The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1791
- Question
- Answer
- Explanation
- CISA Question 1792
- Question
- Answer
- Explanation
- CISA Question 1793
- Question
- Answer
- Explanation
- CISA Question 1794
- Question
- Answer
- Explanation
- CISA Question 1795
- Question
- Answer
- Explanation
- CISA Question 1796
- Question
- Answer
- Explanation
- CISA Question 1797
- Question
- Answer
- Explanation
- CISA Question 1798
- Question
- Answer
- Explanation
- CISA Question 1799
- Question
- Answer
- Explanation
- CISA Question 1800
- Question
- Answer
- Explanation
CISA Question 1791
Question
An organization’s disaster recovery plan should address early recovery of:
A. all information systems processes.
B. all financial processing applications.
C. only those applications designated by the IS manager.
D. processing in priority order, as defined by business management.
Answer
D. processing in priority order, as defined by business management.
Explanation
Business management should know which systems are critical and when they need to process well in advance of a disaster. It is management’s responsibility to develop and maintain the plan. Adequate time will not be available for this determination once the disaster occurs. IS and the information processing facility are service organizations that exist for the purpose of assisting the general user management in successfully performing their jobs.
CISA Question 1792
Question
Which of the following is the MOST reasonable option for recovering a noncritical system?
A. Warm site
B. Mobile site
C. Hot site
D. Cold site
Answer
D. Cold site
Explanation
Generally, a cold site is contracted for a longer period at a lower cost. Since it requires more time to make a cold site operational, it is generally used for noncritical applications. A warm site is generally available at a medium cost, requires less time to become operational and is suitable for sensitive operations. A mobile site is a vehicle ready with all necessary computer equipment that can be moved to any cold or warm site depending upon the need. The need for a mobile site depends upon the scale of operations. A hot site is contracted for a shorter time period at a higher cost and is better suited for recovery of vital and critical applications.
CISA Question 1793
Question
After implementation of a disaster recovery plan, pre-disaster and post-disaster operational costs for an organization will:
A. decrease.
B. not change (remain the same).
C. increase.
D. increase or decrease depending upon the nature of the business.
Answer
C. increase.
Explanation
There are costs associated with all activities and disaster recovery planning (DRP) is not an exception. Although there are costs associated with a disaster recovery plan, there are unknown costs that are incurred if a disaster recovery plan is not implemented.
CISA Question 1794
Question
The PRIMARY purpose of a business impact analysis (BIA) is to:
A. provide a plan for resuming operations after a disaster.
B. identify the events that could impact the continuity of an organization’s operations.
C. publicize the commitment of the organization to physical and logical security.
D. provide the framework for an effective disaster recovery plan.
Answer
B. identify the events that could impact the continuity of an organization’s operations.
Explanation
A business impact analysis (BIA) is one of the key steps in the development of a business continuity plan (BCP). A BIA will identify the diverse events that could impact the continuity of the operations of an organization.
CISA Question 1795
Question
Which of the following recovery strategies is MOST appropriate for a business having multiple offices within a region and a limited recovery budget?
A. A hot site maintained by the business
B. A commercial cold site
C. A reciprocal arrangement between its offices
D. A third-party hot site
Answer
C. A reciprocal arrangement between its offices
Explanation
For a business having many offices within a region, a reciprocal arrangement among its offices would be most appropriate. Each office could be designated as a recovery site for some other office. This would be the least expensive approach to providing an acceptable level of confidence.
A hot site maintained by the business would be a costly solution but would provide a high degree of confidence. Multiple cold sites leased for the multiple offices would lead to a costly solution with a high degree of confidence. A third-party facility for recovery is provided by a traditional hot site. This would be a costly approach providing a high degree of confidence.
CISA Question 1796
Question
Which of the following is the GREATEST concern when an organization’s backup facility is at a warm site?
A. Timely availability of hardware
B. Availability of heat, humidity and air conditioning equipment
C. Adequacy of electrical power connections
D. Effectiveness of the telecommunications network
Answer
A. Timely availability of hardware
Explanation
A warm site has the basic infrastructure facilities implemented, such as power, air conditioning and networking, but is normally lacking computing equipment.
Therefore, the availability of hardware becomes a primary concern.
CISA Question 1797
Question
In a contract with a hot, warm or cold site, contractual provisions should cover which of the following considerations?
A. Physical security measures
B. Total number of subscribers
C. Number of subscribers permitted to use a site at one time
D. References by other users
Answer
C. Number of subscribers permitted to use a site at one time
Explanation
The contract should specify the number of subscribers permitted to use the site at any one time. Physical security measures are not a part of the contract, although they are an important consideration when choosing a third-party site. The total number of subscribers is not a consideration; what is important is whether the agreement limits the number of subscribers in a building or in a specific area. The references that other users can provide is a consideration taken before signing the contract; it is by no means part of the contractual provisions.
CISA Question 1798
Question
A structured walk-through test of a disaster recovery plan involves:
A. representatives from each of the functional areas coming together to go over the plan.
B. all employees who participate in the day-to-day operations coming together to practice executing the plan.
C. moving the systems to the alternate processing site and performing processing operations.
D. distributing copies of the plan to the various functional areas for review.
Answer
B. all employees who participate in the day-to-day operations coming together to practice executing the plan.
Explanation
A structured walk-through test of a disaster recovery plan involves representatives from each of the functional areas coming together to review the plan to determine if the plan pertaining to their area is accurate and complete and can be implemented when required. Choice B is a simulation test to prepare and train the personnel who will be required to respond to disasters and disruptions. Choice C is a form of parallel testing to ensure that critical systems will perform satisfactorily in the alternate site. Choice D is a checklist test.
CISA Question 1799
Question
Which of the following is the MOST important consideration when defining recovery point objectives (RPOs)?
A. Minimum operating requirements
B. Acceptable data loss
C. Mean time between failures
D. Acceptable time for recovery
Answer
B. Acceptable data loss
Explanation
Recovery time objectives (RTOs) are the acceptable time delay in availability of business operations, while recovery point objectives (RPOs) are the level of data loss/reworking an organization is willing to accept. Mean time between failures and minimum operating requirements help in defining recovery strategies.
CISA Question 1800
Question
Which of the following is the GREATEST risk when storage growth in a critical file server is not managed properly?
A. Backup time would steadily increase
B. Backup operational cost would significantly increase
C. Storage operational cost would significantly increase
D. Server recovery work may not meet the recovery time objective (RTO)
Answer
D. Server recovery work may not meet the recovery time objective (RTO)
Explanation
In case of a crash, recovering a server with an extensive amount of data could require a significant amount of time. If the recovery cannot meet the recovery time objective (RTO), there will be a discrepancy in IT strategies. It’s important to ensure that server restoration can meet the RTO.
Incremental backup would only take the backup of the daily differential, thus a steady increase in backup time is not always true. The backup and storage costs issues are not as significant as not meeting the RTO.