Business continuity and disaster recovery planning and Cryptography quiz

Business continuity and disaster recovery planning and Cryptography quiz

1. What is database shadowing ?

A. Maintenance of two parallel, independent databases

B. Maintenance of a parallel database with the essential information alone

C. Involves live processing of remote journaling

D. Having a mirror database on the cloud

2.  State True or False. While validating the resources that support critical functions,the IS audit of the BCP process should restrict itself to computer-related matters which alone are the division’s responsibility.

A. False

B. True.

3. What is the first step in the BCP process ?

A. Identifying the weaknesses in the organizations

B. Testing the functioning of the process

C. Checking for compliance with laws & regulations

D. Identifying the mission/business-critical functions

4. What is an example of Errors and Omissions (E&O) insurance ?

A. Professional liability insurance

B. Marine insurance

C. Business interruption insurance

D. Motor vehicle insurance

5. Which types of torts are excluded from liability insurance cover ?

A. Negligent tort

B. Product liability

C. Intentional torts

D. Service liability

6. What is database shadowing ?

A. Maintenance of two parallel, independent databases

B. Maintenance of a parallel database with the essential information alone

C. Involves live processing of remote journaling

D. Having a mirror database on the cloud

7. Whatis a Hybrid Online Backup ?

A. Involves Local backup for recent data & Offsite backup for archived data

B. Cryogenic site

C. Back up through combination of manual as well as electronic storage

D. Remote cloud as well as physical location storage

8. A leading e-commerce provider is entering into the Indian market and is keen that the business is built on firm foundations to ensure its credibility to customers.Appreciating the importance of ensuring 100 % back-up for its Internetoperations, it approaches a reputed vendor for advice on back-up facilities. The vendor analyses the customer’s requirements and comes up with a solution. The vendor offers the customer a ready-to-use back-up facility based uponsubscription & membership. Virtually every equipment / facility which thecustomer has in his main facility, including air-conditioning, would be replicatedat the vendor’s back-up location and it would be ready for instantaneous use inthe case of an emergency, providing the customer the very dependable back-upfacilities they seek but at a price. What is such a facility called ?

A. Mirror site

B. Cold site

C. Hot site

D. Cryogenic site

9. What is one of the most popular back up measures for wide-area data communication networks in an emergency ?

A. Dial-up in lieu of the normal leased/broad band lines

B. Circuit extension techniques

C. Micro-wave communications

D. On-demand carrier services

10. Restoring from a Differential Back-up involves ________________

A. Restoring from last full back-up & then every incremental back-up

B. Restoring from full back-up alone

C. Restoring from last full back-up & then the differential back-up

D. Restoring from differential back-up alone

11. The Business Continuity Plan Manual comprises basically the _________

A. Business Continuity Plan alone

B. Business Continuity Plan and the Disaster Recovery Plan

C. Business Continuity Plan and the Incident Response Plan

D. Business Continuity Plan and the Contingency Response Plan

12. Which of the operating teams of contingency planning would be the first to arrive during the outbreak of an incident ?

A. Incident Response team

B. Contingency Planning team

C. Disaster Recovery team

D. Administration team

13. Which of the operating teams of contingency planning would conduct research on data that could lead to a crisis and develop actions that would adequately handle these threats ?

A. Disaster Recovery team

B. Incident Response team

C. Contingency Planning team

D. Administration team

14. Which one of the following could also be a definite indicator of an incident ?

A. Presence of unfamiliar files

B. Presence of unknown programs

C. Unusual consumption of computing resources

D. Use of dormant accounts

15. Which one of the following could also be a possible actual incident ?

A. Introduction of new software from accredited source

B. Increase in number of licences

C. Unusual consumption of computing resources

D. Recruitment of a new software engineer

16. Complete the following statement. The three broad categories of incidents are definite, probable and ________________

A. Uncertain

B. Possible

C. Unfortunate

D. Indefinite

17. As IS Auditor, you are checking out the Business Continuity Plan (BCP) process in an organization. Apart from checking whether regular testing & updating of the BCP takes place, the other KEY Aspect that you will need to check is __________

A. Review the market dues of the organization & cash flows

B. Check whether a succession plan is in place for KEY personnel

C. Whether gaps identified in the past tests have been plugged subsequently

D. Whether the organization has got itself certified under ISO

18. Scenario workshop & Walkthrough sessions are two of the major methods of training for disaster recovery & business continuity in general. What is the single,significant difference between both ?

A. The workshop is preceded by a stipulated scenario & the walkthrough is based upon this scenario

B. Scenario workshop is desktop activity whereas the walkthrough involves actual site visit

C. Scenario workshop is for proposed businesses whereas Walkthrough sessions are for proven, old businesses

D. Scenario workshops are for senior management whereas walkthrough sessions is for the rest of the organization

19. Training in Disaster Recovery Planning (DRP) has two KEY objectives. One is totrain recovery team participants who are expected to act in the event of adisaster. The other KEY objective would be _____________

A. To understand the calculation of the risk ratio

B. To re-assess the value at risk

C. To train KEY employees on awareness & disaster prevention

D. To train the public at large as a public relations exercise

20. The Head office of a large group of companies is located in a large metro city. With a view to testing its readiness to face the contingency of a fire, the organization very meticulously conducts fire drills at least once in a year at its Head office. It hires an independent professional agency to conduct the drill. Volunteers from within the organization act also assist in the process. The drill involves the initiation of a fire alarm, evacuation of all the offices, assembly at acommon point, etc. The process and its outcome are carefully documented &learnings utilised for tweaking the organization’s safety processes. How wouldyou classify this fire drill as an element of a Business Continuity Plan ?

A. Structured walk through test

B. Parallel test

C. Unstructured walk through test

D. Simulation test