Isaca CISA Practice Test - Questions Answers, Page 70

The recovery time objective (RTO) is the most important consideration when making a decision to invest in a hot site due to service criticality. The RTO is the maximum acceptable time that an IT service or process can be unavailable or disrupted before it causes significant damage to the business operations and objectives. A hot site is a fully equipped and operational backup facility that can be activated immediately in the event of a disaster or disruption. A hot site can help an organization achieve a very low RTO, as it can resume the service with minimal or no downtime. The maximum tolerable downtime (MTD) is the maximum acceptable time that an IT service or process can be unavailable or disrupted before it causes intolerable damage to the business operations and objectives. The MTD is usually longer than the RTO, as it represents the worst-case scenario. The recovery point objective (RPO) is the maximum acceptable amount of data loss that an IT service or process can tolerate in the event of a disaster or disruption. The RPO is measured in terms of time, such as hours or minutes, and indicates how frequently the data should be backed up or replicated. The mean time to repair (MTTR) is the average time that it takes to restore an IT service or process after a failure or disruption. The MTTR is a measure of the efficiency and effectiveness of the recovery process, but it does not reflect the service criticality or the business impact.Reference:IS Audit and Assurance Tools and Techniques,CISA Certification | Certified Information Systems Auditor | ISACA

DLP technologies are designed to prevent the unauthorized transmission or leakage of sensitive data, such as PII, intellectual property, or financial information, by employees or other insiders. DLP technologies can monitor, detect, and block data in motion, data at rest, and data in use across various channels, such as email, web, cloud, or removable devices. DLP technologies can also help enforce data security policies and compliance requirements.

Reference

ISACA CISA Review Manual, 27th Edition, page 253

The role of disclosures in risk assessment and mitigation

Mitigate Risk Strategy for Information Management

Stakeholder satisfaction is a key indicator of the effectiveness of a QMS, as it reflects the extent to which the QMS meets the expectations and priorities of the customers and other interested parties. A high percentage of stakeholder satisfaction implies that the QMS is delivering consistent and reliable products or services that meet the quality standards and requirements.

Reference

ISACA CISA Review Manual, 27th Edition, page 253

The Four Main Components of A Quality Management System

The Road to Developing an Effective Quality Management System (QMS)

A single point of failure is a component or system that, if it fails, will cause the entire system to stop functioning. In virtual environments, the hypervisor is the software layer that enables multiple virtual machines to run on a single physical host. If the hypervisor is compromised, corrupted, or unavailable, all the virtual machines running on that host will be affected. This can result in data loss, downtime, or security breaches.

Reference

ISACA CISA Review Manual, 27th Edition, page 254

Virtualization: What are the security risks?

What Is a Hypervisor? (Definition, Types, Risks)

The most important aspect of an incident response management program is the ability to detect incidents in a timely and accurate manner. Without effective detection, the organization cannot respond to incidents, mitigate their impact, or prevent their recurrence. The alerting tools and incident response team are responsible for monitoring the IT environment, identifying anomalies or threats, and notifying the appropriate stakeholders.

Reference

ISACA CISA Review Manual, 27th Edition, page 255

What is an incident response plan? And why do you need one?

ISACA CISA Certified Information Systems Auditor Exam ... - PUPUWEB

EVA is a project management technique that measures the performance of a project by comparing the actual work completed, the actual costs incurred, and the planned costs for the work scheduled. EVA can help determine if the project is on track, ahead of schedule, or behind schedule, and if the project is under budget, over budget, or on budget. EVA can also help forecast the final cost and schedule of the project based on the current performance.

Reference

ISACA CISA Review Manual, 27th Edition, page 255

18. Project Completion -- Project Management -- 2nd Edition

How to Measure Project Success | Smartsheet

The primary reason to perform internal QA for an internal audit function is to ensure that the internal audit activity adheres to the Definition of Internal Auditing and the International Standards for the Professional Practice of Internal Auditing (Standards) issued by the Institute of Internal Auditors (IIA), as well as the internal audit methodology and policies of the organization. A QA program enables an evaluation of the internal audit activity's performance, efficiency, effectiveness, and value, and identifies opportunities for improvement. A QA program also helps to enhance the credibility and reputation of the internal audit function among the stakeholders.

Reference

Quality Assurance - The Institute of Internal Auditors or The IIA

Benefits of a quality assurance review for internal audit

Optimize your internal audit function with a quality assurance review ...

A source code repository is a system that stores and manages the source code of a software project. A source code repository should be designed to provide secure versioning and backup capabilities for existing code, as these are essential features for concurrent development, code quality, and disaster recovery. Versioning allows developers to track, compare, and revert changes to the code over time. Backup ensures that the code is safely stored and can be restored in case of data loss or corruption.

Reference

Source Code Repositories: What is a Source Code Repository?

Git Source Code Repository Design Considerations

Best practices for repositories - GitHub Docs

A digital signature is a cryptographic technique that uses the sender's private key to generate a unique code for a message or document. The receiver can use the sender's public key to verify the authenticity and integrity of the message or document. A digital signature can prevent unauthorized change, as any modification to the message or document will invalidate the signature and alert the receiver of tampering.

Reference

What is a digital signature?

Digital Signature - an overview | ScienceDirect Topics

ISACA CISA Review Manual, 27th Edition, page 253