Isaca CISA Quiz 117 Topic 7 Questions 581-585

Question: 1

An organization has outsourced its wide area network (WAN) to a third-party service provider. Under these circumstances, which of the following is the PRIMARY task the IS auditor should perform during an audit of business continuity (BCP) and disaster recovery planning (DRP)?

AReview whether the service provider's BCP process is aligned with the organization's BCP and contractual obligations.

BReview whether the service level agreement (SLA) contains a penalty clause in case of failure to meet the level of service in case of a disaster.

CReview the methodology adopted by the organization in choosing the service provider.

DReview the accreditation of the third-party service provider's staff.

Show Answer

Question: 2

An IS auditor can verify that an organization's business continuity plan (BCP) is effective by reviewing the:

Aalignment of the BCP with industry best practices.

Bresults of business continuity tests performed by IS and end-user personnel.

Coff-site facility, its contents, security and environmental controls.

Dannual financial cost of the BCP activities versus the expected benefit of implementation of the plan.

Show Answer

Question: 3

To optimize an organization's business contingency plan (BCP), an IS auditor should

recommend conducting a business impact analysis (BlA) in order to determine:

Athe business processes that generate the most financial value for the organization and therefore must be recovered first.

Bthe priorities and order for recovery to ensure alignment with the organization's business strategy.

Cthe business processes that must be recovered following a disaster to ensure the organization's survival.

Dthe priorities and order of recovery which will recover the greatest number of systems in the shortest time frame.

Show Answer

Question: 4

A financial services organization is developing and documenting business continuity measures. In which of the following cases would an IS auditor MOST likely raise an issue?

AThe organization uses good practice guidelines instead of industry standards and relies on external advisors to ensure the adequacy of the methodology.

BThe business continuity capabilities are planned around a carefully selected set of scenarios which describe events that might happen with a reasonable probability.

CThe recovery time objectives (RTOs) do not take IT disaster recovery constraints into account, such as personnel or system dependencies during the recovery phase.

DThe organization plans to rent a shared alternate site with emergency workplaces which has only enough room for half of the normal staff.

Show Answer

Question: 5

A medium-sized organization, whose IT disaster recovery measures have been in place and regularly tested for years, has just developed a formal business continuity plan (BCP). A basic BCP tabletop exercise has been performed successfully. Which testing should an IS auditor recommend be performed NEXT to verify the adequacy of the new BCP?

AFull-scale test with relocation of all departments, including IT, to the contingency site

BWalk-through test of a series of predefined scenarios with all critical personnel involved

CIT disaster recovery test with business departments involved in testing the critical applications

DFunctional test of a scenario with limited IT involvement

Show Answer

Isaca CISA Quiz:117 Topic:7 Questions:581-585