Practice CISA Information Systems Operations and Business Resilience questions with full explanations on every answer.
Start practicing
Information Systems Operations and Business Resilience — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
An organization experiences a critical system failure during non-business hours. The IT team discovers that the last full backup was 48 hours ago, and the incremental backups for the past 24 hours are corrupted. The recovery time objective (RTO) for this system is 4 hours, and the recovery point objective (RPO) is 1 hour. Which of the following is the MOST immediate concern?
2An IT auditor is reviewing the business continuity plan (BCP) for a financial services firm. The plan includes a hot site that is shared with another organization under a reciprocal agreement. Which of the following findings should be of MOST concern to the auditor?
3A company is designing its backup strategy for a critical database that must be available 24/7. The database experiences high transaction volumes. Which backup method minimizes data loss while allowing continuous operations?
4During an incident response exercise, the IT team discovers that the failover to the disaster recovery (DR) site failed because the DR site's storage area network (SAN) was not zoned correctly for the replicated data. Which of the following controls would BEST prevent this issue?
5A company's backup policy requires that backup tapes be stored offsite for at least one year. During an audit, the auditor finds that the offsite storage facility is not access-controlled and backup tapes are not encrypted. Which of the following is the auditor's BEST recommendation?
6An organization is implementing a business continuity plan (BCP). Which of the following is the PRIMARY purpose of conducting a business impact analysis (BIA)?
7Which TWO of the following are essential components of an effective incident response plan? (Select exactly 2.)
8Which THREE of the following are key metrics to include in a disaster recovery test report? (Select exactly 3.)
9An administrator sees the above error after a failed backup job. What is the MOST likely cause?
10An organization has configured HSRP as shown. During a failover test, the primary router (G0/1) is shut down, but the DR site router does not become active. What is the MOST likely reason?
11A multinational corporation operates an e-commerce platform hosted in a private cloud environment. The platform consists of web servers, application servers, and a database cluster. The database cluster uses synchronous replication across two data centers (Primary and DR) located 500 km apart. The recovery time objective (RTO) for the platform is 2 hours, and the recovery point objective (RPO) is 15 minutes. During a recent disaster simulation, the primary data center lost power completely. The IT team initiated failover to the DR site. However, the failover process took 3 hours due to a misconfiguration in the DNS failover scripts, and the database was found to be inconsistent because the replication link was broken 30 minutes before the power loss. The team had to restore from a backup that was 4 hours old. After the incident, management requests a review of the disaster recovery plan. Which of the following is the BEST course of action to address the issues identified?
12An organization is implementing a backup strategy for its critical database. The database is updated continuously during business hours, and the recovery point objective (RPO) is 15 minutes. Which backup method should be used to meet the RPO while minimizing backup storage and performance impact?
13Based on the backup logs, the backup administrator notices that the incremental backup job failed due to insufficient storage. Which TWO actions should the administrator take to resolve the immediate issue and prevent recurrence?
14An online retail company runs its e-commerce platform on a virtualized infrastructure with 50 virtual servers. The platform experiences intermittent slowdowns during peak hours, and recent monitoring reports show that disk I/O latency on the storage area network (SAN) frequently exceeds 50 ms during these periods. The SAN has two fabric switches and a single storage array with 12 TB of usable capacity, currently at 80% utilization. The company’s disaster recovery plan requires recovery point objective (RPO) of 1 hour and recovery time objective (RTO) of 4 hours for the e-commerce platform. During a recent test failover to the disaster recovery site, the IT team discovered that the replication link between primary and DR sites is saturated, causing replication lag of up to 3 hours. The team also noted that the DR site storage has only 6 TB of usable capacity, now at 60% utilization. The IT manager is concerned about meeting the RPO and RTO. Which course of action should the IT team take first?
15Arrange the steps to implement a patch management process in the correct order.
16Order the steps for conducting a business impact analysis (BIA) in the correct sequence.
17Match each disaster recovery site type to its description.
18Match each testing technique to its description.
19An organization's online transaction processing system experienced a sudden performance degradation. The database administrator checked system resources and found excessive I/O wait time on the storage subsystem. Which of the following is the MOST likely root cause?
20A multinational corporation has implemented a hot site disaster recovery solution for its critical financial applications. Which of the following is the MOST important consideration to ensure the effectiveness of the hot site?
21During an IT audit, the auditor finds that a system administrator has local administrator rights on multiple production servers and uses a shared service account for routine maintenance. What is the PRIMARY risk associated with this practice?
22A company's IT service desk receives multiple reports of users being unable to access a cloud-based CRM system. The network team confirms that internet connectivity is working. Which of the following should be the FIRST step in troubleshooting the issue?
23An organization is evaluating its business continuity plan (BCP) for a critical application with a recovery time objective (RTO) of 4 hours and a recovery point objective (RPO) of 1 hour. The current backup strategy involves daily full backups and hourly transaction log backups. Which of the following is the MOST significant risk?
24Which of the following is the BEST indicator that an organization's incident management process is effective?
25An IT auditor is reviewing the change management process for a financial application. The auditor finds that emergency changes are frequently implemented without post-implementation review. What is the MOST significant risk?
26A large enterprise is implementing a backup strategy for a critical database that requires an RTO of 2 hours and an RPO of 15 minutes. The database is 2 TB in size. Which backup method would BEST meet these requirements while minimizing storage costs?
27Which of the following is the PRIMARY purpose of a business impact analysis (BIA) in business continuity planning?
28Which TWO of the following are key elements of an effective incident response plan? (Select exactly 2.)
29Which TWO of the following are primary objectives of capacity management? (Select exactly 2.)
30Which THREE of the following are common challenges when implementing a bring-your-own-device (BYOD) policy that affect information systems operations? (Select exactly 3.)
31Refer to the exhibit. An IT operator receives this error message from an automated backup job. What is the MOST likely cause of this failure?
32Refer to the exhibit. An auditor reviews the log shipping configuration for a critical database. Based on the information provided, what is the MOST significant finding?
33Refer to the exhibit. An auditor reviews the security log of a sensitive server. Which of the following is the MOST suspicious event?
34An organization's backup strategy involves weekly full backups and daily incremental backups. After a system failure, the restoration takes longer than expected. What is the most likely cause?
35An IT manager notices that the CPU utilization of a critical server consistently exceeds 90% during peak hours. Which is the BEST course of action?
36During an audit, the IS auditor finds that the business continuity plan (BCP) was last updated two years ago and does not include new cloud-based applications. The organization has not conducted a BCP test in 18 months. What should the auditor recommend FIRST?
37A company's backup policy requires that backup media be stored offsite. Which of the following is the PRIMARY reason for this requirement?
38An organization uses a hot site for disaster recovery. During a recent test, the hot site did not have the latest version of the application software. What is the MOST likely cause?
39An IS auditor is reviewing the incident management process. The organization has a policy that all security incidents must be reported within one hour. However, the average reporting time is four hours. Which is the BEST corrective action?
40Which of the following is the PRIMARY objective of an operational audit?
41A database administrator accidentally deleted a critical table. The last full backup was taken 24 hours ago, and transaction logs are archived every 15 minutes. Which recovery method will minimize data loss?
42An organization's business continuity plan includes a reciprocal agreement with another company. What is the PRIMARY risk of this arrangement?
43Which is the MOST likely cause?
44Given this configuration, which is the PRIMARY concern?
45Which control failure is MOST significant?
46Which TWO of the following are essential components of a disaster recovery plan (DRP)?
47Which TWO of the following are key performance indicators (KPIs) for IT operations?
48Which THREE of the following are common techniques for ensuring business resilience?
49A company is experiencing frequent server crashes due to memory leaks. The operations team has implemented a monitoring solution. Which of the following is the BEST indicator to trigger an automated failover to a standby server?
50During a disaster recovery test, the recovery time objective (RTO) for a critical application was not met. Which of the following is the MOST likely cause?
51An organization implemented a business continuity plan (BCP) that includes manual workarounds. Which of the following is the PRIMARY risk of relying on manual processes during a disruption?
52A company's backup policy requires daily full backups to tape and offsite storage. After a ransomware attack, the IT team discovers that the latest backup set is corrupted. Which of the following controls would have BEST prevented this?
53An IS auditor is reviewing the change management process for a financial application. Which of the following findings would be of MOST concern?
54A multinational corporation is designing its disaster recovery strategy to meet a recovery point objective (RPO) of 15 minutes for its critical database. Which replication method is MOST appropriate?
55During an incident, the IT team identifies that a critical patch was not applied due to an expired software maintenance contract. Which of the following is the BEST long-term remediation?
56An organization wants to ensure that its backup tapes are protected from unauthorized access. Which of the following is the MOST effective control?
57An organization is implementing a business continuity plan (BCP) and needs to determine the maximum acceptable downtime for a critical system. Which metric should be defined FIRST?
58An IS auditor is evaluating the effectiveness of a backup strategy for a critical database. Which TWO of the following are essential controls to ensure data recoverability?
59A company is updating its business continuity plan (BCP). Which THREE of the following should be included as key components?
60During a disaster recovery test, the team discovers that the backup server is unable to restore data because of incompatible software versions. Which TWO controls should have been implemented to prevent this?
61Refer to the exhibit. An IS auditor reviewing backup logs notices this error. Which of the following is the MOST likely root cause?
62Refer to the exhibit. During a security audit, an IS analyst identifies that a critical business application hosted on 192.168.1.100:443 is unreachable from the 10.0.1.0/24 subnet. Which of the following is the MOST likely cause?
63A multinational organization operates a critical ERP system on a virtualized infrastructure across two data centers (primary and DR). The primary data center is located in Region A, and the DR site in Region B, 500 km away. The ERP database is 2 TB and changes at an average rate of 10 MB per second. The organization uses synchronous replication between the two sites over a dedicated 10 Gbps WAN link. During a recent disaster simulation, the IT team observed that the replication link experienced 15 ms latency, causing the primary database to slow down significantly under peak load, ultimately missing the defined RTO of 4 hours for full failover. The business has an RPO of 15 minutes. The CISO asks the IS auditor to recommend a solution that balances cost and performance while meeting both RTO and RPO. Which of the following is the BEST course of action?
64A multinational corporation is implementing a disaster recovery plan for its critical financial systems. The plan includes off-site backups and redundant hardware. During a recent test, the recovery time objective (RTO) was met, but the recovery point objective (RPO) was exceeded by 30 minutes due to delayed data replication. Which of the following is the BEST action to address this issue?
65An organization is evaluating its business continuity plan (BCP) to ensure alignment with the IT disaster recovery plan. Which TWO of the following are critical elements that should be included in the BCP to support effective business resilience?
66A medium-sized retail company relies on an ERP system for order processing and inventory management. The system is hosted on-premises with daily backups stored on tape. The company's business continuity plan specifies an RTO of 4 hours and an RPO of 1 hour for the ERP system. During a recent fire drill, it was discovered that restoring the ERP system from tape took over 6 hours, and the most recent backup was from the previous day. Which of the following is the BEST course of action to meet the RTO and RPO goals?
67A financial institution operates a critical payment processing system that must maintain 99.999% availability. The system is deployed across two data centers in active-active mode with load balancing. During a routine maintenance window, a network misconfiguration caused all traffic to be directed to one data center, which then became overloaded and crashed, resulting in 30 minutes of downtime. The incident response team wants to prevent recurrence. Which of the following is the BEST action?
68A healthcare organization is required to comply with HIPAA regulations for data backup and disaster recovery. They operate a primary data center and a colocation facility for disaster recovery. The current backup strategy involves nightly full backups to tape, which are stored off-site monthly. The recovery time for the electronic health record (EHR) system is estimated at 8 hours, but the RTO required by the business is 2 hours. Additionally, the RPO requirement is 15 minutes. The IT manager proposes implementing a continuous data protection (CDP) solution. However, the CFO is concerned about the cost. Which of the following is the BEST argument to justify the CDP investment?
69A small e-commerce company uses a cloud-based e-commerce platform with automatic scaling. The company's business continuity plan relies on the cloud provider's promise of 99.99% uptime. During a regional outage affecting the cloud provider's primary availability zone, the company's website became unavailable for 2 hours, resulting in lost sales. The IT manager wants to improve resilience. Which of the following is the BEST action?
70Which TWO of the following are primary objectives of a business continuity plan (BCP)?
71Refer to the exhibit. Which of the following is the most significant risk associated with the backup policy for critical data?
72A medium-sized financial services firm recently suffered a ransomware attack that encrypted critical servers and backups. The recovery process took three weeks because the backup tapes were stored in the same building (which was also infected) and the backup software had a vulnerability that allowed the ransomware to delete old backups. The firm's BCP did not account for simultaneous loss of primary and secondary data. As the IS auditor, you are asked to recommend the most effective improvement to the backup strategy to prevent recurrence and improve resilience. Which of the following actions should the firm implement?
The Information Systems Operations and Business Resilience domain covers the key concepts tested in this area of the CISA exam blueprint published by ISACA. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all CISA domains — no account required.
The Courseiva CISA question bank contains 72 questions in the Information Systems Operations and Business Resilience domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Information Systems Operations and Business Resilience domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included