CISA · topic practice

Information Systems Operations and Business Resilience practice questions

Practise Certified Information Systems Auditor CISA Information Systems Operations and Business Resilience practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Information Systems Operations and Business Resilience

What the exam tests

What to know about Information Systems Operations and Business Resilience

Information Systems Operations and Business Resilience questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Information Systems Operations and Business Resilience exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Information Systems Operations and Business Resilience questions

20 questions · select your answer, then reveal the explanation

An organization experiences a critical system failure during non-business hours. The IT team discovers that the last full backup was 48 hours ago, and the incremental backups for the past 24 hours are corrupted. The recovery time objective (RTO) for this system is 4 hours, and the recovery point objective (RPO) is 1 hour. Which of the following is the MOST immediate concern?

An IT auditor is reviewing the business continuity plan (BCP) for a financial services firm. The plan includes a hot site that is shared with another organization under a reciprocal agreement. Which of the following findings should be of MOST concern to the auditor?

A company is designing its backup strategy for a critical database that must be available 24/7. The database experiences high transaction volumes. Which backup method minimizes data loss while allowing continuous operations?

During an incident response exercise, the IT team discovers that the failover to the disaster recovery (DR) site failed because the DR site's storage area network (SAN) was not zoned correctly for the replicated data. Which of the following controls would BEST prevent this issue?

A company's backup policy requires that backup tapes be stored offsite for at least one year. During an audit, the auditor finds that the offsite storage facility is not access-controlled and backup tapes are not encrypted. Which of the following is the auditor's BEST recommendation?

An organization is implementing a business continuity plan (BCP). Which of the following is the PRIMARY purpose of conducting a business impact analysis (BIA)?

Which TWO of the following are essential components of an effective incident response plan? (Select exactly 2.)

Which THREE of the following are key metrics to include in a disaster recovery test report? (Select exactly 3.)

An administrator sees the above error after a failed backup job. What is the MOST likely cause?

Exhibit

Refer to the exhibit.

Server: DB01
Backup Job: Full_Backup_DB01
Status: Failed
Error: 0x80070003 - The system cannot find the path specified.
Backup Destination: \\BACKUPSRV\DBBackups\DB01\

Last Successful Backup: 2023-03-15 03:00 AM
Scheduled Backup Time: Daily 02:00 AM
Question 10hardmultiple choice
Review the full routing breakdown →

An organization has configured HSRP as shown. During a failover test, the primary router (G0/1) is shut down, but the DR site router does not become active. What is the MOST likely reason?

Exhibit

Refer to the exhibit.

interface GigabitEthernet0/1
 description Link to Primary Site
 ip address 10.1.1.1 255.255.255.252
 standby 1 ip 10.1.1.2
 standby 1 priority 110
 standby 1 preempt
!
interface GigabitEthernet0/2
 description Link to DR Site
 ip address 10.2.2.1 255.255.255.252
 standby 2 ip 10.2.2.2
 standby 2 priority 100
!
router ospf 1
 network 10.0.0.0 0.255.255.255 area 0
!
ip route 0.0.0.0 0.0.0.0 10.1.1.2
Question 11hardmultiple choice
Read the full DNS explanation →

A multinational corporation operates an e-commerce platform hosted in a private cloud environment. The platform consists of web servers, application servers, and a database cluster. The database cluster uses synchronous replication across two data centers (Primary and DR) located 500 km apart. The recovery time objective (RTO) for the platform is 2 hours, and the recovery point objective (RPO) is 15 minutes. During a recent disaster simulation, the primary data center lost power completely. The IT team initiated failover to the DR site. However, the failover process took 3 hours due to a misconfiguration in the DNS failover scripts, and the database was found to be inconsistent because the replication link was broken 30 minutes before the power loss. The team had to restore from a backup that was 4 hours old. After the incident, management requests a review of the disaster recovery plan. Which of the following is the BEST course of action to address the issues identified?

An organization is implementing a backup strategy for its critical database. The database is updated continuously during business hours, and the recovery point objective (RPO) is 15 minutes. Which backup method should be used to meet the RPO while minimizing backup storage and performance impact?

Based on the backup logs, the backup administrator notices that the incremental backup job failed due to insufficient storage. Which TWO actions should the administrator take to resolve the immediate issue and prevent recurrence?

Exhibit

Refer to the exhibit.

```
Backup Log for ArcServe UDP – 2024-05-21
========================================
Job Name: Full_Backup_Weekly
Start Time: 02:00
End Time: 04:30
Status: Completed with warnings
Details:
- Volume C: Backup successful (40.5 GB)
- Volume D: Backup successful (120.2 GB)
- Volume E: Backup failed (error code 0x80070020 – file in use)
- Volume F: Backup successful (25.0 GB)

Job Name: Incremental_Backup_Daily
Start Time: 12:00
End Time: 12:45
Status: Failed
Details:
- Volume C: Backup failed (error code 0x807800C5 – insufficient storage)
- Volume D: Backup failed (error code 0x807800C5 – insufficient storage)
- Volume E: Backup failed (error code 0x807800C5 – insufficient storage)
- Volume F: Backup failed (error code 0x807800C5 – insufficient storage)
```
Question 14hardmultiple choice
Study the full virtualization explanation →

An online retail company runs its e-commerce platform on a virtualized infrastructure with 50 virtual servers. The platform experiences intermittent slowdowns during peak hours, and recent monitoring reports show that disk I/O latency on the storage area network (SAN) frequently exceeds 50 ms during these periods. The SAN has two fabric switches and a single storage array with 12 TB of usable capacity, currently at 80% utilization. The company’s disaster recovery plan requires recovery point objective (RPO) of 1 hour and recovery time objective (RTO) of 4 hours for the e-commerce platform. During a recent test failover to the disaster recovery site, the IT team discovered that the replication link between primary and DR sites is saturated, causing replication lag of up to 3 hours. The team also noted that the DR site storage has only 6 TB of usable capacity, now at 60% utilization. The IT manager is concerned about meeting the RPO and RTO. Which course of action should the IT team take first?

Question 15mediumdrag order
Read the full NAT/PAT explanation →

Arrange the steps to implement a patch management process in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Order the steps for conducting a business impact analysis (BIA) in the correct sequence.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Match each disaster recovery site type to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Fully equipped and ready within hours

Partially configured, ready in days

Basic infrastructure, no equipment

Portable unit deployed as needed

Match each testing technique to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Simulated attack to find weaknesses

Automated check for known flaws

Manual inspection of source code

Manipulating people to divulge info

An organization's online transaction processing system experienced a sudden performance degradation. The database administrator checked system resources and found excessive I/O wait time on the storage subsystem. Which of the following is the MOST likely root cause?

Question 20hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation has implemented a hot site disaster recovery solution for its critical financial applications. Which of the following is the MOST important consideration to ensure the effectiveness of the hot site?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Information Systems Operations and Business Resilience sessions

Start a Information Systems Operations and Business Resilience only practice session

Every question in these sessions is drawn from the Information Systems Operations and Business Resilience domain — nothing else.

Related practice questions

Related CISA topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the CISA exam test about Information Systems Operations and Business Resilience?
Information Systems Operations and Business Resilience questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Information Systems Operations and Business Resilience questions in a focused session?
Yes — the session launcher on this page draws every question from the Information Systems Operations and Business Resilience domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other CISA topics?
Use the topic links above to move to related areas, or go back to the CISA question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the CISA exam covers. They are not copied from any real exam or dump site.