CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 136
1. The initial step in establishing an information security program is the:
A) development and implementation of an information security standards manual.
B) performance of a comprehensive security control review by the IS auditor.
C) adoption of a corporate information security policy statement.
D) purchase of security access control software.
2. A malicious code that changes itself with each file it infects is called a:
A) logic bomb.
B) stealth virus.
C) trojan horse.
D) polymorphic virus.
3. Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost-effectively obtain evidence about the plan's effectiveness?
A) Paper test
B) Post test
C) Preparedness test
D) Walk-through
4. An organization having a number of offices across a wide geographical area has developed a disaster recovery plan (DRP). Using actual resources, which of the following is the MOST cost-effective test of the DRP?
A) Full operational test
B) Preparedness test
C) Paper test
D) Regression test
5. The IS auditor learns that when equipment was brought into the data center by a vendor, the emergency power shutoff switch was accidentally pressed and theUPS was engaged. Which of the following audit recommendations should the IS auditor suggest?
A) Relocate the shut off switch.
B) Install protective covers.
C) Escort visitors.
D) Log environmental failures.
A) development and implementation of an information security standards manual.
B) performance of a comprehensive security control review by the IS auditor.
C) adoption of a corporate information security policy statement.
D) purchase of security access control software.
2. A malicious code that changes itself with each file it infects is called a:
A) logic bomb.
B) stealth virus.
C) trojan horse.
D) polymorphic virus.
3. Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost-effectively obtain evidence about the plan's effectiveness?
A) Paper test
B) Post test
C) Preparedness test
D) Walk-through
4. An organization having a number of offices across a wide geographical area has developed a disaster recovery plan (DRP). Using actual resources, which of the following is the MOST cost-effective test of the DRP?
A) Full operational test
B) Preparedness test
C) Paper test
D) Regression test
5. The IS auditor learns that when equipment was brought into the data center by a vendor, the emergency power shutoff switch was accidentally pressed and theUPS was engaged. Which of the following audit recommendations should the IS auditor suggest?
A) Relocate the shut off switch.
B) Install protective covers.
C) Escort visitors.
D) Log environmental failures.
1. Right Answer: C
Explanation: A policy statement reflects the intent and support provided by executive management for proper security and establishes a starting point for developing the security program.
2. Right Answer: D
Explanation: A polymorphic virus has the capability of changing its own code, enabling it to have many different variants. Since they have no consistent binary pattern, such viruses are hard to identify.
3. Right Answer: C
Explanation: A preparedness test is a localized version of a full test, wherein resources are expended in the simulation of a system crash. This test is performed regularly on different aspects of the plan and can be a cost-effective way to gradually obtain evidence about the plan's effectiveness. It also provides a means to improve the plan in increments. A paper test is a walkthrough of the plan, involving major players, who attempt to determine what might happen in a particular type of service disruption in the plan's execution. A paper test usually precedes the preparedness test. A post-test is actually a test phase and is comprised of a group of activities, such as returning all resources to their proper place, disconnecting equipment, returning personnel and deleting all company data from third- party systems. A walkthrough is a test involving a simulated disaster situation that tests the preparedness and understanding of management and staff, rather than the actual resources.
4. Right Answer: B
Explanation: A preparedness test is performed by each local office/area to test the adequacy of the preparedness of local operations for the disaster recovery. A paper test is a structured walk- through of the disaster recovery plan and should be conducted before a preparedness test. A full operational test is conducted after the paper and preparedness test. A regression test is not a disaster recovery planning (DRP) test and is used in software maintenance.
5. Right Answer: B
Explanation: A protective cover over the switch would allow it to be accessible and visible, but would prevent accidental activation.
Explanation: A policy statement reflects the intent and support provided by executive management for proper security and establishes a starting point for developing the security program.
2. Right Answer: D
Explanation: A polymorphic virus has the capability of changing its own code, enabling it to have many different variants. Since they have no consistent binary pattern, such viruses are hard to identify.
3. Right Answer: C
Explanation: A preparedness test is a localized version of a full test, wherein resources are expended in the simulation of a system crash. This test is performed regularly on different aspects of the plan and can be a cost-effective way to gradually obtain evidence about the plan's effectiveness. It also provides a means to improve the plan in increments. A paper test is a walkthrough of the plan, involving major players, who attempt to determine what might happen in a particular type of service disruption in the plan's execution. A paper test usually precedes the preparedness test. A post-test is actually a test phase and is comprised of a group of activities, such as returning all resources to their proper place, disconnecting equipment, returning personnel and deleting all company data from third- party systems. A walkthrough is a test involving a simulated disaster situation that tests the preparedness and understanding of management and staff, rather than the actual resources.
4. Right Answer: B
Explanation: A preparedness test is performed by each local office/area to test the adequacy of the preparedness of local operations for the disaster recovery. A paper test is a structured walk- through of the disaster recovery plan and should be conducted before a preparedness test. A full operational test is conducted after the paper and preparedness test. A regression test is not a disaster recovery planning (DRP) test and is used in software maintenance.
5. Right Answer: B
Explanation: A protective cover over the switch would allow it to be accessible and visible, but would prevent accidental activation.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment