ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 1792 discussion

Actual exam question from Isaca's CISA
Question #: 1792
Topic #: 1
[All CISA Questions]

When assessing the overall effectiveness of an organization’s disaster recovery planning process, which of the following is MOST important for the IS auditor to verify?

  • A. Management documents and distributes a copy of the plan to all personnel.
  • B. Management contracts with a third party for warm site services.
  • C. Management schedules an annual tabletop exercise.
  • D. Management reviews and updates the plan annually or as changes occur.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by 46080f2 at March 13, 2025, 11:35 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
CCNPWILL
3 days, 10 hours ago
Selected Answer: D
ChatGPT also agrees D. My first choice was also D. Voting D. Why This is the Best Answer: A disaster recovery plan must remain current and aligned with the organization’s systems, risks, personnel, and infrastructure. If it's outdated, even a perfectly written plan becomes useless during an actual disaster. Why the Other Options Fall Short: A. Documents and distributes the plan 🔸 Necessary, but pointless if the plan is outdated. Distribution doesn’t guarantee accuracy. B. Contracts for warm site services 🔸 Good for recovery infrastructure, but doesn't address the effectiveness of the overall planning process. C. Schedules an annual tabletop exercise 🔸 Testing is important, but it won’t help if the plan is outdated or inaccurate.
upvoted 1 times
...
46080f2
1 month, 2 weeks ago
Selected Answer: C
The most important factor for the IS auditor to verify is C. Management schedules an annual tabletop exercise. This is because testing directly assesses the DRP’s effectiveness, ensuring it can be executed successfully. The CISA Review Manual supports this in Section 4.16.5: “Testing… validates the contents of the IT DRP” (page 343), making it the strongest indicator of preparedness. While updating the plan (Option D) is a close contender, testing encompasses validation and can trigger updates, giving it precedence in assessing overall effectiveness.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago