Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 17

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 1741

Question

Which of the following would an IS auditor consider to be the MOST important to review when conducting a business continuity audit?

A. A hot site contracted and available as needed.
B. A business continuity manual is available and current.
C. insurance coverage is adequate and premiums are current.
D. Media backups are performed on a timely basis and stored offsite.

Answer

D. Media backups are performed on a timely basis and stored offsite.

Explanation

Without data to process, all other components of the recovery effort are in vain. Even in the absence of a plan, recovery efforts of any type would not be practical without data to process.

CISA Question 1742

Question

To develop a successful business continuity plan, end user involvement is critical during which of the following phases?

A. Business recovery strategy
B. Detailed plan development
C. Business impact analysis (BIA)
D. Testing and maintenance

Answer

C. Business impact analysis (BIA)

Explanation

End user involvement is critical in the BIA phase. During this phase the current operations of the business needs to be understood and the impact on the business of various disasters must be evaluated. End users are the appropriate persons to provide relevant information for these tasks, inadequate end user involvement in this stage could result in an inadequate understanding of business priorities and the plan not meeting the requirements of the organization.

CISA Question 1743

Question

Which of the following would contribute MOST to an effective business continuity plan (BCP)?

A. Document is circulated to all interested parties
B. Planning involves all user departments
C. Approval by senior management
D. Audit by an external IS auditor

Answer

B. Planning involves all user departments

Explanation

The involvement of user departments in the BCP is crucial for the identification of the business processing priorities. The BCP circulation will ensure that the BCP document is received by all users. Though essential, this does not contribute significantly to the success of the BCP. A BCP approved by senior management would not ensure the quality of the BCP, nor would an audit necessarily improve the quality of the BCP.

CISA Question 1744

Question

Which of the following activities should the business continuity manager perform FIRST after the replacement of hardware at the primary information processing facility?

A. verify compatibility with the hot site.
B. Review the implementation report.
C. Perform a walk-through of the disaster recovery plan.
D. Update the IS assets inventory.

Answer

D. Update the IS assets inventory.

Explanation

An IS assets inventory is the basic input for the business continuity/disaster recovery plan, and the plan must be updated to reflect changes in the IS infrastructure.
The other choices are procedures required to update the disaster recovery plan after having updated the required assets inventory.

CISA Question 1745

Question

As part of the business continuity planning process, which of the following should be identified FIRST in the business impact analysis?

A. Organizational risks, such as single point-of-failure and infrastructure risk
B. Threats to critical business processes
C. Critical business processes for ascertaining the priority for recovery
D. Resources required for resumption of business

Answer

C. Critical business processes for ascertaining the priority for recovery

Explanation

The identification of the priority for recovering critical business processes should be addressed first. Organizational risks should be identified next, followed by the identification of threats to critical business processes. Identification of resources for business resumption will occur after the tasks mentioned.

CISA Question 1746

Question

An IS auditor has audited a business continuity plan (BCP). Which of the following findings is the MOST critical?

A. Nonavailability of an alternate private branch exchange (PBX) system
B. Absence of a backup for the network backbone
C. Lack of backup systems for the users’ PCs
D. Failure of the access card system

Answer

B. Absence of a backup for the network backbone

Explanation

Failure of a network backbone will result in the failure of the complete network and impact the ability of all users to access information on the network. The nonavailability of an alternate PBX system will result in users not being able to make or receive telephone calls or faxes; however, users may have alternate means of communication, such as a mobile phone or e-mail. Lack of backup systems for user PCs will impact only the specific users, not all users. Failure of the access card system impacts the ability to maintain records of the users who are entering the specified work areas; however, this could be mitigated by manual monitoring controls.

CISA Question 1747

Question

Which of the following is an appropriate test method to apply to a business continuity plan (BCP)?

A. Pilot
B. Paper
C. Unit
D. System

Answer

B. Paper

Explanation

A paper test is appropriate for testing a BCP. it is a walkthrough of the entire plan, or part of the plan, involving major players in the plan’s execution, who reason out what may happen in a particular disaster. Choices A, C and D are not appropriate for a BCP.

CISA Question 1748

Question

After completing the business impact analysis (BIA), what is the next step in the business continuity planning process?

A. Test and maintain the plan.
B. Develop a specific plan.
C. Develop recovery strategies.
D. implement the plan.

Answer

C. Develop recovery strategies.

Explanation

The next phase in the continuity plan development is to identify the various recovery strategies and select the most appropriate strategy for recovering from a disaster. After selecting a strategy, a specific plan can be developed, tested and implemented.

CISA Question 1749

Question

To address an organization’s disaster recovery requirements, backup intervals should not exceed the:

A. service level objective (SLO).
B. recovery time objective (RTO).
C. recovery point objective (RPO).
D. maximum acceptable outage (MAO).

Answer

C. recovery point objective (RPO).

Explanation

The recovery point objective (RPO) defines the point in time to which data must be restored after a disaster so as to resume processing transactions. Backups should be performed in a way that the latest backup is no older than this maximum time frame. If service levels are not met, the usual consequences are penalty payments, not cessation of business. Organizations will try to set service level objectives (SLOs) so as to meet established targets. The resulting time for the service level agreement (SLA) will usually be longer than the RPO. The recovery time objective (RTO) defines the time period after the disaster in which normal business functionality needs to be restored. The maximum acceptable outage (MAO) is the maximum amount of system downtime that is tolerable. It can be used as a synonym for RTO. However, the RTO denotes an objective/target, while the MAO constitutes a vital necessity for an organization’s survival.

CISA Question 1750

Question

A live test of a mutual agreement for IT system recovery has been carried out, including a four- hour test of intensive usage by the business units.
The test has been successful, but gives only partial assurance that the:

A. system and the IT operations team can sustain operations in the emergency environment.
B. resources and the environment could sustain the transaction load.
C. connectivity to the applications at the remote site meets response time requirements.
D. workflow of actual business operations can use the emergency system in case of a disaster.

Answer

A. system and the IT operations team can sustain operations in the emergency environment.

Explanation

The applications have been intensively operated, therefore choices B, C and D have been actually tested, but the capability of the system and the IT operations team to sustain and support this environment (ancillary operations, batch closing, error corrections, output distribution, etc.) is only partially tested.

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.