IT Systems and Business Continuity Overview

Questions and Answers

Who should ideally have the ability to update data dictionaries?

Webmaster

Programmers

DBA (correct)

Operators

What is a primary tool used by a DBA in larger applications?

Web server

Database script

Database management system (DBMS) (correct)

Data dictionary

What should programmers and analysts not have access to?

Data files

Production programs

Data center operations (correct)

All of the above

What is the main responsibility of a webmaster?

Ensuring website content is displayed correctly

What should operators ideally not have regarding their work tasks?

Access to documentation

Which of the following is a responsibility of help desk personnel?

Logging reported problems

What type of problems do help desks typically resolve?

Minor problems

What should operators be responsible for in a data center?

Day-to-day functioning of the data center

What is the maximum numerical value for each element in a standard IPv4 address?

255

What protocol enables the assignment of IP addresses from a pool dynamically?

Dynamic Host Configuration Protocol (DHCP)

What is the typical radius of a wireless hotspot created by Wi-Fi protocols?

300 feet

Which of the following best describes the Bluetooth standard's operating range?

30 feet

Which technology uses microwaves to create a city-wide hotspot?

WiMax

What common application does Radio-Frequency Identification (RFID) technology support?

Inventory tracking

What aspect of Wi-Fi technology helps avoid collisions inherent in Ethernet?

Searching for the best frequency

What is a key characteristic of a personal area network (PAN) created by Bluetooth?

Operates within about 30 feet

What is the primary reason for implementing segregation of duties in an IT environment?

It helps prevent significant control weaknesses.

Which of the following roles is NOT typically involved in the segregation of duties within the IT environment?

Data Entry Operator

What compensating control may be necessary if segregation of duties cannot be implemented?

Library controls and effective supervision

Why should systems analysts not have access to data center operations?

It prevents potential conflicts of interest.

Which of the following is a traditional function that should be segregated in an IT environment?

Input, output, and reconciliation of accounts

Which task conducted by a computer poses a significant control risk if performed by the same individual?

Printing checks and recording disbursements

What is the primary responsibility of a Database Administrator (DBA)?

To maintain and protect the integrity of the database.

What effect does segregating test programs have in the IT environment?

It makes unauthorized changes in production programs more difficult to conceal.

What is the primary purpose of purchasing backup electrical generators for data centers?

To ensure continuous operation during power failures

What is the main action taken by IT staff when dealing with virus attacks?

Bringing the system down gracefully to contain damage

In the event that the main facility becomes uninhabitable, what is the recommended action for organizations?

To contract for alternate processing facilities

What must be guaranteed about the recovery center in terms of location?

It must be located far enough to avoid the same natural disaster

What distinguishes a hot site from other types of recovery centers?

It is a fully operational facility available for immediate use

What does the trade-off calculation for recovery center selection involve?

Evaluating the contract cost versus potential downtime costs

Which of the following is NOT true regarding a hot site?

It is the least costly recovery option available

Which response is critical for handling the aftermath of a denial-of-service attack?

Carefully shutting down the system to mitigate damage

What is the primary function of an MRP system in manufacturing?

To generate a schedule of when inventory items are needed

What must any contract for a hot site include?

Annual testing provision

What key feature distinguishes MRP II from traditional MRP systems?

MRP II integrates all aspects of a manufacturing business

What happens if parts are not in stock according to the MRP system?

A purchase order is automatically generated

How does a warm site differ from a hot site?

Combines features of both hot and cold sites

What is a characteristic of a cold site?

Requires installation of newly acquired equipment

What does the Master Production Schedule (MPS) provide in the context of MRP and MRP II?

The anticipated manufacturing schedule for selected items

What role do accurate data about inventory play in the MRP process?

They ensure effective application of MRP by determining costs and scheduling.

What is the primary purpose of fault-tolerant computer systems?

To prevent downtime in mission-critical applications

What technology allows for data delivery along multiple paths in fault-tolerant systems?

Redundant Array of Inexpensive Disks (RAID)

How does traditional ERP differ from MRP and MRP II systems?

ERP allows subsystems to share data and coordinate activities.

What is a key benefit of using an MRP system for auto manufacturers?

It provides a comprehensive list of parts and components required.

What is the typical recovery time for a warm site?

From 2 days to 2 weeks

Which aspect of production does the MRP system not directly manage?

Employee work schedules for team members

What is a disadvantage of using a cold site for disaster recovery?

It can require weeks or months to procure replacement equipment

What is one major risk associated with reliance on cold sites?

Delays in the recovery process

Study Notes

IT Systems and Business Continuity

• This study unit covers 15% to 25% of Part 3 of the CIA exam.
• It's tested at an awareness level.
• The syllabus section covers Security, Application Development, System Infrastructure, Functional areas of IT operations, ERP, data communications, software licensing, mainframe, operating systems, web infrastructure and business continuity.

Functional Areas of IT Operations

• Segregation of duties is important in IT operations.
• Clear separation of roles like systems analyst, programmer, operator, file librarian, and others, with supervision.
• Mainframes had specialized roles in the past, but roles have become blurred with decentralization.
• Maintaining proper segregation is vital, even in modern IT environments due to the blurring and disappearance of many traditional job roles.
• This is a critical control, as it helps prevent fraud, error, and inefficient operations.

Enterprise-Wide Resource Planning (ERP)

• ERP is a current system for managing organization resources, integrating enterprise-wide systems across the organization.
• It connects various functional subsystems (human resources, finance, production, marketing, distribution, purchasing, etc.) and links the organization to suppliers and customers.
• ERP improves demand analysis, just-in-time inventory management, and flexible responses to supply and demand changes.
• ERP systems are complex and costly, mostly used by the largest enterprises; however, mid-size organizations are increasingly buying them to implement best practices.
• ERP often necessitates re-engineering of business processes to realize its benefits and ensure standards and practices align with the software itself.

Web Infrastructure

• The Internet is a global network of interconnected networks, originally developed by ARPA in 1969.
• The Internet facilitates inexpensive communication and information transfer among computers.
• Most Internet access points go through Internet Service Providers (ISPs).
• Internet topology resembles a complex network rather than a simple spine-like structure.
• Internet communications use servers, clients, and the TCP/IP protocol suite.

IT System Communications

• Systems software manages computer resources.
• Operating systems are the fundamental system software, acting as the interface between users, applications, and computer hardware.
• Utilities perform basic data maintenance tasks (sorting, merging, copying, deleting).
• Networks consist of hardware devices and communication mediums.
• Client devices (e.g., computers, phones) connect to networks using network interface cards (NICs).
• Protocols govern communication between devices in a network.
• Local Area Networks (LANs) connect devices within a single location.
• Client-server arrangements in LANs, where devices (clients) request services from a central server, is more efficient than the peer-to-peer arrangement.
• Wide Area Networks(WANs) connect devices across multiple locations.
• Packet Switching and Circuit Switching are communication protocols to facilitate data transfer.
• Different networking protocols exist for diverse functions like VoIP (voice communications over the internet).

Contingency Planning

• Contingency planning is critical to resuming operations after disruptions.
• Disaster recovery is the process to restore operations in the event of major disruptions (e.g., power failure or natural disaster).
• Business continuity involves the continuation of operations using alternate methods during disruptions.
• Contingency plans should include procedures, vendors, and systems considerations for disaster recovery.
• Backup files and offsite data rotation are critical to recover data in case of data center disruption or natural disaster.
• Recovery center types include hot sites (fully operational, immediately available), warm sites (partially operational), and cold sites (minimal equipment).

Description

This quiz tests your knowledge on IT systems and business continuity, covering essential topics from the CIA exam Part 3. Key areas include security, application development, ERP, and the significance of segregation of duties in IT operations. Assess your understanding of how these concepts interrelate and impact overall IT governance.