The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1781
- Question
- Answer
- Explanation
- CISA Question 1782
- Question
- Answer
- Explanation
- CISA Question 1783
- Question
- Answer
- Explanation
- CISA Question 1784
- Question
- Answer
- Explanation
- CISA Question 1785
- Question
- Answer
- Explanation
- CISA Question 1786
- Question
- Answer
- Explanation
- CISA Question 1787
- Question
- Answer
- Explanation
- CISA Question 1788
- Question
- Answer
- Explanation
- CISA Question 1789
- Question
- Answer
- Explanation
- CISA Question 1790
- Question
- Answer
- Explanation
CISA Question 1781
Question
Which of the following represents the GREATEST risk created by a reciprocal agreement for disaster recovery made between two companies?
A. Developments may result in hardware and software incompatibility.
B. Resources may not be available when needed.
C. The recovery plan cannot be tested.
D. The security infrastructures in each company may be different.
Answer
A. Developments may result in hardware and software incompatibility.
Explanation
If one organization updates its hardware and software configuration, it may mean that it is no longer compatible with the systems of the other party in the agreement. This may mean that each company is unable to use the facilities at the other company to recover their processing following a disaster. Resources being unavailable when needed are an intrinsic risk in any reciprocal agreement, but this is a contractual matter and is not the greatest risk. The plan can be tested by paper-based walkthroughs, and possibly by agreement between the companies. The difference in security infrastructures, while a risk, is not insurmountable.
CISA Question 1782
Question
Facilitating telecommunications continuity by providing redundant combinations of local carrier T- 1 lines, microwaves and/or coaxial cables to access the local communication loop:
A. last-mile circuit protection.
B. long-haul network diversity.
C. diverse routing.
D. alternative routing.
Answer
A. last-mile circuit protection.
Explanation
The method of providing telecommunication continuity through the use of many recovery facilities, providing redundant combinations of local carrier T-ls, microwave and/or coaxial cable to access the local communication loop in the event of a disaster, is called last-mile circuit protection.
Providing diverse long-distance network availability utilizing T-l circuits among major long- distance carriers is called long-haul network diversity. This ensures long-distance access should any one carrier experience a network failure. The method of routing traffic through splitcable facilities or duplicate-cable facilities is called diverse routing. Alternative routing is the method of routing information via an alternative medium, such as copper cable or fiber optics.
CISA Question 1783
Question
A large chain of shops with electronic funds transfer (EFT) at point-of-sale devices has a central communications processor for connecting to the banking network.
Which of the following is the BEST disaster recovery plan for the communications processor?
A. Offsite storage of daily backups
B. Alternative standby processor onsite
C. installation of duplex communication links
D. Alternative standby processor at another network node
Answer
D. Alternative standby processor at another network node
Explanation
Having an alternative standby processor at another network node would be the best solution. The unavailability of the central communications processor would disrupt all access to the banking network, resulting in the disruption of operations for all of the shops. This could be caused by failure of equipment, power or communications. Offsite storage of backups would not help, since EFT tends to be an online process and offsite storage will not replace the dysfunctional processor. The provision of an alternate processor onsite would be fine if it were an equipment problem, but would not help in the case of a power outage, installation of duplex communication links would be most appropriate if it were only the communication link that failed.
CISA Question 1784
Question
The MAIN purpose for periodically testing offsite facilities is to:
A. protect the integrity of the data in the database.
B. eliminate the need to develop detailed contingency plans.
C. ensure the continued compatibility of the contingency facilities.
D. ensure that program and system documentation remains current.
Answer
C. ensure the continued compatibility of the contingency facilities.
Explanation
The main purpose of offsite hardware testing is to ensure the continued compatibility of the contingency facilities. Specific software tools are available to protect the ongoing integrity of the database. Contingency plans should not be eliminated and program and system documentation should be reviewed continuously for currency.
CISA Question 1785
Question
Disaster recovery planning (DRP) for a company’s computer system usually focuses on:
A. operations turnover procedures.
B. strategic long-range planning.
C. the probability that a disaster will occur.
D. alternative procedures to process transactions.
Answer
D. alternative procedures to process transactions.
Explanation
It is important that disaster recovery identifies alternative processes that can be put in place while the system is not available.
CISA Question 1786
Question
An IS auditor conducting a review of disaster recovery planning (DRP) at a financial processing organization has discovered the following:
The existing disaster recovery plan was compiled two years earlier by a systems analyst in the organization’s IT department using transaction flow projections from the operations department.
The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his/her attention.
The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for its area in the event of a disruptive incident.
The basis of an organization’s disaster recovery plan is to reestablish live processing at an alternative site where a similar, but not identical, hardware configuration is already established. An IS auditor should:
A. take no action as the lack of a current plan is the only significant finding.
B. recommend that the hardware configuration at each site is identical.
C. perform a review to verify that the second configuration can support live processing.
D. report that the financial expenditure on the alternative site is wasted without an effective plan.
Answer
C. perform a review to verify that the second configuration can support live processing.
Explanation
An IS auditor does not have a finding unless it can be shown that the alternative hardware cannot support the live processing system. Even though the primary finding is the lack of a proven and communicated disaster recovery plan, it is essential that this aspect of recovery is included in the audit. If it is found to be inadequate, the finding will materially support the overall audit opinion. It is certainly not appropriate to take no action at all, leaving this important factor untested.
Unless it is shown that the alternative site is inadequate, there can be no comment on the expenditure, even if this is considered a proper comment for the IS auditor to make. Similarly, there is no need for the configurations to be identical. The alternative site could actually exceed the recovery requirements if it is also used for other work, such as other processing or systems development and testing. The only proper course of action at this point would be to find out if the recovery site can actually cope with a recovery.
CISA Question 1787
Question
An IS auditor conducting a review of disaster recovery planning (DRP) at a financial processing organization has discovered the following:
The existing disaster recovery plan was compiled two years earlier by a systems analyst in the organization’s IT department using transaction flow projections from the operations department.
The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting their attention.
The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for its area in the event of a disruptive incident.
The IS auditor’s report should recommend that:
A. the deputy CEO be censured for their failure to approve the plan.
B. a board of senior managers is set up to review the existing plan.
C. the existing plan is approved and circulated to all key management and staff.
D. a manager coordinates the creation of a new or revised plan within a defined time limit.
Answer
D. a manager coordinates the creation of a new or revised plan within a defined time limit.
Explanation
The primary concern is to establish a workable disaster recovery plan, which reflects current processing volumes to protect the organization from any disruptive incident. Censuring the deputy CEO will not achieve this and is generally not within the scope of an IS auditor to recommend.
Establishing a board to review the plan, which is two years out of date, may achieve an updated plan, but is not likely to be a speedy operation, and issuing the existing plan would be folly without first ensuring that it is workable. The best way to achieve a disaster recovery plan in a short time is to make an experienced manager responsible for coordinating the knowledge of other managers into a single, formal document within a defined time limit.
CISA Question 1788
Question
Disaster recovery planning (DRP) addresses the:
A. technological aspect of business continuity planning.
B. operational piece of business continuity planning.
C. functional aspect of business continuity planning.
D. overall coordination of business continuity planning.
Answer
A. technological aspect of business continuity planning.
Explanation
Disaster recovery planning (DRP) is the technological aspect of business continuity planning. Business resumption planning addresses the operational part of business continuity planning.
CISA Question 1789
Question
Which of the following is a practice that should be incorporated into the plan for testing disaster recovery procedures?
A. Invite client participation.
B. involve all technical staff.
C. Rotate recovery managers.
D. install locally-stored backup.
Answer
C. Rotate recovery managers.
Explanation
Recovery managers should be rotated to ensure the experience of the recovery plan is spread among the managers. Clients may be involved but not necessarily in every case. Not all technical staff should be involved in each test. Remote or offsite backup should always be used.
CISA Question 1790
Question
Am advantage of the use of hot sites as a backup alternative is that:
A. the costs associated with hot sites are low.
B. hot sites can be used for an extended amount of time.
C. hot sites can be made ready for operation within a short period of time.
D. they do not require that equipment and systems software be compatible with the primary site.
Answer
C. hot sites can be made ready for operation within a short period of time.
Explanation
Hot sites can be made ready for operation normally within hours. However, the use of hot sites is expensive, should not be considered as a long-term solution, and requires that equipment and systems software be compatible with the primary installation being backed up.