Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 17

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 1771

Question

A disaster recovery plan for an organization’s financial system specifies that the recovery point objective (RPO) is no data loss and the recovery time objective (RTO) is 72 hours. Which of the following is the MOST cost-effective solution?

A. A hot site that can be operational in eight hours with asynchronous backup of the transaction logs
B. Distributed database systems in multiple locations updated asynchronously
C. Synchronous updates of the data and standby active systems in a hot site
D. Synchronous remote copy of the data in a warm site that can be operational in 48 hours

Answer

D. Synchronous remote copy of the data in a warm site that can be operational in 48 hours

Explanation

The synchronous copy of the storage achieves the RPO objective and a warm site operational in 48 hours meets the required RTO.
Asynchronous updates of the database in distributed locations do not meet the RPO. Synchronous updates of the data and standby active systems in a hot site meet the RPO and RTO requirements but are more costly than a warm site solution.

CISA Question 1772

Question

A disaster recovery plan for an organization should:

A. reduce the length of the recovery time and the cost of recovery.
B. increase the length of the recovery time and the cost of recovery.
C. reduce the duration of the recovery time and increase the cost of recovery.
D. affect neither the recovery time nor the cost of recovery.

Answer

A. reduce the length of the recovery time and the cost of recovery.

Explanation

One of the objectives of a disaster recovery plan is to reduce the duration and cost of recovering from a disaster. A disaster recovery plan would increase the cost of operations before and after the disaster occurs, but should reduce the time to return to normal operations and the cost that could result from a disaster.

CISA Question 1773

Question

An offsite information processing facility with electrical wiring, air conditioning and flooring, but no computer or communications equipment, is a:

A. cold site.
B. warm site.
C. dial-up site.
D. duplicate processing facility.

Answer

A. cold site.

Explanation

A cold site is ready to receive equipment but does not offer any components at the site in advance of the need. A warm site is an offsite backup facility that is partially configured with network connections and selected peripheral equipment-such as disk and tape units, controllers and CPUs-to operate an information processing facility. A duplicate information processing facility is a dedicated, self-developed recovery site that can back up critical applications.

CISA Question 1774

Question

Which of the following must exist to ensure the viability of a duplicate information processing facility?

A. The site is near the primary site to ensure quick and efficient recovery.
B. The site contains the most advanced hardware available.
C. The workload of the primary site is monitored to ensure adequate backup is available.
D. The hardware is tested when it is installed to ensure it is working properly.

Answer

C. The workload of the primary site is monitored to ensure adequate backup is available.

Explanation

Resource availability must be assured. The workload of the site must be monitored to ensure that availability for emergency backup use is not impaired. The site chosen should not be subject to the same natural disaster as the primary site. In addition, a reasonable compatibility of hardware/software must exist to serve as a basis for backup. The latest or newest hardware may not adequately serve this need. Testing the hardware when the site is established is essential, but regular testing of the actual backup data is necessary to ensure the operation will continue to perform as planned.

CISA Question 1775

Question

Which of the following disaster recovery/continuity plan components provides the GREATEST assurance of recovery after a disaster?

A. The alternate facility will be available until the original information processing facility is restored.
B. User management is involved in the identification of critical systems and their associated critical recovery times.
C. Copies of the plan are kept at the homes of key decision-making personnel.
D. Feedback is provided to management assuring them that the business continuity plans are indeed workable and that the procedures are current.

Answer

A. The alternate facility will be available until the original information processing facility is restored.

Explanation

The alternate facility should be made available until the original site is restored to provide the greatest assurance of recovery after a disaster.
Without this assurance, the plan will not be successful. All other choices ensure prioritization or the execution pf the plan.

CISA Question 1776

Question

While reviewing the business continuity plan of an organization, an IS auditor observed that the organization’s data and software files are backed up on a periodic basis. Which characteristic of an effective plan does this demonstrate?

A. Deterrence
B. Mitigation
C. Recovery
D. Response

Answer

B. Mitigation

Explanation

An effective business continuity plan includes steps to mitigate the effects of a disaster. Files must be restored on a timely basis for a backup plan to be effective.
An example of deterrence is when a plan includes installation of firewalls for information systems. An example of recovery is when a plan includes an organization’s hot site to restore normal business operations.

CISA Question 1777

Question

The responsibilities of a disaster recovery relocation team include:

A. obtaining, packaging and shipping media and records to the recovery facilities, as well as establishing and overseeing an offsite storage schedule.
B. locating a recovery site, if one has not been predetermined, and coordinating the transport of company employees to the recovery site.
C. managing the relocation project and conducting a more detailed assessment of the damage to the facilities and equipment.
D. coordinating the process of moving from the hot site to a new location or to the restored original location.

Answer

D. coordinating the process of moving from the hot site to a new location or to the restored original location.

Explanation

Choice A describes an offsite storage team, choice B defines a transportation team and choice C defines a salvage team.

CISA Question 1778

Question

There are several methods of providing telecommunications continuity. The method of routing traffic through split cable or duplicate cable facilities is called:

A. alternative routing.
B. diverse routing.
C. long-haul network diversity.
D. last-mile circuit protection.

Answer

B. diverse routing.

Explanation

Diverse routing routes traffic through split-cable facilities or duplicate-cable facilities. This can be accomplished with different and/or duplicate cable sheaths, if different cable sheaths are used, the cable may be in the same conduit and, therefore, subject to the same interruptions as the cable it is backing up. The communication service subscriber can duplicate the facilities by having alternate routes, although the entrance to and from the customer premises may be in the same conduit. The subscriber can obtain diverse routing and alternate routing from the local carrier, including dual-entrance facilities. This type of access is time consuming and costly. Alternative routing is a method of routing information via an alternate medium, such as copper cable or fiber optics. This involves use of different networks, circuits or end points should the normal network be unavailable. Long-haul network diversity is a diverse, long-distance network utilizing T-l circuits among the major longdistance carriers. It ensures long-distance access should any carrier experience a network failure. Last-mile circuit protection is a redundant combination of local carrier T-ls, microwave and/or coaxial cable access to the local communications loop. This enables the facility to have access during a local carrier communication disaster. Alternate local-carrier routing is also utilized.

CISA Question 1779

Question

An IS auditor reviewing an organization’s IS disaster recovery plan should verify that it is:

A. tested every six months.
B. regularly reviewed and updated.
C. approved by the chief executive officer (CEO).
D. communicated to every department head in the organization.

Answer

B. regularly reviewed and updated.

Explanation

The plan should be reviewed at appropriate intervals, depending upon the nature of the business and the rate of change of systems and personnel. Otherwise, it may become out of date and may no longer be effective. The plan must be subjected to regular testing, but the period between tests will again depend on the nature of the organization and the relative importance of IS. Three months or even annually may be appropriate in different circumstances. Although the disaster recovery plan should receive the approval of senior management, it need not be the CEO if another executive officer is equally or more appropriate. For a purely IS-related plan, the executive responsible for technology may have approved the plan. Similarly, although a business continuity plan is likely to be circulated throughout an organization, the IS disaster recovery plan will usually be a technical document and only relevant to IS and communications staff.

CISA Question 1780

Question

Which of the following would BEST ensure continuity of a wide area network (WAN) across the organization?

A. Built-in alternative routing
B. Completing full system backup daily
C. A repair contract with a service provider
D. A duplicate machine alongside each server

Answer

A. Built-in alternative routing

Explanation

Alternative routing would ensure the network would continue if a server is lost or if a link is severed as message rerouting could be automatic.
System backup will not afford immediate protection. The repair contract is not as effective as perm a nentalte (native routing). Standby servers will not provide continuity if a link is severed.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker