Short Quiz 002

1. The firm may wish to be partially self-insured and require minimum coverage but may not seek
complete replacement-cost coverage.
- False

2. Which of the following disaster recovery techniques is has the least risk associated with it?
a. ROC
b. They are all equally risky
c. Empty shell
d. Internally provided backup

3. All of the following are control risks associated with the distributed data processing structure
except
a. System interdependency
b. System incompatibilities
c. Lack of separation of duties
d. Lack of documentation standards

4. If one disk fails, the data can be recovered through segregation of IT functions.
- False

5. To fulfill the segregation of duties control objective, computer processing functions (like
authorization of credit and billing) are separated.
- False

6. The auditor should obtain architectural plans to determine that the computer center is solidly
built of fireproof material. This actions falls under:
a. Test of the fire detection system
b. Test of raid
c. Test of physical construction
d. Test of access control

7. Some systems professionals have unrestricted access to the organization's programs and data.
- True

8. Fault tolerance is the ability of the system to continue operation when part of the system fails due
to hardware failure, application program error, or operator error.
 - True

9. The major disadvantage of an empty shell solution as a second site backup is

a. Maintenance of excess hardware capacity.
b. The control of the shell site is an administrative drain on the company.
c. The host site may be unwilling to disrupt its processing needs to process the critical.
d. Recovery depends on the availability of necessary operating system.

10. Once a client firm has outsourced specific IT assets, its performance becomes linked to the
vendor's performance.
- True