92 *SURGENT MCQ

Question 1

A 15,000-employee multinational company that produces and distributes retail products for home use has moved financial consolidation and reporting off its large mainframe computer system at headquarters to local area networks (LANs) with file servers. The mainframe system was doing the job of processing 200,000 transactions a month, but its batch processing was cumbersome and time consuming. It also did not have automatic interfaces to all the subsidiaries, especially those in other countries, due to software and hardware incompatibilities.

Aware of the threat of physical disasters to make the LANs unavailable, the implementation team wrote a disaster recovery plan that documented procedures for data and program backup and recovery, power backup, emergency equipment acquisition, and hot site services. The disaster recovery plan requires:

normalizing.

capacity planning.

performance monitoring.

frequent updating.

Answer 1

frequent updating.

The correct answer is “frequent updating” because local area networks (LANs) are typically ever-changing. Each LAN configuration change, such as adding or modifying hardware, software, or network components, will require corresponding modifications to the disaster recovery plan. Frequent updates ensure the plan remains relevant and effective in addressing new configurations and potential vulnerabilities.

A disaster recovery plan allows a company to quickly resume normal business activities after a break in those activities due to a system failure or a natural disaster. A disaster recovery plan needs to include:

recovery priorities,

insurance,

specific assignments for employees and departments,

backup facilities,

periodic testing of the recovery plan, and

complete documentation of the recovery plan (stored off-site).

The other answer choices are incorrect:

While capacity planning is an important aspect of IT management, it is not the primary focus of a disaster recovery plan. Capacity planning assesses and ensures that resources, such as storage, processing power, and network bandwidth, are sufficient to meet current and future needs.

Normalization typically relates to database design and is not directly related to the disaster recovery plan. Normalization is organizing data in a database to minimize redundancy and improve data integrity.

Performance monitoring, while important for maintaining the efficiency of IT systems, is not the primary requirement of a disaster recovery plan. Performance monitoring focuses on tracking system performance and identifying bottlenecks or issues that impact system speed and responsiveness.

Relevant Terms
Batch Processing
Consolidation
Hot Site
Implementation
Local Area Network (LAN)
Subsidiary

Reference
7113.38

Question 2

A factor in estimating the maximum tolerable downtime during a disaster is:

availability of a cold site during the disaster.

availability of a hot site.

type of hardware used.

applications affected by the disaster.

Answer 2

applications affected by the disaster.

When a disaster strikes an organization, the maximum tolerable downtime depends on the time of the disaster, application systems affected by the disaster, and the length of the disaster. Disaster during a fiscal period accounting closing may be different from disaster during normal periods. Some application systems are more important than others for an organization. By understanding the costs of various downtime lengths and comparing them to relevant costs for various recovery choices, one can determine the maximum downtime.

The other answer choices are incorrect: It is the costs that need to be considered, not the availability of hot and cold sites needed for the estimate. The type of hardware used is essential in developing the plans but not in estimating the maximum downtime.

Term: Security
Security is the preservation of the authenticity, integrity, confidentiality, and ensured service of any sensitive or non-sensitive computer system-valued function and/or information element.

Security is a system property and much more than a set of functions and mechanisms. Information system security is a system characteristic as well as a set of mechanisms that span the system both logically and physically.

Relevant Terms
Security

Reference
7113.24

Question 3

A large e-commerce platform is being audited to ensure it meets its availability service commitments per the Trust Services Criteria (TSC). In a SOC 2® engagement, which of the following actions is most effective for the auditor to detect deficiencies in design and deviations in controls related to the service organization’s availability of service commitments?

Reviewing the financial records of the service organization

Assessing the quality of customer support provided by the services organization

Conducting interviews with internal teams of the service

Analyzing control documentation and conducting tests on system redundancy mechanisms

Answer 3

Analyzing control documentation and conducting tests on system redundancy mechanisms

This action involves examining control design and operational effectiveness to detect deficiencies and deviations in controls related to service availability. It assesses whether the organization’s documented controls and redundancy mechanisms align with its availability service commitments and whether they function as intended.

The other answer choices are incorrect:

Reviewing financial records is not directly related to detecting deficiencies in the design and deviations in the operation of controls for service availability. Financial records are more pertinent to financial controls and may not provide insights into availability controls.

Assessing customer support quality is valuable but primarily relates to customer service standards and may not directly address controls for service availability. Availability controls focus on system uptime and accessibility.

While conducting interviews with internal teams can provide valuable information, it is not the most effective action for detecting deficiencies in the design and deviations in the operation of availability controls. Interviews may complement the assessment but do not substitute for thoroughly examining control documentation and conducting tests on redundancy mechanisms more directly related to availability service commitments.

Term: SOC 2 Type 1 Report
In a SOC 2® Type 1 report, the service auditor provides an opinion as to whether the service organization’s description “fairly presents” the system that was designed and implemented, and whether the controls were suitably designed to meet the criteria as of a specified date.

Term: SOC 2 Type 2 Report
In a SOC 2® Type 2 report, the service auditor provides an opinion on whether the service organization’s description “fairly presents” the system that was designed and implemented; the controls were suitably designed to meet the criteria; the controls operated effectively during the specified period of time; and the service organization is in compliance with the commitments in its statement of privacy practices, if the report covers the privacy principle.

Term: Trust Services
Trust Services consist of professional attestation and advisory services based on principles and criteria that address the risk and opportunities of IT-enabled systems and privacy programs, including electronic commerce (e-commerce) systems. Trust Services principles and criteria are issued by the AICPA and the Canadian Institute of Chartered Accountants (CICA) and are organized into four broad areas: policies, communications, procedures, and monitoring.

Reference
7113.14

Question 4

A large organization has developed a disaster recovery plan for several offices dispersed across a broad regional area. Which of the following is the most cost-effective test of the disaster recovery plan?

Full-interruption test

Structured walk-through

Regression test

Preparedness test

Answer 4

Preparedness test

Each local office/area executes this test to validate the adequacy of the preparedness of regional operations for disaster recovery.

The other answer choices are incorrect:

The full-interruption test is conducted after the preparedness test. In a full-interruption test, operations are shut down at the primary site and relocated to the recovery site following the recovery plan; this is the most rigorous form of testing. Full-interruption tests are difficult to arrange, expensive, and possibly disruptive.

In a structured walk-through (often referred to as a tabletop exercise) team members role-play a disaster scenario, execute the plan on paper, discuss their roles, review each step to evaluate its effectiveness, and discuss the appropriate responses to the disaster. This test is not sufficient to test the viability of the plan.

The regression test is used in software development and maintenance.

Reference
7113.20
7113.63

Question 5

A large property insurance company has regional centers that customers call to report claims. Although the regional centers are not located in areas prone to natural disasters, the company needs a disaster recovery plan to restore call-answering capacity in the event of a disaster or other extended loss of service. The best plan for restoring capacity in the event of a disaster would be to reroute call traffic to::

a third-party service center.

a cold site that duplicates regional facilities.

a hot site that duplicates regional facilities.

non-affected regional centers.

Answer 5

non-affected regional centers.

The operation and expertise available at other regional centers should be on par with the regional center disabled by the disaster. This would also be the least costly alternative.

a cold site that duplicates regional facilities.

A cold site duplicating regional facilities would be costly and not provide personnel and other requisites of a normal division.

a hot site that duplicates regional facilities.

A hot site would duplicate facilities and some software, but not personnel, and it would be costly.

a third-party service center.

Rerouting call traffic to a third-party service center alternative would be expensive and would still not provide the needed expertise and training to handle the more complex calls.

Relevant Terms
Cold Site
Disaster Recovery Plan
Hot Site

Reference
7113.83

Question 6

A prerequisite to a successful contingency plan is:

independent audits.

legal reviews.

security reviews.

management approvals.

Answer 6

management approvals.

A prerequisite to a successful contingency plan is management commitment and approval. A successful contingency plan needs management funding and support.

The other answer choices are incorrect: An independent audit and a security review of the plan can validate the soundness of the proposed contingency strategy. Similarly, a legal review can ensure that the plans comply with government regulations and that those liabilities and exposures are adequately addressed.

Relevant Terms
Contingency Plan

Reference
7113.17

Question 7

A retail store uses batch processing to process sales transactions. The store has batch control total and other control checks embedded in the information processing system of the sales subsystem. While comparing reports, an employee notices that information sent to the subsystem was not fully processed. Which of the following types of controls is being exercised by the employee?

Input

Preventive

Corrective

Detective

Answer 7

Detective

The correct answer is a detective control. The employee is exercising a detective control by noticing that information sent to the subsystem was not fully processed. Detective controls uncover (i.e., discover) problems as they occur.

The other answer choices are incorrect:

Preventive controls eliminate problems before they occur.

Corrective controls help solve problems after they are discovered. To ensure system reliability, companies should implement a set of preventive controls and supplement them with methods for detecting incidents and procedures for taking corrective remedial action; employing multiple layers of controls so that if one control fails or is circumvented, another control will prevent, detect, or correct the reliability breakdown.

Input is a process for entering data into the processing system; it is not a control in and of itself.

Relevant Terms
Batch Processing
Batch Total
Corrective Controls
Detective Control
Preventive Controls

Reference
7113.43
7113.43 table

Question 8

A vital data backup and storage program must meet which of the following requirements?

Auditing

Accounting

Insurance

Regulatory

Answer 8

Regulatory

Laws and regulations may impact how an organization can handle and manage data backup and storage and should be considered in establishing and developing methods for data handling. Regulatory requirements dictate the length of the time an organization must retain a particular record or document to support its business activities.

The other answer choices are incorrect. Regulatory requirements do not directly dictate insurance, accounting, and auditing. Auditors review compliance with such regulatory requirements. Before records retention, each organization must identify what records and documents are vital to its operations.

Data Backup Storage

Relevant Terms
Backup
Documentation

Reference
7113.01

Question 9

Although both disaster recovery planning and security policies enhance the availability of information, these policies:

are separate with no substitution.

can be in one document.

are separate and diverse.

are separate but complementary.

Answer 9

are separate but complementary.

A comprehensive disaster recovery plan is separate from but complementary to the security policy document. The purpose of recovering planning and security policies is to allow a business to continue offering critical services and business operations in the event of a disruption and withstand an interruption to business activities.

The other answer choices are incorrect: Security policies are high-level statements that address senior management’s intent and direction. In comparison, the disaster recovery policy is more concerned with the disaster recovery plan specifications. Thus, they should be separated, but both items will go hand in hand and complete each other.

Reference: 7113.17
A prerequisite to a successful contingency plan is management commitment and approval. However, disaster recovery planning and security policies are separate but complementary.

The purpose of business continuity and disaster recovery is to allow a business to continue offering critical services and business operations in the event of a disruption and withstand an interruption to business activities. Computer backup facilities, disaster recovery, business resumption, or contingency planning problems and issues pose significant challenges and concerns to information systems (IS) management, senior management, functional user management, and audit management. The key issues are how to develop disaster recovery plans, how to test them, how to maintain them, and how to keep the continuity of operations.

The business continuity plan (BCP) and disaster recovery plan (DRP) can allow critical processes to resume in a disruption of normal business operations. Responsibility for the BCP remains with senior management, but the execution usually stays with the business units and the appropriate supporting units.

The BCP should undertake all functions and assets critical to continue as a viable operation immediately after encountering a disruption.

Relevant Terms
Disaster Recovery Plan
Security Policy

Reference
7113.17

Question 10

C21 Determining the criticality of an application system in the production environment is important to allocate scarce resources to highly critical systems. The best way to accomplish this objective is to:

ask the application programmer who is developing and/or maintaining the system.

ask the computer operators who are running day-to-day production jobs.

ask the internal and external auditors during their routine audit work.

ask the end users how they would continue their operations if the system were unavailable for a specified time period.

Answer 10

ask the end users how they would continue their operations if the system were unavailable for a specified time period.

The correct answer is “ask the end users how they would continue their operations if the system were unavailable for a specified time period.” Since application systems are designed to provide data and information to end users, the users are in the best position to assess the value or usefulness of the system to their business operations.

The other answer choices are incorrect: Input from the other three parties (application programmers, computer operators, and auditors) is important but not as important as that of end users. The other parties’ views are limited.

IT Business Continuity Planning - 21

Question #600031

Mission-Critical System
Security

IT Business Continuity Planning
7113.21

Question 11

The frequency of file backups should depend primarily on the criticality of the application system:

rules.

documentation.

edits.

functions.

Answer 11

functions.

The frequency of file backup must depend on the criticality of the application system functions and data. Critical data should be backed up using the “grandfather-father-son” method. Backup of operating systems software and application programs must be performed whenever they are modified or updated.

The other answer choices are incorrect: Whether the application system has rules, documentation, or edits does not matter when it comes to the frequency of backup.

Data Backup Storage

Relevant Terms
Backup

Reference
7113.11

Question 12

During a disaster, which of the following application systems should be recovered first?

Mission-critical systems alone

Mission-critical systems and systems dependent on mission-critical systems

All systems

Mission-critical systems and systems on which mission-critical systems depend

Answer 12

Mission-critical systems and systems on which mission-critical systems depend

Since the recovery time window is short during a disaster, organizations must prioritize application systems, deciding which should be run first.

The other answer choices are incorrect: The mission-critical systems should be run before noncritical systems. To run mission-critical systems, any systems that are needed by the mission-critical systems must also be started.

Term: Mission-Critical System
A mission-critical system is a system supporting a core business activity or process.

Reference: 7113.21
The IT business continuity plan (BCP) should be aligned with the strategy of the organization. Most key business processes depend on the availability of critical systems infrastructure components and business applications. The criticality of the several application systems deployed in the organization depends on the nature of the business, the value of each application, and the importance to the business.

The information system BCP/DRP (disaster recovery plan) is an essential component of an organization’s business continuity and disaster recovery strategy. An IT/DRP is a structured collection of processes and procedures designed to accelerate response and ensure business continuity in the event of a disaster.

Relevant Terms
Disaster Recovery Plan
Mission-Critical System

Reference
7113.21

Question 13

Fire has swept through the premises of an organization’s computer room. The company has lost its entire computer system. The best thing the organization could have done is to:

plan for mutual agreements—negotiate with other similar organizations to back each other.

plan for cold-site arrangements.

plan for warm-site arrangements since everything was ready to go.

take daily backups to an offsite storage facility.

Answer 13

take daily backups to an offsite storage facility.

Daily backups taken to an offsite storage facility can minimize damage. A whole company can suffer when disaster strikes. A crucial component of disaster recovery planning (DRP) is the availability of adequate data. Duplication of critical data, information, and documentation, including offsite storage such as backup data and paper records, is a condition for any recovery.

The other answer choices are incorrect: Hot/warm/cold sites and mutual agreements require backups to continue with business operations. “No backup, no recovery” should be practiced.

Reference: 7113.06
Media and documentation backup

A crucial component of disaster recovery planning is the availability of adequate data. Duplication of critical data, information, and documentation, including offsite storage such as backup data and paper records, is a condition for any recovery. The type of data to be stored offsite depends on factors such as legal, business, and regulatory requirements.

Offsite storage locations should be identified to store the magnetic media, paper documentation, and forms needed to run the backup computer in the event of a disaster. Care should be taken to select an offsite storage location, whether it is a part of the organization or an outside commercial storage center situated locally or remotely to the primary site.

7113.11 Table

Question 14

Implementing an effective insurance recovery program can:

substitute for a disaster recovery plan.

eliminate the need for a disaster recovery plan.

alter the need for a disaster recovery plan.

complement a disaster recovery plan.

Answer 14

complement a disaster recovery plan.

An effective insurance recovery program does not alter, eliminate, or substitute the need for a comprehensive disaster recovery plan but rather complements such a plan. This is because both have different but valuable purposes. They work best together.

Disaster Recovery Plan

Reference
7113.38

Question 15

In a SOC 2® engagement, what is the primary focus when assessing controls related to the availability of service commitments and system requirements?

Ensuring data confidentiality

Validating data accuracy

Verifying compliance with legal regulations

Evaluating system uptime

Answer 15

Evaluating system uptime

In a SOC 2 engagement, the primary focus when assessing controls related to availability service commitments and system requirements is evaluating system uptime and availability. Availability controls aim to ensure that systems and services are available and operational when needed by clients and users. Therefore, assessing and evaluating system uptime and availability is a central aspect of a SOC 2 examination.

The other answer choices are incorrect:

Ensuring data confidentiality is not the primary focus when assessing controls related to availability service commitments and system requirements in a SOC 2 engagement. While data confidentiality is important, the primary concern in this context is the availability and uptime of the systems and services.

Validating data accuracy is related to data integrity, one of the Trust Services Criteria in a SOC 2 examination. However, the primary focus of this question is on assessing controls related to availability service commitments and system requirements, which primarily concern the availability and uptime of systems rather than data accuracy.

Verifying compliance with legal regulations, while important for overall compliance and security, is not the primary focus when assessing controls related to availability service commitments and system requirements in a SOC 2 engagement. SOC 2 primarily evaluates controls that ensure systems and data availability, security, and processing integrity.

Relevant Terms
Availability (Trust Services Criteria)
SOC 2 Type 1 Report
SOC 2 Type 2 Report
System and Organization Controls (SOC) Reports

Reference
7113.14

Question 16

In developing a business continuity plan (BCP) for an organization, which of the following would be done first?

Roles and responsibilities of BCP team members

Critical areas of threats and vulnerabilities

Functional user operations

Conducting a business impact analysis (BIA)

Answer 16

Conducting a business impact analysis (BIA)

The BIA is a critical step in establishing the business continuity strategy and executing the risk countermeasures and the BCP. The first phase in any disaster recovery plan is to conduct a BIA. The BIA identifies the critical resources, processes, systems, and applications to the organization’s ongoing sustainability and threats to business priorities, processes, and resources.

The other answer choices are incorrect:

Most disaster recovery plans focus on data-processing functions, not other functions within the organization. IS management may assume that functional users will be responsible for their areas.

Identifying the critical areas of threats and vulnerabilities provides a basis for the development of the rest of the recovery plan.

With increased automation of business functions, a certain amount of coordination and planning are required between the IS management and the functional user management. As a result, team members’ roles and responsibilities are often defined, threats and vulnerabilities are analyzed, and impacts are analyzed and may not be documented.

Reference: 7113.15
A business continuity plan (BCP) aims to sustain business operations. The BCP objective is to ensure the organization’s sustained viability if unforeseen emergencies occur. BCP is used to sustain the continued operation of a business in the event of an emergency.

Contingency planning involves more than planning to move offsite after a disaster destroys a data center. It also addresses how to keep an organization’s critical functions operating in the event of large and small disruptions. This broader perspective on contingency planning is based on the distribution of computer support throughout an organization.

Reference: 7113.23
The BIA (business impact analysis) is a critical step in establishing the business continuity strategy and executing the risk countermeasures and the business continuity plan (BCP). The first phase in any disaster recovery plan is to conduct a BIA. The BIA identifies the critical resources, processes, systems, and applications to the organization’s ongoing sustainability and threats to business priorities, processes, and resources. It evaluates the probability of each threat that may occur and the impact on the business and helps to determine the acceptable downtime for the business-critical processes and applications.

7113.15
7113.16
7113.20
7113.23

Question 17

In one company, the application systems must be in service 24 hours daily. The company’s senior and information systems management have worked hard to ensure that the information systems recovery plan supports the business disaster recovery plan. A crucial aspect of recovery planning for the company is ensuring that:

changes to systems are tested thoroughly before being placed into production.

management personnel can fill in for operations staff should the need arise.

capacity planning procedures accurately predict workload changes.

organizational and operational changes are reflected in the recovery plans.

Answer 17

organizational and operational changes are reflected in the recovery plans.

The correct answer is “organizational and operational changes are reflected in the recovery plans” because such changes have the potential to make the recovery plans inapplicable.

The other answer choices are incorrect:

System changes must be tested thoroughly before being placed into production, but that is not a part of recovery planning.

A good recovery plan would specify how operational staff might be replaced should the need arise, but their replacements might not be management personnel.

Predicting workload changes accurately permits a company to minimize its information systems facility costs, but that is not a part of recovery planning.

Disaster Recovery Plan

Reference
7113.36
7113.37
7113.38
7113.39

Question 18

In which of the following alternate computing backup facilities must vendors deliver computer hardware before it can be used?

Reciprocal agreements

Hot sites

Shared contingency centers

Cold sites

Answer 18

Cold sites

A cold site is an empty shell facility and does not have equipment. In the event of a disaster, the computer vendor delivers the required hardware and equipment to the facility, so full-scale testing cannot be done until the equipment is installed.

The other answer choices are incorrect:

In a reciprocal agreement, one organization agrees to provide backup and recovery facilities with a compatible hardware and software configuration for another organization and vice versa.

Full-scale testing is possible with shared contingency centers and hot sites. Shared contingency centers are essentially the same as dedicated contingency centers. The difference lies in the fact that membership is formed by a group of similar organizations that use identical hardware. The hot site has servers, workstations, and communications links ready to support critical applications.

7113.52

Question 19

Jim is an auditor who is conducting an audit of business continuity. Which of the following is the most crucial for Jim to review?

A hot site is available.

A business continuity plan is available and up to date.

Insurance coverage is adequate.

Timely media backups are taken on and stored at an offsite location.

Answer 19

Timely media backups are taken on and stored at an offsite location.

All other components of the recovery efforts are at risk if the data to process is not available.

The other answer choices are incorrect as the lack of data is more critical for the auditor to review compared to the other options. Without data, the business continuity plan will fail.

Reference: 7113.86
The auditor’s role in developing and testing the disaster recovery plan may need clarification for other team participants. Several teams participate in the planning and testing efforts, and misunderstandings and misinterpretations can develop amongst team members due to a lack of communication. The auditor’s role in developing and testing the disaster recovery or contingency plan should be clear to all teams. As a member of the testing team, the auditor reviews test results along with functional users to validate the accuracy of critical application testing results. The auditor does not make decisions or supervise the team members; that is management’s responsibility. The auditor plays a consulting and participative role in the disaster recovery/contingency plan development and testing. The auditor is an observer, reviewer, and reporter of disaster planning, testing, and recovery‐related actions.

Reference: 7113.87
Some specific role-related activities in which the auditor participates are noted below:

Attend meetings where issues are raised, problems are discussed, and solutions are suggested in areas related to contingency plans.

Review the adequacy of planning documents and backup and recovery site vendor’s proposals for rendering these services; suggest improvements as required.

1 Participate in testing the plan at the backup and recovery vendor’s site along with functional users and staff, observe the testing process, and suggest cost-effective improvements to the plan based on feedback from the testing experience.

2. Ensure that functional users review the application test results by comparing them with known values or other means to ensure that the data files are up to date and that the application programs and operating systems are the correct versions at the primary and backup sites.

Simulate a disaster with the help of senior management to test the effectiveness of recovery and resumption procedures.

Reference: 7113.88
An auditor should evaluate and assess the following attributes that support the business continuity plan (BCP):

Reviewing the business continuity plan and documentation
Reviewing the applications included in the business continuity plan
Assessing prior test results
Assessing offsite storage
Assessing security controls at the offsite storage facility
Interviewing key personnel
Assessing the alternative processing contract
Assessing insurance coverage

Question 20

Kelly is conducting a business impact assessment for her organization. What metric provides important information about the amount of time the organization may be without service before causing irreparable harm?

SDO

RTO

RPO

MTD

Answer 20

MTD
The correct answer is MTD, the maximum tolerable downtime. MTD indicates the longest period a business function can be unavailable before causing severe damage to the business. MTD is a useful metric to determine the level of business continuity resources to assign to a particular function. This measure is sometimes called maximum tolerable outage (MTO).

SDO
The service delivery objective (SDO) is the level of services to be reached during the alternate process mode until the original/normal situation is restored. SDO is related to business needs.

RTO

The recovery time objective (RTO) is determined based on the acceptable downtime or target time in case of a disruption of business operations and systems. The RTO indicates the earliest point in time that business operations and IT systems should recover and resume after a disaster. RTOs are measured when the business resumes use, not when IT restores systems.

RPO

The recovery point objective (RPO) is the defined level of recovery determined based on the acceptable data loss in case of interruption of operations. The RPO designates the earliest point in time that it is acceptable to recover the data.

Relevant Terms
Business Continuity Plan (BCP)
Business Impact Analysis (BIA)

Reference
7113.24
7113.48

Question 21

Mark is an auditor who is assessing the resilience of a high-availability network. Mark should be most concerned if:

a hot site is prepared for activation.

the structure is geographically scattered.

diverse routing is installed for the network.

the servers are clustered in one site.

Answer 21

the servers are clustered in one site.

A clustered setup in one site makes the entire network vulnerable to natural disasters or other interruptive events.

The other answer choices are incorrect:

Scattered geographic locations provide backup if a destructive event has impacted a site.
A hot site would be a good alternative for a single-point-of-failure site.
When a network is not available, diverse routing provides telecommunications backup.

Reference: 7113.90
A single point of failure (SPOF) is any component that can cause an entire system to fail. A single-point-of-failure system is very risky since it is like putting “all the eggs in one basket.” If attacks on these systems are successful, then the entire system is compromised. If a server has data on a single disk, failure of the disk can cause the server to fail, so the disk is a single point of failure. If a single-sign-on system does not work, the entire system will be compromised. Single points of failure are eliminated through the defense-in-depth strategy. Compensating controls, alternate facilities, fallback procedures, and redundancy features are required to ensure that damage or loss resulting from a single point of failure is minimized.

Relevant Terms
Cyber Resilience
Network

Reference
7113.89
7113.90

Question 22

Once system backup schedules and proper controls are in place, the disaster recovery coordinator needs to arrange, among other activities, periodic reviews of the offsite storage program and the backup computer vendor facilities. An important area to review is:

the vendor’s capacity plans.

compliance with the vendor’s financial audit requirements.

the vendor’s strategic plans.

adherence to data file or document classification criteria.

Answer 22

adherence to data file or document classification criteria.

The difficult aspect of a disaster recovery plan is keeping it up to date with all the changes that occur. Depending on how frequently the organization’s systems and procedures change, a review of the offsite and backup computer vendor facilities should be conducted once a quarter or semi-annually to verify that adherence to data file or document classification criteria is being met.

The other answer choices are incorrect. Generally, the review does not include whether the vendor has enough computer capacity to serve or the vendor’s strategy, which are long-term issues. The vendor’s financial audit is also not a part of such a review.

Relevant Terms
Backup
Disaster Recovery Plan
Documentation

Reference
7113.43
Reference
7113.43 Table

Question 23

Rank the following benefits to be realized from a comprehensive disaster recovery plan from most to least important.

Reduced insurance costs
Enhanced physical and data security
Providing continuity of the organization’s operations
Improved protection of the organization’s assets

1, 2, 3, and 4

4, 2, 3, and 1

3, 2, 1, and 4

3, 4, 2, and 1

Answer 23

3, 4, 2, and 1

The correct ranking is 3, 4, 2, and 1. The most important benefit of a comprehensive disaster recovery plan is to provide (1) operations continuity, (2) protection of assets, (3) increased security, and (4) reduced insurance costs. Assets can be acquired if the business is operating and profitable.

elevant Terms
Disaster Recovery Plan

Reference
7113.40
7113.42
7113.43

Question 24

Rank the following disaster recovery plan (DRP) objectives from most to least important.

Minimizing the disaster’s financial impact on the organization
Reducing physical damage to the organization’s property, equipment, and data
Limiting the extent of the damage and thus preventing an escalation of the disaster
Protecting the organization’s employees and the public

4, 2, 1, and 3

3, 2, 1, and 4

1, 2, 3, and 4

4, 3, 1, and 2

Answer 24

4, 3, 1, and 2

Employees’ and public health and safety should be the first concern during a disaster.

The second concern should be limiting the extent of the damage and limiting or containing the disaster.

The third concern is to minimize the disaster’s economic and financial impact on the organization regarding revenues and sales.

Finally, the fourth concern should be to reduce physical damage to property, equipment, and data.

Relevant Terms
Disaster Recovery Plan

Reference
7113.40
7113.42

Question 25

Review of the audit log is an example of which of the following types of security control?

Governance

Preventive

Corrective

Detective

Answer 25

Detective

Detective controls detect undesired results and notify management to take corrective action. A review of the audit log is intended to find (detect) unintended results.

The other answer choices are incorrect:

Governance operates at a higher level to administer controls.

Preventive controls attempt to eliminate problems before they occur. Review of the audit log after the fact would not prevent the problem from occurring.

Corrective controls solve problems after they are discovered.

Relevant Terms
Corrective Controls
Detective Control
Preventive Controls

Reference
7113.43 Table

Question 26

Strategies for processing capability are needed to recover from a disaster. Which of the following recovery strategies has the greatest chance of failure due to systems and personnel changes?

Hot site

Cold site

Redundant site

Reciprocal agreement

Answer 26

Reciprocal agreement

This type of agreement allows two organizations to back each other up. While this approach often sounds desirable, contingency planning experts note that this alternative has the greatest possibility of failure due to problems in keeping agreements and plans up to date as systems and personnel change.

There are many drawbacks to reciprocal or mutual aid agreements:

The agreements are difficult to enforce. The organizations might trust each other to provide support in the event of a disaster; however, disagreement may arise at the time the plan is activated.

There may be difficulty maintaining hardware and software compatibility among the cooperating organizations.

Cooperating organizations should be in relative proximity to each other. However, proximity means that both organizations may be vulnerable to the same threats.

Security and privacy concerns often prevent businesses from putting their data in the hands of other organizations, such as in the handling of healthcare or financial data.

The other answer choices are incorrect:

A hot site is a building already equipped with processing capability and has servers, workstations, and communications links ready to support critical applications.

A cold site is an empty shell facility with basic infrastructure. It includes data communication systems, security systems, air conditioning, humidity controls, raised floors, storage and office space, and electrical power.

A redundant site is a site equipped and configured exactly like the primary site.

Reference: 7113.53
One of the most important elements of the disaster recovery plan is the selection of alternate processing sites to be used when the primary sites are unavailable. Management needs to establish an optimal recovery time objective (RTO) and select an appropriate recovery alternative by comparing the business costs related to the disruption of critical processes (developed in the business impact analysis (BIA)) to the cost of the various alternative processing options.

Reference: 7113.59
Reciprocal or mutual aid agreements: In a reciprocal or mutual aid agreement, one organization agrees to provide backup and recovery facilities for another organization with a compatible hardware and software configuration and vice versa. These types of agreements may not prove workable when needed.

There are many drawbacks to reciprocal or mutual aid agreements:

The agreements are difficult to enforce. The organizations might trust each other to provide support in the event of a disaster; however, disagreement may arise at the time the plan is activated.

There may be difficulty maintaining hardware and software compatibility among the cooperating organizations.

Cooperating organizations should be in relative proximity to each other. However, proximity means that both organizations may be vulnerable to the same threats.

Security and privacy concerns often prevent businesses from putting their data in the hands of other organizations, such as in the handling of healthcare or financial data.

Question 27

The best contingency plan maintenance approach to ensure the currency of the plan is to incorporate it into:

software upgrades.

hardware upgrades.

revision procedures.

change management procedures.

Answer 27

change management procedures.

The contingency plan will become dated as time passes and as the resources used to support critical functions change. Responsibility for keeping the contingency plan current should be specifically assigned.

hardware upgrades.
software upgrades.
revision procedures.

Contingency plan maintenance can be incorporated into procedures for change management so that upgrades to hardware and software are reflected in the plan. In addition, change management practices will handle program revision procedures.

Relevant Terms
Change Management
Contingency Plan

Reference
7113.15
7113.20

Question 28

The frequency of file backups should depend primarily on the criticality of the application system:

rules.

edits.

documentation.

functions.

Answer 28

functions.

The frequency of file backup must depend on the criticality of the application system functions and data. Critical data should be backed up using the “grandfather-father-son” method. Backup of operating systems software and application programs must be performed whenever they are modified or updated.

The other answer choices are incorrect: Whether the application system has rules, documentation, or edits does not matter when it comes to the frequency of backup.

Relevant Terms
Backup

Reference
7113.11

Question 29

The most important type of insurance policy for a computer-related disaster should cover which of the following?

Cost of computer equipment repair

Cost of building in which the computer is housed

Cost of computer equipment replacement

Cost of alternative computer processing

Answer 29

Cost of alternative computer processing

An insurance policy is needed that will replace the damaged equipment and cover alternative processing costs while the equipment is unavailable.

The other answer choices are incorrect. A traditional IS insurance policy covers equipment, buildings, and storage media re-creation. The policy does not provide coverage for the consequences of loss of computer equipment or its inaccessibility.

Disaster Recovery Plan

7113.38

Question 30

The primary objective of disaster recovery planning is to:

minimize loss of assets.

minimize business interruption.

provide backup facilities and services.

ensure human safety.

Answer 30

ensure human safety.

The ultimate objective of the disaster recovery planning process is to respond to incidents that may impact people and organizations in delivering products and services to customers and meeting compliance requirements.

Human safety is the first critical objective of the disaster recovery planning process. Minimizing loss of assets, minimizing business interruption, and providing backup facilities and services are essential objectives but not the most critical objectives.

Reference: 7113.40
When a disaster occurs, the level and extent of the disaster must be immediately determined, and appropriate steps taken to safeguard lives and prevent further destruction or escalation of the disaster. Upon stabilization, a preliminary damage assessment should be conducted, and the situation evaluated.

Depending upon the level of disaster and the results of the initial damage assessment, the affected personnel and management should be notified. Based upon a full or partial recovery operation, the objective is to return to normal operation at the earliest possible time. Human safety is the most critical aspect, while restoring service is a secondary objective.

Reference: 7113.42
The ultimate objective of the disaster recovery planning process is to respond to incidents that may impact people and organizations in delivering products and services to customers and meeting compliance requirements.

Reference
7113.40
7113.42

Question 31

There is a debate over how often a disaster recovery plan should be tested. The frequency of testing should depend on:

an auditor’s recommendation.

budget allowances.

IT department opinion.

the nature of data processing.

Answer 31

the nature of data processing.

The number of times a disaster recovery plan should be tested depends on the size, needs, and nature of the organization’s data processing. Some IT service companies perform monthly checks on their client’s backups to ensure backup continuity. The disaster recovery plan should be tested periodically.

The other answer choices are incorrect:

An auditor’s recommendations are suggestions only. A cost-benefit analysis should be performed.

Budget allowances should not dictate the frequency of disaster recovery plan testing. Testing should be done even without budgeted amounts if the risk is high.

It is too risky to leave disaster recovery plan testing to the IT department’s discretion. They may not be aware of the criticality of data processing for the overall business.

Term: Data Processing
Data processing is a sequence of steps to record, classify, and summarize data using a computer program.

Reference
7113.62
7113.63
7113.64

Question 32

What is an alternate processing site that is equipped with telecommunications but not computers?

Cold site

Hot site

Redundant site

Warm site

Answer 32

Warm site

A warm site has telecommunications ready to be utilized and has partially configured IT infrastructure with network connections and essential peripheral equipment such as disk drives.

The other answer choices are incorrect:

A cold site is an empty shell facility equipped with environmental controls (e.g., heat, air conditioning) and electrical power.

A hot site is a fully equipped facility ready to operate quickly.

A redundant site is configured exactly like the primary site.

Reference: 7113.57
Warm site: A warm site lies in between a hot site and a cold site. A warm site has telecommunications ready to be utilized and is recommended for users of sophisticated telecommunications and network needs. A warm site has partially configured IT infrastructure with network connections and essential peripheral equipment such as disk drives. They always contain the necessary equipment and data circuits necessary to rapidly establish operations.

Question 33

What is the greatest risk in the practice of data file backup using the traditional backup approach?

File backups are forgotten occasionally.

A third-party courier may not comply with the transportation schedule.

Wrong tapes or cartridges are returned occasionally from offsite storage.

Everything that should be in offsite storage is not there.

Answer 33

Everything that should be in offsite storage is not there.

If everything that should be in offsite storage is not there, it defeats the entire backup objective. This situation does not help test application systems at the backup facility during a simulation or real disaster.

The other answer choices are incorrect: Although they are also risks, their severity levels are less than the correct answer choice. They are normal errors or omissions. They can be corrected with checklist assessments, automation, or quality reviews.

Data Backup Storage

Reference
7113.03
7113.04

Question 34

What is the inherent limitation of a disaster recovery planning exercise?

Conducting periodic drills

Assembling disaster management and recovery teams

Developing early warning monitors that will trigger alerts and responses

The inability to include all types of disasters

Answer 34

The inability to include all types of disasters

Correct
The correct answer is “the inability to include all types of disasters.” Since many types of disasters can occur, it is not practical to consider all disasters. Furthermore, doing so would be cost prohibitive. Hence, disaster recovery planning exercises should focus on the types of disasters that occur frequently.

Risk analysis is a complete and meaningful disaster recovery planning program prerequisite. Risk analysis assesses threats to resources (assets). It determines the amount of protection necessary to adequately safeguard the resources (assets) so that vital systems, operations, and services can be quickly resumed to a normal status in a disaster.

The other answer choices are incorrect as they are important aspects of a disaster recovery planning exercise: assembling disaster management and recovery teams, developing early warning monitors that will trigger alerts and responses, and conducting periodic drills.

Relevant Terms
Disaster Recovery Plan
Risk Analysis

Reference
7113.18
7113.35
7113.36

Question 35

What is the primary disadvantage of using a cold site as a disaster recovery site?

Cold site compilers may not have adequate processing capacity.

Existing equipment or software at the site may not be compatible.

Frequent upgrades to equipment and software increase costs.

Delivery of equipment and software may be delayed.

Answer 35

Delivery of equipment and software may be delayed.

As an alternative backup location, a cold site has everything needed (power, air conditioning, and support systems) to quickly install a computer. Cold site users rely on their computer vendors for prompt delivery of equipment and software if an emergency occurs. Time will be needed to deliver the equipment and software, which may impact operations and the timeliness of restoration.

Frequent upgrades to equipment and software increase costs.

“Frequent upgrades to equipment and software increase costs” is not a main disadvantage of a cold site but may apply to other disaster recovery solutions, like hot sites or warm sites, where the equipment and software are maintained.

Cold site compilers may not have adequate processing capacity.

“Cold site compilers may not have adequate processing capacity” is not the primary disadvantage of a cold site. Organizations usually assess the capacity and capabilities of a cold site before selecting it as a disaster recovery option.

Existing equipment or software at the site may not be compatible.

“Existing equipment or software at the site may not be compatible” is a concern but is also not the primary disadvantage of a cold site. Compatibility issues can usually be addressed through proper planning and testing.

Relevant Terms
Cold Site
Disaster Recovery Plan

Reference
7113.38
7113.56

Question 36

What should be the last step in a risk assessment process performed as part of a business continuity plan?

Consider possible threats

Evaluate critical needs

Assess potential impacts

Establish recovery priorities

Answer 36

Establish recovery priorities

“Establish recovery priorities” is the last step in the risk assessment process for a BCP (business continuity plan). The correct sequence is:

Consider possible threats
Assess potential impacts
Evaluate critical needs
Establish recovery priorities
The first step is to consider possible threats, which include natural (e.g., fires, floods, and earthquakes), technical (e.g., hardware/software failure, power disruption, and communications interference), and human (e.g., riots, strikes, disgruntled employees, and sabotage) threats.

The second step is to assess the impacts of the loss of information and services from internal and external sources. This includes impacts on financial conditions, competitive position, customer confidence, legal/regulatory requirements, and cost analysis needed to minimize exposure.

The third step is to evaluate critical needs. This evaluation should also consider time frames in which a specific function becomes critical. This includes functional operations, key personnel, information, processing systems, documentation, vital records, and policies and procedures.

The fourth and final step is to establish priorities for recovery based on critical needs.

Relevant Terms
Business Continuity Plan (BCP)
Risk Assessment

Reference
7113.44
7113.50

Question 37

When auditing the business continuity planning process, the auditor should examine which of the following scenarios most critically?

Most likely

Optimistic best-case scenario

All possible cases

Worst-case scenario

Answer 37

Worst-case scenario

The auditor should ensure that the existing contingency and disaster recovery plans are updated and incorporated into the business continuity plan. The auditor should examine the worst-case scenario to ensure a feasible backup strategy can be successfully implemented.

Reference: 7113.86
The auditor’s role in developing and testing the disaster recovery plan may need clarification for other team participants. Several teams participate in the planning and testing efforts, and misunderstandings and misinterpretations can develop amongst team members due to a lack of communication. The auditor’s role in developing and testing the disaster recovery or contingency plan should be clear to all teams. As a member of the testing team, the auditor reviews test results along with functional users to validate the accuracy of critical application testing results. The auditor does not make decisions or supervise the team members; that is management’s responsibility. The auditor plays a consulting and participative role in the disaster recovery/contingency plan development and testing. The auditor is an observer, reviewer, and reporter of disaster planning, testing, and recovery‐related actions.

Auditing BCP

Reference
7113.86
7113.87
7113.88

Question 38

When conducting a SOC 2® examination, which of the following is a key consideration regarding availability controls?

Monitoring user access

Encrypting sensitive data

Verifying financial transactions

Ensuring timely system recovery

Answer 38

Ensuring timely system recovery

When conducting a SOC 2 examination, a key consideration regarding availability controls is ensuring timely system recovery. Availability controls are designed to ensure that systems and services are available and operational when needed. Timely system recovery measures, such as disaster recovery plans and backup systems, are critical to minimizing downtime and ensuring that services can be quickly restored during disruptions or failures. This aspect of availability controls focuses on minimizing service interruptions and maintaining service commitments.

The other answer choices are incorrect:

Monitoring user access is an important aspect of security controls, particularly those related to confidentiality and access control. While monitoring user access is essential for overall security, it is not the primary focus when assessing availability controls in a SOC 2 examination.

Encrypting sensitive data is primarily a data security control that addresses data confidentiality rather than availability. While encryption is a valuable security measure, it does not directly pertain to assessing availability controls, which focus on ensuring system uptime and accessibility.

Verifying financial transactions is unrelated to availability controls. Financial transaction verification is typically associated with financial systems and controls rather than availability considerations. Availability controls aim to ensure that systems and services are available and operational per service commitments.

Relevant Terms
Availability (Trust Services Criteria)
SOC 2 Type 1 Report
SOC 2 Type 2 Report
System and Organization Controls (SOC) Reports

Reference
7113.14

Question 39

When should a hot site be considered as a recovery strategy?

The maximum tolerable downtime is long.

The recovery time objective is high.

The disaster downtime tolerance is low.

The recovery point objective is high.

The disaster downtime tolerance is low.

Answer 39

The disaster downtime tolerance is low.

The hot site should be considered and implemented when the business acceptance of the nonavailability of IT facilities is low.

The answer choice “the recovery point objective is high” is incorrect. The recovery point objective (RPO) designates the earliest point in time that it is acceptable to recover the data. Due to a high RPO, the process causes greater losses of data.

The answer choice “the recovery time objective is high” is incorrect. The recovery time objective (RTO) is determined based on the acceptable downtime or target time in case of a disruption of business operations and systems. The RTO indicates the earliest point in time that business operations and IT systems should recover and resume after a disaster. Warm or cold sites are more feasible recovery alternatives.

The answer choice “the maximum tolerable downtime is long” is incorrect. A warm or cold site is a more cost-effective solution in this situation.

Relevant Terms
Backup
Disaster Recovery Plan
Hot Site

Reference
7113.45
7113.46
7113.47
7113.48

Question 40

Which of the following alternate computing backup facilities is intended to serve an organization with sustained destruction from a disaster?

Reciprocal agreements

Cold sites

Service bureaus

Hot sites

Answer 40

Hot sites

Hot sites are where an organization provides fully equipped computer facilities for use in the event one of its subscribers/customers suffers a computer disaster. These centers are equipped with computer hardware that is compatible with that of many subscribing organizations. This facility is intended to serve an organization that has sustained destruction and cannot defer systems services.

The other answer choices are incorrect as they do not have this kind of support:

In a reciprocal agreement, one organization agrees to provide backup and recovery facilities with a compatible hardware and software configuration for another organization and vice versa.
A cold site is an empty shell facility that has basic infrastructure.
Service bureaus provide contingency services for a fee. Most, however, are used primarily for production processing. All the processing is completed in a time-shared environment, supported by batch and interactive programming systems.

Question 41

Which of the following aspects addresses the user requirement of “How often can service interruptions occur without significantly impacting business operations” in the design of data communication networks?

Throughput

Reliability

Latency

Availability

Answer 41

Availability

Availability refers to when a system or network is operational and accessible to users. It measures how often a service is available for use without interruption.

Data communication networks, high availability ensures that network services are consistently accessible, minimizing downtime. This is essential to prevent disruptions in business operations. A high-availability network can withstand failures or service interruptions with minimal impact on business continuity. Availability specifically addresses how disruptions can occur without unduly disrupting business. High availability ensures that the network remains accessible and operational, even in the face of occasional failures or interruptions, thus minimizing the impact on business operations.

Term: Availability (Trust Services Criteria)
The availability criterion of Trust Services assesses whether the service organization’s system, product, or service is available for operation and use as committed or agreed to by a contract or service level agreement (SLA). This principle pertains to security-related criteria that may affect availability, monitoring such items as network performance and availability, site failover, and security incident handling.

Reference: 7113.92
Availability

The availability of a computer system is a measure of the amount of time that the system is capable of accepting and performing a user’s work. The terms “reliability” and “availability” are closely related and often used (although incorrectly) as synonyms. For example, a system that fails frequently but is restarted quickly has high availability even though its reliability is low. To distinguish between the two, reliability can be thought of as the quality of service and availability as the quantity of service. In other words, availability can be viewed as a component of reliability. Examples of availability include (1) the availability of communication ports and (2) the amount or quantity of service received in each period.

Reliability measures how consistently a system or network performs its intended functions without failures or errors. It encompasses the network’s ability to provide dependable and consistent service. Reliability ensures that data is transmitted accurately and consistently, reducing the risk of data loss or corruption. A reliable network is crucial for business operations, as it minimizes the chances of disruptions caused by network failures.

Latency, also called timeliness, is the delay or lag in data transmission within a network. It measures the time it takes for data to travel from the source to the destination. Low-latency networks are desirable because they minimize delays and enable real-time communication and data transfer. However, excessively high latency can lead to a poor user experience and can disrupt certain types of applications that require immediate response, such as video conferencing or online gaming.

Throughput, often associated with response time, measures how data can be transmitted or processed within a network. It quantifies how quickly data can be transferred from one point to another. High throughput is crucial for data-intensive applications and large file transfers.

Question 42

Which of the following backup schemes involves storing copies of all files modified since the most recent full backup?

Differential backups

Partial backup

Incremental backups

Database backup

Differential backups

Answer 42

Differential backups

The correct answer is “differential backups.” Differential backups include storing copies of all files modified since the most recent full backup irrespective of any incremental or differential backups created during the subsequent time.

Differential backup is faster, needs less media capacity than a full backup, and requires only the last full and differential backup sets to create a complete restoration. Thus, the differential backup needs less time to restore than incremental backups; however, it is slower and needs more media capacity than incremental backups as data backed up are cumulative.

The other answer choices are incorrect:

An incremental backup focuses only on backing up data sets (files and folders) that have changed since the last incremental or full backup. The need for continuous, uninterrupted online system availability leaves a reduced time window for full backups, which justifies the use of incremental backups.

Partial backup and database backup are not part of the main schemes for backup.

7113.10 table

Question 43

Which of the following backup types is the most efficient for reducing the time required for backup and the amount of storage media used?

Differential

None of the answer choices are correct.

Full

Incremental

Answer 43

Incremental

Incremental backups are the most efficient for minimizing backup time and storage media usage. They focus on backing up data sets that have changed since the last backup, whether a full or a previous incremental backup. This approach ensures that only the changes made since the last backup are backed up, reducing time and media usage.

The other options are incorrect:

Differential backups capture all files modified since the most recent full backup. While they require less storage media than a full backup, they are not as efficient in terms of time since they back up all changes since the last full backup.
Full backups copy all files and folders, offering a complete data snapshot. While comprehensive, they are less efficient regarding time and storage media usage because they require more storage space and take longer to complete.

7113>Data Backup, Storage, and Restoration>Backup schemes

7113.10
Table

Question 44

Which of the following business impact analysis (BIA) metrics can be used to indicate the longest time a business function can be unavailable without causing severe damage to the organization?

Service delivery objective (SDO)

Annualized loss expectancy (ALE)

Recovery time objective (RTO)

Maximum tolerable downtime (MTD)

Answer 44

Maximum tolerable downtime (MTD)

The MTD indicates the longest period a business function can be unavailable before causing severe damage to the business. The MTD metric is useful to determine the level of business continuity resources to assign to a particular function.

The other answer choices are incorrect:

The service delivery objective (SDO) is the level of services to be reached during the alternate process mode until the original/normal situation is restored. SDO is related to business needs.

The annualized loss expectancy (ALE) indicates the amount of money a business expects to lose to a given risk each year. ALE is useful when performing a quantitative prioritization of business continuity resource allocation.

The recovery time objective (RTO) is determined based on the acceptable downtime or target time in case of a disruption of business operations and systems. The RTO indicates the earliest point in time that business operations and IT systems should recover and resume after a disaster.

Question 45

Which of the following combinations of backup schemes provides the fastest backup creation time?

Full backups and differential backups

Partial backups and incremental backups

Incremental backups and differential backups

Full backups and incremental backups

Answer 45

Full backups and incremental backups

Full backup takes copies of all files and folders to the backup media to create one backup set. It takes more time to back up and is less error-prone but requires more media capacity. Incremental backups are created faster than differential backups due to the number of files necessary to back up each time.

The differential backup needs less time to restore than incremental backups; however, it is slower and needs more media capacity than incremental backups as data backed up are cumulative. The partial backup does not include all the filegroups.

7113.10

Question 46

Which of the following computer backup alternative sites is the least expensive method and the most difficult to test?

Service bureaus

Mobile hot site

Warm site

Cold site

Answer 46

Cold site

Reference: 7113.56
A cold site is an empty shell facility with basic infrastructure. It includes data communication systems, security systems, air conditioning, humidity controls, raised floors, storage and office space, and electrical power. In the event of a disaster, the computer vendor delivers the required hardware and equipment to the empty shell facility. Usually, empty shell facilities also provide offsite storage of computer files (programs and data), documentation, supplies, source documents, and input forms.

The cold site is the least expensive method of backup site but the most difficult and expensive to test.

Service bureaus

Service bureaus provide contingency services for a fee. However, they are used primarily for production processing. All the processing is completed in a time-shared environment, supported by batch and interactive programming systems.

Mobile hot site

Mobile sites use the concept of computer rooms on wheels or portable sites, self-contained recovery sites with environmentally conditioned space (including raised floors, air conditioning, fire protection, diesel power generators, and security). An organization provides the space for a fee for emergency computing and telecommunications purposes.

Warm site

A warm site lies in between a hot site and a cold site. A warm site has telecommunications ready to be utilized and is recommended for users of sophisticated telecommunications and network needs.

Reference: 7113.53
One of the most important elements of the disaster recovery plan is the selection of alternate processing sites to be used when the primary sites are unavailable. Management needs to establish an optimal recovery time objective (RTO) and select an appropriate recovery alternative by comparing the business costs related to the disruption of critical processes (developed in the business impact analysis (BIA)) to the cost of the various alternative processing options.

Question 47

Which of the following controls acts both as a preventive measure and a recovery measure?

Visitor logs

Backups

Passwords

Contingency plans

Answer 47

Contingency plans

Contingency plans have a dual purpose in that they function as both preventive and recovery controls. Developing a contingency plan and testing the plan act as a preventive control while restoring damaged or lost files is a recovery control.

The other answer choices are incorrect:

Visitor logs are detective in nature and provide an audit trail.
Backups are corrective controls in assuring that files are available when needed.
Passwords are only preventive in nature as they prevent unauthorized access.

Term: Contingency Plan
A contingency plan is a plan for responding to the loss or failure of a system. The plan describes the necessary steps to take in order to ensure the continuity of core business processes. It includes emergency response, backup operations, and post-disaster recovery. It is synonymous with a disaster plan and emergency plan.

Reference: 7113.49
A contingency planning strategy normally consists of three parts: emergency response, recovery, and resumption.

Emergency response encompasses the initial actions taken to protect lives and limit damage.
Recovery refers to the steps that are taken to continue support for critical functions.
Resumption is the return to normal operations.
The relationship between recovery and resumption is important. The longer it takes to resume normal operations, the longer the organization will have to operate in the recovery mode. The selection of a strategy needs to be based on practical considerations, including feasibility and cost, the criticality of the business functions and processes and the applications supporting the business and processes, security, and the time needed to recover.

Relevant Terms
Contingency Plan

Reference
7113.43
7113.49

Question 48

Which of the following controls is appropriate to prevent data loss?

Backup generators

Powerline conditioners

Uninterruptible power supply equipment

Mirroring

Answer 48

Mirroring

Disk mirroring and server mirroring are appropriate to ensure data integrity to prevent data loss. They are fault-tolerant mechanisms, copying and storing data in two places (disks and servers).

Powerline conditioners, uninterruptible power supply equipment, and backup generators are incorrect because they are needed to provide continuity of the electric power supply and do not save data to a second location. Powerline conditioners smooth out power fluctuations. Uninterruptible power supply (UPS) equipment provides relief from short power outages. Backup generators support relief from long power outages.

Term: Fault Tolerant Control
Fault tolerant control is the ability of a processor to maintain effectiveness after some subsystems have failed. These are hardware devices or software products such as disk mirroring or server mirroring aimed at reducing loss of data due to system failures or human errors. This is a technical and preventive control and ensures availability control.

Reference: 7113.02
There are security mechanisms for limiting and controlling access to and use of computer system resources such as fault-tolerant techniques (e.g., disk mirroring and RAID technology) and redundancy techniques (duplicate equipment) against data loss and denial of service.

Fault tolerance is the ability of a system to suffer a fault but continue to operate.

Redundant array of inexpensive or independent disks (RAID) technology uses several disks in a single logical subsystem. To protect data against a single point of failure and to reduce or eliminate downtime from disk failure, database servers may employ disk shadowing or data mirroring. The main purpose of RAID is to provide backup so if one disk fails, all the data is immediately available. Fault tolerance is achieved by adding redundant components such as additional disks within a RAID array or additional servers within a failover clustered configuration.
RAID provides performance enhancement and fault-tolerant capabilities through hardware or software solutions, breaking up data and writing data to a series of multiple disks concurrently to improve performance.

Fault-tolerant hardware increases system resilience. Fault management is the detection, reporting, diagnosis, correction, and prevention of faults and fault conditions. A fault is a malfunction or abnormal pattern of behavior that is causing or will cause an outage, error, or degradation of communications services.

Question 49

Which of the following criteria is important in evaluating a potential offsite storage facility?

The number of employees

Compatibility of computer equipment

A mantrap

Site security should not be identified from the outside.

Answer 49

Site security should not be identified from the outside.

The selection of an offsite storage facility is an important process that should be done with proper care. Media management, environmental factors, site physical security, and transportation capabilities are very important because they can make a big difference in facility selection.

The offsite facility must be as secured and controlled as the primary site:

The offsite facility should have adequate physical access controls such as locked doors and active surveillance.

The offsite facility should not be identifiable from the outside to prevent deliberate sabotage of the offsite facility.

The offsite facility should have the same standard environmental monitoring and control as the primary site; this includes monitoring the heat, humidity, temperature, power supply, and UPS (uninterruptible power supply), and the installation of good smoke and water detectors to achieve the ideal conditions for storing optical and magnetic media.

The other answer choices are incorrect: Compatible computer equipment is needed for a hot site, not for an offsite storage facility. The number of employees and a mantrap are less important than other criteria. (A mantrap is a physical security access control system comprised of a small space with two sets of interlocking doors.)

Data Backup Storage

Relevant Terms
Security

Reference
7113.05

Question 50

FC 63 Which of the following demonstrates the ability of an organization to provide immediate, reliable, and clear information during different types of disasters?

A comprehensive written disaster recovery plan

A written disaster recovery plan with a well-organized table of contents and easy-to-follow indexes

A written disaster recovery plan that is approved by senior management and auditors

Drills and exercises (simulation)

63-65 Disaster Recovery Testing Methods

Answer 50

Drills and exercises (simulation) Drills allow disaster recovery team members to think through their tasks without the pressure of being measured or graded. Exercises should periodically be conducted unannounced to simulate the pressure of a real disaster more closely.

A scenario is presented to the disaster recovery team members in a simulation and they are asked to develop an appropriate response without activating the recovery site. The tests provide valuable information about flaws in the contingency plan and provide practice for a real emergency. These tests can also provide critical information that can be used to ensure the continuity of important functions.

The other answer choices (features of a written disaster recovery plan) are incorrect as they do not demonstrate the ability to respond when needed. A written plan is no good if it is not tested.

63-65 Disaster Recovery Testing Methods

Relevant Terms
Disaster Recovery Plan

Reference
7113.63
7113.64

Question 51

Which of the following disaster recovery concepts best protects an organization against hardware failure?

Consistency

Efficiency

Primacy

Redundancy

Answer 51

Redundancy

Redundancy provides protection against the failure of hardware and for failover devices to avoid single point of failures in routers, switches, firewalls, etc.

The other answer choices (consistency, efficiency, and primacy) are incorrect as they are unrelated to redundancy.

Relevant Terms
Disaster Recovery Plan
Redundancy (Server and Hardware)

Reference
7113.85

Question 52

Which of the following disaster recovery plan testing approaches has the potential greatest harm to an organization?

Simulations

Read-through test

Parallel test

Full-interruption testing

Answer 52

Full-interruption testing

In full-interruption testing, operations are shut down at the primary site and relocated to the recovery site following the recovery plan; this is the most rigorous form of testing. Full-interruption tests are difficult to arrange, expensive, and disruptive.

The other options are incorrect: While such tests have risks, they are needed to prepare for seamless recovery in the event of a real disaster.

Read–through test: This is an initial step to a real test. Disaster recovery checklists are disseminated to disaster recovery team members to review and validate that the checklist is up to date. Checklist review helps to provide the recovery team with an opportunity to identify any outdated information and update any items that need modification due to the changes within the organization.

Simulation test: A scenario is presented to the disaster recovery team members and they are asked to develop an appropriate response without activating the recovery site.

Parallel test: This test includes relocating personnel to the alternate recovery site and activates the recovery site to a state of operational readiness. However, operations at the primary site usually continue conducting the day-to-day business of the organization.

Reference
7113.63

Question 53

Which of the following ensures the greatest success in completing the development of business continuity and disaster recovery plans?

Assigning individual responsibility

Defining individual roles

Defining operational activities

Appointing a project manager with senior management support

Answer 53

Appointing a project manager with senior management support

Individuals responsible for the various business continuity and contingency planning activities must be held accountable for completing individual tasks. Core business process owners are responsible and accountable for meeting the milestones for developing and testing contingency plans for their core business processes. Appointing a project manager to plan, execute, monitor, correct, and report the progress to senior management will ensure the greatest possibility for success.

Assigning individual responsibility

Although important, they are not the greatest contributor to success in completing the development of business continuity and disaster recovery plans.

Defining individual roles

Although important, they are not the greatest contributor to success in completing the development of business continuity and disaster recovery plans.

Defining operational activities

Although important, they are not the greatest contributor to success in completing the development of business continuity and disaster recovery plans.

Relevant Terms
Business Continuity Plan (BCP)
Disaster Recovery Plan

Reference
7113.15
7113.17
7113.41

Question 54

Which of the following file backup strategies is preferred when an efficient and continuous availability is required?

Full

Differential

Grandfather-father-son

Incremental

Answer 54

Incremental

Only the incremental backup copy files have changed since the last backup or full backup, and it is an efficient method.

The other answer choices are incorrect:

Full backup takes copies of all files and folders to the backup media to create one backup set. It takes more time to back up and is less error-prone but requires more media capacity.

Differential backups copy all data files that have changed since the last full backup. Thus, only two files are needed to restore the entire system: the last full backup and the last differential backup.

Grandfather-father-son daily backups (son) are created over a week. The last backup taken during the week becomes the backup for that week (father). The earlier daily backup media are then rotated for reuse as backup media for the second week. By the end of the month, the last weekly backup is retained as the backup for that month (grandfather).

7113.10 table

Question 55

Which of the following helps the organization determine the maximum acceptable downtime possible for processes and applications?

Business continuity plan

Disaster recovery plan

Risk assessment
Business impact assessment

Answer 55

Business impact assessment

A business impact assessment (BIA) determines the recovery priorities, sequence of steps, timing of activities, and recovery timelines. The results of the BIA provide the organization with quantitative measures (e.g., maximum tolerable downtime (MTD)) and parameters that enable the business to prioritize the commitment of business continuity resources to the risk exposures encountered by the overall organization.

The other answer choices are incorrect:

The purpose of a business continuity plan (BCP) is to sustain business operations. The business continuity plan objective is to ensure the organization’s sustained viability if unforeseen emergencies occur, the BCP is used to sustain the continued operation of a business in the event of an emergency.

The disaster recovery plan (DRP) is a component of the BCP; it defines the restoration plan used to restore operations to a normal state.

Risk assessment can be used to help estimate the cost of options for an optimal strategy. The results of risk assessment and BIA are input into the IS business continuity strategy.

Relevant Terms
Business Continuity Plan (BCP)
Business Impact Analysis (BIA)
Disaster Recovery Plan

Reference
7113.23
7113.24

Question 56

Which of the following include(s) information availability controls?

Database tuning

Storage media

Service-level agreements

Backup and recovery

Answer 56

Backup and recovery

Management aims to gather useful information and make it available to authorized users. System backup and recovery procedures and alternative computer equipment and facilities will help ensure the recovery is as timely as possible.

The other answer choices are incorrect:

Storage media has nothing to do with information availability. Data will be stored somewhere on some medium.
Database tuning is modifying the database parameters to enable the database to process user information more quickly and would have little impact on the availability of the information.
A service-level agreement is an agreement between users and IS (information systems) that may include availability requirements. IS would then need to implement controls to comply with the agreement.

Relevant Terms
Backup

Reference
7113.01
7113.02

Question 57

Which of the following is a major concern to an IS auditor in reviewing an organization’s disaster recovery backup site?

It is a service bureau.

It has security guards.

It has a “mantrap” system.

It is a reasonable distance away from the primary site.

Answer 57

It is a reasonable distance away from the primary site.

The backup or alternate processing installation should be a reasonable distance away from the primary installation to ensure that a disaster does not impact it at the primary site, such as a power outage or flood, but is close enough to be reached quickly.

The other answer choices are incorrect as they are minor concerns. The backup site does not need a “mantrap” system due to the short recovery duration. In addition, the backup site does not need to have security guards or a service bureau.

Term: Mantrap
A mantrap is a physical security access control system comprised of a small space with two sets of interlocking doors.

Reference: 7113.12
The backup tapes must be stored offsite at a secure location. The offsite location should be a reasonable distance away to ensure that a disaster does not impact it at the primary site, such as a power outage or flood. The backup tapes should be kept in fireproof storage cabinets. The offsite storage temperature and humidity should be controlled at the appropriate levels to ensure the tapes’ condition does not deteriorate.

Reference: 7113.53
One of the most important elements of the disaster recovery plan is the selection of alternate processing sites to be used when the primary sites are unavailable. Management needs to establish an optimal recovery time objective (RTO) and select an appropriate recovery alternative by comparing the business costs related to the disruption of critical processes (developed in the business impact analysis (BIA)) to the cost of the various alternative processing options.

Relevant Terms
Backup
Disaster Recovery Plan
Mantrap

Reference
7113.12
7113.53

Question 58

Which of the following is a significant benefit of an automated tape management system?

It increases the labor associated with tape handling.

It requires no external tape labels.

It assists in identifying ways to increase tape usage.

It improves the quality of the file retention process.

Answer 58

It improves the quality of the file retention process.

Reference: 7113.09
A tape management system (TMS) is software that manages the usage and retention of computer backup tapes. TMS provides additional security features by requiring a password to access and retrieve data to ensure data integrity.

The most important benefits of implementing an automated tape management system are as follows:

It improves the quality of the file retention process since the system keeps an inventory of all tape files at an onsite storage vault identified by serial number and maintains file creation dates and retention periods.

It reduces (not increases) the labor associated with tape handling since the system shows tape file movement to and from onsite and offsite storage.

It assists in identifying ways to reduce (not increase) tape usage since the system provides an automatic control of tape dataset usage and retention with audit trail reporting.

The other options are incorrect.

External labels for tape files contain information such as job identification, file names, and tape/reel number.

The automated tape management system does not require an external label indicating the file name and other attributes because the system checks for the correct file name internally.

The tape needs only a number on the outside of the reel for operator identification.

Reference
7113.09

Question 59

Which of the following is an assumption made during the development of a disaster recovery and contingency plan?

All people, equipment, software, and hardware will be lost.

All of the less critical jobs need not be recovered.

A single recovery plan should be developed for all data centers.

All resources and equipment required to restore the processing capability at the backup recovery site should be obtainable offsite.

Answer 59

All resources and equipment required to restore the processing capability at the backup recovery site should be obtainable offsite.

The correct answer is “all resources and equipment required to restore the processing capability at the backup recovery site should be obtainable offsite.” One should anticipate that all or most equipment and resources will be destroyed or will at least be inaccessible at the time of a disaster. This will force the storage of all required equipment and resources offsite to be readily available when needed.

The other answer choices are incorrect:

It is assumed that most people will survive a disaster and will be able to help in the recovery.

All of the less critical jobs not run during the initial recovery period must be recovered eventually. This assumption is critical when identifying which data files must be backed up and stored offsite.

Although developing separate recovery plans for multiple sites results in some redundancy, the plans can better accommodate the specific needs of each location.

Disaster Recovery Plans

Relevant Terms
Contingency Plan
Disaster Recovery Plan

Reference
7113.35
7113.36
7113.40
7113.41

Question 60

Which of the following is an example of an information availability control?

Systems development

Storage media

Database tuning

Physical and logical security

Answer 60

Physical and logical security

Information availability controls include backup and recovery, physical and logical security, and alternate computer equipment and facilities. Management aims to gather useful information and make it available to authorized users. System backup and recovery procedures and alternate computer equipment and facilities will help ensure the recovery is as timely as possible. Both physical and logical access controls become important.

Systems development

Systems development and database tuning are also not decision criteria.

Storage media

Storage media has nothing to do with information availability;

Database tuning

Systems development and database tuning are also not decision criteria.

CHATGPT
Physical and logical security controls are two fundamental aspects of information security that aim to protect an organization’s resources, data, and infrastructure from unauthorized access, damage, and interference. Both are essential for a comprehensive security strategy, but they focus on different layers of protection.

Physical Security

Definition: Physical security refers to the measures taken to protect the physical assets of an organization, including its people, hardware, software, networks, and data from physical actions and events that could cause serious loss or damage. This includes protection from natural disasters, theft, vandalism, and terrorism.

Key Components:
1) Access Control Systems: These include locks, biometric systems, card readers, and barriers to restrict access to sensitive areas.
2) Surveillance Systems: Cameras and motion detectors monitor activities in and around facilities.
3) Environmental Controls: Systems to protect against fire, flooding, and other environmental hazards, such as fire suppression systems and HVAC controls.
4) Physical Intrusion Detection: Sensors and alarms that detect unauthorized access or attempts to access restricted areas.
5) Security Personnel: Guards and security staff who can respond to incidents and monitor for suspicious activities.

Logical Security (also known as Cybersecurity)

Definition: Logical security, on the other hand, refers to the measures and policies implemented to safeguard an organization’s data and information systems by preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording, or destruction. It focuses on protecting software, data, and network resources.

Key Components:
1) Authentication and Authorization Mechanisms: These include passwords, two-factor authentication (2FA), digital certificates, and access control lists (ACLs) to ensure that only authorized users can access specific resources.
2) Firewalls and Intrusion Detection Systems (IDS): Tools to monitor and control incoming and outgoing network traffic based on predetermined security rules and to detect suspicious activities.
3) Encryption: Protecting data in transit and at rest by converting it into a coded format that can only be read with the correct decryption key.
4) Anti-virus and Anti-malware Software: Tools to detect, prevent, and remove malicious software.
5) Security Policies and Procedures: Guidelines and practices designed to manage the behaviors of users and administrators, and to protect data integrity, confidentiality, and availability.

Integration of Physical and Logical Security: Integrating physical and logical security is critical for a holistic security posture. For example, access to server rooms should be controlled physically to prevent unauthorized access, and logically to ensure that only authorized network requests are processed. This integration ensures that weaknesses in one area cannot be exploited to bypass security in another, providing a more robust protection against threats.

Relevant Terms
Physical Security
Recovery Procedures

Reference
7113.38

Question 61

Which of the following is done after the risk analysis in the disaster recovery planning process?

Prioritization of applications

Assessment of threat impact on the organization

Development of recovery scenarios

Development of test procedures

Answer 61

Development of test procedures

Test procedures are detailed instructions that are usually not considered during a risk analysis exercise. Risk analysis is the initial phase of the disaster planning process, while testing comes after developing and documenting the plan.

Prioritization of applications

Application prioritization, assessment of the impact on the organization, and development recovery scenarios are part of the risk analysis exercise. Risk analysis is a prerequisite to a complete and meaningful disaster recovery planning process; it assesses threats to resources and determines the amount of protection necessary to safeguard resources adequately.

Assessment of threat impact on the organization

Development of recovery scenarios

Relevant Terms
Disaster Recovery Plan
Documentation
Risk Analysis

Reference
7113.18
7113.35
7113.36

Question 62

Which of the following is mitigated when disaster recovery time is minimized?

Management commitment

Documentation

Resources

Losses

Answer 62

Losses

The degree of loss caused by a disaster or disruption is related to the length of time the disruption affects business operations.

The other answer choices are incorrect:

Management commitment is always needed.

Adequate and clear documentation is needed for people to know how to minimize disasters.

More resources may be needed to minimize disasters.

Relevant Terms
Disaster Recovery Plan

Reference
7113.46

Question 63

Which of the following is most appropriate to implement an incremental backup scheme?

Reduced recovery time for critical data

Online cloud media are preferred.

A random selection of backup sets is required.

Limited media capacity

Answer 63

Limited media capacity

An incremental backup focuses only on backing up data sets (files and folders) that have changed since the last incremental or full backup, therefore minimizing media storage.

The answer choice “reduced recovery time for critical data” is incorrect. A full backup or differential backup is required in this situation.

The answer choice “online cloud media are preferred” is incorrect. Incremental backup could be used regardless of the media selected.

The answer choice “a random selection of backup sets is required” is incorrect. A random selection of backup sets may not be viable with an incremental backup since only fragments of the data are backed up daily.

Limited media capacity.

This is the scenario that best matches the strengths of incremental backups. Because incremental backups only save changes since the last backup, they require significantly less storage space than full backups. This makes incremental backups particularly suitable for situations where storage media capacity is limited.
In conclusion, the option “Limited media capacity” is the most appropriate scenario for implementing an incremental backup scheme, as it leverages the key advantage of incremental backups: efficiency in storage space usage.

Relevant Terms
Backup

Reference
7113.10

Question 64

Which of the following is most appropriate to implement an incremental backup scheme?

Limited media capacity

A random selection of backup sets is required.

Online cloud media are preferred.

Reduced recovery time for critical data

Limited media capacity

Answer 64

TableLimited media capacity

An incremental backup focuses only on backing up data sets (files and folders) that have changed since the last incremental or full backup, therefore minimizing media storage.

The answer choice “reduced recovery time for critical data” is incorrect. A full backup or differential backup is required in this situation.

The answer choice “online cloud media are preferred” is incorrect. Incremental backup could be used regardless of the media selected.

The answer choice “a random selection of backup sets is required” is incorrect. A random selection of backup sets may not be viable with an incremental backup since only fragments of the data are backed up daily.

7113.10

Question 65

Which of the following is most critical for disaster recovery planning?

Detail steps for noncritical systems

A hot site with the mainframe equipment

The location and security of user data

The safety of employees

Answer 65

The safety of employees

The safety of employees is the most critical objective of disaster recovery planning. The ultimate objective of the disaster recovery planning process is to respond to incidents that may impact people and organizations in delivering products and services to customers and meeting compliance requirements.

The other answer choices are incorrect: The location and security of user data, detailed steps for noncritical systems, and a hot site with the mainframe equipment are essential objectives for disaster recovery planning but are not the most critical objective.

Reference: 7113.40
When a disaster occurs, the level and extent of the disaster must be immediately determined, and appropriate steps taken to safeguard lives and prevent further destruction or escalation of the disaster. Upon stabilization, a preliminary damage assessment should be conducted, and the situation evaluated.

Depending upon the level of disaster and the results of the initial damage assessment, the affected personnel and management should be notified. Based upon a full or partial recovery operation, the objective is to return to normal operation at the earliest possible time. Human safety is the most critical aspect, while restoring service is a secondary objective.

Reference: 7113.42
The ultimate objective of the disaster recovery planning process is to respond to incidents that may impact people and organizations in delivering products and services to customers and meeting compliance requirements.

Question 66

Which of the following is the best example of a preventive control that eliminates problems before they occur?

Having a second person recalculate all important calculations

Establishing procedures to make sure errors are properly corrected

Establishing and practicing a disaster recovery plan

Hiring high-quality personnel and training them appropriately

Answer 66

Hiring high-quality personnel and training them appropriately

Hiring quality personnel is a preventive control. Quality personnel should prevent errors from occurring.

The other answer choices are correct:

Having a second person recalculate calculations is a detective control.
Establishing and practicing a disaster recovery plan is a corrective control.
Procedures to ensure that errors are corrected properly are corrective controls.

Relevant Terms
Corrective Controls
Detective Control
Preventive Controls

Reference
7113.43

Question 67

Which of the following is the correct sequence of events when surviving a disaster?

Respond, recover, plan, continue, and test

Plan, respond, recover, test, and continue

Respond, plan, test, recover, and continue

Plan, test, respond, recover, and continue

Answer 67

Plan, test, respond, recover, and continue

Plan: Disaster recovery or contingency plans should be established to prepare an organization to respond to disasters of any kind that might otherwise cause considerable loss to or total disruption of the organization’s functions and operations.

Test: The disaster recovery plan should be tested periodically using a fully developed test scenario, a simulated disaster, planned monitoring of results, and appraisal of the entire process with revisions and updates to the plan.

Respond: When a disaster occurs, the level and extent of the disaster must be immediately determined, and appropriate steps taken to safeguard lives and prevent further destruction or escalation of the disaster.

Recover: A preliminary damage assessment should be conducted, and the situation evaluated upon stabilization.
Continue: Based upon a full or partial recovery operation, the objective is to return to normal operation as soon as possible. Human safety is the most critical aspect while restoring service is a secondary objective.

Reference: 7113.20
Disaster recovery or contingency plans should be established to prepare an organization to respond to disasters of any kind that might otherwise cause considerable loss to or total disruption of the organization’s functions and operations. Every organization should have a written and tested plan with clear responsibilities assigned to employees for each phase of a disaster preparedness program (i.e., plan development, testing, recovery, and maintenance).

The disaster recovery planning process begins with the recognition by senior management that disaster recovery plan development and maintenance activities are integral to the cost of doing business.

The sequence of events to survive a disaster are plan, test, respond, recover, and continue.

Term: Disaster Recovery Plan
A disaster recovery plan (or business continuity plan) is the process, policies, and procedures of restoring operations critical to the resumption of business, including gaining access to data (records, hardware, software, etc.), communications, workspace, and other business processes.

Reference: 7113.41
The disaster recovery plan (DRP) is a component of the business continuity plan (BCP); it defines the restoration plan used to restore operations to a normal state. A single integrated plan is recommended to ensure that:

coordination between several plan elements supports response and recovery.
resources are used most effectively and efficiently.
reasonable assurance can be maintained that the enterprise will withstand a disruption.

Relevant Terms
Disaster Recovery Plan

Reference
7113.20
7113.41

Question 68

Which of the following is the correct sequence of steps involved in the contingency planning process?

Anticipating potential disasters
Identifying critical functions
Selecting contingency plan strategies
Identifying the resources that support critical functions

1, 2, 3, 4

1, 3, 2, 4

2, 1, 4, 3

2, 4, 1, 3

Answer 68

2, 4, 1, 3

The correct sequence is 2, 4, 1, and 3. Contingency planning involves more than planning for an alternate offsite location after a disaster destroys the primary site. Contingency planning addresses how to keep an organization’s critical functions operating in the event of disruptions, both large and small. The broader perspective on contingency planning is based on the allocation of resources throughout an organization.

The correct sequence of steps is as follows:

Identifying the mission- or business-critical functions

Identifying the resources that support the critical functions

Anticipating potential contingencies or disasters

Selecting contingency planning strategies

Reference: 7113.16
The contingency planning process can be described in six steps:

Identifying the mission- or business-critical functions

Identifying the resources that support the critical functions

Anticipating potential contingencies or disasters

Selecting contingency planning strategies

Implementing the contingency strategies

Testing and revising the strategy

Relevant Terms
Contingency Plan
Disaster Recovery Plan

Reference
7113.15
7113.16

Question 69

Which of the following is the least reliable of disaster recovery alternatives?

Shared facilities

Mirrored sites

Service bureaus

Mutual aid agreements

Answer 69

Mutual aid agreements

Also called reciprocal agreements, these are the least reliable and may not prove workable when needed. There are many drawbacks to reciprocal or mutual aid agreements:

The agreements are difficult to enforce. The organizations might trust each other to provide support in the event of a disaster; however, disagreement may arise at the time the plan is activated.

There may be difficulty maintaining hardware and software compatibility among the cooperating organizations.

Cooperating organizations should be in relative proximity to each other. However, proximity means that both organizations may be vulnerable to the same threats. In addition, security and privacy concerns often prevent businesses from putting their data in the hands of other organizations, such as in the handling of healthcare or financial data.

The other answer choices are incorrect as they are more reliable disaster recovery alternatives:

Shared facilities include hot/cold/warm sites.

Service bureaus provide contingency services and use them primarily for production processing. All the processing is completed in a time-shared environment, supported by batch and interactive programming systems.

Mirrored sites are fully redundant with real-time data replication from the primary site.

Reference: 7113.59
Reciprocal or mutual aid agreements: In a reciprocal or mutual aid agreement, one organization agrees to provide backup and recovery facilities for another organization with a compatible hardware and software configuration and vice versa. These types of agreements may not prove workable when needed.

There are many drawbacks to reciprocal or mutual aid agreements:

The agreements are difficult to enforce. The organizations might trust each other to provide support in the event of a disaster; however, disagreement may arise at the time the plan is activated.

There may be difficulty maintaining hardware and software compatibility among the cooperating organizations.

Cooperating organizations should be in relative proximity to each other. However, proximity means that both organizations may be vulnerable to the same threats.

Security and privacy concerns often prevent businesses from putting their data in the hands of other organizations, such as in the handling of healthcare or financial data.

Relevant Terms
Backup
Disaster Recovery Plan
Reciprocal Agreement

Reference
7113.53
7113.59

Question 70

Which of the following is the main purpose of a redundant array of inexpensive or independent disks (RAID)?

To provide backup if one disk fails

To add redundant components such as additional disks within a RAID array

To provide performance enhancement and fault-tolerant capabilities through hardware or software solutions

All of the answer choices are correct.

Answer 70

All of the answer choices are correct. A redundant array of inexpensive or independent disks (RAID) technology uses several disks in a single logical subsystem. To protect data against a single point of failure and to reduce or eliminate downtime from disk failure, database servers may employ disk shadowing or data mirroring.

The main purpose of RAID is to provide backup, so if one disk fails, all the data is immediately available. Fault tolerance is achieved by adding redundant components such as additional disks within a RAID array or additional servers within a failover clustered configuration. RAID provides performance enhancement and fault-tolerant capabilities through hardware or software solutions, breaking up data and writing data to a series of multiple disks concurrently to improve performance.

Reference: 7113.02
There are security mechanisms for limiting and controlling access to and use of computer system resources such as fault-tolerant techniques (e.g., disk mirroring and RAID technology) and redundancy techniques (duplicate equipment) against data loss and denial of service.

Fault tolerance is the ability of a system to suffer a fault but continue to operate.

Redundant array of inexpensive or independent disks (RAID) technology uses several disks in a single logical subsystem. To protect data against a single point of failure and to reduce or eliminate downtime from disk failure, database servers may employ disk shadowing or data mirroring. The main purpose of RAID is to provide backup so if one disk fails, all the data is immediately available. Fault tolerance is achieved by adding redundant components such as additional disks within a RAID array or additional servers within a failover clustered configuration.

RAID provides performance enhancement and fault-tolerant capabilities through hardware or software solutions, breaking up data and writing data to a series of multiple disks concurrently to improve performance.
Fault-tolerant hardware increases system resilience.

Fault management is the detection, reporting, diagnosis, correction, and prevention of faults and fault conditions. A fault is a malfunction or abnormal pattern of behavior that is causing or will cause an outage, error, or degradation of communicat

Relevant Terms
Backup

Reference
7113.01
7113.02

Question 71

Which of the following is the most cost-effective strategy for backing up enormous quantities of data when a system needs to be available seven days a week?

Implementing a duplicate storage area network (SAN) and replicating the data to a second SAN

Deploying storage infrastructure at a hot site

Making a full backup weekly and an incremental backup every night

Implementing a fault-tolerant disk-to-disk backup solution

Answer 71

Implementing a fault-tolerant disk-to-disk backup solution

Fault tolerance is the ability of a system to suffer a fault but continue to operate. Fault tolerance permits the backup of data to be performed without impacting system performance and allows enormous data to be backed up in a short backup window. In case of a failure, the fault-tolerant system can fail over immediately to the other disk set.

Making a full backup weekly and an incremental backup every night

This method would not enable the system to be available seven days a week. The only feasible way for a system to remain online is to duplicate the data to a server backed up to tape or implement a disk-to-disk solution that is effectively the same thing.

Implementing a duplicate storage area network (SAN) and replicating the data to a second SAN

This method provides redundancy and data protection but not a backup solution. There is a risk that a fire or flood at the site could lead to data loss since the two systems are at the same site.

Deploying storage infrastructure at a hot site

This method provides a great deal of redundancy and availability to enable the system to stay operational; it does not address the need for long-term data storage. In addition, this is not an efficient method of backing up data.

Reference: 7113.02
There are security mechanisms for limiting and controlling access to and use of computer system resources such as fault-tolerant techniques (e.g., disk mirroring and RAID technology) and redundancy techniques (duplicate equipment) against data loss and denial of service.

Fault tolerance is the ability of a system to suffer a fault but continue to operate.
Redundant array of inexpensive or independent disks (RAID) technology uses several disks in a single logical subsystem. To protect data against a single point of failure and to reduce or eliminate downtime from disk failure, database servers may employ disk shadowing or data mirroring. The main purpose of RAID is to provide backup so if one disk fails, all the data is immediately available. Fault tolerance is achieved by adding redundant components such as additional disks within a RAID array or additional servers within a failover clustered configuration.
RAID provides performance enhancement and fault-tolerant capabilities through hardware or software solutions, breaking up data and writing data to a series of multiple disks concurrently to improve performance.
Fault-tolerant hardware increases system resilience. Fault management is the detection, reporting, diagnosis, correction, and prevention of faults and fault conditions. A fault is a malfunction or abnormal pattern of behavior that is causing or will cause an outage, error, or degradation of communications services.

Relevant Terms
Backup

Reference
7113.01
7113.02

Question 72

Which of the following is the most costly disaster recovery alternative?

Reciprocal agreements

Warm site

Cold-site backup

Hot-site backup

Answer 72

Hot-site backup

This is the most costly disaster recovery alternative since a hot site is fully equipped and ready to operate. In a hot-site backup, fully equipped commercial computer facilities are used in case of a disaster. The hot site has servers, workstations, and communications links to support critical applications. Assigned staff are usually relocated to the hot site from the primary site to support operations.

The other answer choices are incorrect:

Reciprocal and mutual agreements are the least costly disaster recovery alternative. However, mutual agreements are unreliable and may not prove workable when needed.

Cold-site backup is not as expensive as a hot-site backup. However, it is more expensive than reciprocal and mutual backup site agreements.

A warm site is not as expensive as a hot-site backup. A warm site has telecommunications ready to be utilized and is recommended for users of sophisticated telecommunications and network needs. The site always contains the necessary equipment and data circuits necessary to establish operations rapidly.

Relevant Terms
Backup
Disaster Recovery Plan
Hot Site

Reference
7113.53
7113.55

Question 73

Which of the following is the most critical factor for an effective business continuity plan (BCP)?

The document is distributed to all relevant stakeholders.

Internal audit department review

Senior management approval

Planning involves all business representatives.

Answer 73

Planning involves all business representatives.

The involvement of business representatives in the BCP is crucial for identifying the business processes and priorities and accurately determining the criticality of systems, applications, and processes.

The other answer choices are incorrect:

The BCP distribution will ensure that all relevant stakeholders received the BCP document; however, this does not ensure the effectiveness of the BCP.

Senior management approval and internal audit department review would not necessarily ensure or contribute to the effectiveness of the BCP plan.

Term: Business Continuity Plan (BCP)
A business continuity plan (BCP) is the documentation of a predetermined set of instructions or procedures that describe how an organization’s business functions will be sustained during and after a significant disruption.

Reference: 7113.21
The IT business continuity plan (BCP) should be aligned with the strategy of the organization. Most key business processes depend on the availability of critical systems infrastructure components and business applications. The criticality of the several application systems deployed in the organization depends on the nature of the business, the value of each application, and the importance to the business.

The information system BCP/DRP (disaster recovery plan) is an essential component of an organization’s business continuity and disaster recovery strategy. An IT/DRP is a structured collection of processes and procedures designed to accelerate response and ensure business continuity in the event of a disaster.

Reference: 7113.30
A business continuity policy is a document that should be approved by senior management that outlines the extent and scope of the business continuity program within the organization. A business continuity policy should be proactive, circulating to the relevant stakeholders the message that all viable controls should be used to detect and prevent disruptions. The policy serves several internal and external stakeholders: the organization is committed to business continuity, empowers the personnel responsible for business continuity, and shows the organization’s responsibility and accountability towards service delivery and compliance.

Question 74

Which of the following is the most important criterion when selecting individuals to be part of the organization’s disaster recovery plan (DRP)?

Technical knowledge of IS operating systems, databases, and telecommunications.

Consulting background with hardware and software vendors.

Consulting experience with clients or customers in the same industry.

Broad perspective of the organization and ability to recognize all of the possible consequences of a disaster.

Answer 74

Broad perspective of the organization and ability to recognize all of the possible consequences of a disaster.

The mix and composition of the disaster recovery team are important because they require appropriate and competent people to develop, test, and maintain the plan. For example, a representative from each affected business unit of the organization should be a part of the plan development team. These people need a broad perspective of the organization.

The other answer choices are incorrect. Although technical knowledge, a consulting background, and consulting experience could be beneficial, team members must have a wide range of knowledge of the organization’s internal operations.

Relevant Terms
Disaster Recovery Plan

Reference
7113.35
7113.36

Question 75

Which of the following is the most important focus of an IS contingency plan?

Minimizing physical damage to plant and equipment

Replacing the need for insurance

Minimizing financial losses on third-party contractors

Ensuring a timely resumption of critical services

Answer 75

Ensuring a timely resumption of critical services

The contingency plan should be a coordinated effort to minimize disruptions of service to the organization, employees, and its customers; minimize financial losses; and ensure a timely resumption of operations in the event of a disaster.

The other answer choices are incorrect. It is important to minimize physical damage to plants and equipment, but a timely resumption of critical services is more critical to the organization. The contingency plans should complement insurance, not replace its coverage. Minimizing financial losses on third-party contractors is the least important focus at this point.

Reference: 7113.46
The recovery time objective (RTO) is determined based on the acceptable downtime or target time in case of a disruption of business operations and systems. The RTO indicates the earliest point in time that business operations and IT systems should recover and resume after disaster. RTOs are measured when the business resumes use, not when IT restores systems. Multiple RTOs may exist. RTO impacts the technology used to make applications/IT systems available and the recovery site options (e.g., warm site, hot site, clusters).

Relevant Terms
Contingency Plan

Reference
7113.46

Question 76

Which of the following is the most important objective of disaster recovery planning?

Preventing business operation interruption

Establishing temporary business operations

Minimizing the impact of a disaster

Restoring business services

Answer 76

Restoring business services

A disaster recovery plan provides a robust preplanned framework for immediately initiating recovery operations following a disaster. As such, it guides damage assessment and the planned actions that must be taken to resume critical IS and functional activities and restore entire business operations with minimum delay and disruption.

The answer choices “establishing temporary business operations” and “minimizing the impact of a disaster” are incorrect as they do not address the most important objective of disaster recovery planning; they are secondary objectives.

The answer choice “preventing business operation interruption” is incorrect as it is not part of disaster recovery planning.

Relevant Terms
Disaster Recovery Plan

Reference
7113.35
7113.36
7113.41

Question 77

Which of the following is the next step after completing the business impact analysis?

Implement the plan

Develop a specific plan

Test and maintain the plan

Determine recovery strategies

Answer 77

Determine recovery strategies

After completing the business impact analysis (BIA), the next step is defining and determining the recovery strategies and selecting the most effective strategy that meets the timelines and priorities identified in the BIA.

The other answer choices are incorrect: After selecting a recovery strategy, a specific business continuity plan (BCP) would be determined, tested, and implemented.

Relevant Terms
Business Impact Analysis (BIA)

Reference
7113.23
7113.24
7113.49

Question 78

Which of the following is the primary benefit of the results of disaster recovery planning tests?

They are viewed as either pass or fail.

They are viewed as practice for a real emergency.

They are used to assess whether the plan worked or did not work.

They are used to improve the plan.

Answer 78

They are used to improve the plan.

In the case of disaster recovery planning, a test should be used to improve the plan. If organizations do not use this approach, flaws in the plan may remain hidden or uncorrected.

The other answer choices (pass or fail, practice for a real emergency, and assessing whether or not the plan worked) are incorrect as they may provide some feedback to management, but the idea is to learn from the experience and improve the flaws in the plan.

Reference: 7113.63
The types of disaster recovery tests include the following:

Checklist review/read-through test: This is an initial step to a real test. Disaster recovery checklists are disseminated to disaster recovery team members to review and validate that the checklist is up to date. Checklist review helps to provide the recovery team with an opportunity to identify any outdated information and update any items that need modification due to changes within the organization.

Structured walk-through: Often referred to as a tabletop exercise, team members role-play a disaster scenario, execute the plan on paper, discuss their roles, review each step to evaluate its effectiveness, and discuss the appropriate responses to the disaster.

Simulation test: A scenario is presented to the disaster recovery team members, and they are asked to develop an appropriate response without activating the recovery site. The tests provide valuable information about flaws in the contingency plan and provide practice for a real emergency. These tests can also provide critical information that can be used to ensure the continuity of important functions.

Parallel test: This test includes relocating personnel to the alternate recovery site and activates the recovery site to a state of operational readiness. However, operations at the primary site usually continue conducting the day-to-day business of the organization.

Full-interruption test: Operations are shut down at the primary site and relocated to the recovery site following the recovery plan. This is the most rigorous form of testing. Full-interruption tests are difficult to arrange, expensive, and possibly disruptive.

Reference: 7113.64
What can go wrong in disaster recovery testing activities?

Clear and measurable test objectives and criteria may not exist to define what constitutes a successful test at the backup site.

During testing, it may be found that important data and program backups are missing, required data sets are missing, passwords are not available, and job run parameters are missing.

A time-driven event log, which can be used to improve future tests, may not be maintained until completion of the testing exercise.

Reference: 7113.65
Test results: Management is interested in finding out what worked successfully and what was unsuccessful after a disaster recovery. The idea is to learn from experience. The effectiveness of a business continuity plan (BCP) can best be determined through tests. Therefore, the test results should be documented. A test should be used to improve the plan. If the organization does not use this approach, flaws in the plan may remain hidden or uncorrected.

Question 79

Which of the following is the primary purpose of a business continuity plan?

To recover from a disaster

To develop the business continuity plan

To test the business continuity plan

To sustain business operations

Answer 79

To sustain business operations

The business continuity plan (BCP) objective is to ensure the organization’s sustained viability if unforeseen emergencies occur. BCP is used to sustain the continued operation of a business in the event of an emergency.

The other answer choices are incorrect:

To recover from a disaster is the purpose of the disaster recovery plan.

Testing and developing the business continuity plan are steps to create the business continuity plan.

Question 80

Which of the following is the primary purpose of a business continuity plan?

To recover from a disaster

To test the business continuity plan

To develop the business continuity plan

To sustain business operations

Answer 80

To sustain business operations

The business continuity plan (BCP) objective is to ensure the organization’s sustained viability if unforeseen emergencies occur. BCP is used to sustain the continued operation of a business in the event of an emergency.

To recover from a disaster

To recover from a disaster is the purpose of the disaster recovery plan.

To test the business continuity plan

Testing and developing the business continuity plan are steps to create the business continuity plan.

To develop the business continuity plan
Testing and developing the business continuity plan are steps to create the business continuity plan.

Term: Business Continuity Plan (BCP)
A business continuity plan (BCP) is the documentation of a predetermined set of instructions or procedures that describe how an organization’s business functions will be sustained during and after a significant disruption.

Reference: 7113.15
A business continuity plan (BCP) aims to sustain business operations. The BCP objective is to ensure the organization’s sustained viability if unforeseen emergencies occur. BCP is used to sustain the continued operation of a business in the event of an emergency.

Contingency planning involves more than planning to move offsite after a disaster destroys a data center. It also addresses how to keep an organization’s critical functions operating in the event of large and small disruptions. This broader perspective on contingency planning is based on the distribution of computer support throughout an organization.

Question 81

Which of the following is the primary resource utilized during the business continuity plan (BCP) planning process?

Recovery site

Hardware

Application

Personnel

Answer 81

Personnel

Personnel time is the most significant resource utilization dedicated by members of the BCP team to the planning process. It represents a substantial use of business resources and is another valid reason that buy-in from senior management is crucial.

The other answer choices are incorrect as hardware, software, and recovery sites are not the most significant resources compared to the personnel time dedicated to the BCP planning process.

Reference: 7113.29
Computer backup facilities, disaster recovery, business resumption, or contingency planning problems and issues pose major challenges and concerns to information systems (IS) management, senior management, functional user management, and audit management. The key issues are how to develop disaster recovery plans, how to test them, how to maintain them, and how to keep the continuity of operations. The disaster recovery plan, if it is to be of any value, should cover both IS and functional user departments of the organization. Not only should the recovery plans be available for all departments, but they should also be integrated. The total plan also covers manual, automated, and semi-automated functions of the organization.

Question 82

Which of the following is the relevant predetermined criterion to activate an organization’s business continuity plan?

Type of disruption

Probability of the disruption

Cause of the disruption

Duration of the disruption

Answer 82

Duration of the disruption

The activation of a business continuity plan should primarily be based on the maximum downtime possible for critical applications and the size of data that could be lost. Also, the maximum period an organization functions can be interrupted before the disruption threatens the continued operation of a business.

The other answer choices are incorrect: The type, probability, and cause of the disruption are not critical factors compared to the duration of the disruption.

Relevant Terms
Business Continuity Plan (BCP)

Reference
7113.21
7113.22
7113.41

Question 83

Which of the following losses is mitigated by disaster recovery plans?

Physical

Equipment

Inventory

Economic

Answer 83

Economic

Disaster recovery plans protect against the economic and intrinsic losses (e.g., lost sales, lost profits) suffered by a company.

The other answer choices are incorrect as insurance policies protect against physical and tangible losses (e.g., buildings, inventory, and equipment).

7113.38

Question 84

D23 Which of the following metrics in business continuity is typically established by the owner of a process during the business impact analysis (BIA)?

Recovery point objective (RPO)

Service delivery objective (SDO)

Maximum tolerable outage (MTO)

Recovery time objective (RTO)

Answer 84

Recovery time objective (RTO)

When conducting a business impact analysis (BIA), the owner of a process (in conjunction with a continuity planner) establishes the RTO. Afterwards, the RTOs are presented to senior management for approval.

The other answer choices are incorrect:

Recovery point objective (RPO)

The recovery point objective (RPO) is the defined level of recovery determined based on the acceptable data loss in case of interruption of operations. The RPO designates the earliest point in time that it is acceptable to recover the data.

Service delivery objective (SDO)

The service delivery objective (SDO) is the level of services to be reached during the alternate process mode until the original/normal situation is restored. The SDO is related to business needs.

Maximum tolerable outage (MTO)

The maximum tolerable downtime (MTD) indicates the longest period a business function can be unavailable before causing severe damage to the business. The MTD is a useful metric to determine the level of business continuity resources to assign to a particular function.

Relevant Terms
Business Continuity Plan (BCP)
Business Impact Analysis (BIA)

Reference
7113.23
7113.24
7113.46

Question 85

Which of the following phases in the contingency planning and emergency program would be most challenging to sell to an organization’s management?

Preparedness

Recovery

Response

Mitigation

Answer 85

Mitigation
Mitigation is a long-term activity aimed at eliminating or reducing the probability of an emergency or a disaster occurring. It requires “up-front” money and commitment from management.

The other answer choices are incorrect:

Preparedness is a readiness to respond to undesirable events. It ensures effective response and minimizes damage.

The response is the first phase after the onset of an emergency. It enhances recovery operations.

Recovery is short- and long-term restoration of vital systems to normal operations.

Reference: 7113.49
A contingency planning strategy normally consists of three parts: emergency response, recovery, and resumption.

Emergency response encompasses the initial actions taken to protect lives and limit damage.

Recovery refers to the steps that are taken to continue support for critical functions.

Resumption is the return to normal operations.

The relationship between recovery and resumption is important. The longer it takes to resume normal operations, the longer the organization will have to operate in the recovery mode. The selection of a strategy needs to be based on practical considerations, including feasibility and cost, the criticality of the business functions and processes and the applications supporting the business and processes, security, and the time needed to recover.

Term: Contingency Plan
A contingency plan is a plan for responding to the loss or failure of a system. The plan describes the necessary steps to take in order to ensure the continuity of core business processes. It includes emergency response, backup operations, and post-disaster recovery. It is synonymous with a disaster plan and emergency plan.

Relevant Terms
Contingency Plan
Disaster Recovery Plan

Reference
7113.49
7113.50
7113.51
7113.52

Question 86

Which of the following recovery plan test results would be most useful to management?

Amount of work completed

Description of each activity

Elapsed time to perform various activities

List of successful and unsuccessful activities

Answer 86

List of successful and unsuccessful activities

Management is interested in discovering what worked (successful) and what did not (unsuccessful) after a recovery from a disaster. The idea is to learn from experience. The effectiveness of a business continuity plan (BCP) can best be determined through tests. Therefore, the test results should be documented.

The other answer choices (the elapsed time to perform various activities, the amount of work completed, and a description of each activity) are incorrect as they will not give management valuable feedback on test results compared to the list of successful and unsuccessful activities.

Disaster Reovery Testing Materials

Relevant Terms
Business Continuity Plan (BCP)
Disaster Recovery Plan
Documentation

Reference
7113.63
7113.64
7113.65

Question 87

Which of the following statements about backups is true?

The type of data transfer does not matter for timely backups.

Backups are most important for mainframe computers.

Lack of procedures is not a problem for conducting backups.

Backups provide for continuity of operations.

Answer 87

Backups provide for continuity of operations.

Backups and storage media are used to store and maintain software application files and related data for backup purposes to ensure that an organization’s critical activities and supporting applications are not interrupted during a disaster.

The other answer choices are incorrect:

“Lack of procedures is not a problem for conducting backups”: Depending on the organization’s size and anticipated risks, the time spent backing up data could be minimal compared with the time and effort that would be necessary to restore it. Files may require days, weeks, or months to recreate from hardcopy records. Therefore, adequate procedures must guide backup operations.

“Backups are most important for mainframe computers”: Other computers require backups like the mainframe.

“The type of data transfer does not matter for timely backups”: The type of data transfer dictates the time frame required to back up. Small files take less time than large files.

Reference: 7113.03
Backup and restoration

Secondary storage media are used to store and maintain software application files and related data for backup purposes to ensure that an organization’s critical activities and supporting applications are not interrupted in the event of a disaster. The secondary storage media are removable media (CDs, DVDs), mirrored disks (local or remote), or network storage.

Question 88

Which of the following statements about the recovery time objective (RTO) is true?

The higher the RTO, the lower the disaster tolerance.

The lower the RTO, the higher the disaster tolerance.

None of the answer choices are correct.

The lower the RTO, the lower the disaster tolerance.

Answer 88

The lower the RTO, the lower the disaster tolerance.

The recovery time objective (RTO) is determined based on the acceptable downtime or target time in case business operations and systems are disrupted. Disaster tolerance is the time elapse in which the business can tolerate the unavailability of IT critical service; therefore, the lower the RTO, the lower the disaster tolerance.

Reference: 7113.46
The recovery time objective (RTO) is determined based on the acceptable downtime or target time in case of a disruption of business operations and systems. The RTO indicates the earliest point in time that business operations and IT systems should recover and resume after disaster. RTOs are measured when the business resumes use, not when IT restores systems. Multiple RTOs may exist. RTO impacts the technology used to make applications/IT systems available and the recovery site options (e.g., warm site, hot site, clusters).

Reference: 7113.47
Disaster tolerance is the time elapse which the business can tolerate the unavailability of IT critical service; therefore, the lower the RTO, the lower the disaster tolerance.

Question 89

Which of the following tasks of the business continuity plan (BCP) remediates the gap between the business impact analysis (BIA) and the continuity planning phases?

Resource prioritization

Provisions and processes

Likelihood assessment

Strategy development

Answer 89

Strategy development

The strategy development task remediates the gap between business impact analysis and continuity planning by analyzing and prioritizing the risks developed during the business impact analysis (BIA) and determining the risks that the BCP should address.

Likelihood assessment

During the strategy development phase, the BCP team determines which risks will be mitigated (likelihood assessment).

Provisions and processes

Then, in the provisions and processes phase, measures and procedures are designed that should mitigate the risks.

Resource prioritization

Resource prioritization, the last phase of the BIA, prioritizes the allocation of resources to the different risks identified and assessed in the previous tasks of the BIA.

Business Continuity Plan (BCP)
A business continuity plan (BCP) is the documentation of a predetermined set of instructions or procedures that describe how an organization’s business functions will be sustained during and after a significant disruption.

Term: Business Impact Analysis (BIA)
A business impact analysis (BIA) is an analysis of an IT system’s requirements, processes, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption.

Reference: 7113.21
The IT business continuity plan (BCP) should be aligned with the strategy of the organization. Most key business processes depend on the availability of critical systems infrastructure components and business applications. The criticality of the several application systems deployed in the organization depends on the nature of the business, the value of each application, and the importance to the business.

The information system BCP/DRP (disaster recovery plan) is an essential component of an organization’s business continuity and disaster recovery strategy. An IT/DRP is a structured collection of processes and procedures designed to accelerate response and ensure business continuity in the event of a disaster.

Reference: 7113.22
The business impact analysis (BIA) helps the organization determine the maximum downtime possible for a specific application and the size of data that could be lost. The BIA also allows the organization to quantify the losses as they arise after the disruption, allowing the organization to determine the technology (and facilities) used to protect and recover its critical information assets (information system, IT components, and data). The results of risk assessment and BIA are input into the IS business continuity strategy.

Question 90

Which of the following types of control plans is particular to a specific process or subsystem, rather than related to the timing of its occurrence?

Corrective

Detective

Preventive

Application

Answer 90

Application

Application controls refer to the transactions and data relating to each computer-based application system and are, therefore, specific to each process.

The other answer choices are incorrect because preventive, corrective, and detective controls are terms that apply to particular types of controls that may appear in any application. Corrective controls remedy problems discovered through detective controls. They include procedures to identify the cause of a problem, correct errors arising from the problem, and modify the system so that future errors may be minimized or eliminated. A detective control is a control that provides an alert after an unwanted event. A detective control is designed to catch an error and provide the feedback necessary so corrective action may be taken.

Reference: 7113.94
Application controls, which represent another type of IT control focused on data quality:

are designed to prevent, detect, and correct transaction errors;

ensure the integrity of a specific application’s inputs, stored data, programs, data transmissions, and outputs; and

are much more effective when there are strong general IT controls (GITC).

When application controls are weak, the information system is more likely to produce information that contains errors and leads to poor management decisions. This can negatively affect relationships with customers, suppliers, and other external parties.

The following six categories of controls can improve system integrity:

• Source data controls
• Input validation routines
• Online data entry controls
• Data processing and storage controls
• Output controls
• Data transmission controls

Question 91

Which one of the following concerns is inappropriate for quantitative measurement during the business impact assessment?

Loss of a plant

Damage to a vehicle

Power outage

Negative publicity

Answer 91

Negative publicity

It is hard to quantify or put a dollar figure on negative publicity due to business loss. Therefore, this concern is better evaluated through qualitative analysis.

The other answer choices are incorrect. Loss of a plant, damage to a vehicle, and power outage can be quantified and a dollar value determined on their losses.

Relevant Terms
Business Impact Analysis (BIA)

Reference
7113.22
7113.23
7113.24

Question 92

With respect to disaster recovery and business continuity, risk analysis is part of which of the following?

Recovery analysis

Cost-benefit analysis

Backup analysis

Business impact analysis

Answer 92

Business impact analysis

The risk analysis is usually part of the business impact analysis. It estimates both the functional and financial impact of a risk occurrence to the organization. It identifies the costs to reduce the risks to an acceptable level by establishing effective controls.

The other answer choices are incorrect as cost-benefit analysis, backup analysis, and recovery analysis are part of a business impact

Reference: 7113.18
Risk analysis is a prerequisite to a complete and meaningful disaster recovery planning program. Risk analysis is assessing threats to resources (assets) and determining the amount of protection necessary to adequately safeguard the resources (assets) so that vital systems, operations, and services can quickly resume to a normal status in case of a disaster.

Essentially, the risk analysis and evaluation process addresses the following actions:

Identify assets (e.g., hardware, software, data, facilities, documentation, and supplies).

Develop a list of potential threats and vulnerabilities (e.g., fire, flood, or tornado) with the frequency of their occurrences.

Correlate threats to assets.

Rank the threats based on their impact and risk.

Determine the effectiveness of existing risk mitigation controls.

Recommend cost-effective controls to reduce potential threats.

Once the threat is identified, and its impact is defined as well, the list should be reviewed, and threats classified as either acceptable or as risks that must be controlled. To determine the risk imposed by each threat, rank each threat, rank the asset’s criticality, and then evaluate them together. The decision on whether a risk should be tolerated or controlled rests solely with senior management—not the auditors.

Reference: 7113.23
The BIA (business impact analysis) is a critical step in establishing the business continuity strategy and executing the risk countermeasures and the business continuity plan (BCP). The first phase in any disaster recovery plan is to conduct a BIA. The BIA identifies the critical resources, processes, systems, and applications to the organization’s ongoing sustainability and threats to business priorities, processes, and resources. It evaluates the probability of each threat that may occur and the impact on the business and helps to determine the acceptable downtime for the business-critical processes and applications.

Relevant Terms
Business Continuity Plan (BCP)
Disaster Recovery Plan
Risk Assessment

Reference
7113.18
7113.23