CCNA Cisa Operations Resilience Questions

75 of 114 questions · Page 1/2 · Cisa Operations Resilience topic · Answers revealed

1
MCQeasy

An organization uses automated job scheduling for nightly batch processing. One job fails due to a missing dependency file. What is the most effective control to prevent recurrence?

A.Use a different scheduling tool
B.Define dependencies within the job scheduler
C.Increase the frequency of job reruns
D.Assign manual operators to monitor jobs
AnswerB

This ensures jobs wait for required files or jobs to complete.

Why this answer

Implementing dependency management in the job scheduler ensures that jobs only run when prerequisites are met, preventing such failures.

2
Multi-Selecthard

An organization is implementing a cloud resource management strategy to optimize costs and prevent waste. Which three practices should the auditor recommend?

Select 3 answers
A.Consolidate all resources into a single region
B.Detect and remove orphaned resources
C.Automate shutdown of idle resources during off-hours
D.Use only Reserved Instances for all workloads
E.Implement resource tagging for cost allocation
AnswersB, C, E

Correct: Orphaned resources incur costs without providing value.

Why this answer

Option B is correct because orphaned resources (e.g., unattached EBS volumes, unused Elastic IPs, stale load balancers) continue to incur costs without providing any business value. Detecting and removing them directly eliminates waste, which is a core principle of cloud cost optimization. This practice aligns with the AWS Well-Architected Framework's Cost Optimization pillar, specifically the 'Stop Spending Money on Undifferentiated Heavy Lifting' design principle.

Exam trap

The trap here is that candidates may view 'consolidating into a single region' (Option A) as a cost-saving measure, but the CISA exam emphasizes that cost optimization must balance performance, compliance, and resilience—not just minimize data transfer fees.

3
MCQhard

During a business impact analysis (BIA), a department manager states that their process can be disrupted for up to 8 hours, but data loss cannot exceed 15 minutes. Which two metrics are defined by these statements?

A.Mean time to repair (MTTR) and mean time between failures (MTBF)
B.Recovery time objective (RTO) and recovery point objective (RPO)
C.Service level objective (SLO) and service level agreement (SLA)
D.Maximum tolerable downtime (MTD) and working recovery time (WRT)
AnswerB

RTO is 8 hours, RPO is 15 minutes.

Why this answer

The maximum downtime is the recovery time objective (RTO), and the maximum data loss is the recovery point objective (RPO).

4
MCQmedium

An organization's business continuity plan (BCP) includes alternate facilities that can be operational within 24 hours. The maximum tolerable downtime (MTD) for a critical process is 12 hours. What is the most significant gap?

A.The BCP does not include customer communication procedures.
B.The alternate facility cannot be activated within the required MTD.
C.The BCP does not address data backup procedures.
D.The recovery time objective (RTO) for the process is not defined.
AnswerB

The facility's 24-hour activation exceeds the 12-hour MTD.

Why this answer

The alternate facility recovery time (24 hours) exceeds the MTD (12 hours), meaning the process would fail its recovery requirement.

5
MCQhard

An organization uses a cloud-based CRM system. The asset management team has implemented tagging to track resource costs by department. During an audit, the IS auditor finds that several orphaned resources (e.g., virtual machines, storage volumes) exist that are not tagged and have been running for months. The cloud service provider's cost allocation report shows these resources under a default account. What is the most significant risk associated with this finding?

A.Increased attack surface from forgotten resources.
B.Security misconfiguration due to lack of ownership.
C.Inaccurate cost allocation and potential budget overruns.
D.Compliance violation with data residency requirements.
AnswerC

Orphaned resources cause unnecessary costs and distort cost allocation.

Why this answer

The most significant risk is inaccurate cost allocation and potential budget overruns because the orphaned resources are not tagged and are billed under a default account, preventing the organization from accurately attributing cloud costs to the responsible departments. This undermines the purpose of the tagging strategy implemented by the asset management team and can lead to unplanned expenses that are not tracked against any budget owner, directly impacting financial control and operational accountability.

Exam trap

The trap here is that candidates often focus on security risks (like increased attack surface) because orphaned resources are commonly associated with security vulnerabilities, but the question's emphasis on tagging and cost allocation reports directly points to financial risk as the most significant finding.

How to eliminate wrong answers

Option A is wrong because while forgotten resources can increase the attack surface, the question specifically highlights the cost allocation report and tagging failure, making financial risk the primary concern in this scenario. Option B is wrong because security misconfiguration due to lack of ownership is a potential secondary risk, but the finding explicitly focuses on untagged resources causing cost allocation issues, not a specific security misconfiguration. Option D is wrong because there is no mention of data residency requirements or any regulatory compliance violation; the risk is purely financial and operational, not related to data location or legal mandates.

6
MCQhard

An organization's backup strategy includes taking full backups weekly and transactional log backups every 15 minutes. The auditor wants to verify that backup encryption is implemented for offsite storage. Which control is most relevant?

A.Backup compression
B.Offsite transport log
C.Backup encryption at rest
D.Backup verification logs
AnswerC

Correct: Encryption at rest protects backup data stored offsite from unauthorized access.

Why this answer

Backup encryption at rest ensures that data stored offsite is protected from unauthorized access, which is a key control for offsite backups.

7
Multi-Selecthard

An organization is planning a full interruption test of its disaster recovery plan. Which THREE of the following should the IS auditor recommend as best practices for this type of test? (Select three.)

Select 3 answers
A.Notify all relevant stakeholders in advance
B.Conduct the test during peak business hours to simulate real conditions
C.Define clear test objectives and success criteria
D.Have a rollback plan in case of failure
E.Ensure the test is scheduled after a major system upgrade to validate changes
AnswersA, C, D

Stakeholders need to be aware to coordinate.

Why this answer

Option A is correct because notifying all relevant stakeholders in advance is a best practice for a full interruption test. This ensures that business units, IT teams, and external vendors are prepared for the planned outage, minimizing confusion and allowing coordinated execution. Without prior notification, the test could cause unnecessary panic or operational disruption, undermining the controlled nature of the exercise.

Exam trap

The trap here is that candidates may confuse a full interruption test with a tabletop or simulated test, incorrectly assuming that notifying stakeholders (Option A) reduces realism, when in fact it is a critical safety control for a live failover exercise.

8
MCQmedium

An organization uses a standard change model for low-risk, pre-approved changes. Which of the following is an example of a standard change?

A.Upgrading the core router to a new model
B.Changing the backup schedule from daily to weekly
C.Applying a routine security patch to the firewall
D.Migrating the entire email system to the cloud
AnswerC

Routine patches are typically pre-approved as standard changes.

Why this answer

Standard changes are pre-approved, low-risk, and follow a defined procedure. Applying a routine security patch that has been tested and approved falls under this category.

9
MCQeasy

An IT auditor is reviewing the business continuity plan (BCP) testing schedule. The organization conducts a test where participants discuss their roles and responses to a scenario without any actual system activation. Which type of test is this?

A.Parallel test
B.Walkthrough
C.Simulation
D.Tabletop exercise
AnswerD

Correct: Tabletop exercises are discussion-only and focus on roles and procedures.

Why this answer

A tabletop exercise is a discussion-based test where participants walk through a scenario without executing procedures or activating systems.

10
MCQhard

An organization is implementing a change management process. A change that requires approval from the Change Advisory Board (CAB) but is scheduled to be implemented during the next maintenance window is classified as which type of change?

A.Emergency change
B.Standard change
C.Minor change
D.Normal change
AnswerD

Normal changes require CAB approval and are scheduled.

Why this answer

Standard changes are pre-approved and low risk; emergency changes require urgent approval. Normal changes require CAB approval.

11
Multi-Selectmedium

An IT auditor is reviewing the asset management process for hardware lifecycle. Which two controls should the auditor verify to ensure secure disposition of decommissioned servers?

Select 2 answers
A.Hardware warranty tracking
B.Performance benchmarking
C.Secure sanitization of storage media
D.Formal disposal policy with authorization
E.Asset tagging during procurement
AnswersC, D

Correct: Sanitization prevents data leakage from decommissioned hardware.

Why this answer

Secure sanitization of storage media (Option C) is critical because decommissioned servers often contain sensitive data that must be irrecoverably erased to prevent unauthorized access. A formal disposal policy with authorization (Option D) ensures that decommissioning follows a documented, approved process, including verification of sanitization and chain of custody. Together, these controls address both the technical and procedural aspects of secure disposition.

Exam trap

The trap here is that candidates may confuse operational lifecycle tasks (warranty, tagging, benchmarking) with security-specific disposition controls, overlooking that only sanitization and authorized policy directly address data confidentiality and disposal governance.

12
MCQeasy

An organization is negotiating a contract with a cloud service provider. Which clause is most important for the IS auditor to ensure is included?

A.Data localization requirements.
B.Right-to-audit clause.
C.Automatic renewal terms.
D.Service level agreement (SLA) with penalties.
AnswerB

This provides the organization with assurance over controls.

Why this answer

A right-to-audit clause allows the organization to verify the provider's controls and compliance, which is critical for third-party risk management.

13
MCQmedium

During a change advisory board (CAB) meeting, a proposed change to the database server is discussed. The change involves implementing a security patch that requires a reboot. The change is categorized as 'normal' and has been risk-assessed as low impact. What is the most likely role of the CAB in this scenario?

A.Review and approve the change
B.Implement the change directly
C.Reject the change as unnecessary
D.Defer the change to the next release cycle
AnswerA

The CAB is responsible for reviewing and approving changes, especially those categorized as normal.

Why this answer

The CAB reviews and approves changes based on risk and impact. For a low-risk normal change, the CAB typically authorizes the change, possibly with standard procedures.

14
MCQmedium

An IS auditor is evaluating the capacity management process. The auditor notices that CPU utilization has been consistently above 90% for the past three months. The IT manager states that no proactive capacity planning has been performed. What is the primary risk?

A.Potential service degradation or unplanned outages.
B.Increased licensing costs for software.
C.Inability to meet backup windows.
D.Increased energy costs for cooling.
AnswerA

High utilization can lead to slowdowns and crashes.

Why this answer

Consistently high utilization without planning risks performance degradation and outages. The organization may not be able to handle peak loads.

15
MCQmedium

An organization outsources its data center operations to a third-party provider. Which of the following is the MOST important clause to include in the contract to ensure the organization can verify the provider's controls?

A.Exit strategy
B.Service level agreement (SLA)
C.Vendor concentration risk clause
D.Right-to-audit clause
AnswerD

Enables independent verification.

Why this answer

A right-to-audit clause allows the organization or its auditor to review the provider's controls.

16
MCQhard

An organization is selecting a disaster recovery (DR) site. The primary data center is located in a region prone to earthquakes. The DR site should be at a sufficient distance to avoid the same disaster. Which type of alternate site provides the best balance of cost and recovery time for a medium-sized organization?

A.Hot site
B.Warm site
C.Mobile site
D.Cold site
AnswerB

Correct: Warm sites offer a balance of cost and recovery time, with some equipment pre-installed.

Why this answer

A warm site is partially configured with some hardware, software, and data synchronization, offering a balance between cost and recovery time. For a medium-sized organization, it provides faster recovery than a cold site while being significantly less expensive than a hot site, making it suitable for a region prone to earthquakes where the DR site must be geographically distant.

Exam trap

The trap here is that candidates often confuse 'warm site' with 'hot site' due to the similar terminology, but the key differentiator is the level of data synchronization and hardware readiness, not just the distance from the primary site.

How to eliminate wrong answers

Option A is wrong because a hot site is a fully redundant, real-time mirror of the primary data center, which is excessively costly for a medium-sized organization and typically used only for mission-critical systems requiring near-zero recovery time objectives (RTOs). Option C is wrong because a mobile site is a portable, self-contained unit that is not designed for permanent, geographically distant disaster recovery; it is more suited for temporary or tactical needs, not for avoiding region-wide disasters like earthquakes. Option D is wrong because a cold site has no pre-installed hardware or software, requiring weeks to procure and configure, resulting in a recovery time that is too long for most medium-sized organizations, especially when the primary site is in a high-risk area.

17
MCQeasy

In business continuity planning, a company identifies a critical business process with a maximum tolerable downtime (MTD) of 4 hours. What is the primary purpose of this metric?

A.To define the backup frequency
B.To calculate the mean time between failures (MTBF)
C.To establish service level agreements (SLAs)
D.To determine the recovery time objective (RTO)
AnswerD

MTD directly influences the RTO, which must be less than or equal to MTD.

Why this answer

MTD defines the maximum time a process can be unavailable without causing severe business impact. It sets the recovery time objective (RTO) target.

18
MCQmedium

An organization uses automated job scheduling for batch processing. A critical job fails due to a dependency on another job that has not completed. Which of the following controls would BEST prevent this issue?

A.Job failure alerts
B.Manual job scheduling
C.Rerun procedures
D.Dependency management
AnswerD

Ensures jobs wait for prerequisites.

Why this answer

Dependency management is the correct control because it ensures that job scheduling logic explicitly defines and enforces the order of execution based on predecessor/successor relationships. By configuring dependencies (e.g., using job control language (JCL) with COND parameters or scheduling tools like CA Workload Automation ESP), the system will automatically hold a job until all prerequisite jobs have completed successfully, preventing the failure scenario described.

Exam trap

The trap here is that candidates often confuse detective controls (like alerts) with preventive controls, or assume that rerun procedures can prevent the initial failure, when in fact only dependency management addresses the root cause by enforcing execution order.

How to eliminate wrong answers

Option A is wrong because job failure alerts are a detective control that notifies administrators after the failure has already occurred, not a preventive control that stops the issue from happening. Option B is wrong because manual job scheduling introduces human error and inefficiency, and does not inherently enforce dependency sequencing; it would actually increase the risk of similar failures. Option C is wrong because rerun procedures are corrective controls that handle recovery after a failure, not preventive measures that avoid the dependency-related failure in the first place.

19
Multi-Selectmedium

An organization is developing a business continuity strategy. According to best practices, which THREE of the following should be included in the strategy?

Select 3 answers
A.Customer and partner communications plan.
B.Vendor contract renewal dates.
C.Procedures for staff to work remotely.
D.IT asset inventory list.
E.Details of alternate processing facilities.
AnswersA, C, E

Stakeholder communication is critical.

Why this answer

A comprehensive BCP includes procedures for people, alternate facilities, and communications.

20
Multi-Selectmedium

An organization is developing a business continuity strategy for its key customer-facing application. The BIA determined an RTO of 2 hours and an RPO of 30 minutes. Which TWO strategies are most appropriate to meet these objectives?

Select 2 answers
A.Implement a hot standby site
B.Adopt a manual workaround process
C.Store backup tape at an offsite location
D.Use synchronous data replication to a secondary site
E.Perform daily full backups to tape
AnswersA, D

Hot standby can achieve fast failover within RTO.

Why this answer

A hot standby site provides near-real-time failover, which supports a 2-hour RTO. Synchronous data replication ensures data loss is minimal, supporting a 30-minute RPO.

21
MCQeasy

Which type of disaster recovery test involves actually switching over to the alternate site and processing live transactions, but does not require the primary site to be shut down?

A.Simulation test
B.Full interruption test
C.Tabletop test
D.Parallel test
AnswerD

Parallel test involves running both sites concurrently.

Why this answer

Parallel testing is the correct answer because it involves processing live transactions at the alternate site while the primary site remains fully operational. This allows validation of the disaster recovery (DR) systems without risking a service outage, as both sites run concurrently and results are compared for consistency. Unlike a full interruption test, the primary site is not shut down, ensuring business continuity during the test.

Exam trap

The trap here is that candidates often confuse parallel testing with a full interruption test, mistakenly thinking that any test involving live transactions must require shutting down the primary site, but parallel testing explicitly avoids that by running both sites concurrently.

How to eliminate wrong answers

Option A is wrong because a simulation test involves a simulated disaster scenario where team members practice their roles, but it does not involve actual failover or processing of live transactions at the alternate site. Option B is wrong because a full interruption test requires the primary site to be shut down and all processing to be moved to the alternate site, which contradicts the condition that the primary site remains operational. Option C is wrong because a tabletop test is a discussion-based exercise where participants walk through disaster scenarios without any actual system failover or live transaction processing.

22
Multi-Selecthard

During a vendor audit, an IS auditor discovers that a cloud service provider uses subcontractors to manage data storage. The contract does not mention subcontracting. Which THREE risks should the auditor highlight to management?

Select 3 answers
A.Vendor concentration risk from subcontractor dependency
B.Exit strategy complications if subcontractor fails
C.Improved service level performance
D.Increased licensing costs
E.Fourth-party risk due to lack of contractual oversight
AnswersA, B, E

Over-reliance on a single subcontractor increases risk.

Why this answer

Vendor concentration risk arises if the subcontractor is a single point of failure. Fourth-party risk means the organization has no direct control. Exit strategy concerns include difficulty in transitioning if the subcontractor fails.

23
Multi-Selecteasy

An IS auditor is reviewing problem management processes. Which TWO of the following are key outputs of effective problem management? (Select two.)

Select 2 answers
A.Incident resolution times
B.Change requests
C.Known error database
D.Service level reports
E.Root cause analysis
AnswersC, E

The known error database contains workarounds and known errors.

Why this answer

A known error database (KEDB) is a key output of effective problem management because it records known errors and their workarounds, enabling faster incident resolution and preventing recurrence. The KEDB is populated from root cause analysis findings and is used to link incidents to known problems, supporting ITIL-based problem management processes.

Exam trap

The trap here is that candidates confuse the outputs of problem management with those of incident management (resolution times) or change management (change requests), failing to recognize that problem management's primary artifacts are the root cause analysis and the known error database.

24
MCQmedium

During a business impact analysis (BIA), the auditor identifies a critical process with a maximum tolerable downtime (MTD) of 4 hours. The IT department proposes a recovery time objective (RTO) of 2 hours and a recovery point objective (RPO) of 1 hour. Which statement is correct?

A.The MTD should be reduced to match the RTO
B.The RPO is too high because it exceeds the MTD
C.The RTO is acceptable as it is less than the MTD
D.The RTO should be equal to the MTD
AnswerC

Correct: RTO of 2 hours is within the MTD of 4 hours.

Why this answer

The RTO must be less than or equal to the MTD. Here, RTO (2 hours) is less than MTD (4 hours), so the recovery target is acceptable.

25
MCQmedium

During a business impact analysis (BIA), which of the following is the MOST important metric to identify for each critical business process?

A.Recovery Point Objective (RPO)
B.Work Recovery Time (WRT)
C.Maximum Tolerable Downtime (MTD)
D.Recovery Time Objective (RTO)
AnswerC

MTD is the key metric for business impact.

Why this answer

Maximum Tolerable Downtime (MTD) defines the maximum acceptable downtime before severe impact.

26
MCQhard

An organization uses a third-party vendor for application support. The vendor has subcontracted some support activities to another firm (fourth party). The contract with the vendor requires the vendor to ensure fourth-party compliance, but there is no direct oversight. What is the IS auditor's primary recommendation?

A.Perform a vulnerability assessment on the fourth party.
B.Include a right-to-audit clause for all subcontractors in the contract.
C.Terminate the contract with the vendor.
D.Require the vendor to provide evidence of fourth-party compliance.
AnswerB

This provides direct oversight over fourth parties.

Why this answer

The primary recommendation is to include a right-to-audit clause for all subcontractors in the contract. This ensures the organization retains direct oversight and contractual leverage over fourth-party risks, as relying solely on the vendor's assurance without audit rights creates a blind spot in the supply chain. Without such a clause, the organization cannot independently verify the fourth party's compliance with security controls, which is critical for maintaining business resilience.

Exam trap

The trap here is that candidates confuse operational verification (Option D) with contractual governance, failing to recognize that without a right-to-audit clause, the organization has no enforceable mechanism to independently validate fourth-party compliance.

How to eliminate wrong answers

Option A is wrong because performing a vulnerability assessment on the fourth party without contractual authority or direct access is impractical and may violate legal boundaries; it also addresses technical vulnerabilities but not the root governance gap. Option C is wrong because terminating the contract is a drastic, business-disruptive step that should only be considered after less severe remediation options (like renegotiating contract terms) have failed. Option D is wrong because requiring evidence from the vendor is insufficient without a contractual right to audit; the vendor could provide incomplete or falsified evidence, and the organization has no means to verify its accuracy or scope.

27
MCQhard

An IS auditor is reviewing the change management process and notices that several emergency changes were implemented without post-implementation review. What is the PRIMARY concern?

A.The change may have caused an outage
B.Changes may not be properly documented
C.The change may have exceeded budget
D.The change may have been unauthorized
AnswerB

Without review, there is no verification that the change was documented correctly, which can lead to configuration drift.

Why this answer

Emergency changes bypass normal controls, so post-implementation review is critical to ensure the change was effective and did not introduce risks. Without it, undocumented or unauthorized changes may persist.

28
MCQhard

An organization uses automated job scheduling for batch processing. A critical payroll job fails due to a dependency on a prior job that did not complete. The job scheduler is configured to handle dependencies. What should the auditor verify regarding rerun procedures?

A.The job failure alert is sent to the IT manager
B.The job scheduler logs the dependency failure
C.The job automatically retries after the dependency completes
D.The rerun procedure specifies the correct restart point
AnswerD

Correct: Documented rerun procedures must specify restart points to ensure data integrity.

Why this answer

The auditor should ensure that the rerun procedure specifies the correct restart point to avoid data corruption or reprocessing errors.

29
MCQmedium

An IS auditor is reviewing a third-party service provider's controls. Which of the following is the MOST important clause to include in the contract to ensure the auditor can assess the provider's controls?

A.Right-to-audit clause
B.Service level agreement (SLA) with penalties
C.Exit strategy clause
D.Confidentiality clause
AnswerA

This is essential for independent review.

Why this answer

A right-to-audit clause allows the customer or its auditor to review the provider's controls.

30
MCQeasy

Which of the following is the PRIMARY purpose of a service desk?

A.To monitor network performance
B.To manage IT assets
C.To perform root cause analysis
D.To provide a single point of contact for incidents and service requests
AnswerD

This is the core function.

Why this answer

The service desk acts as a single point of contact for IT support.

31
MCQmedium

An auditor is reviewing IT asset management processes. The auditor finds that several servers running an older operating system are still in production, even though the vendor has ended support. What is the primary risk associated with this finding?

A.Lack of vendor support and security patches
B.Non-compliance with software licensing
C.Incompatibility with new hardware
D.Increased licensing costs
AnswerA

Without patches, systems are exposed to known vulnerabilities.

Why this answer

Unsupported software no longer receives security patches, making the systems vulnerable to exploitation.

32
Multi-Selecteasy

An IS auditor is assessing the vendor management process. Which TWO are key controls for managing third-party risk?

Select 2 answers
A.Requiring vendors to disclose all subcontractors.
B.Including right-to-audit clauses in contracts.
C.Regularly monitoring service level agreements (SLAs).
D.Developing an exit strategy for each vendor.
E.Performing vendor due diligence before contract signing.
AnswersB, C

Allows the organization to audit the vendor's controls.

Why this answer

Including right-to-audit clauses in contracts is a key control for managing third-party risk because it grants the IS auditor or the organization the contractual authority to independently verify the vendor's security controls, data handling practices, and compliance with policies. This clause ensures ongoing oversight beyond initial due diligence, allowing for on-site inspections or reviews of the vendor's systems and processes, which is critical for detecting control failures or unauthorized changes that could impact the organization's data.

Exam trap

The trap here is that candidates often confuse pre-contract due diligence (Option E) with ongoing risk management controls, but the CISA exam emphasizes that key controls for managing third-party risk must include contractual mechanisms like right-to-audit and continuous monitoring of SLAs, not just initial assessments.

33
Multi-Selecthard

An organization uses a cloud service provider (CSP) for critical applications. The IS auditor is reviewing the contract for vendor concentration risk. Which TWO clauses are MOST relevant to mitigating this risk?

Select 2 answers
A.A clause requiring the CSP to disclose and obtain approval for any subcontractors.
B.A service level agreement (SLA) with financial penalties for non-performance.
C.A data encryption clause requiring encryption at rest and in transit.
D.An exit strategy clause that defines transition assistance and data extraction procedures.
E.A right-to-audit clause allowing the organization to audit the CSP.
AnswersA, D

Helps manage fourth-party risk that could increase concentration.

Why this answer

Vendor concentration risk is the risk of over-reliance on a single vendor. An exit strategy clause ensures the ability to transition away, and a subcontracting controls clause (fourth-party risk) addresses the CSP's use of other vendors that could increase concentration. SLA monitoring is important but not directly for concentration; right-to-audit is a general control; data encryption is about security.

34
MCQeasy

An organization is implementing a new incident management process aligned with ITIL. The IT team discovers a critical system is down, affecting all users. According to ITIL, what severity level should be assigned to this incident?

A.P1
B.P3
C.P2
D.P4
AnswerA

P1 incidents are critical and require immediate response.

Why this answer

A P1 (Priority 1) incident is the highest severity, typically involving a critical system outage that affects all users or major business operations.

35
Multi-Selectmedium

Which TWO of the following are important controls for managing cloud resources to prevent cost overruns? (Select TWO).

Select 2 answers
A.Conducting vulnerability scans on cloud instances
B.Automated resource tagging
C.Using multi-factor authentication for cloud access
D.Implementing encryption for data at rest
E.Regular detection and removal of orphaned resources
AnswersB, E

Tagging enables cost allocation and tracking.

Why this answer

Resource tagging helps allocate costs and track usage. Detecting orphaned resources (e.g., unused instances) prevents unnecessary charges. These are key cloud cost management controls.

36
Multi-Selecthard

An IS auditor is evaluating the release management process for a software application. Which TWO are essential components of a successful release plan?

Select 2 answers
A.A testing strategy that includes unit, integration, and user acceptance testing.
B.Automated deployment scripts to minimize manual errors.
C.A post-implementation review scheduled for 30 days after release.
D.A detailed rollback plan in case of deployment failure.
E.A communication plan to notify all stakeholders of the release schedule.
AnswersA, D

Essential to validate the release before production deployment.

Why this answer

A release plan should include a rollback plan (to revert if issues arise) and a testing strategy (to validate the release). Deployment automation is beneficial but not always essential; communication plan is important but secondary to technical components; post-implementation review is after the release.

37
Multi-Selectmedium

Which TWO of the following are key considerations when managing software licenses in an organization? (Select TWO).

Select 2 answers
A.Implementing automated license optimization tools
B.Conducting regular license compliance audits
C.Storing all software installation media in a secure location
D.Maintaining a hardware inventory for asset tracking
E.Ensuring all software is patched to the latest version
AnswersA, B

Helps manage licenses efficiently and reduce costs.

Why this answer

Software Asset Management (SAM) ensures license compliance and cost optimization. Regular compliance audits prevent legal and financial penalties. License optimization helps avoid over-purchasing or under-licensing.

38
MCQhard

A company uses a RAID 5 array for its file server. One disk fails, and the system continues to operate. However, during the rebuild process, a second disk fails. What is the likely consequence?

A.Performance degrades but data remains intact
B.Data is still available from parity
C.The system automatically switches to a hot spare
D.Data loss occurs
AnswerD

With two failed disks, RAID 5 cannot reconstruct data.

Why this answer

RAID 5 can tolerate a single disk failure. If a second disk fails during rebuild, the array is broken and data loss occurs.

39
Multi-Selecteasy

An IS auditor is reviewing the ITIL incident management process. Which TWO are the correct priority levels and their typical definitions?

Select 2 answers
A.P1: Critical impact, immediate response required.
B.P4: Critical impact, requires escalation to senior management.
C.P2: Low impact, can be resolved within normal service hours.
D.P2: High impact, requires urgent response.
E.P3: Moderate impact, standard response time.
AnswersA, E

Correct definition of P1.

Why this answer

Option A is correct because in ITIL incident management, P1 (Priority 1) is defined as a critical impact incident that requires an immediate response to restore service, often with a target resolution time of minutes to a few hours. This aligns with the ITIL framework's emphasis on urgency and impact for priority classification.

Exam trap

The trap here is that candidates often confuse P2 with low impact or normal service hours, but ITIL defines P2 as high impact requiring urgent response, not low impact, and P4 is never critical impact.

40
Multi-Selectmedium

An IS auditor is reviewing capacity management practices. Which TWO indicators suggest that proactive capacity management is being performed effectively?

Select 2 answers
A.Conducting business impact analysis (BIA) annually.
B.Reviewing backup logs for errors.
C.Monitoring resource utilization trends over time.
D.Setting threshold alerts for CPU, memory, and disk usage.
E.Analyzing historical cost data for IT infrastructure.
AnswersC, D

Trend analysis helps predict future capacity needs.

Why this answer

Effective proactive capacity management includes monitoring trends to forecast future needs and setting threshold alerts to trigger action before capacity issues occur. Analyzing historical costs is financial, not capacity; reviewing backup logs is operational; conducting BIA is for BCP.

41
MCQhard

During a software asset management (SAM) audit, it is discovered that the organization is using software that has reached end-of-life. Which of the following is the MOST significant risk associated with this situation?

A.Incompatibility with new hardware
B.Lack of security patches
C.Increased maintenance costs
D.License compliance issues
AnswerB

No patches means higher risk of exploitation.

Why this answer

End-of-life software no longer receives security patches from the vendor, meaning any newly discovered vulnerabilities will remain unaddressed. This creates a direct and exploitable attack surface, making lack of security patches the most significant risk because it can lead to data breaches, system compromise, and regulatory non-compliance.

Exam trap

The trap here is that candidates often focus on immediate operational or financial impacts like cost or compatibility, but the CISA exam prioritizes security risks, especially unpatched vulnerabilities, as the most critical consequence of end-of-life software.

How to eliminate wrong answers

Option A is wrong because incompatibility with new hardware, while operationally inconvenient, is typically manageable through virtualization, compatibility layers, or hardware refreshes and does not introduce active security threats. Option C is wrong because increased maintenance costs, though a financial concern, are a secondary business impact rather than a primary security or compliance risk; the organization could choose to absorb the cost without immediate harm. Option D is wrong because license compliance issues are a legal and contractual risk, but end-of-life software often has no active license requirement, and the greater danger is the absence of security updates that protect the organization from exploitation.

42
MCQeasy

An organization has defined an SLA that requires critical incidents to be resolved within 4 hours. A P1 incident is reported at 10:00 AM. At what time must the incident be resolved to meet the SLA?

A.2:00 PM
B.4:00 PM
C.6:00 PM
D.12:00 PM
AnswerA

Correct. 4 hours after 10:00 AM is 2:00 PM.

Why this answer

P1 incidents are critical and require immediate resolution. With a 4-hour SLA from the time of reporting (10:00 AM), the resolution must occur by 2:00 PM.

43
Multi-Selecteasy

An IS auditor is reviewing the backup process for a critical database. Which TWO of the following are essential controls to ensure data recoverability?

Select 2 answers
A.Automated job scheduling for backups.
B.Offsite storage of backup media.
C.Regular restore testing of backups.
D.Encryption of backup data.
E.Backup retention period of at least one year.
AnswersB, C

Protects against physical disasters at the primary site.

Why this answer

Offsite storage of backup media (Option B) is essential because it protects against site-level disasters such as fire, flood, or physical theft. Without geographic separation, a single incident could destroy both the primary data and its backups, making recovery impossible. This control directly supports the recoverability objective by ensuring a usable copy exists outside the primary facility.

Exam trap

The trap here is that candidates often confuse operational controls (like scheduling or encryption) with recoverability controls, forgetting that a backup is only as good as its ability to be restored from a separate location.

44
MCQhard

An IS auditor is reviewing the incident management process. Incidents are categorized as P1 (critical) through P4 (low). The SLA for P1 incidents requires initial response within 15 minutes and resolution within 4 hours. The auditor notes that the average time to respond to P1 incidents is 12 minutes, but the average resolution time is 6 hours. The root cause analysis shows that many P1 incidents are due to known errors documented in the known error database (KEDB). What is the most significant finding?

A.Problem management is not effectively utilizing the KEDB to prevent recurring incidents.
B.The average resolution time for P1 incidents exceeds SLA.
C.The average response time for P1 incidents is within SLA.
D.Incident management is not escalating P1 incidents properly.
AnswerA

Recurring P1 incidents from known errors indicate problem management failure.

Why this answer

If known errors are causing P1 incidents, problem management should have identified workarounds or permanent fixes. The fact that these incidents recur indicates a weakness in the problem management process, which should reduce incidents from known errors.

45
MCQmedium

An organization's backup strategy includes full backups every Sunday and incremental backups on other days. On Wednesday, a failure occurs. Which backups are needed to restore the data?

A.Sunday's full backup only
B.Sunday's full backup and Wednesday's incremental backup
C.Wednesday's incremental backup only
D.Sunday's full backup and Monday through Wednesday incremental backups
AnswerD

All incremental backups since the last full backup are needed.

Why this answer

To restore from incremental backups, you need the last full backup (Sunday) and all incremental backups from Monday through Wednesday.

46
Multi-Selectmedium

An IS auditor is reviewing backup procedures for a critical database. Which THREE are key considerations for ensuring backup reliability and recoverability?

Select 3 answers
A.Ensuring backup retention periods meet the recovery point objective (RPO).
B.Regularly performing restore verification tests.
C.Encrypting backup data to prevent unauthorized access.
D.Storing backups at an offsite location.
E.Compressing backup data to reduce storage costs.
AnswersA, B, D

Retention must align with RPO to allow recovery to the desired point.

Why this answer

Backup reliability requires regular testing (restore verification), secure offsite storage to protect against site disasters, and retention aligned with business recovery objectives. Encryption is important but not directly for reliability; compression may affect performance but not reliability.

47
MCQmedium

A system has a Mean Time Between Failures (MTBF) of 200 hours and a Mean Time To Repair (MTTR) of 20 hours. What is the availability of the system?

A.95.0%
B.91.0%
C.90.0%
D.90.9%
AnswerD

Correct calculation: 200/(200+20)=0.909.

Why this answer

Availability = MTBF / (MTBF + MTTR) = 200 / (200 + 20) = 200 / 220 ≈ 0.909 = 90.9%.

48
MCQmedium

An organization has implemented a business continuity plan (BCP) and disaster recovery plan (DRP). During a recent full interruption test, the IT team discovered that the recovery time objective (RTO) for a critical application was not met. What is the MOST likely reason for this failure?

A.The recovery point objective (RPO) was set too low, causing data loss.
B.The backup data was not encrypted, leading to corruption during restoration.
C.The tabletop exercise was not conducted before the full interruption test.
D.The alternate site did not have adequate processing capacity to handle the workload.
AnswerD

Insufficient capacity at the alternate site directly impacts recovery time and is a frequent finding in full interruption tests.

Why this answer

The most likely reason the RTO was not met is that the alternate site lacked sufficient processing capacity to handle the workload. RTO measures the time to restore service availability; if the failover site cannot support the required compute, memory, or I/O throughput, restoration will be delayed or fail outright. This is a common capacity planning failure in DR testing, where the alternate site is sized for minimal operations but not for the full production load.

Exam trap

The trap here is that candidates confuse RTO with RPO or assume procedural gaps (like missing a tabletop exercise) are the root cause, when the actual failure is a technical capacity limitation at the alternate site.

How to eliminate wrong answers

Option A is wrong because RPO being set too low (i.e., very frequent backups) reduces potential data loss, not causes RTO failure; RPO and RTO are independent metrics. Option B is wrong because backup encryption does not cause corruption; encryption protects data at rest, and corruption typically results from media errors or improper backup/restore processes, not the encryption itself. Option C is wrong because while tabletop exercises validate plans, skipping one does not directly cause a capacity shortfall at the alternate site; the RTO failure here is a technical infrastructure issue, not a procedural gap.

49
MCQmedium

An organization is conducting a Business Impact Analysis (BIA). Which of the following metrics defines the maximum acceptable outage time for a critical business process?

A.Recovery Point Objective (RPO)
B.Maximum Tolerable Downtime (MTD)
C.Recovery Time Objective (RTO)
D.Work Recovery Time (WRT)
AnswerB

Correct. MTD is the maximum outage the business can tolerate.

Why this answer

Maximum Tolerable Downtime (MTD) is the total time a process can be disrupted without causing significant business damage.

50
MCQhard

An organization has an availability requirement of 99.99% for its online transaction processing system. The system's MTBF is 720 hours. What is the maximum allowable MTTR to meet this requirement?

A.43.2 minutes
B.72 minutes
C.4.32 minutes
D.7.2 minutes
AnswerC

Calculation yields 0.072 hours, which is 4.32 minutes.

Why this answer

Availability = MTBF/(MTBF+MTTR). 0.9999 = 720/(720+MTTR) => MTTR = 720/0.9999 - 720 = 0.072 hours ≈ 4.32 minutes.

51
Multi-Selectmedium

An IS auditor is reviewing the business impact analysis (BIA) for a financial services company. Which THREE metrics are typically defined in a BIA?

Select 3 answers
A.Mean time to repair (MTTR).
B.Mean time between failures (MTBF).
C.Recovery point objective (RPO).
D.Maximum tolerable downtime (MTD).
E.Recovery time objective (RTO).
AnswersC, D, E

The acceptable amount of data loss measured in time.

Why this answer

The Recovery Point Objective (RPO) is a key metric defined in a Business Impact Analysis (BIA) because it specifies the maximum acceptable amount of data loss measured in time, guiding the frequency of backups and replication. In a financial services company, RPO directly determines how much transactional data could be lost during a disruption, which is critical for regulatory compliance and data integrity.

Exam trap

The trap here is that candidates confuse operational metrics like MTBF and MTTR (which are used in IT service management and availability calculations) with the business-focused recovery metrics (RTO, RPO, MTD) that are defined in a BIA, leading them to select options A or B instead of the correct trio.

52
MCQmedium

An organization is implementing a software asset management (SAM) program. Which of the following is the PRIMARY benefit of SAM?

A.Ensuring compliance with software licensing agreements
B.Reducing hardware costs
C.Automating patch management
D.Improving network performance
AnswerA

This is the primary benefit.

Why this answer

SAM helps ensure compliance with software licenses and avoid penalties.

53
MCQhard

An IS auditor is reviewing a backup strategy that includes daily full backups and weekly offsite storage. The recovery time objective (RTO) for a critical application is 4 hours. Which of the following findings would be of GREATEST concern?

A.Backup logs are reviewed weekly
B.Backup tapes are stored offsite and retrieved only once per month
C.Incremental backups are not performed between full backups
D.Backups are encrypted with AES-256
AnswerB

Retrieval time may exceed the 4-hour RTO.

Why this answer

If the backup media are stored offsite without a local copy, the time to retrieve and restore may exceed the RTO.

54
MCQmedium

During a business impact analysis (BIA), the IS auditor identifies that the maximum tolerable downtime (MTD) for an online payment system is 2 hours, and the recovery point objective (RPO) is 15 minutes. The current disaster recovery solution uses nightly backups (12-hour RPO) and can restore the system in 4 hours. Which risk is most critical?

A.The backup frequency is not aligned with the RPO.
B.The disaster recovery plan has not been tested.
C.Recovery time exceeds the MTD.
D.Data loss exceeds the RPO.
AnswerD

The RPO of 15 minutes is not met by 12-hour backups, risking significant data loss.

Why this answer

The current solution has a 12-hour RPO (nightly backups), but the business requires an RPO of 15 minutes. This means up to 11 hours and 45 minutes of transaction data could be lost, far exceeding the acceptable data loss threshold. While the recovery time of 4 hours also exceeds the MTD of 2 hours, the most critical risk is data loss because the gap between the actual RPO and the required RPO is proportionally larger and directly impacts transaction integrity and financial reconciliation.

Exam trap

The trap here is that candidates focus on the recovery time exceeding the MTD (Option C) because it seems more obvious, but the RPO gap is more critical because data loss has a longer-lasting financial and operational impact than temporary downtime.

How to eliminate wrong answers

Option A is wrong because the backup frequency is indeed not aligned with the RPO, but this is a symptom of the underlying risk—the real critical issue is that data loss exceeds the RPO, not just misalignment. Option B is wrong because the question does not provide any evidence that the disaster recovery plan has or has not been tested; the risk is based on the documented recovery capabilities, not the testing status. Option C is wrong because while the recovery time of 4 hours exceeds the MTD of 2 hours, the RPO gap (12 hours vs 15 minutes) represents a more severe and immediate risk to data integrity and business operations, as data loss is often harder to recover from than downtime.

55
MCQeasy

During a change management board (CAB) meeting, a proposed change to the network firewall configuration is discussed. The change is considered low risk and pre-approved. Which type of change does this represent?

A.Emergency change
B.Major change
C.Standard change
D.Normal change
AnswerC

Correct: Standard changes are low-risk, pre-approved, and follow a documented procedure.

Why this answer

Standard changes are pre-approved, low-risk, and follow a defined procedure, often requiring only a CAB notification.

56
MCQeasy

Which of the following is the PRIMARY purpose of a business impact analysis (BIA)?

A.To establish service level agreements (SLAs)
B.To identify critical business processes and their recovery requirements
C.To test the effectiveness of backup procedures
D.To develop the disaster recovery plan
AnswerB

This is the primary purpose of BIA.

Why this answer

BIA identifies critical processes, dependencies, and recovery requirements.

57
MCQmedium

An IT auditor is reviewing the problem management process. The IT team maintains a repository of known errors with documented workarounds. Which component of problem management is this?

A.Service request
B.Root cause analysis
C.Known error database
D.Problem record
AnswerC

Correct: The known error database stores known errors and workarounds, aiding in faster incident resolution.

Why this answer

A known error database (KEDB) is used to store known errors and workarounds to expedite incident resolution.

58
Multi-Selecthard

An IS auditor is reviewing change management for a financial application. Which TWO of the following findings would most likely indicate a control weakness?

Select 2 answers
A.Regression testing is not performed for minor changes.
B.Emergency changes are authorized by the change manager only.
C.Normal changes are tested in a development environment before production.
D.The change advisory board meets weekly to review all changes.
E.All changes are documented in a change log.
AnswersA, B

Even minor changes can have unintended impacts; regression testing should be considered.

Why this answer

Regression testing ensures that code changes do not introduce new defects into existing functionality. Skipping regression testing for minor changes is a control weakness because even small modifications can have unintended side effects in a financial application where accuracy and reliability are critical. Without regression testing, the organization risks undetected errors that could lead to financial misstatements or system instability.

Exam trap

The trap here is that candidates may incorrectly view emergency changes authorized only by the change manager as a weakness, but in practice this is an acceptable control to expedite critical fixes, provided there is a post-implementation review process.

59
MCQhard

During a disaster recovery test, the IS auditor observes that the alternate site uses a warm site configuration. Which of the following is a characteristic of a warm site?

A.It is a mobile recovery unit
B.It has infrastructure but no processing equipment
C.It has equipment but requires data restoration
D.It is a fully operational duplicate of the primary site
AnswerC

Correct. A warm site has equipment but needs data and application restoration.

Why this answer

A warm site has partially configured infrastructure (e.g., servers, network) but requires additional setup, such as loading data and applications, before full operation.

60
MCQmedium

During a software asset management (SAM) audit, the IS auditor discovers that the organization is using software versions that are no longer supported by the vendor. What is the primary risk?

A.Exposure to security vulnerabilities without patches.
B.Inability to recover data from backups.
C.Increased licensing costs due to non-compliance.
D.Difficulty in migrating to new versions.
AnswerA

End-of-life software no longer receives security updates.

Why this answer

The primary risk of using unsupported software versions is the absence of vendor-provided security patches. Without these patches, known vulnerabilities remain unaddressed, exposing the organization to exploitation, data breaches, and system compromise. This directly impacts the confidentiality, integrity, and availability of information assets.

Exam trap

The trap here is that candidates may focus on operational inconveniences like migration difficulty or licensing costs, overlooking the fact that the most critical and immediate risk from unsupported software is the lack of security patches, which directly enables exploitation.

How to eliminate wrong answers

Option B is wrong because data recovery from backups depends on backup integrity and restoration procedures, not on vendor support status; unsupported software can still be backed up and restored. Option C is wrong because unsupported software typically has no licensing costs (support contracts end), and non-compliance usually involves over-licensing or unlicensed use, not the use of unsupported versions. Option D is wrong while migration difficulty is a potential operational challenge, it is not the primary risk; the immediate and most severe risk is the security exposure from unpatched vulnerabilities.

61
MCQeasy

An organization performs daily full backups of its critical database. The recovery time objective (RTO) is 4 hours. During a disaster, it takes 6 hours to restore the database. What is the most likely cause?

A.Offsite storage location is too far.
B.The backup type (full) is insufficient.
C.Recovery procedures are not tested against the RTO.
D.Backup retention period is too short.
AnswerC

Testing should validate that restore meets the RTO.

Why this answer

If the restore takes longer than the RTO, the backup and recovery process does not meet the required timeline. This could be due to inadequate infrastructure or testing.

62
MCQmedium

An organization outsources its IT help desk to a third-party vendor. Which clause is MOST important for the IS auditor to verify in the contract to ensure the organization can assess the vendor's controls?

A.Service level agreement (SLA) metrics
B.Subcontracting restrictions
C.Exit strategy provisions
D.Right-to-audit clause
AnswerD

Correct. This clause enables the organization to verify vendor controls.

Why this answer

A right-to-audit clause allows the organization to review the vendor's processes and controls, ensuring compliance with contractual and regulatory requirements.

63
Multi-Selecthard

An organization is developing a business continuity strategy. Which THREE of the following are essential components of a comprehensive BC strategy?

Select 3 answers
A.Alternate facilities
B.Data backup and technology recovery
C.Software licensing compliance
D.Vendor audit reports
E.People procedures and communication
AnswersA, B, E

Provides a place to operate.

Why this answer

People procedures, alternate facilities, and data/technology recovery are core to BC.

64
MCQhard

An organization has a disaster recovery plan that includes a hot site. During a full interruption test, the recovery team discovers that the hot site's network configuration is incompatible with the production environment. What is the most likely root cause?

A.The backup data was not encrypted.
B.The test was not conducted during business hours.
C.The DR plan was not updated to reflect production changes.
D.The hot site is too far from the primary site.
AnswerC

Changes in production should be replicated to the hot site; otherwise, incompatibility occurs.

Why this answer

The incompatibility suggests that the hot site was not properly configured to mirror production, possibly due to lack of change synchronization or testing.

65
MCQmedium

A company performs daily full backups of its database and weekly incremental backups. The backup retention policy requires keeping full backups for 30 days and incremental backups for 7 days. An auditor reviews the backup schedule. Which backup type provides the fastest restore?

A.Log backup
B.Full backup
C.Incremental backup
D.Differential backup
AnswerB

Correct: Restoring from a full backup is fastest because it does not require applying subsequent incremental or differential backups.

Why this answer

A full backup contains all data and requires only one restore operation, making it faster than restoring from incremental or differential backups.

66
Multi-Selecteasy

An organization is implementing a new release management process. Which TWO activities are essential components of a successful release?

Select 2 answers
A.Service desk operations
B.Release planning
C.Capacity management
D.Incident management
E.Testing
AnswersB, E

Planning coordinates resources and timelines.

Why this answer

Release planning defines the scope and schedule; testing ensures the release meets quality standards. Deployment is part of release, but planning and testing are foundational.

67
MCQhard

An organization's IT service desk is the single point of contact for all incidents. The SLA for resolving P2 incidents is 8 hours. The auditor finds that the service desk frequently reassigns P2 incidents to second-level support without updating the incident record, causing delays in resolution. The average resolution time for P2 incidents is 10 hours. What is the primary control weakness?

A.Inadequate training of service desk staff.
B.SLA targets are too aggressive for P2 incidents.
C.Insufficient number of second-level support staff.
D.Lack of automated escalation and tracking for incident reassignments.
AnswerD

Automation would ensure updates and track SLA compliance.

Why this answer

The primary control weakness is the lack of automated escalation and tracking for incident reassignments. Without automated mechanisms (e.g., workflow triggers, timestamped reassignment logs, or integration with IT service management tools), the service desk can reassign P2 incidents to second-level support without updating the incident record, leading to untracked delays. This directly violates the SLA of 8 hours, as the average resolution time of 10 hours indicates that incidents are not being monitored or escalated properly, causing them to exceed the target.

Exam trap

The trap here is that candidates may focus on the symptom (delays) and choose a seemingly logical cause like inadequate training or insufficient staff, rather than recognizing that the root cause is the lack of automated controls to enforce proper incident tracking and escalation procedures.

How to eliminate wrong answers

Option A is wrong because inadequate training of service desk staff, while potentially contributing to procedural errors, is not the primary control weakness; the core issue is the absence of automated controls to enforce record updates and escalation, not a lack of knowledge. Option B is wrong because SLA targets being too aggressive for P2 incidents is a design issue, but the auditor's finding specifically points to a process failure (reassignment without record updates) that causes delays, not that the target itself is unachievable under proper controls. Option C is wrong because an insufficient number of second-level support staff could cause delays, but the auditor's observation is about the reassignment process lacking tracking, not about staffing levels; even with adequate staff, the lack of automated tracking would still allow untracked reassignments and delays.

68
MCQhard

An organization is disposing of old servers. The IS auditor reviews the asset disposition process and finds that hard drives are being erased using a standard format command. What is the auditor's primary concern?

A.The drives are not being tested for functionality.
B.The data on the hard drives may still be recoverable.
C.The software licenses are not being transferred.
D.The servers are not being recycled for environmental compliance.
AnswerB

Standard format does not overwrite data securely.

Why this answer

Standard format commands do not securely erase data; data can still be recovered. Secure sanitization methods (e.g., degaussing, shredding) should be used.

69
MCQmedium

An organization is implementing a disaster recovery plan. The DR team wants to test the plan with minimal risk and without impacting production operations. Which type of test is most appropriate?

A.Walkthrough
B.Full interruption test
C.Simulation
D.Parallel test
AnswerA

A walkthrough is a discussion-based review, no production impact.

Why this answer

A walkthrough test involves reviewing the plan step by step in a meeting, with no actual failover or impact on production, making it low-risk.

70
MCQeasy

An organization has defined an RTO of 4 hours for its critical financial system. During a disaster recovery test, the system was recovered in 3.5 hours, but data loss was 30 minutes. Which metric is most directly addressed by the recovery time?

A.RPO
B.MTBF
C.RTO
D.MTTR
AnswerC

RTO is the target time for recovery, directly addressed by the recovery time.

Why this answer

The Recovery Time Objective (RTO) defines the maximum acceptable downtime for a system after a disaster. Since the organization's RTO is 4 hours and the system was recovered in 3.5 hours, the recovery time directly satisfies the RTO metric. The 30 minutes of data loss is irrelevant to RTO; it pertains to the Recovery Point Objective (RPO).

Exam trap

The trap here is confusing RTO with RPO: candidates see 'data loss was 30 minutes' and incorrectly assume the recovery time metric is RPO, but the question explicitly asks which metric is 'most directly addressed by the recovery time,' which is RTO.

How to eliminate wrong answers

Option A is wrong because RPO (Recovery Point Objective) measures the maximum acceptable data loss in time, not the time to recover; the 30-minute data loss is what RPO addresses. Option B is wrong because MTBF (Mean Time Between Failures) is a reliability metric measuring average time between system failures, unrelated to recovery time after a disaster. Option D is wrong because MTTR (Mean Time To Repair) measures the average time to fix a failed component, not the time to restore the entire system from a disaster scenario.

71
MCQeasy

Which of the following is the PRIMARY benefit of conducting a tabletop exercise for disaster recovery?

A.Measuring the recovery time objective (RTO)
B.Improving communication and decision-making among key personnel
C.Validating the technical recovery procedures
D.Testing the actual restoration of systems
AnswerB

This is the primary benefit.

Why this answer

Tabletop exercises focus on discussion and coordination among participants without technical testing.

72
MCQmedium

An organization classifies IT incidents based on severity. A critical financial application is unavailable, impacting all users. According to ITIL best practices, which severity level should this incident be assigned?

A.P2
B.P3
C.P1
D.P4
AnswerC

Correct: P1 is for critical incidents with major business impact, such as a full application outage.

Why this answer

P1 incidents are the highest severity, typically involving a critical service outage affecting all users with significant business impact.

73
MCQeasy

Which type of disaster recovery test involves a full switch-over from the primary site to the alternate site, resulting in actual disruption of normal operations?

A.Full interruption test
B.Tabletop test
C.Parallel test
D.Simulation test
AnswerA

Correct. This is the most realistic and disruptive test.

Why this answer

A full interruption test (also called full-scale test) involves actual failover, shutting down primary operations and running completely from the alternate site.

74
MCQmedium

During a change management audit, an IS auditor finds that a critical system change was approved by the change manager without a CAB meeting. The change was categorized as a standard change. Which of the following should the auditor do FIRST?

A.Report a lack of segregation of duties
B.Recommend immediate rollback of the change
C.Escalate to senior management
D.Determine if the change was correctly classified as standard
AnswerD

If it is a standard change, the process was followed.

Why this answer

The auditor's first step must be to verify whether the change was correctly classified as a standard change, because standard changes are pre-approved and do not require a CAB meeting. If the classification is correct, the process was followed; if not, the lack of CAB approval is a control failure. This aligns with ITIL best practices, where standard changes are low-risk, pre-authorized changes with a defined procedure, and the auditor must confirm the classification before escalating or recommending action.

Exam trap

The trap here is that candidates assume any change approved without a CAB meeting is a control failure, but they overlook the critical first step of verifying whether the change was correctly classified as a standard change, which is pre-approved and does not require CAB involvement.

How to eliminate wrong answers

Option A is wrong because a lack of segregation of duties would involve the same person approving and implementing the change, but here the change manager approved a standard change, which is within their role; the issue is classification, not segregation. Option B is wrong because recommending an immediate rollback is premature without first confirming whether the change was correctly classified as standard; if it was standard, no rollback is needed. Option C is wrong because escalating to senior management is a reactive step that should only occur after the auditor has determined whether the change classification was correct, as the classification dictates the required approval process.

75
MCQmedium

An organization is implementing an automated job scheduling system. Which of the following is the PRIMARY benefit of using dependency management in job scheduling?

A.Reducing the need for backup procedures
B.Automatically rerunning failed jobs without notification
C.Eliminating the need for human operators
D.Ensuring jobs execute in the correct sequence based on prerequisites
AnswerD

This is the primary benefit of dependency management.

Why this answer

Dependency management ensures jobs run in the correct sequence based on prerequisites, reducing errors and manual intervention.

Page 1 of 2 · 114 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Cisa Operations Resilience questions.