CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 322
1. During a disaster recovery test, an IS auditor observes that the performance of the disaster recovery site's server is slow. To find the root cause of this, the IS auditor should FIRST review the:
A) event error log generated at the disaster recovery site.
B) disaster recovery test plan.
C) disaster recovery plan (DRP).
D) configurations and alignment of the primary and disaster recovery sites.
2. An organization has a recovery time objective (RTO) equal to zero and a recovery point objective (RPO) close to 1 minute for a critical system. This implies that the system can tolerate:
A) a data loss of up to 1 minute, but the processing must be continuous.
B) a 1-minute processing interruption but cannot tolerate any data loss.
C) a processing interruption of 1 minute or more.
D) both a data less and processing interruption longer than 1 minute.
3. Which of the following issues should be the GREATEST concern to the IS auditor when reviewing an IT disaster recovery test?
A) Due to the limited test time window, only the most essential systems were tested. The other systems were tested separately during the rest of the year.
B) During the test it was noticed that some of the backup systems were defective or not working, causing the test of these systems to fail.
C) The procedures to shut down and secure the original production site before starting the backup site required far more time than planned.
D) Every year, the same employees perform the test. The recovery plan documents are not used since every step is well known by all participants.
4. The frequent updating of which of the following is key to the continued effectiveness of a disaster recovery plan (DRP)?
A) Contact information of key personnel
B) Server inventory documentation
C) individual roles and responsibilities
D) Procedures for declaring a disaster
5. A live test of a mutual agreement for IT system recovery has been carried out, including a four- hour test of intensive usage by the business units. The test has been successful, but gives only partial assurance that the:
A) system and the IT operations team can sustain operations in the emergency environment.
B) resources and the environment could sustain the transaction load.
C) connectivity to the applications at the remote site meets response time requirements.
D) workflow of actual business operations can use the emergency system in case of a disaster.
A) event error log generated at the disaster recovery site.
B) disaster recovery test plan.
C) disaster recovery plan (DRP).
D) configurations and alignment of the primary and disaster recovery sites.
2. An organization has a recovery time objective (RTO) equal to zero and a recovery point objective (RPO) close to 1 minute for a critical system. This implies that the system can tolerate:
A) a data loss of up to 1 minute, but the processing must be continuous.
B) a 1-minute processing interruption but cannot tolerate any data loss.
C) a processing interruption of 1 minute or more.
D) both a data less and processing interruption longer than 1 minute.
3. Which of the following issues should be the GREATEST concern to the IS auditor when reviewing an IT disaster recovery test?
A) Due to the limited test time window, only the most essential systems were tested. The other systems were tested separately during the rest of the year.
B) During the test it was noticed that some of the backup systems were defective or not working, causing the test of these systems to fail.
C) The procedures to shut down and secure the original production site before starting the backup site required far more time than planned.
D) Every year, the same employees perform the test. The recovery plan documents are not used since every step is well known by all participants.
4. The frequent updating of which of the following is key to the continued effectiveness of a disaster recovery plan (DRP)?
A) Contact information of key personnel
B) Server inventory documentation
C) individual roles and responsibilities
D) Procedures for declaring a disaster
5. A live test of a mutual agreement for IT system recovery has been carried out, including a four- hour test of intensive usage by the business units. The test has been successful, but gives only partial assurance that the:
A) system and the IT operations team can sustain operations in the emergency environment.
B) resources and the environment could sustain the transaction load.
C) connectivity to the applications at the remote site meets response time requirements.
D) workflow of actual business operations can use the emergency system in case of a disaster.
1. Right Answer: D
Explanation: Since the configuration of the system is the most probable cause, the IS auditor should review that first. If the issue cannot be clarified, the IS auditor should then review the event error log. The disaster recovery test plan and the disaster recovery plan (DRP) would not contain information about the system configuration.
2. Right Answer: A
Explanation: The recovery time objective (RTO) measures an organization's tolerance for downtime and the recovery point objective (RPO) measures how much data loss can be accepted. Choices B, C and D are incorrect since they exceed the RTO limits set by the scenario.
3. Right Answer: D
Explanation: A disaster recovery test should test the plan, processes, people and IT systems. Therefore, if the plan is not used, its accuracy and adequacy cannot be verified.Disaster recovery should not rely on key staff since a disaster can occur when they are not available. It is common that not all systems can be tested in a limited test time frame. It is important, however, that those systems which are essential to the business are tested, and that the other systems are eventually tested throughout the year. One aim of the test is to identify and replace defective devices so that all systems can be replaced in the case of a disaster. Choice B would only be a concern if the number of discovered problems is systematically very high, in a real disaster, there is no need for a clean shutdown of the original production environment since the first priority is to bring the backup site up.
4. Right Answer: A
Explanation: In the event of a disaster, it is important to have a current updated list of personnel who are key to the operation of the plan. Choices B, C and D would be more likely to remain stable overtime.
5. Right Answer: A
Explanation: The applications have been intensively operated, therefore choices B, C and D have been actually tested, but the capability of the system and the IT operations team to sustain and support this environment (ancillary operations, batch closing, error corrections, output distribution, etc.) is only partially tested.
Explanation: Since the configuration of the system is the most probable cause, the IS auditor should review that first. If the issue cannot be clarified, the IS auditor should then review the event error log. The disaster recovery test plan and the disaster recovery plan (DRP) would not contain information about the system configuration.
2. Right Answer: A
Explanation: The recovery time objective (RTO) measures an organization's tolerance for downtime and the recovery point objective (RPO) measures how much data loss can be accepted. Choices B, C and D are incorrect since they exceed the RTO limits set by the scenario.
3. Right Answer: D
Explanation: A disaster recovery test should test the plan, processes, people and IT systems. Therefore, if the plan is not used, its accuracy and adequacy cannot be verified.Disaster recovery should not rely on key staff since a disaster can occur when they are not available. It is common that not all systems can be tested in a limited test time frame. It is important, however, that those systems which are essential to the business are tested, and that the other systems are eventually tested throughout the year. One aim of the test is to identify and replace defective devices so that all systems can be replaced in the case of a disaster. Choice B would only be a concern if the number of discovered problems is systematically very high, in a real disaster, there is no need for a clean shutdown of the original production environment since the first priority is to bring the backup site up.
4. Right Answer: A
Explanation: In the event of a disaster, it is important to have a current updated list of personnel who are key to the operation of the plan. Choices B, C and D would be more likely to remain stable overtime.
5. Right Answer: A
Explanation: The applications have been intensively operated, therefore choices B, C and D have been actually tested, but the capability of the system and the IT operations team to sustain and support this environment (ancillary operations, batch closing, error corrections, output distribution, etc.) is only partially tested.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment