Free Access to ISACA.CISA.v2024-12-27.q999 with Valid Practice Test (Page 169)

Question 836

Which of the following is a prevalent risk in the development of end-user computing (EUC) applications?

A.Applications may not be subject to testing and IT general controls
B.increased development and maintenance costs
C.increased application development time
D.Decision-making may be impaired due to diminished responsiveness to requests for information

Question 837

Which of the following would be an IS auditor's GREATEST concern when reviewing the organization's business continuity plan (BCP)?

A.The recovery plan does not contain the process and application dependencies.
B.The duration of tabletop exercises is longer than the recovery point objective (RPO).
C.The duration of tabletop exercises is longer than the recovery time objective (RTO).
D.The recovery point objective (RPO) and recovery time objective (R TO) are not the same.

Correct Answer: A

A business continuity plan (BCP) is a document that outlines how an organization will continue its critical functions in the event of a disruption or disaster. A BCP should include the following elements1:
* Business impact analysis: This is the process of identifying and prioritizing the key business processes and assets that are essential for the organization's survival and recovery.
* Risk assessment: This is the process of identifying and evaluating the potential threats and vulnerabilities that could affect the organization's business continuity.
* Recovery strategies: These are the actions and procedures that the organization will implement to restore its normal operations as quickly and effectively as possible after a disruption or disaster.
* Recovery objectives: These are the metrics that define the acceptable level of recovery for the organization's business processes and assets. The two main recovery objectives are:
* Recovery point objective (RPO): This is the maximum amount of data loss that the organization can tolerate in terms of time. For example, an RPO of one hour means that the organization can afford to lose up to one hour's worth of data after a disruption or disaster.
* Recovery time objective (RTO): This is the maximum amount of time that the organization can tolerate to restore its normal operations after a disruption or disaster. For example, an RTO of four hours means that the organization must resume its normal operations within four hours after a disruption or disaster.
* Testing and validation: This is the process of verifying and evaluating the effectiveness and efficiency of the BCP and its components. Testing and validation can include various methods, such as:
* Tabletop exercises: These are discussion-based sessions where team members meet in an informal setting to review and discuss their roles and responsibilities during a disruption or disaster scenario. A facilitator guides participants through a discussion of one or more scenarios2.
* Simulation exercises: These are more realistic and interactive sessions where team members perform their roles and responsibilities during a simulated disruption or disaster scenario. A facilitator controls and monitors the simulation and injects events and challenges3.
* Full-scale exercises: These are the most complex and realistic sessions where team members perform their roles and responsibilities during a real-life disruption or disaster scenario. A facilitator coordinates and evaluates the exercise with external stakeholders, such as emergency services, media, or customers4.
As an IS auditor, your greatest concern when reviewing the organization's BCP would be A. The recovery plan does not contain the process and application dependencies.

Question 838

When reviewing input controls, an IS auditor observes that, in accordance with corporate policy, procedures allow supervisory override of data validation edits. The IS auditor should:

A.not be concerned since there may be other compensating controls to mitigate the risks.
B.ensure that overrides are automatically logged and subject to review.
C.verify whether all such overrides are referred to senior management for approval.
D.recommend that overrides not be permitted.

Question 839

Which of the following hardware upgrades would BEST enhance the capability of a web server to accommodate a significant increase in web traffic?

A.Multicore CPUs
B.Solid state drives
C.Additional flash memory
D.Cloud architecture

Question 840

Which of the following would be the MOST effective method for detecting duplicate payments?

A.Enciphering and deciphering the message digest
B.Reviewing sequence numbers and time stamps for each transaction
C.Assessing payment history for reasonableness and approval
D.Using a cryptographic hashing algorithm

Question 836

Question 837

Question 838

Question 839

Question 840

Download PDF File