第六章灾难恢复与业务连续性计划

1、第六章：灾难恢复与业务连续性计划C6-1 During an audit, an IS auditor notes that an organizations business continuity plan (BCP) does not adequately address information confidentiality during a recovery process. The IS auditor should recommend that the plan be modified to include:A .the level of information security

2、required when business recovery procedures are invoked. B. information security roles and responsibilities in the crisis management structure. C. information security resource requirements. D. change management procedures for information security that could affect business continuity arrangements. 6

3、-1 在审计中，一个IS审计师注意到一个组织的业务持续计划不能适当解决恢复过程中的信息机密性。这个IS审计师应该推荐计划被修改： A.当业务恢复进程被启用时信息安全所需要的层次 B.在危机管理架构中的信息安全角色和责任C.信息安全资源需求D.信息安全的改变管理进程可能会影响业务持续安排A Business should consider whether information security levels required during recovery should be the same, lower or higher than when business is operating n

4、ormally. In particular, any special rules for access to confidential data during a crisis need to be identified. The other choices do not directly address the information confidentiality issue. 答案A解析：.业务应该考虑是否在恢复时需要相同的安全级别，或者比平时的低或者高。特别的是，一些在紧急时候访问加密数据的规则需要被辨识。其他选项并不直接解决信息机密性问题。C6-2 During a disaste

5、r recovery test, an IS auditor observes that the performance of the disaster recovery sites server is slow. To find the root cause of this, the IS auditor should FIRST review the:A. event error log generated at the disaster recovery site. B. disaster recovery test plan. C. disaster recovery plan (DR

6、P). D. configurations and alignment of the primary and disaster recovery sites. 6-2 在灾难恢复测试中，一个IS审计师发现灾难恢复站点的服务器缓慢，为了找出根本原因，信息系统审计师应该首先审查：A.灾难备份点的事件错误日志生成B.灾难备份测试计划C.灾难备份计划D.配置并确保主站与和灾难备份点保持一致 D Since the configuration of the system is the most probable cause, the IS auditor should review that first

7、. If the issue cannot be clarified, the IS auditor should then review the event error log. The disaster recovery test plan and the disaster recovery plan (DRP) would not contain information about the system configuration.答案D 解析：.既然系统配置是最可能的原因，IS审计师因为首先检查。如果问题不能被澄清，IS审计师检查事件错误日志。灾备测试计划灾备计划不应该包含系统配置的信

8、息。 C6-3 Which of the following is the GREATEST risk when storage growth in a critical file server is not managed properly?A. Backup time would steadily increase B. Backup operational cost would significantly increase C. Storage operational cost would significantly increase D. Server recovery work ma

9、y not meet the recovery time objective (RTO) 6-3 当一个关键的文件服务器存储量增长没有被合理的管理，哪个是最大的风险？ A.备份时间将持续增加B.备份操作成本将会显著增加C.存储操作成本将会显著增加D.服务器恢复将不能满足RTO的要求 D In case of a crash, recovering a server with an extensive amount of data could require a significant amount of time. If the recovery cannot meet the recover

10、y time objective (RTO), there will be a discrepancy in IT strategies. Its important to ensure that server restoration can meet the RTO. Incremental backup would only take the backup of the daily differential, thus a steady increase in backup time is not always true. The backup and storage costs issu

11、es are not as significant as not meeting the RTO.答案D解析：.如果发生故障，恢复具有一些数据的服务器将会需要一个明显的时间点。如果恢复不能满足目标恢复时间，将会在IT策略上产生差异。保证服务器恢复符合RTO非常重要。增量备份将只备份每天的差异，这样一个稳固的备份时间增长是不正确的。备份和存储成本并不象不符合RTO那样重要。 C6-4 An organization has a recovery time objective (RTO) equal to zero and a recovery point objective (RPO) clos

12、e to I minute for a critical system. This implies that the system can tolerate: A. a data loss of up to 1 minute, but the processing must be continuous. B. a 1-minute processing interruption but cannot tolerate any data loss. C. a processing interruption of I minute or more. D. both a data loss and

13、a processing interruption longer than I minute. 6-4 一个组织有一个目标恢复时间接近于0，一个目标恢复点至于关键系统接近1分站。这暗示系统能承受：A.数据丢失最多1分钟，但是进程是持续的 B.1分钟的进程中断，但是不能容忍数据丢失C.一分钟或更多的进程中断D.数据丢失和进程中断都超过1分钟A The recovery time objective (RTO) measures an organizations tolerance for downtime and the recovery point objective (RPO) mea su

14、res how much data loss can be accepted. Choices B, C and D are incorrect since they exceed the RTO limits set by the scenario.答案A解析：.RTO衡量一个组织对宕机时间的容忍度，RPO衡量多少数据丢失可以被接收。选项B，C，D不正确因为他们超过了这个场景的RTO限制。 C6-5 Which of the following issues should be the GREATEST concern to the IS auditor when reviewing an

15、IT disaster recovery test? A. Due to the limited test time window, only the most essential systems were tested. The other systems were tested separately during the rest of the year. B. During the test it was noticed that some of the backup systems were defective or not working, causing the test of t

16、hese systems to fail. C. The procedures to shut down and secure the original production site before starting the backup site required far more time than planned. D. Every year, the same employees perform the test. The recovery plan documents are not used since every step is well known by all partici

17、pants. 6-5 以下哪个问题是IT审计师审计灾备测试时最关注的？ A.因为测试时间限制，只对最必要的系统进行测试，其他系统可在年内其他时间进行测试。B.在测试中注意到一些备份系统有缺陷或无法正常工作，导致系统测试失败。C.在开始备份前关闭和保护原站点的程序所需时间远远超过计划所需要的时间。D.每年都是由相同的人员进行测试。因为这些人员了解每一个步骤，所以没有使用恢复计划文档。D A disaster recovery should not rely on key staff since a disaster can occur when they are not available. I

18、t is common that not all systems can be tested in a limited test time frame. It is important, however, that those systems which are essential to the business are tested. and that the other systems are eventually tested throughout the year. One aim of the test is to identify and replace defective dev

19、ices so that all systems can be replaced in the case of a disaster. Choice B would only be a concern if the number of discovered problems is systematically very high. In a real disaster, there is no need for a clean shutdown of the original production environment since the first priority is to bring

20、 the backup site up. 答案D 解析： 一个灾备测试应该测试计划，进程，人力和IT系统。所以，如果计划没有被使用，它的准确性和充分性不能被保证。灾备计划不能只依靠关键的职工，因为灾难发生时，可能他们不在。普遍的是并不是所有系统可以在一个限制的时间点内被测试。重要的是那些系统被在年内被完全测试。测试的目标是辨识和替代有缺陷的设备，所有的系统在发生灾难时被替换。B 只关注发现问题的系统比较高。在一个真的灾难中，没有需要关闭初始点，因为第一步是启用备份点。 C6-6 The frequent updating of which of the following is key to

21、the continued effectiveness of a disaster recovery plan (DRP)? A. Contact information of key personnel B. Server inventory documentation C. Individual roles and responsibilities D. Procedures for declaring a disaster 6-6维护一个持续有效的灾备计划，需要对以下哪项信息进行持续更新？A.主要负责人的联系信息 B.服务器库存文件C.个人角色与责任D.宣告灾难的进程A In the e

22、vent of a disaster, it is important to have a current updated list of ersonnel who are key to the operation of the plan. Choices B. C and D would be more likely to remain stable overtime. 答案A解析：.万一发生灾难，重要的是有更新的主要负责操作计划的人。B，C，D将更维持稳固的超时。C6-7 An organization has outsourced its wide area network (WAN)

23、lo a third-parly service provider. Under these circumstances, which of the Ibllovving is the PRIMARY task the IS auditor should perform during an audit of business continuity (BCP) and disaster recovery planning (DRP)? A. Review whether the service providers BCP process is aligned with the organizat

24、ions BCP and contractual obligations. B. Review whether the service level agreement (SLA) contains a penalty clause in case of failure to meet the level of service in case of a disaster. C. Review the methodology adopted by the organization in choosing the service rovider. D. Review the accreditatio

25、n of the third-party service providers staff. 6-7 一个组织把它的广域网服务外包给第三方服务商。在这样的情况下，哪个是IS审计师在审计BCP和DRP时的主要职责？ A.检查服务提供的BCP是否符合公司的BCP和合同责任 B.检查是否SLA包含惩罚如果发生灾难时没有达成服务级别承诺C.检查组织选择服务提供商的方法D.检查第三方服务提供商职工的资质A Reviewing whether the service providers business continuity plan (BCP) process is aligned with the or

26、ganizations BCP and contractual obligations is the correct answer since an adverse effect or disruption to the business of the service provider has a direct bearing on the organization and its customers. Reviewing whether the service level agreement (SLA) contains a penalty clause in case of failure

27、 to meet the level of service in case of a disaster is not the correct answer since the presence of penalty clauses, although an essential element of a SLA, is not a primary concern. Choices C and D are possible concerns, but of lesser importance. 答案A解析：检查是否服务提供的BCP符合公司的BCP和合同责任是正确的，因为服务提供商的反作用和中断会给

28、组织和客户有很直接的影响。检查SLA是否有惩罚条款并不是正确的，因为惩罚条款是SLA的必要因素，并不是主要的考虑。C和D不重要。 C6-8 An IS auditor can verify that an organizations business continuity plan (BCP) is effective by reviewing the:Aalignment of the BCP with industry best practices. Bresults of business continuity tests performed by IS and end-user per

29、sonnel. Coff-site facility, its contents, security and environmental controls. Dannual financial cost of the BCP activities versus the expected benefit of implementation of the plan. 6-8 一个IS审计师可以通过以下哪一种方式验证组织的BCP有效？ A.BCP符合行业最佳实践B.IS审计师和终端用户对业务持续性进行测试的结果 C.离线备份设施、相关内容、安全和环境控制 D.每年的BCP财务成本对比实施计划的预期收

30、益 B The effectiveness of the business continuity plan (BCP) can best be evaluated by reviewing the results from previous business continuity tests for thoroughness and accuracy in accomplishing their stated objectives. All other choices do not provide the assurance of the effectiveness of the 答案B解析：

31、BCP的有效性可以通过以前业务持续测试的结果于他们声明的目标之间的检查来评估。所有其他的都不提供BCP有效性的保证。 C6-9 A live test of a mutual agreement for IT system recovery has been carried out. including a four-hour test of intensive usage by the business units. The test has been successful, but gives only partial assurance that the: A. system and t

32、he IT operations team can sustain operations in the emergency environment. B. resources and the environment could sustain the transaction load. C. connectivity to the applications at the remote site meets response time requirements.。 D. workflow of actual business operations can use the emergency sy

33、stem in case of a disaster. 6-9 一个在线测试It系统恢复的相互协定被执行。包括一个4小时的业务单元密集使用的测试。测试成功了，但是只给了部分保证： A.系统和IT操作队伍在紧急环境下的持续操作 B.资源和环境支撑交易符合。C.远程站点的应用链接符合响应时间需求D.实际业务操作流程可以在发生灾难时使用紧急系统。A The applications have been intensively operated, therefore choices B, C and D have been actually tested, but the capability of

34、the system and the IT operations team to sustain and support this environment (ancillary operations, batch closing, errorcorrections, output distribution, etc) is only partially tested. 答案A解析：.应用是集中的操作，所以B，C，D都已经被实际测试，但是系统的能力和IT操作队伍支撑环境只是被部分的测试。C6-10 To optimize an organizations business contingency

35、 plan (BCP), an IS auditor should recommend conducting a business impact analysis (BIA) in order to determine: A. the business processes that generate the most financial value for the organization and therefore must be recovered first. B. the priorities and order for recovery to ensure alignment wit

36、h the organizations business strategy. C. the business processes that must be recovered following a disaster to ensure the organizations survival. D. the priorities and order of recovery which will recover the greatest number of systems in the shortest time frame. 6-10为优化一个组织的业务应急计划，一个信息系统审计师应该推荐使用业

37、务影响分析的方法来决定：A.产生组织的最大经济价值的业务流程应该首先被恢复。B.恢复的优先权和顺序，以保证与组织的业务战略调整一致。C.必须在灾难后恢复的事关组织的生存业务流程。 D.恢复的优先权和顺序，以尽可能地在最短的时间内恢复更多的系统。C To ensure the organizations survival following a disaster, it is important to recover the most critical business processes first. It is a common mistake to overemphasize value

38、(A) rather than urgency. For example, while the processing of incoming mortgage loan payments is important from a financial perspective, it could be delayed for a few days in the event of a disaster. On the other hand, wiring funds to close on a loan, while not generating direct revenue, is far more

39、 critical because of the possibility of regulatory problems, customer complaints and reputation issues. Choices B and D are not correct because neither the long-term business strategy nor the mere number of recovered systems has a direct impact at this point in time.答案C 解析： 保证灾难后组织的生存，重要的是恢复最关键的商业流程

40、。这是个普遍的错误过分强调价值（A)凌驾于紧要度。举例，财务方面抵押借款的收入是很重要的，如果有灾难它可以被延迟几天。另一方面，在线的现金支付，并不产生直接的收入，但是它因为法规，客户投诉和名誉问题而非常关键。选项（B）和（D）并不正确，因为长期商业策略和纯粹的恢复系统都没有直接的影响。 C6-11 A financial services organization is developing and documenting business continuity measures. In which of the following cases would an IS auditor MOS

41、T likely raise an issue? A. The organization uses good practice guidelines instead of industry standards and relies on external advisors to ensure the adequacy of the methodology. B. The business continuity capabilities are planned around a carefully selected set of scenarios which describe events t

42、hat might happen with a reasonable probability.C. The recovery time objectives (RTOs) do not take IT disaster recovery constraints into account, such as personnel or system dependencies during the recovery phase.D. The organization plans to rent a shared alternate site with emergency workplaces whic

43、h has only enough room for half of the normal staff.6-11一个金融服务机构正在开发并记录业务持续措施。下面哪一个选项是信息系统审计师最有可能提出问题的？A.该机构用良好的实践指南来代替行业标准，并依赖外部顾问来保证方法的适用性。B.业务持续能力根据一套经仔细选择的方案计划，该方案描述了事件可能发生的合理可能性。 C.恢复时间目标并不考虑信息灾难恢复的限制，像恢复阶段个人与系统的向关性。 D.该机构计划租用一个共享交替的场地，那里有应急工作场所，刚好可以容纳一半的普通员工。 B It is a common mistake to use sc

44、enario planning for business continuity. The problem is that it is impossible to plan and document actions for every possible scenario. Planning for just selected scenarios denies the fact that even improbable events can cause an organization to break down. Best practice planning addresses the four

45、possible areas of impact in a disaster: premises, people, systems, suppliers and other dependencies. All scenarios can be reduced to these four categories and can be handled simultaneously. There are very few special scenarios which justify an additional separate analysis. It is a good idea to use b

46、est practices and external advice for such an important topic, especially since knowledge of the right level of preparedness and the judgment about adequacy of the measures taken is not available in every organization. The recovery time objectives (RTOs) are based on the essential business processes

47、 required to ensure the organizations survival, therefore it would be inappropriate for them to be based on IT capabilities. Best practice guidelines recommend having 20-40% of normal capacity available at an emergency site: therefore, a value of 50% would not be a problem if (here arc no additional

48、 factors. 答案B 解析： 这是个普遍的错误用远景规划去应对业务持续。问题是不可能为每个可能的情况做计划和记录步骤。最佳实践是四个可能被灾难影响的方面：设备，人，系统，给养和其他。所有的情况都可以被缩减到这四个类别并且被同时处理。有一些极少数的特别情况被证明特别的分析。这是个好主义去用最佳实践和外部建议为如此重要的话题，特别因为正确的知识准备层次和对于措施的判断并不是每个组织都具备。恢复时间目标是基于企业生存的必须业务流程，所以并不适合基于IT能力。最佳实践推荐正常能力的20%-40%做紧急备份，所以50%并不是个问题。 C6-12 A medium-sized organizatio

49、n, whose IT disaster recovery measures have been in place and regularly tested for years, has just developed a formal business continuity plan (BCP). A basic BCP tabletop exercise has been performed successfully. Which testing should an IS auditor recommend be performed NEXT to verify the adequacy o

50、f the new BCP?A. Full-scale test with relocation of all departments, including IT, to the contingency siteB. Walk-through test of a series of predefined scenarios with all critical personnel involvedC. IT disaster recovery test with business departments involved in testing the critical applicationsD

51、. Functional test of a scenario with limited IT involvementC6-12 一个中等组织，它的灾难恢复措施已经就绪并在数年中经过了有规律的测试，该组织刚刚开发了一个正式的业务持续性计划，并成功进行了基本的桌上模拟演练（沙盘推演），IS 审计师应该建议下一步采用什么测试来验证新的业务持续性计划的有效性？A. 全面测试，将所有部门包括IT部门重新部署到应急场所B. 在所有关键人员参与下穿行测试（走查）一系列事先定义的场景C. 在业务部门的参与下的IT 灾难恢复测试以测试关键程序D. 在IT部门有限的参与下的某一场景的功能测试 D After a

52、 tabletop exercise has been performed, the next step would be a functional test, which includes the mobilization of staff to exercise the administrative and organizational functions of a recovery. Since the IT part of the recovery has been tested for years, it would be more efficient to verify and o

53、ptimize the business continuity plan (BCP) before actually involving IT in a full-scale test. The full-scale test would be the last step of the verification process before entering into a regular annual testing schedule. A full-scale test in the situation described might fail because it would be the

54、 first time that the plan is actually exercised, and a number of resources (including IT) and time would be wasted. The walk-through test is the most basic type of testing. Its intention is to make key staff familiar with the plan and discuss critical plan elements, rather than verifying its adequac

55、y. The recovery of applications should always be verified and approved by the business instead of being purely IT-driven. A disaster recovery test would not help in verifying the administrative and organizational parts of the BCP which are not IT-related.答案D解析： 在完成桌上模拟演练（沙盘推演）之后，下一步应该是功能测试， 包括动员员工演习

56、恢复计划的行政和组织功能。由于恢复计划的IT部分已经经过了多年的测试，因此在真正包含IT的全面测试之前验证并优化业务持续性计划会更有效。在上面描述的情况下实施全面测试可能会失败，因为这是该计划第一次被实际演练，并且会造成一定的资源（包括IT资源）和时间的浪费。穿行测试（走查）是测试最基本的类型，它的目的是使关键员工熟悉计划并讨论计划的关键环节，而不是验证计划的有效性。程序的恢复应当被业务部门验证和批准而不是纯粹IT部门驱动。灾难恢复测试不能不能帮助验证业务恢复计划（BCP）的行政和组织部分，这部分是与IT无关的。C6-13 Which of the following is the MOST important consideration when defining recovery point objectives (RPOs).A. Minimum operating requirementsB. Acceptable date lossC. Mean time between failuresD. Acceptable time for recoveryC6-13 下面哪一项是确定恢复点目标（RPO）时最重要的考虑？A 最小操作需求B 可接受的数据丢失C 宕机之间的平均时间D 可接受的恢复时间B Recovery time objectives (RTOs