- All Exams Instant Download
One benefit of return on investment (ROI) analysts in IT decision making is that it provides the:
One benefit of return on investment (ROI) analysts in IT decision making is that it provides the:A . basis for allocating indirect costs. B. cost of replacing equipment. C. estimated cost of ownership. D. basis for allocating financial resources.View AnswerAnswer: D
Which of the following is MOST important to ensure when developing an effective security awareness program?
Which of the following is MOST important to ensure when developing an effective security awareness program?A . Training personnel are information security professionals. B. Phishing exercises are conducted post-training. C. Security threat scenarios are included in the program content. D. Outcome metrics for the program are established.View AnswerAnswer: D
Which of the following would be an IS auditor's GREATEST concern when reviewing the early stages of a software development project?
Which of the following would be an IS auditor's GREATEST concern when reviewing the early stages of a software development project?A . The lack of technical documentation to support the program code B. The lack of completion of all requirements at the end of each sprint C. The lack of...
Which of the following provides the MOST reliable audit evidence on the validity of transactions in a financial application?
Which of the following provides the MOST reliable audit evidence on the validity of transactions in a financial application?A . Walk-through reviews B. Substantive testing C. Compliance testing D. Design documentation reviewsView AnswerAnswer: B
An IS auditor discovers an option in a database that allows the administrator to directly modify any table. This option is necessary to overcome bugs in the software, but is rarely used. Changes to tables are automatically logged.
An IS auditor discovers an option in a database that allows the administrator to directly modify any table. This option is necessary to overcome bugs in the software, but is rarely used. Changes to tables are automatically logged. The IS auditor's FIRST action should be to:A . recommend that the...
Which of the following is the IS auditor's BEST recommendation?
Malicious program code was found in an application and corrected prior to release into production. After the release, the same issue was reported. Which of the following is the IS auditor's BEST recommendation?A . Ensure corrected program code is compiled in a dedicated server. B. Ensure change management reports are...
Cross-site scripting (XSS) attacks are BEST prevented through:
Cross-site scripting (XSS) attacks are BEST prevented through:A . application firewall policy settings. B. a three-tier web architecture. C. secure coding practices. D. use of common industry frameworks.View AnswerAnswer: C
Which of the following recommendations would BEST address the risk with minimal disruption to the business?
In a 24/7 processing environment, a database contains several privileged application accounts with passwords set to never expire. Which of the following recommendations would BEST address the risk with minimal disruption to the business?A . Modify applications to no longer require direct access to the database. B. Introduce database access...
Which of the following should be recommended as the PRIMARY factor to determine system criticality?
During an external review, an IS auditor observes an inconsistent approach in classifying system criticality within the organization. Which of the following should be recommended as the PRIMARY factor to determine system criticality?A . Key performance indicators (KPIs) B. Maximum allowable downtime (MAD) C. Recovery point objective (RPO) D. Mean...
Which of the following is the PRIMARY reason for an IS auditor to conduct post-implementation reviews?
Which of the following is the PRIMARY reason for an IS auditor to conduct post-implementation reviews?A . To determine whether project objectives in the business case have been achieved B. To ensure key stakeholder sign-off has been obtained C. To align project objectives with business needs D. To document lessons...
