Help with question - DR

During a disaster recovery test, an IS auditor observes that the performance of the disaster recovery site's server is slow. To find the root cause of this, the IS auditor should FIRST review the:

A. event error log generated at the disaster recovery site.

B. disaster recovery test plan.

C. disaster recovery plan (DRP).

D. configurations and alignment of the primary and disaster recovery sites.

According to me the answer should be A as first I would want to see what all errors are being generated (network / account / connectivity / disk space etc). This would give me some direction of where should I look into. But the correct answer is D. How just by looking at the configuration / alignment can I find the root cause.

Could someone please explain.

Find more posts tagged with

CISA

Comments

kaiju

A multitude of issues could appear during a recovery event if the configurations for the disaster recovery site are not the same as the primary site. Event logs will flag the error but verifying the configs can pinpoint exactly what was wrong IF there was a misconfiguration which in turn would illuminate the root cause.

COBOL_DOS_ERA

D is the most encompassing, as Kaju pointed out in his response. One of the trick of taking ISACA CRISC and CISM exam is to understand that is there any that would cover broader scope of the problem, and most of the time that's the answer. For example, most often business need or business case is going to be the right answer. Remember in configuration you are actually reviewing your plan, any associated anomalies. So, A, B, and C are actually part of D, thus D is the correct answer.

wd40

In many cases companies decide not to spend money on DR equipment so you will end up with old equipment at the DR site, this will work when you are testing your DR setup because you don't have the full load, but in case of a real disaster your DR systems can not handle the full load.

If the setup in the DR is identical to main site (D) then troubleshoot and check the logs etc.

jcundiff

Because when you look at the configurations of primary and DR sites, you are going to find that the DR site has 80% of servers and 75% (random numbers for scenario) of the connectivity (in/out) that the primary site does. Which if the primary site is running at 85-90% of capacity is going to cause bottlenecks and slow downs.

Answering A is a tech/administrator response, unfortunately, the CISSP, CRISC, CISM etc are wanting the manager perspective. D is always going to be the right answer to this type of question

JDMurray

Did you get this practice item from Quizlet?

sumeetgandhi

Thank you @kaiju @promethuschow @wd40 @jcundiff for the valuable insights, its lot more clear now. Appreciate your help as always.

sumeetgandhi

JDMurray said:

Did you get this practice item from Quizlet?

No, its from the QaE db.

kaiju

Glad I could help!