Documentation of workaround processes to keep a business function operational during recovery of IT systems is a core part of a:

• A.disaster recovery plan
• B.business continuity plan.
• C.threat and risk assessment
• D.business impact analysis.

Comment: *

Name: *

Email: *

Verification: *

Vendors have released patches fixing security flaws in their software. Which of the following should an IS auditor recommend in this situation?

• A.Assess the impact of patches prior to installation.
• B.Ask the vendors for a new software version with all fixes included.
• C.install the security patch immediately.
• D.Decline to deal with these vendors in the future.

Comment: *

Name: *

Email: *

Verification: *

When conducting a review of security incident management, an IS auditor found there are no defined escalation processes. All incidents are managed by the service desk. Which of the following should be the auditor's PRIMARY concern?

• A.Inefficient use of service desk resources
• B.Management's lack of high impact incidents
• C.Delays in resolving low priority trouble tickets
• D.Management's inability to follow up on incident resolution

Comment: *

Name: *

Email: *

Verification: *

.What is an effective control for granting temporary access to vendors and external support personnel? Choose the BEST answer.

• A.Creating user accounts that automatically expire by a predetermined date
• B.Creating permanent guest accounts for temporary use
• C.Creating user accounts that restrict logon access to certain hours of the day
• D.Creating a single shared vendor administrator account on the basis of least-privileged access

Comment: *

Name: *

Email: *

Verification: *

A lower recovery time objective (RTO) results in:

• A.higher disaster tolerance.
• B.higher cost.
• C.wider interruption windows.
• D.more permissive data loss.

Comment: *

Name: *

Email: *

Verification: *