第六章:灾难恢复与业务连续性计划
C6-1 During an audit, an IS auditor notes that an organization's business continuity plan (BCP) does not adequately address information confidentiality during a recovery process. The IS auditor should recommend that the plan be modified to include:
A .the level of information security required when business recovery procedures are invoked.
B. information security roles and responsibilities in the crisis management structure.
C. information security resource requirements.
D. change management procedures for information security that could affect business continuity arrangements.
6-1 在审计中,一个IS审计师注意到一个组织的业务持续计划不能适当解决恢复过程中的信息机密性。这个IS审计师应该推荐计划被修改:
A.当业务恢复进程被启用时信息安全所需要的层次
B.在危机管理架构中的信息安全角色和责任
C.信息安全资源需求
D.信息安全的改变管理进程可能会影响业务持续安排
A Business should consider whether information security levels required during recovery should be the same, lower or higher than when business is operating normally. In particular, any special rules for access to confidential data during a crisis need to be identified. The other choices do not directly address the information confidentiality issue.
答案A解析:.业务应该考虑是否在恢复时需要相同的安全级别,或者比平时的低或者高。特别的是,一些在紧急时候访问加密数据的规则需要被辨识。其他选项并不直接解决信息机密性问题。
C6-2 During a disaster recovery test, an IS auditor observes that the performance of the disaster recovery site's server is slow. To find the root cause of this, the IS auditor should FIRST review the:
A. event error log generated at the disaster recovery site.
B. disaster recovery test plan.
C. disaster recovery plan (DRP).
D. configurations and alignment of the primary and disaster recovery sites.
6-2 在灾难恢复测试中,一个IS审计师发现灾难恢复站点的服务器缓慢,为了找出根本原因,信息系统审计师应该首先审查:
A.灾难备份点的事件错误日志生成
B.灾难备份测试计划
C.灾难备份计划
D.配置并确保主站与和灾难备份点保持一致
D Since the configuration of the system is the most probable cause, the IS auditor should review that first. If the issue cannot be clarified, the IS auditor should then review the event error log. The disaster recovery test plan and the disaster recovery plan (DRP) would not contain information about the system configuration.
答案D 解析:.既然系统配置是最可能的原因,IS审计师因为首先检查。如果问题不能被澄清,IS审计师检查事件错误日志。灾备测试计划灾备计划不应该包含系统配置的信息。
C6-3 Which of the following is the GREATEST risk when storage growth in a critical file server is not managed properly?
A. Backup time would steadily increase
B. Backup operational cost would significantly increase
C. Storage operational cost would significantly increase
D. Server recovery work may not meet the recovery time objective (RTO)
6-3 当一个关键的文件服务器存储量增长没有被合理的管理,哪个是最大的风险?
A.备份时间将持续增加
B.备份操作成本将会显著增加
C.存储操作成本将会显著增加
D.服务器恢复将不能满足RTO的要求
D In case of a crash, recovering a server with an extensive amount of data could require a significant amount of time. If the recovery cannot meet the recovery time objective (RTO), there will be a discrepancy in IT strategies. It's important to ensure that server restoration can meet the RTO. Incremental backup would only take the backup of the daily differential, thus a steady increase in backup time is not always true. The backup and storage costs issues are not as significant as not meeting the RTO.
答案D解析:.如果发生故障,恢复具有一些数据的服务器将会需要一个明显的时间点。如果恢复不能满足目标恢复时间,将会在IT策略上产生差异。保证服务器恢复符合RTO非常重要。增量备份将只备份每天的差异,这样一个稳固的备份时间增长是不正确的。备份和存储成本并不象不符合RTO那样重要。
C6-4 An organization has a recovery time objective (RTO) equal to zero and a recovery point
objective (RPO) close to I minute for a critical system. This implies that the system can tolerate:
A. a data loss of up to 1 minute, but the processing must be continuous.
B. a 1-minute processing interruption but cannot tolerate any data loss.
C. a processing interruption of I minute or more.
D. both a data loss and a processing interruption longer than I minute.
6-4 一个组织有一个目标恢复时间接近于0,一个目标恢复点至于关键系统接近1分站。这暗示系统能承受:
A.数据丢失最多1分钟,但是进程是持续的
B.1分钟的进程中断,但是不能容忍数据丢失
C.一分钟或更多的进程中断
D.数据丢失和进程中断都超过1分钟
A The recovery time objective (RTO) measures an organization's tolerance for downtime and the recovery point objective (RPO) mea sures how much data loss can be accepted. Choices B, C and D are incorrect since they exceed the RTO limits set by the scenario.
答案A解析:.RTO衡量一个组织对宕机时间的容忍度,RPO衡量多少数据丢失可以被接收。选项B,C,D不正确因为他们超过了这个场景的RTO限制。
C6-5 Which of the following issues should be the GREATEST concern to the IS auditor when reviewing an IT disaster recovery test?
A. Due to the limited test time window, only the most essential systems were tested. The other systems were tested separately during the rest of the year.
B. During the test it was noticed that some of the backup systems were defective or not working, causing the test of these systems to fail.
C. The procedures to shut down and secure the original production site before starting the backup site required far more time than planned.
D. Every year, the same employees perform the test. The recovery plan documents are not used since every step is well known by all participants.
6-5 以下哪个问题是IT审计师审计灾备测试时最关注的?
A.因为测试时间限制,只对最必要的系统进行测试,其他系统可在年内其他时间进行测试。
B.在测试中注意到一些备份系统有缺陷或无法正常工作,导致系统测试失败。
C.在开始备份前关闭和保护原站点的程序所需时间远远超过计划所需要的时间。
D.每年都是由相同的人员进行测试。因为这些人员了解每一个步骤,所以没有使用恢复计划文档。
D A disaster recovery should not rely on key staff since a disaster can occur when they are not available. It is common that not all systems can be tested in a limited test time frame. It is important, however, that those systems which are essential to the business are tested. and that the other systems are eventually tested throughout the year. One aim of the test is to identify and replace defective devices so that all systems can be replaced in the case of a disaster. Choice B would only be a concern if the number of discovered problems is systematically very high. In a real disaster, there is no need for a clean shutdown of the original production environment since the first priority is to bring the backup site up.
答案D 解析: 一个灾备测试应该测试计划,进程,人力和IT系统。所以,如果计划没有被使用,它的准确性和充分性不能被保证。灾备计划不能只依靠关键的职工,因为灾难发生时,可能他们不在。普遍的是并不是所有系统可以在一个限制的时间点内被测试。重要的是那些系统被在年内被完全测试。测试的目标是辨识和替代有缺陷的设备,所有的系统在发生灾难时被替换。B 只关注发现问题的系统比较高。在一个真的灾难中,没有需要关闭初始点,因为第一步是启用备份点。
C6-6 The frequent updating of which of the following is key to the continued effectiveness of a disaster recovery plan (DRP)?
A. Contact information of key personnel
B. Server inventory documentation
C. Individual roles and responsibilities
D. Procedures for declaring a disaster
6-6维护一个持续有效的灾备计划,需要对以下哪项信息进行持续更新?
A.主要负责人的联系信息
B.服务器库存文件
C.个人角色与责任
D.宣告灾难的进程
A In the event of a disaster, it is important to have a current updated list of ersonnel who are key to the operation of the plan. Choices B. C and D would be more likely to remain stable overtime.
答案A解析:.万一发生灾难,重要的是有更新的主要负责操作计划的人。B,C,D将更维持稳固的超时。
C6-7 An organization has outsourced its wide area network (WAN) lo a third-parly service provider. Under these circumstances, which of the Ibllovving is the PRIMARY task the IS auditor should perform during an audit of business continuity (BCP) and disaster recovery planning (DRP)?
A. Review whether the service providers BCP process is aligned with the organization's BCP and contractual obligations.
B. Review whether the service level agreement (SLA) contains a penalty clause in case of failure to meet the level of service in case of a disaster.
C. Review the methodology adopted by the organization in choosing the service rovider.
D. Review the accreditation of the third-party service provider's staff.
6-7 一个组织把它的广域网服务外包给第三方服务商。在这样的情况下,哪个是IS审计师在审计BCP和DRP时的主要职责?
A.检查服务提供的BCP是否符合公司的BCP和合同责任
B.检查是否SLA包含惩罚如果发生灾难时没有达成服务级别承诺
C.检查组织选择服务提供商的方法
D.检查第三方服务提供商职工的资质
A Reviewing whether the service provider's business continuity plan (BCP) process is aligned with the organization's BCP and contractual obligations is the correct answer since an adverse effect or disruption to the business of the service provider has a direct bearing on the organization and its customers. Reviewing whether the service level agreement (SLA) contains a penalty clause in case of failure to meet the level of service in case of a disaster is not the correct answer since the presence of penalty clauses, although an essential element of a SLA, is not a primary concern. Choices C and D are possible concerns, but of lesser importance.
答案A解析:检查是否服务提供的BCP符合公司的BCP和合同责任是正确的,因为服务提供商的反作用和中断会给组织和客户有很直接的影响。检查SLA是否有惩罚条款并不是正确的,因为惩罚条款是SLA的必要因素,并不是主要的考虑。C和D不重要。
C6-8 An IS auditor can verify that an organization's business continuity plan (BCP) is effective by reviewing the:
A.alignment of the BCP with industry best practices.
B.results of business continuity tests performed by IS and end-user personnel.
C.off-site facility, its contents, security and environmental controls.
D.annual financial cost of the BCP activities versus the expected benefit of implementation of the plan.
6-8 一个IS审计师可以通过以下哪一种方式验证组织的BCP有效?
A.BCP符合行业最佳实践
B.IS审计师和终端用户对业务持续性进行测试的结果
C.离线备份设施、相关内容、安全和环境控制
D.每年的BCP财务成本对比实施计划的预期收益
B The effectiveness of the business continuity plan (BCP) can best be evaluated by reviewing the results from previous business continuity tests for thoroughness and accuracy in accomplishing their stated objectives. All other choices do not provide the assurance of the effectiveness of the 答案B解析:BCP的有效性可以通过以前业务持续测试的结果于他们声明的目标之间的检查来评估。所有其他的都不提供BCP有效性的保证。
C6-9 A live test of a mutual agreement for IT system recovery has been carried out. including a four-hour test of intensive usage by the business units. The test has been successful, but gives only partial assurance that the:
A. system and the IT operations team can sustain operations in the emergency environment.
B. resources and the environment could sustain the transaction load.
C. connectivity to the applications at the remote site meets response time requirements.。
D. workflow of actual business operations can use the emergency system in case of a disaster. 6-9 一个在线测试It系统恢复的相互协定被执行。包括一个4小时的业务单元密集使用的测试。测试成功了,但是只给了部分保证:
A.系统和IT操作队伍在紧急环境下的持续操作
B.资源和环境支撑交易符合。
C.远程站点的应用链接符合响应时间需求
D.实际业务操作流程可以在发生灾难时使用紧急系统。
A The applications have been intensively operated, therefore choices B, C and D have been actually tested, but the capability of the system and the IT operations team to sustain and support this environment (ancillary operations, batch closing, errorcorrections, output distribution, etc) is only partially tested.
答案A解析:.应用是集中的操作,所以B,C,D都已经被实际测试,但是系统的能力和IT操作队伍支撑环境只是被部分的测试。
C6-10 To optimize an organization's business contingency plan (BCP), an IS auditor should recommend conducting a business impact analysis (BIA) in order to determine:
A. the business processes that generate the most financial value for the organization and therefore must be recovered first.
B. the priorities and order for recovery to ensure alignment with the organization's business strategy.
C. the business processes that must be recovered following a disaster to ensure the organization's survival.
D. the priorities and order of recovery which will recover the greatest number of systems in the
shortest time frame.
6-10为优化一个组织的业务应急计划,一个信息系统审计师应该推荐使用业务影响分析的方法来决定:
A.产生组织的最大经济价值的业务流程应该首先被恢复。
B.恢复的优先权和顺序,以保证与组织的业务战略调整一致。
C.必须在灾难后恢复的事关组织的生存业务流程。
D.恢复的优先权和顺序,以尽可能地在最短的时间内恢复更多的系统。
C To ensure the organization's survival following a disaster, it is important to recover the most critical business processes first. It is a common mistake to overemphasize value (A) rather than urgency. For example, while the processing of incoming mortgage loan payments is important from a financial perspective, it could be delayed for a few days in the event of a disaster. On the other hand, wiring funds to close on a loan, while not generating direct revenue, is far more critical because of the possibility of regulatory problems, customer complaints and reputation issues. Choices B and D are not correct because neither the long-term business strategy nor the mere number of recovered systems has a direct impact at this point in time.
答案C 解析: 保证灾难后组织的生存,重要的是恢复最关键的商业流程。这是个普遍的错误过分强调价值(A)凌驾于紧要度。举例,财务方面抵押借款的收入是很重要的,如果有灾难它可以被延迟几天。另一方面,在线的现金支付,并不产生直接的收入,但是它因为法规,客户投诉和名誉问题而非常关键。选项(B)和(D)并不正确,因为长期商业策略和纯粹的恢复系统都没有直接的影响。
C6-11 A financial services organization is developing and documenting business continuity measures. In which of the following cases would an IS auditor MOST likely raise an issue?
A. The organization uses good practice guidelines instead of industry standards and relies on external advisors to ensure the adequacy of the methodology.
B. The business continuity capabilities are planned around a carefully selected set of scenarios which describe events that might happen with a reasonable probability.
C. The recovery time objectives (RTOs) do not take IT disaster recovery constraints into account, such as personnel or system dependencies during the recovery phase.
D. The organization plans to rent a shared alternate site with emergency workplaces which has only enough room for half of the normal staff.
6-11一个金融服务机构正在开发并记录业务持续措施。下面哪一个选项是信息系统审计师最有可能提出问题的?
A.该机构用良好的实践指南来代替行业标准,并依赖外部顾问来保证方法的适用性。
B.业务持续能力根据一套经仔细选择的方案计划,该方案描述了事件可能发生的合理可能性。
C.恢复时间目标并不考虑信息灾难恢复的限制,像恢复阶段个人与系统的向关性。
D.该机构计划租用一个共享交替的场地,那里有应急工作场所,刚好可以容纳一半的普通员
工。
B It is a common mistake to use scenario planning for business continuity. The problem is that it is impossible to plan and document actions for every possible scenario. Planning for just selected scenarios denies the fact that even improbable events can cause an organization to break down. Best practice planning addresses the four possible areas of impact in a disaster: premises, people, systems, suppliers and other dependencies. All scenarios can be reduced to these four categories and can be handled simultaneously. There are very few special scenarios which justify an additional separate analysis. It is a good idea to use best practices and external advice for such an important topic, especially since knowledge of the right level of preparedness and the judgment about adequacy of the measures taken is not available in every organization. The recovery time objectives (RTOs) are based on the essential business processes required to ensure the organization's survival, therefore it would be inappropriate for them to be based on IT capabilities. Best practice guidelines recommend having 20-40% of normal capacity available at an emergency site: therefore, a value of 50% would not be a problem if (here arc no additional factors.
答案B 解析: 这是个普遍的错误用远景规划去应对业务持续。问题是不可能为每个可能的情况做计划和记录步骤。最佳实践是四个可能被灾难影响的方面:设备,人,系统,给养和其他。所有的情况都可以被缩减到这四个类别并且被同时处理。有一些极少数的特别情况被证明特别的分析。这是个好主义去用最佳实践和外部建议为如此重要的话题,特别因为正确的知识准备层次和对于措施的判断并不是每个组织都具备。恢复时间目标是基于企业生存的必须业务流程,所以并不适合基于IT能力。最佳实践推荐正常能力的20%-40%做紧急备份,所以50%并不是个问题。
C6-12 A medium-sized organization, whose IT disaster recovery measures have been in place and regularly tested for years, has just developed a formal business continuity plan (BCP). A basic BCP tabletop exercise has been performed successfully. Which testing should an IS auditor recommend be performed NEXT to verify the adequacy of the new BCP?
A. Full-scale test with relocation of all departments, including IT, to the contingency site
B. Walk-through test of a series of predefined scenarios with all critical personnel involved
C. IT disaster recovery test with business departments involved in testing the critical applications
D. Functional test of a scenario with limited IT involvement
C6-12 一个中等组织,它的灾难恢复措施已经就绪并在数年中经过了有规律的测试,该组织刚刚开发了一个正式的业务持续性计划,并成功进行了基本的桌上模拟演练(沙盘推演),IS 审计师应该建议下一步采用什么测试来验证新的业务持续性计划的有效性?
A. 全面测试,将所有部门包括IT部门重新部署到应急场所
B. 在所有关键人员参与下穿行测试(走查)一系列事先定义的场景
C. 在业务部门的参与下的IT 灾难恢复测试以测试关键程序
D. 在IT部门有限的参与下的某一场景的功能测试
D After a tabletop exercise has been performed, the next step would be a functional test, which includes the mobilization of staff to exercise the administrative and organizational functions of a recovery. Since the IT part of the recovery has been tested for years, it would be more efficient to verify and optimize the business continuity plan (BCP) before actually involving IT in a full-scale test. The full-scale test would be the last step of the verification process before entering into a regular annual testing schedule. A full-scale test in the situation described might fail because it would be the first time that the plan is actually exercised, and a number of resources (including IT) and time would be wasted. The walk-through test is the most basic type of testing. Its intention is to make key staff familiar with the plan and discuss critical plan elements, rather than verifying its adequacy. The recovery of applications should always be verified and approved by the business instead of being purely IT-driven. A disaster recovery test would not help in verifying the administrative and organizational parts of the BCP which are not IT-related.
答案D解析: 在完成桌上模拟演练(沙盘推演)之后,下一步应该是功能测试, 包括动员员工演习恢复计划的行政和组织功能。由于恢复计划的IT部分已经经过了多年的测试,因此在真正包含IT的全面测试之前验证并优化业务持续性计划会更有效。在上面描述的情况下实施全面测试可能会失败,因为这是该计划第一次被实际演练,并且会造成一定的资源(包括IT资源)和时间的浪费。穿行测试(走查)是测试最基本的类型,它的目的是使关键员工熟悉计划并讨论计划的关键环节,而不是验证计划的有效性。程序的恢复应当被业务部门验证和批准而不是纯粹IT部门驱动。灾难恢复测试不能不能帮助验证业务恢复计划(BCP)的行政和组织部分,这部分是与IT无关的。
C6-13 Which of the following is the MOST important consideration when defining recovery point objectives (RPOs).
A. Minimum operating requirements
B. Acceptable date loss
C. Mean time between failures
D. Acceptable time for recovery
C6-13 下面哪一项是确定恢复点目标(RPO)时最重要的考虑?
A 最小操作需求
B 可接受的数据丢失
C 宕机之间的平均时间
D 可接受的恢复时间
B Recovery time objectives (RTOs) are the acceptable time delay in availability of business operations, while recovery point objectives (RPOs) are the level of data loss/reworking an organization is willing to accept. Mean time between failures and minimum operating requirements help in defining recovery strategies.
答案B解析: 恢复时间目标(RTO)是可接受的业务操作宕机的时间,而恢复点目标是组
织能够接受的数据丢失的水平。宕机之间的平均时间和最小操作需求对于确定恢复策略有所帮助。
C6-14 To address an organization’s disaster recovery requirements. Backup intervals should not exceed the:
A. service level objective (SLO).
B. Recovery time objective (RTO).
C. Recovery point objective (RPO).
D. Maximum acceptable outage (MAO).
C6-14 为了强调组织的灾难恢复需求,备份间隔不应该超过:
A. 服务水平目标(SLO)
B. 恢复时间目标(RTO)
C. 恢复点目标(RPO)
D. 最大可接受损耗(MAO)
C The recovery point objective (RPO) defines the point in time to which data must be restored after a disaster so as to resume processing transactions. Backups should be performed in a way that the latest backup is no older than this maximum time frame. If service levels are not met, the usual consequences are penalty payments, not cessation of business. Organizations will try to set service level objectives (SLOs) so as to meet established targets. The resulting time for the service level agreement (SLA) will usually be longer than the RPO. The recovery time objective (RTO) defines the time period after the disaster in which normal business functionality needs to be restored. The maximum acceptable outage (MAO) is the maximum amount of system downtime that is tolerable. It can be used as a synonym for RTO. However, the RTO denotes an objective/target, while the MAO constitutes a vital necessity for an organization’s survival.
答案C解析: 恢复点目标以时间的形式定义了灾难发生后为了继续处理交易所必须修复的数据点。备份应该以最新的备份的时间不大于这个最大时间段的方式进行。如果服务水平没有达到,最通常的结果是罚金,不是业务的停止。组织应该努力建立服务水平目标以满足已制定的目标。服务水平协议(SLA)的效果时间通常比恢复点目标(RPO)要长。恢复时间目标定义了灾难发生后普通业务功能被恢复所需要的时间段。最大可接受损耗(MAO)是可接受的系统宕机时间的最大值,它可以恢复点目标(RTO)通用,但是,RTO表示一个目标,而MAO组成了系统幸存的关键必要性。
第六章:灾难恢复与业务连续性计划
C6-1 During an audit, an IS auditor notes that an organization's business continuity plan (BCP) does not adequately address information confidentiality during a recovery process. The IS auditor should recommend that the plan be modified to include:
A .the level of information security required when business recovery procedures are invoked.
B. information security roles and responsibilities in the crisis management structure.
C. information security resource requirements.
D. change management procedures for information security that could affect business continuity arrangements.
6-1 在审计中,一个IS审计师注意到一个组织的业务持续计划不能适当解决恢复过程中的信息机密性。这个IS审计师应该推荐计划被修改:
A.当业务恢复进程被启用时信息安全所需要的层次
B.在危机管理架构中的信息安全角色和责任
C.信息安全资源需求
D.信息安全的改变管理进程可能会影响业务持续安排
A Business should consider whether information security levels required during recovery should be the same, lower or higher than when business is operating normally. In particular, any special rules for access to confidential data during a crisis need to be identified. The other choices do not directly address the information confidentiality issue.
答案A解析:.业务应该考虑是否在恢复时需要相同的安全级别,或者比平时的低或者高。特别的是,一些在紧急时候访问加密数据的规则需要被辨识。其他选项并不直接解决信息机密性问题。
C6-2 During a disaster recovery test, an IS auditor observes that the performance of the disaster recovery site's server is slow. To find the root cause of this, the IS auditor should FIRST review the:
A. event error log generated at the disaster recovery site.
B. disaster recovery test plan.
C. disaster recovery plan (DRP).
D. configurations and alignment of the primary and disaster recovery sites.
6-2 在灾难恢复测试中,一个IS审计师发现灾难恢复站点的服务器缓慢,为了找出根本原因,信息系统审计师应该首先审查:
A.灾难备份点的事件错误日志生成
B.灾难备份测试计划
C.灾难备份计划
D.配置并确保主站与和灾难备份点保持一致
D Since the configuration of the system is the most probable cause, the IS auditor should review that first. If the issue cannot be clarified, the IS auditor should then review the event error log. The disaster recovery test plan and the disaster recovery plan (DRP) would not contain information about the system configuration.
答案D 解析:.既然系统配置是最可能的原因,IS审计师因为首先检查。如果问题不能被澄清,IS审计师检查事件错误日志。灾备测试计划灾备计划不应该包含系统配置的信息。
C6-3 Which of the following is the GREATEST risk when storage growth in a critical file server is not managed properly?
A. Backup time would steadily increase
B. Backup operational cost would significantly increase
C. Storage operational cost would significantly increase
D. Server recovery work may not meet the recovery time objective (RTO)
6-3 当一个关键的文件服务器存储量增长没有被合理的管理,哪个是最大的风险?
A.备份时间将持续增加
B.备份操作成本将会显著增加
C.存储操作成本将会显著增加
D.服务器恢复将不能满足RTO的要求
D In case of a crash, recovering a server with an extensive amount of data could require a significant amount of time. If the recovery cannot meet the recovery time objective (RTO), there will be a discrepancy in IT strategies. It's important to ensure that server restoration can meet the RTO. Incremental backup would only take the backup of the daily differential, thus a steady increase in backup time is not always true. The backup and storage costs issues are not as significant as not meeting the RTO.
答案D解析:.如果发生故障,恢复具有一些数据的服务器将会需要一个明显的时间点。如果恢复不能满足目标恢复时间,将会在IT策略上产生差异。保证服务器恢复符合RTO非常重要。增量备份将只备份每天的差异,这样一个稳固的备份时间增长是不正确的。备份和存储成本并不象不符合RTO那样重要。
C6-4 An organization has a recovery time objective (RTO) equal to zero and a recovery point
objective (RPO) close to I minute for a critical system. This implies that the system can tolerate:
A. a data loss of up to 1 minute, but the processing must be continuous.
B. a 1-minute processing interruption but cannot tolerate any data loss.
C. a processing interruption of I minute or more.
D. both a data loss and a processing interruption longer than I minute.
6-4 一个组织有一个目标恢复时间接近于0,一个目标恢复点至于关键系统接近1分站。这暗示系统能承受:
A.数据丢失最多1分钟,但是进程是持续的
B.1分钟的进程中断,但是不能容忍数据丢失
C.一分钟或更多的进程中断
D.数据丢失和进程中断都超过1分钟
A The recovery time objective (RTO) measures an organization's tolerance for downtime and the recovery point objective (RPO) mea sures how much data loss can be accepted. Choices B, C and D are incorrect since they exceed the RTO limits set by the scenario.
答案A解析:.RTO衡量一个组织对宕机时间的容忍度,RPO衡量多少数据丢失可以被接收。选项B,C,D不正确因为他们超过了这个场景的RTO限制。
C6-5 Which of the following issues should be the GREATEST concern to the IS auditor when reviewing an IT disaster recovery test?
A. Due to the limited test time window, only the most essential systems were tested. The other systems were tested separately during the rest of the year.
B. During the test it was noticed that some of the backup systems were defective or not working, causing the test of these systems to fail.
C. The procedures to shut down and secure the original production site before starting the backup site required far more time than planned.
D. Every year, the same employees perform the test. The recovery plan documents are not used since every step is well known by all participants.
6-5 以下哪个问题是IT审计师审计灾备测试时最关注的?
A.因为测试时间限制,只对最必要的系统进行测试,其他系统可在年内其他时间进行测试。
B.在测试中注意到一些备份系统有缺陷或无法正常工作,导致系统测试失败。
C.在开始备份前关闭和保护原站点的程序所需时间远远超过计划所需要的时间。
D.每年都是由相同的人员进行测试。因为这些人员了解每一个步骤,所以没有使用恢复计划文档。
D A disaster recovery should not rely on key staff since a disaster can occur when they are not available. It is common that not all systems can be tested in a limited test time frame. It is important, however, that those systems which are essential to the business are tested. and that the other systems are eventually tested throughout the year. One aim of the test is to identify and replace defective devices so that all systems can be replaced in the case of a disaster. Choice B would only be a concern if the number of discovered problems is systematically very high. In a real disaster, there is no need for a clean shutdown of the original production environment since the first priority is to bring the backup site up.
答案D 解析: 一个灾备测试应该测试计划,进程,人力和IT系统。所以,如果计划没有被使用,它的准确性和充分性不能被保证。灾备计划不能只依靠关键的职工,因为灾难发生时,可能他们不在。普遍的是并不是所有系统可以在一个限制的时间点内被测试。重要的是那些系统被在年内被完全测试。测试的目标是辨识和替代有缺陷的设备,所有的系统在发生灾难时被替换。B 只关注发现问题的系统比较高。在一个真的灾难中,没有需要关闭初始点,因为第一步是启用备份点。
C6-6 The frequent updating of which of the following is key to the continued effectiveness of a disaster recovery plan (DRP)?
A. Contact information of key personnel
B. Server inventory documentation
C. Individual roles and responsibilities
D. Procedures for declaring a disaster
6-6维护一个持续有效的灾备计划,需要对以下哪项信息进行持续更新?
A.主要负责人的联系信息
B.服务器库存文件
C.个人角色与责任
D.宣告灾难的进程
A In the event of a disaster, it is important to have a current updated list of ersonnel who are key to the operation of the plan. Choices B. C and D would be more likely to remain stable overtime.
答案A解析:.万一发生灾难,重要的是有更新的主要负责操作计划的人。B,C,D将更维持稳固的超时。
C6-7 An organization has outsourced its wide area network (WAN) lo a third-parly service provider. Under these circumstances, which of the Ibllovving is the PRIMARY task the IS auditor should perform during an audit of business continuity (BCP) and disaster recovery planning (DRP)?
A. Review whether the service providers BCP process is aligned with the organization's BCP and contractual obligations.
B. Review whether the service level agreement (SLA) contains a penalty clause in case of failure to meet the level of service in case of a disaster.
C. Review the methodology adopted by the organization in choosing the service rovider.
D. Review the accreditation of the third-party service provider's staff.
6-7 一个组织把它的广域网服务外包给第三方服务商。在这样的情况下,哪个是IS审计师在审计BCP和DRP时的主要职责?
A.检查服务提供的BCP是否符合公司的BCP和合同责任
B.检查是否SLA包含惩罚如果发生灾难时没有达成服务级别承诺
C.检查组织选择服务提供商的方法
D.检查第三方服务提供商职工的资质
A Reviewing whether the service provider's business continuity plan (BCP) process is aligned with the organization's BCP and contractual obligations is the correct answer since an adverse effect or disruption to the business of the service provider has a direct bearing on the organization and its customers. Reviewing whether the service level agreement (SLA) contains a penalty clause in case of failure to meet the level of service in case of a disaster is not the correct answer since the presence of penalty clauses, although an essential element of a SLA, is not a primary concern. Choices C and D are possible concerns, but of lesser importance.
答案A解析:检查是否服务提供的BCP符合公司的BCP和合同责任是正确的,因为服务提供商的反作用和中断会给组织和客户有很直接的影响。检查SLA是否有惩罚条款并不是正确的,因为惩罚条款是SLA的必要因素,并不是主要的考虑。C和D不重要。
C6-8 An IS auditor can verify that an organization's business continuity plan (BCP) is effective by reviewing the:
A.alignment of the BCP with industry best practices.
B.results of business continuity tests performed by IS and end-user personnel.
C.off-site facility, its contents, security and environmental controls.
D.annual financial cost of the BCP activities versus the expected benefit of implementation of the plan.
6-8 一个IS审计师可以通过以下哪一种方式验证组织的BCP有效?
A.BCP符合行业最佳实践
B.IS审计师和终端用户对业务持续性进行测试的结果
C.离线备份设施、相关内容、安全和环境控制
D.每年的BCP财务成本对比实施计划的预期收益
B The effectiveness of the business continuity plan (BCP) can best be evaluated by reviewing the results from previous business continuity tests for thoroughness and accuracy in accomplishing their stated objectives. All other choices do not provide the assurance of the effectiveness of the 答案B解析:BCP的有效性可以通过以前业务持续测试的结果于他们声明的目标之间的检查来评估。所有其他的都不提供BCP有效性的保证。
C6-9 A live test of a mutual agreement for IT system recovery has been carried out. including a four-hour test of intensive usage by the business units. The test has been successful, but gives only partial assurance that the:
A. system and the IT operations team can sustain operations in the emergency environment.
B. resources and the environment could sustain the transaction load.
C. connectivity to the applications at the remote site meets response time requirements.。
D. workflow of actual business operations can use the emergency system in case of a disaster. 6-9 一个在线测试It系统恢复的相互协定被执行。包括一个4小时的业务单元密集使用的测试。测试成功了,但是只给了部分保证:
A.系统和IT操作队伍在紧急环境下的持续操作
B.资源和环境支撑交易符合。
C.远程站点的应用链接符合响应时间需求
D.实际业务操作流程可以在发生灾难时使用紧急系统。
A The applications have been intensively operated, therefore choices B, C and D have been actually tested, but the capability of the system and the IT operations team to sustain and support this environment (ancillary operations, batch closing, errorcorrections, output distribution, etc) is only partially tested.
答案A解析:.应用是集中的操作,所以B,C,D都已经被实际测试,但是系统的能力和IT操作队伍支撑环境只是被部分的测试。
C6-10 To optimize an organization's business contingency plan (BCP), an IS auditor should recommend conducting a business impact analysis (BIA) in order to determine:
A. the business processes that generate the most financial value for the organization and therefore must be recovered first.
B. the priorities and order for recovery to ensure alignment with the organization's business strategy.
C. the business processes that must be recovered following a disaster to ensure the organization's survival.
D. the priorities and order of recovery which will recover the greatest number of systems in the
shortest time frame.
6-10为优化一个组织的业务应急计划,一个信息系统审计师应该推荐使用业务影响分析的方法来决定:
A.产生组织的最大经济价值的业务流程应该首先被恢复。
B.恢复的优先权和顺序,以保证与组织的业务战略调整一致。
C.必须在灾难后恢复的事关组织的生存业务流程。
D.恢复的优先权和顺序,以尽可能地在最短的时间内恢复更多的系统。
C To ensure the organization's survival following a disaster, it is important to recover the most critical business processes first. It is a common mistake to overemphasize value (A) rather than urgency. For example, while the processing of incoming mortgage loan payments is important from a financial perspective, it could be delayed for a few days in the event of a disaster. On the other hand, wiring funds to close on a loan, while not generating direct revenue, is far more critical because of the possibility of regulatory problems, customer complaints and reputation issues. Choices B and D are not correct because neither the long-term business strategy nor the mere number of recovered systems has a direct impact at this point in time.
答案C 解析: 保证灾难后组织的生存,重要的是恢复最关键的商业流程。这是个普遍的错误过分强调价值(A)凌驾于紧要度。举例,财务方面抵押借款的收入是很重要的,如果有灾难它可以被延迟几天。另一方面,在线的现金支付,并不产生直接的收入,但是它因为法规,客户投诉和名誉问题而非常关键。选项(B)和(D)并不正确,因为长期商业策略和纯粹的恢复系统都没有直接的影响。
C6-11 A financial services organization is developing and documenting business continuity measures. In which of the following cases would an IS auditor MOST likely raise an issue?
A. The organization uses good practice guidelines instead of industry standards and relies on external advisors to ensure the adequacy of the methodology.
B. The business continuity capabilities are planned around a carefully selected set of scenarios which describe events that might happen with a reasonable probability.
C. The recovery time objectives (RTOs) do not take IT disaster recovery constraints into account, such as personnel or system dependencies during the recovery phase.
D. The organization plans to rent a shared alternate site with emergency workplaces which has only enough room for half of the normal staff.
6-11一个金融服务机构正在开发并记录业务持续措施。下面哪一个选项是信息系统审计师最有可能提出问题的?
A.该机构用良好的实践指南来代替行业标准,并依赖外部顾问来保证方法的适用性。
B.业务持续能力根据一套经仔细选择的方案计划,该方案描述了事件可能发生的合理可能性。
C.恢复时间目标并不考虑信息灾难恢复的限制,像恢复阶段个人与系统的向关性。
D.该机构计划租用一个共享交替的场地,那里有应急工作场所,刚好可以容纳一半的普通员
工。
B It is a common mistake to use scenario planning for business continuity. The problem is that it is impossible to plan and document actions for every possible scenario. Planning for just selected scenarios denies the fact that even improbable events can cause an organization to break down. Best practice planning addresses the four possible areas of impact in a disaster: premises, people, systems, suppliers and other dependencies. All scenarios can be reduced to these four categories and can be handled simultaneously. There are very few special scenarios which justify an additional separate analysis. It is a good idea to use best practices and external advice for such an important topic, especially since knowledge of the right level of preparedness and the judgment about adequacy of the measures taken is not available in every organization. The recovery time objectives (RTOs) are based on the essential business processes required to ensure the organization's survival, therefore it would be inappropriate for them to be based on IT capabilities. Best practice guidelines recommend having 20-40% of normal capacity available at an emergency site: therefore, a value of 50% would not be a problem if (here arc no additional factors.
答案B 解析: 这是个普遍的错误用远景规划去应对业务持续。问题是不可能为每个可能的情况做计划和记录步骤。最佳实践是四个可能被灾难影响的方面:设备,人,系统,给养和其他。所有的情况都可以被缩减到这四个类别并且被同时处理。有一些极少数的特别情况被证明特别的分析。这是个好主义去用最佳实践和外部建议为如此重要的话题,特别因为正确的知识准备层次和对于措施的判断并不是每个组织都具备。恢复时间目标是基于企业生存的必须业务流程,所以并不适合基于IT能力。最佳实践推荐正常能力的20%-40%做紧急备份,所以50%并不是个问题。
C6-12 A medium-sized organization, whose IT disaster recovery measures have been in place and regularly tested for years, has just developed a formal business continuity plan (BCP). A basic BCP tabletop exercise has been performed successfully. Which testing should an IS auditor recommend be performed NEXT to verify the adequacy of the new BCP?
A. Full-scale test with relocation of all departments, including IT, to the contingency site
B. Walk-through test of a series of predefined scenarios with all critical personnel involved
C. IT disaster recovery test with business departments involved in testing the critical applications
D. Functional test of a scenario with limited IT involvement
C6-12 一个中等组织,它的灾难恢复措施已经就绪并在数年中经过了有规律的测试,该组织刚刚开发了一个正式的业务持续性计划,并成功进行了基本的桌上模拟演练(沙盘推演),IS 审计师应该建议下一步采用什么测试来验证新的业务持续性计划的有效性?
A. 全面测试,将所有部门包括IT部门重新部署到应急场所
B. 在所有关键人员参与下穿行测试(走查)一系列事先定义的场景
C. 在业务部门的参与下的IT 灾难恢复测试以测试关键程序
D. 在IT部门有限的参与下的某一场景的功能测试
D After a tabletop exercise has been performed, the next step would be a functional test, which includes the mobilization of staff to exercise the administrative and organizational functions of a recovery. Since the IT part of the recovery has been tested for years, it would be more efficient to verify and optimize the business continuity plan (BCP) before actually involving IT in a full-scale test. The full-scale test would be the last step of the verification process before entering into a regular annual testing schedule. A full-scale test in the situation described might fail because it would be the first time that the plan is actually exercised, and a number of resources (including IT) and time would be wasted. The walk-through test is the most basic type of testing. Its intention is to make key staff familiar with the plan and discuss critical plan elements, rather than verifying its adequacy. The recovery of applications should always be verified and approved by the business instead of being purely IT-driven. A disaster recovery test would not help in verifying the administrative and organizational parts of the BCP which are not IT-related.
答案D解析: 在完成桌上模拟演练(沙盘推演)之后,下一步应该是功能测试, 包括动员员工演习恢复计划的行政和组织功能。由于恢复计划的IT部分已经经过了多年的测试,因此在真正包含IT的全面测试之前验证并优化业务持续性计划会更有效。在上面描述的情况下实施全面测试可能会失败,因为这是该计划第一次被实际演练,并且会造成一定的资源(包括IT资源)和时间的浪费。穿行测试(走查)是测试最基本的类型,它的目的是使关键员工熟悉计划并讨论计划的关键环节,而不是验证计划的有效性。程序的恢复应当被业务部门验证和批准而不是纯粹IT部门驱动。灾难恢复测试不能不能帮助验证业务恢复计划(BCP)的行政和组织部分,这部分是与IT无关的。
C6-13 Which of the following is the MOST important consideration when defining recovery point objectives (RPOs).
A. Minimum operating requirements
B. Acceptable date loss
C. Mean time between failures
D. Acceptable time for recovery
C6-13 下面哪一项是确定恢复点目标(RPO)时最重要的考虑?
A 最小操作需求
B 可接受的数据丢失
C 宕机之间的平均时间
D 可接受的恢复时间
B Recovery time objectives (RTOs) are the acceptable time delay in availability of business operations, while recovery point objectives (RPOs) are the level of data loss/reworking an organization is willing to accept. Mean time between failures and minimum operating requirements help in defining recovery strategies.
答案B解析: 恢复时间目标(RTO)是可接受的业务操作宕机的时间,而恢复点目标是组
织能够接受的数据丢失的水平。宕机之间的平均时间和最小操作需求对于确定恢复策略有所帮助。
C6-14 To address an organization’s disaster recovery requirements. Backup intervals should not exceed the:
A. service level objective (SLO).
B. Recovery time objective (RTO).
C. Recovery point objective (RPO).
D. Maximum acceptable outage (MAO).
C6-14 为了强调组织的灾难恢复需求,备份间隔不应该超过:
A. 服务水平目标(SLO)
B. 恢复时间目标(RTO)
C. 恢复点目标(RPO)
D. 最大可接受损耗(MAO)
C The recovery point objective (RPO) defines the point in time to which data must be restored after a disaster so as to resume processing transactions. Backups should be performed in a way that the latest backup is no older than this maximum time frame. If service levels are not met, the usual consequences are penalty payments, not cessation of business. Organizations will try to set service level objectives (SLOs) so as to meet established targets. The resulting time for the service level agreement (SLA) will usually be longer than the RPO. The recovery time objective (RTO) defines the time period after the disaster in which normal business functionality needs to be restored. The maximum acceptable outage (MAO) is the maximum amount of system downtime that is tolerable. It can be used as a synonym for RTO. However, the RTO denotes an objective/target, while the MAO constitutes a vital necessity for an organization’s survival.
答案C解析: 恢复点目标以时间的形式定义了灾难发生后为了继续处理交易所必须修复的数据点。备份应该以最新的备份的时间不大于这个最大时间段的方式进行。如果服务水平没有达到,最通常的结果是罚金,不是业务的停止。组织应该努力建立服务水平目标以满足已制定的目标。服务水平协议(SLA)的效果时间通常比恢复点目标(RPO)要长。恢复时间目标定义了灾难发生后普通业务功能被恢复所需要的时间段。最大可接受损耗(MAO)是可接受的系统宕机时间的最大值,它可以恢复点目标(RTO)通用,但是,RTO表示一个目标,而MAO组成了系统幸存的关键必要性。