be seen as a major concern as long as calls can still be made.

Which of the following would BEST support 24/7 availability? Select an answer: A. Daily backup B. Offsite storage C. Mirroring D. Periodic testing

You are correct, the answer is C. A. Daily backup implies that it is reasonable for restoration to take place within a number of hours but not immediately. B. Offsite storage does not, itself, support continuous availability. C. Mirroring of critical elements is a tool that facilitates immediate (failover) recoverability. D. Periodic testing of systems does not, itself, support continuous availability.

In which of the following situations is it MOST appropriate to implement data mirroring as the recovery strategy? Select an answer: A. Disaster tolerance is high. B. The recovery time objective (RTO) is high. C. The recovery point objective (RPO) is low. D. The RPO is high.

You are correct, the answer is C. A. Data mirroring is a data recovery technique, and disaster tolerance addresses the allowable time for an outage of the business. B. The recovery time objective (RTO) is an indicator of the disaster tolerance. Data mirroring addresses data loss, not the RTO. C. The recovery point objective (RPO) indicates the latest point in time at which it is possible to recover the data. This determines how often the data must be backed up to minimize data loss. If the RPO is low, then the organization does not want to lose much data and must use a process such as data mirroring to prevent data loss. D. If the RPO is high, then a less expensive backup strategy can be used; data mirroring should not be implemented as the data recovery strategy.

An IS auditor reviewing database controls discovered that changes to the database during normal working hours were handled through a standard set of procedures. However, changes made after normal hours required only an abbreviated number of steps. In this situation, which of the following would be considered an adequate set of compensating controls? Select an answer: A. Allow changes to be made only with the database administrator (DBA) user account. B. Make changes to the database after granting access to a normal user account. C. Use the DBA user account to make changes, log the changes and review the change log the following day. D. Use the normal user account to make changes, log the changes and review the change log the following day.

You are correct, the answer is C. A. The use of the database administrator (DBA) user account without logging would permit uncontrolled changes to be made to databases after access to the account was obtained. B. A normal user account should not have access to a database. This would permit uncontrolled changes to any of the databases. C. The use of a DBA user account is normally set up to log all changes made and is most appropriate for changes made outside of normal hours. The use of a log, which records the changes, allows changes to be reviewed. Because an abbreviated number of steps are used, this represents an adequate set of compensating controls. D. Users should not be able to make changes. Logging would only provide information on changes made but would not limit changes to only those who were authorized.

An IS auditor examining the security configuration of an operating system should review the: Select an answer: A. transaction logs. B. authorization tables. C. parameter settings. D. routing tables.

You are correct, the answer is C. A. Transaction logs are used to track and analyze transactions related to an application or system interface, but that is not the primary source of audit evidence in an operating system audit. B. Authorization tables are used to verify implementation of logical access controls and will not be of much help when reviewing control features of an operating system. C. Configuration parameters allow a standard piece of software to be customized for diverse environments and are important in determining how a system runs. The parameter settings should be appropriate to an organization's workload and control environment. Improper implementation and/or monitoring of operating systems can result in undetected errors and corruption of the data being processed, as well as lead to unauthorized access and inaccurate logging of system usage. D. Routing tables do not contain information about the operating system and, therefore, provide no information to aid in the evaluation of controls.

During the review of an in-house developed application, the GREATEST concern to an IS auditor is if a: Select an answer: A. user raises a change request and tests it in the test environment. B. programmer codes a change in the development environment and tests it in the test environment. C. manager approves a change request and then reviews it in production. D. manager initiates a change request and subsequently approves it.

You are correct, the answer is D. A. Having a user involved in testing changes is common practice. B. Having a programmer code a change in development and then separately test the change in a test environment is a good practice and preferable over testing in production. C. Having a manager review a change to make sure it was done correctly is an acceptable practice. D. Initiating and subsequently approving a change request violates the principle of segregation of duties. A person should not be able to approve their own requests.

A large chain of shops with electronic funds transfer (EFT) at point-of-sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communications processor? Select an answer: A. Offsite storage of daily backups B. Alternative standby processor onsite C. Installation of duplex communication links D. Alternative standby processor at another network node

You are correct, the answer is D. A. Offsite storage of backups would not help, because electronic funds transfer (EFT) tends to be an online process and offsite storage will not replace the dysfunctional processor. B. The provision of an alternate processor onsite would be fine if it were an equipment problem, but would not help in the case of a power outage and may require technical expertise to cutover to the alternate equipment. C. Installation of duplex communication links would be most appropriate if it were only the communication link that failed. D. Having an alternative standby processor at another network node would be the best solution. The unavailability of the central communications processor would disrupt all access to the banking network, resulting in the disruption of operations for all of the shops. This could be caused by failure of equipment, power or communications.