50 Case-Based MCQs – CISA Domain 5: Information System Operations, Maintenance & Service Management*
Weight: 23% = ∼36-37 Qs.
*Batch 1: IT Operations & Capacity Mgmt 1-10*
*Q1. Capacity*
Case: Server CPU at 95% every month-end for 4 hrs. Rest of month at 40%.
*Q:* Auditor’s BEST recommendation?
A. Buy new server immediately
B. Monitor trend + capacity plan for peak
C. Reduce user access during month-end
D. Increase RAM only
*Ans:
*Q2. Job Scheduling*
Case: Batch job for payroll runs 2 AM. If delayed, salary credited late. No alert setup.
*Q:* Control weakness?
A. No segregation of duties
B. No job scheduling monitoring + alerting
C. No change mgmt
D. No backup
*Ans:
*Q3. Performance Mgmt*
Case: Helpdesk SLA = 4 hrs. Avg resolution = 6 hrs. No SLA breach report.
*Q:* Auditor should recommend?
A. Hire more staff
B. Implement performance mgmt + SLA reporting
C. Reduce ticket volume
D. Change SLA to 8 hrs
*Ans:
*Q4. Media Handling*
Case: Backup tapes stored next to server room. No fire protection.
*Q:* Biggest risk?
A. Theft
B. Loss of data due to fire/disaster
C. Unauthorized access
D. Media degradation
*Ans:
*Q5. Patch Mgmt*
Case: OS patches applied directly to prod without testing.
*Q:* Control violation?
A. No change mgmt
B. No capacity planning
C. No BCP
D. No access control
*Ans:
*Q6. Storage*
Case: SAN utilization 98%. No alert + no expansion plan.
*Q:* Auditor concern?
A. Confidentiality
B. Availability risk due to no capacity mgmt
C. Integrity
D. Non-repudiation
*Ans:
*Q7. Operator Logs*
Case: Operators manually restart failed jobs but no log maintained.
*Q:* Missing control?
A. Change mgmt
B. Audit trail/operator logs
C. Access control
D. Encryption
*Ans:
*Q8. Environmental*
Case: Data center temp hits 35°C in summer. No temp monitoring alert.
*Q:* Risk?
A. Data leakage
B. Hardware failure + service interruption
C. Virus attack
D. User error
*Ans:
*Q9. Print Mgmt*
Case: Sensitive reports printed and left on printer overnight.
*Q:* Control?
A. Encryption
B. Secure print release + clean desk policy
C. Firewall
D.
*Q10. Vendor Mgmt*
Case: Cloud vendor outage 6 hrs/month. No SLA penalty clause.
*Q:* Auditor rec?
A. Switch vendor
B. Define SLA with penalty + monitoring
C. Accept outage
D. Increase bandwidth
*Ans:
*Batch 2: BCP & DRP 11-25*
*Q11. BIA*
Case: Company lists 200 apps as “critical” for DR. No prioritization.
*Q:* Missing step?
A. Risk assessment
B. Business Impact Analysis to prioritize RTO/RPO
C. Backup test
D. Insurance
*Ans:
*Q12. RTO vs RPO*
Case: Mgmt says “We can afford 24 hrs data loss but must be up in 4 hrs”.
*Q:* RTO = ?, RPO = ?
A. RTO 24h, RPO 4h
B. RTO 4h, RPO 24h
C. Both 4h
D. Both 24h
*Ans:
*Q13. DR Site*
Case: DR site is in same city, same power grid as primary.
*Q:* Weakness?
A. Cost
B. Not geographically separate → single point of failure
C. No test
D. No staff
*Ans:
*Q14. DR Test*
Case: DR plan exists but never tested in 3 years.
*Q:* Auditor finding?
A. Plan outdated + unproven effectiveness
B. No BIA
C. No risk assessment
D. No insurance
*Ans:
*Q15. Backup*
Case: Full backup weekly, no incremental/differential. Restore takes 20 hrs.
*Q:* Issue?
A. Backup frequency
B. RTO will not be met
C. No encryption
D. No offsite
*Ans:
*Q16. Crisis Mgmt*
Case: Fire alarm triggers. Staff don’t know evacuation route.
*Q:* Missing?
A. DR plan
B. BCP awareness training + drills
C. Insurance
D. Backup
*Ans: .
*Q17. MOU*
Case: Company has MOU with vendor for DR site but no contract/SLA.
*Q:* Risk?
A. Vendor may deny access during disaster
B. Cost higher
C. No encryption
D. No backup
*Ans:
*Q18. Parallel Test*
Case: DR test = run primary + DR site together with real data.
*Q:* Test type?
A. Tabletop
B. Parallel test
C. Full interruption
D. Simulation
*Ans:
*Q19. RPO 0*
Case: Bank requires zero data loss for transactions.
*Q:* Backup method?
A. Weekly full
B. Synchronous replication
C. Monthly backup
D. Manual backup
*Ans: .
*Q20. DR Team*
Case: Only IT knows DR plan. Business users unaware.
*Q:* Weakness?
A. Technical gap
B. Lack of business involvement in BCP
C. No budget
D. No test
*Ans:
*Q21. Hot vs Cold Site*
Case: Company needs to be up in 2 hrs after disaster.
*Q:* Suitable site?
A. Cold site
B. Warm site
C. Hot site
D. Mobile site
*Ans:
*Q22. Data Backup*
Case: Backups encrypted but key stored with backup tape.
*Q:* Risk?
A. Confidentiality
B. Availability
C. Integrity
D. No risk
*Ans:
*Q23. BCP Update*
Case: Org structure changed 6 months ago. BCP still has old contacts.
*Q:* Control failure?
A. No change mgmt for BCP
B. No BIA
C. No test
D. No risk assessment
*Ans:
*Q24. Tabletop Test*
Case: Mgmt discusses DR plan in meeting room, no systems involved.
*Q:* Test type?
A. Full interruption
B. Tabletop walkthrough
C. Parallel
D. Simulation
*Ans:
*Q25. Alternate Processing*
Case: DR plan says “use manual process” for 1 week. But manual forms not printed.
*Q:* Gap?
A. DR plan not practical/complete
B. No BIA
C. No insurance
D. No backup
*Ans:
*Batch 3: Change, Problem, Config Mgmt 26-40*
*Q26. Emergency Change*
Case: Critical bug fix applied to prod without CAB approval due to urgency.
*Q:* Auditor should check?
A. Approve it anyway
B. Post-implementation review + documentation
C. Punish admin
D. No issue
*Ans
*Q27. Problem vs Incident*
Case: Helpdesk resets password 50 times/day for same app.
*Q:* This is?
A. 50 incidents
B. 1 problem with 50 incidents
C. Change request
D. Service request
*Ans:
*Q28. Config Mgmt*
Case: Server config changed but CMDB not updated.
*Q:* Risk?
A. No risk
B. Inaccurate impact analysis for future changes
C. Performance issue
D. Backup failure
*Ans:
*Q29. Change Testing*
Case: Change tested in prod because “test env not available”.
*Q:* Violation?
A. No SoD
B. Testing in production environment
C. No BCP
D. No capacity plan
*Ans:
*Q30. Rollback*
Case: Change fails. No rollback plan. System down 8 hrs.
*Q:* Missing?
A. Change approval
B. Backout/rollback plan
C. BIA
D. SLA
*Ans:
*Q31. RFC*
Case: User emails admin “add RAM”. Admin does it.
*Q:* Missing?
A. Request for Change documentation + approval
B. Budget
C. BCP
D. SLA
*Ans:
*Q32. Known Error DB*
Case: Same incident resolved by different fix each time.
*Q:* Missing?
A. Incident mgmt
B. Known Error Database + workaround
C. Change mgmt
D. Capacity mgmt
*Ans:
*Q33. Config Baseline*
Case: Auditor can’t tell if current server config = approved config.
*Q:* Missing?
A. Config baseline + version control
B. Backup
C. SLA
D. BIA
*Ans:
*Q34. Change Window*
Case: Major change deployed Friday 5 PM. System down all weekend.
*Q:* Poor practice?
A. Change timing → not in approved change window
B. No test
C. No approval
D. No BCP
*Ans:
*Q35. SoD in Ops*
Case: Same person schedules job, monitors job, and restarts job.
*Q:* Risk?
A. No risk
B. Lack of segregation in ops
C. Performance issue
D. Backup issue
*Ans:
*Q36. Problem Trend*
Case: 30% tickets = “printer not working”. No root cause analysis.
*Q:* Missing process?
A. Incident mgmt
B. Problem mgmt
C. Change mgmt
D. Capacity mgmt
*Ans:
*Q37. Unauthorized Change*
Case: Admin applies “small fix” directly in prod, no RFC.
*Q:* Control?
A. Technical control to prevent direct prod access
B. More training
C. BCP
D. SLA
*Ans:
*Q38. Post-Imp Review*
Case: Change implemented. No review after 1 week.
*Q:* Missing?
A. Change approval
B. Post-implementation review to confirm success
C. BIA
D. Capacity plan
*Ans:
*Q39. Config Drift*
Case: 100 servers should have same config but 20 differ.
*Q:* Issue?
A. No config mgmt + compliance check
B. Performance
C. Backup
D. Capacity
*Ans:
*Q40. Emergency Access*
Case: Fire call → admin uses emergency account to fix. Account never disabled after.
*Q:* Risk?
A. No risk
B. Orphaned privileged account
C. Capacity issue
D. Backup issue
*Ans:
*Batch 4:
*Q41. SLA Metric*
Case: SLA says “resolve tickets fast”. No measurable metric.
*Q:* Issue?
A. SLA not measurable/SMART
B. No BCP
C. No change mgmt
D. No capacity plan
*Ans:
*Q42. Escalation*
Case: Critical ticket sits with L1 for 6 hrs. No escalation rule.
*Q:* Missing?
A. Incident prioritization + escalation matrix
B. Change mgmt
C. Backup
D. Capacity
*Ans:
*Q43. Performance Baseline*
Case: System slow but no baseline to compare.
*Q:* Missing?
A. Performance baseline for comparison
B. Backup
C. BCP
D. Change mgmt
*Ans: .
*Q44. Outsourced Helpdesk*
Case: Vendor helpdesk has access to all user data.
*Q:* Risk?
A. No risk
B. Excessive access → confidentiality risk
C. Capacity
D. Backup
*Ans:
*Q45. Job Dependencies*
Case: Report job runs before data load job finishes. Report is wrong.
*Q:* Issue?
A. No job scheduling dependency setup
B. No change mgmt
C. No BCP
D. No SLA
*Ans:
*Q46. Log Retention*
Case: System logs deleted after 7 days. Investigation needs 90-day log.
*Q:* Gap?
A. Log retention policy not aligned with need
B. No encryption
C. No backup
D. No SLA
*Ans:
*Q47. Single Point of Failure*
Case: Only 1 person knows tape rotation process. He is on leave.
*Q:* Risk?
A. Availability risk due to key person dependency
B. Confidentiality
C. Integrity
D. No risk
*Ans:
*Q48. Preventive Maintenance*
Case: UPS batteries never tested. Fail during outage.
*Q:* Missing?
A. Preventive maintenance schedule
B. Backup
C. Change mgmt
D. SLA
*Ans:
*Q49. Service Catalog*
Case: Users request services via email, phone, WhatsApp. No tracking.
*Q:* Missing?
A. Service catalog + request mgmt system
B. Change mgmt
C. BCP
D. Capacity
*Ans:
*Q50. Continuous Improvement*
Case: Ops metrics collected but never reviewed by mgmt.
*Q:* Missing?
A. Metrics collection
B. Management review + continuous improvement process
C. Backup
D. Change mgmt
*Ans:.
---
*Domain 5 Memory Rules for CISA*
1. *BIA first* → then RTO/RPO → then DR strategy
2. *RTO = time to recover*, *RPO = data loss tolerance*
3. *Hot > Warm > Cold* site for speed
4. *Problem = root cause*, *Incident = symptom*
5. *Emergency change* = allowed but must have post-review
Here are *50 Case-Based MCQs – CISA Domain 5: Information System Operations, Maintenance & Service Management*
Weight: 23% = ∼36-37 Qs. Focus: IT ops, BCP/DRP, capacity, performance, change, problem mgmt.
I’ll keep each case short + exam-style “BEST/FIRST/MOST” wording.
*Batch 1: IT Operations & Capacity Mgmt 1-10*
*Q1. Capacity*
Case: Server CPU at 95% every month-end for 4 hrs. Rest of month at 40%.
*Q:* Auditor’s BEST recommendation?
A. Buy new server immediately
B. Monitor trend + capacity plan for peak
C. Reduce user access during month-end
D. Increase RAM only
*Ans: B* | Ops mgmt = trend analysis + capacity planning before spending. CISA: “plan for peak, not average”.
*Q2. Job Scheduling*
Case: Batch job for payroll runs 2 AM. If delayed, salary credited late. No alert setup.
*Q:* Control weakness?
A. No segregation of duties
B. No job scheduling monitoring + alerting
C. No change mgmt
D. No backup
*Ans: B* | Ops control: critical job monitoring + escalation.
*Q3. Performance Mgmt*
Case: Helpdesk SLA = 4 hrs. Avg resolution = 6 hrs. No SLA breach report.
*Q:* Auditor should recommend?
A. Hire more staff
B. Implement performance mgmt + SLA reporting
C. Reduce ticket volume
D. Change SLA to 8 hrs
*Ans: B* | Ops mgmt needs measurement + reporting before action.
*Q4. Media Handling*
Case: Backup tapes stored next to server room. No fire protection.
*Q:* Biggest risk?
A. Theft
B. Loss of data due to fire/disaster
C. Unauthorized access
D. Media degradation
*Ans: B* | Offsite + fireproof storage = Domain 5 key.
*Q5. Patch Mgmt*
Case: OS patches applied directly to prod without testing.
*Q:* Control violation?
A. No change mgmt
B. No capacity planning
C. No BCP
D. No access control
*Ans: A* | Patch = change. Must test in non-prod first.
*Q6. Storage*
Case: SAN utilization 98%. No alert + no expansion plan.
*Q:* Auditor concern?
A. Confidentiality
B. Availability risk due to no capacity mgmt
C. Integrity
D. Non-repudiation
*Ans: B* | Capacity mgmt = prevent downtime.
*Q7. Operator Logs*
Case: Operators manually restart failed jobs but no log maintained.
*Q:* Missing control?
A. Change mgmt
B. Audit trail/operator logs
C. Access control
D. Encryption
*Ans: B* | Ops logs needed for accountability + troubleshooting.
*Q8. Environmental*
Case: Data center temp hits 35°C in summer. No temp monitoring alert.
*Q:* Risk?
A. Data leakage
B. Hardware failure + service interruption
C. Virus attack
D. User error
*Ans: B* | Environmental controls = ops mgmt.
*Q9. Print Mgmt*
Case: Sensitive reports printed and left on printer overnight.
*Q:* Control?
A. Encryption
B. Secure print release + clean desk policy
C. Firewall
D. Backup
*Ans: B* | Physical ops control for output mgmt.
*Q10. Vendor Mgmt*
Case: Cloud vendor outage 6 hrs/month. No SLA penalty clause.
*Q:* Auditor rec?
A. Switch vendor
B. Define SLA with penalty + monitoring
C. Accept outage
D. Increase bandwidth
*Ans: B* | Ops = vendor SLA mgmt.
*Batch 2: BCP & DRP 11-25*
*Q11. BIA*
Case: Company lists 200 apps as “critical” for DR. No prioritization.
*Q:* Missing step?
A. Risk assessment
B. Business Impact Analysis to prioritize RTO/RPO
C. Backup test
D. Insurance
*Ans: B* | BIA = first step to identify critical processes + RTO/RPO.
*Q12. RTO vs RPO*
Case: Mgmt says “We can afford 24 hrs data loss but must be up in 4 hrs”.
*Q:* RTO = ?, RPO = ?
A. RTO 24h, RPO 4h
B. RTO 4h, RPO 24h
C. Both 4h
D. Both 24h
*Ans: B* | RTO = recovery time, RPO = data loss tolerance.
*Q13. DR Site*
Case: DR site is in same city, same power grid as primary.
*Q:* Weakness?
A. Cost
B. Not geographically separate → single point of failure
C. No test
D. No staff
*Ans: B* | DR site must avoid common-mode failures.
*Q14. DR Test*
Case: DR plan exists but never tested in 3 years.
*Q:* Auditor finding?
A. Plan outdated + unproven effectiveness
B. No BIA
C. No risk assessment
D. No insurance
*Ans: A* | CISA: DR plan must be tested + maintained.
*Q15. Backup*
Case: Full backup weekly, no incremental/differential. Restore takes 20 hrs.
*Q:* Issue?
A. Backup frequency
B. RTO will not be met
C. No encryption
D. No offsite
*Ans: B* | Backup strategy must meet RTO.
*Q16. Crisis Mgmt*
Case: Fire alarm triggers. Staff don’t know evacuation route.
*Q:* Missing?
A. DR plan
B. BCP awareness training + drills
C. Insurance
D. Backup
*Ans: B* | BCP = people + process, not just IT.
*Q17. MOU*
Case: Company has MOU with vendor for DR site but no contract/SLA.
*Q:* Risk?
A. Vendor may deny access during disaster
B. Cost higher
C. No encryption
D. No backup
*Ans: A* | MOU ≠ legally binding. Need contract.
*Q18. Parallel Test*
Case: DR test = run primary + DR site together with real data.
*Q:* Test type?
A. Tabletop
B. Parallel test
C. Full interruption
D. Simulation
*Ans: B* | Parallel = both systems run.
*Q19. RPO 0*
Case: Bank requires zero data loss for transactions.
*Q:* Backup method?
A. Weekly full
B. Synchronous replication
C. Monthly backup
D. Manual backup
*Ans: B* | RPO 0 = real-time sync replication.
*Q20. DR Team*
Case: Only IT knows DR plan. Business users unaware.
*Q:* Weakness?
A. Technical gap
B. Lack of business involvement in BCP
C. No budget
D. No test
*Ans: B* | BCP owned by business, executed by IT.
*Q21. Hot vs Cold Site*
Case: Company needs to be up in 2 hrs after disaster.
*Q:* Suitable site?
A. Cold site
B. Warm site
C. Hot site
D. Mobile site
*Ans: C* | Hot = ready instantly. Cold = weeks.
*Q22. Data Backup*
Case: Backups encrypted but key stored with backup tape.
*Q:* Risk?
A. Confidentiality
B. Availability
C. Integrity
D. No risk
*Ans: A* | Key with data = defeats encryption.
*Q23. BCP Update*
Case: Org structure changed 6 months ago. BCP still has old contacts.
*Q:* Control failure?
A. No change mgmt for BCP
B. No BIA
C. No test
D. No risk assessment
*Ans: A* | BCP must be updated with org changes.
*Q24. Tabletop Test*
Case: Mgmt discusses DR plan in meeting room, no systems involved.
*Q:* Test type?
A. Full interruption
B. Tabletop walkthrough
C. Parallel
D. Simulation
*Ans: B* | Tabletop = discussion-based.
*Q25. Alternate Processing*
Case: DR plan says “use manual process” for 1 week. But manual forms not printed.
*Q:* Gap?
A. DR plan not practical/complete
B. No BIA
C. No insurance
D. No backup
*Ans: A* | Plan must be actionable.
*Batch 3: Change, Problem, Config Mgmt 26-40*
*Q26. Emergency Change*
Case: Critical bug fix applied to prod without CAB approval due to urgency.
*Q:* Auditor should check?
A. Approve it anyway
B. Post-implementation review + documentation
C. Punish admin
D. No issue
*Ans: B* | Emergency change allowed but must be reviewed + logged after.
*Q27. Problem vs Incident*
Case: Helpdesk resets password 50 times/day for same app.
*Q:* This is?
A. 50 incidents
B. 1 problem with 50 incidents
C. Change request
D. Service request
*Ans: B* | Problem mgmt = root cause. Incident = symptom.
*Q28. Config Mgmt*
Case: Server config changed but CMDB not updated.
*Q:* Risk?
A. No risk
B. Inaccurate impact analysis for future changes
C. Performance issue
D. Backup failure
*Ans: B* | CMDB accuracy needed for change mgmt.
*Q29. Change Testing*
Case: Change tested in prod because “test env not available”.
*Q:* Violation?
A. No SoD
B. Testing in production environment
C. No BCP
D. No capacity plan
*Ans: B* | Prod = last place to test.
*Q30. Rollback*
Case: Change fails. No rollback plan. System down 8 hrs.
*Q:* Missing?
A. Change approval
B. Backout/rollback plan
C. BIA
D. SLA
*Ans: B* | Every change needs backout plan.
*Q31. RFC*
Case: User emails admin “add RAM”. Admin does it.
*Q:* Missing?
A. Request for Change documentation + approval
B. Budget
C. BCP
D. SLA
*Ans: A* | Formal change request needed.
*Q32. Known Error DB*
Case: Same incident resolved by different fix each time.
*Q:* Missing?
A. Incident mgmt
B. Known Error Database + workaround
C. Change mgmt
D. Capacity mgmt
*Ans: B* | Problem mgmt creates KEDB.
*Q33. Config Baseline*
Case: Auditor can’t tell if current server config = approved config.
*Q:* Missing?
A. Config baseline + version control
B. Backup
C. SLA
D. BIA
*Ans: A* | Baseline = approved config state.
*Q34. Change Window*
Case: Major change deployed Friday 5 PM. System down all weekend.
*Q:* Poor practice?
A. Change timing → not in approved change window
B. No test
C. No approval
D. No BCP
*Ans: A* | Changes in low-impact window.
*Q35. SoD in Ops*
Case: Same person schedules job, monitors job, and restarts job.
*Q:* Risk?
A. No risk
B. Lack of segregation in ops
C. Performance issue
D. Backup issue
*Ans: B* | SoD applies to ops too.
*Q36. Problem Trend*
Case: 30% tickets = “printer not working”. No root cause analysis.
*Q:* Missing process?
A. Incident mgmt
B. Problem mgmt
C. Change mgmt
D. Capacity mgmt
*Ans: B* | Problem mgmt does trend + RCA.
*Q37. Unauthorized Change*
Case: Admin applies “small fix” directly in prod, no RFC.
*Q:* Control?
A. Technical control to prevent direct prod access
B. More training
C. BCP
D. SLA
*Ans: A* | Preventive control > detective.
*Q38. Post-Imp Review*
Case: Change implemented. No review after 1 week.
*Q:* Missing?
A. Change approval
B. Post-implementation review to confirm success
C. BIA
D. Capacity plan
*Ans: B* | PIR = close change loop.
*Q39. Config Drift*
Case: 100 servers should have same config but 20 differ.
*Q:* Issue?
A. No config mgmt + compliance check
B. Performance
C. Backup
D. Capacity
*Ans: A* | Drift = unauthorized changes.
*Q40. Emergency Access*
Case: Fire call → admin uses emergency account to fix. Account never disabled after.
*Q:* Risk?
A. No risk
B. Orphaned privileged account
C. Capacity issue
D. Backup issue
*Ans: B* | Emergency access must be disabled + reviewed.
*Batch 4: Service Desk, Performance, Other Ops 41-50*
*Q41. SLA Metric*
Case: SLA says “resolve tickets fast”. No measurable metric.
*Q:* Issue?
A. SLA not measurable/SMART
B. No BCP
C. No change mgmt
D. No capacity plan
*Ans: A* | SLA must have KPI like “avg resolution <4h”.
*Q42. Escalation*
Case: Critical ticket sits with L1 for 6 hrs. No escalation rule.
*Q:* Missing?
A. Incident prioritization + escalation matrix
B. Change mgmt
C. Backup
D. Capacity
*Ans: A* | Ops = priority + escalation.
*Q43. Performance Baseline*
Case: System slow but no baseline to compare.
*Q:* Missing?
A. Performance baseline for comparison
B. Backup
C. BCP
D. Change mgmt
*Ans: A* | Can’t say “slow” without baseline.
*Q44. Outsourced Helpdesk*
Case: Vendor helpdesk has access to all user data.
*Q:* Risk?
A. No risk
B. Excessive access → confidentiality risk
C. Capacity
D. Backup
*Ans: B* | Vendor access = least privilege.
*Q45. Job Dependencies*
Case: Report job runs before data load job finishes. Report is wrong.
*Q:* Issue?
A. No job scheduling dependency setup
B. No change mgmt
C. No BCP
D. No SLA
*Ans: A* | Job scheduler must enforce sequence.
*Q46. Log Retention*
Case: System logs deleted after 7 days. Investigation needs 90-day log.
*Q:* Gap?
A. Log retention policy not aligned with need
B. No encryption
C. No backup
D. No SLA
*Ans: A* | Ops policy must meet audit/legal need.
*Q47. Single Point of Failure*
Case: Only 1 person knows tape rotation process. He is on leave.
*Q:* Risk?
A. Availability risk due to key person dependency
B. Confidentiality
C. Integrity
D. No risk
*Ans: A* | Ops needs cross-training + docs.
*Q48. Preventive Maintenance*
Case: UPS batteries never tested. Fail during outage.
*Q:* Missing?
A. Preventive maintenance schedule
B. Backup
C. Change mgmt
D. SLA
*Ans: A* | Ops = preventive maintenance.
*Q49. Service Catalog*
Case: Users request services via email, phone, WhatsApp. No tracking.
*Q:* Missing?
A. Service catalog + request mgmt system
B. Change mgmt
C. BCP
D. Capacity
*Ans: A* | Standardize requests for tracking + SLA.
*Q50. Continuous Improvement*
Case: Ops metrics collected but never reviewed by mgmt.
*Q:* Missing?
A. Metrics collection
B. Management review + continuous improvement process
C. Backup
D. Change mgmt
*Ans: B* | ITIL: collect → review → improve.
---
*Domain 5 Memory Rules for CISA*
1. *BIA first* → then RTO/RPO → then DR strategy
2. *RTO = time to recover*, *RPO = data loss tolerance*
3. *Hot > Warm > Cold* site for speed
4. *Problem = root cause*, *Incident = symptom*
5. *Emergency change* = allowed but must have post-review
No comments:
Post a Comment