- All Exams Instant Download
Who should be accountable for managing these risks?
During a new system implementation, an IS auditor has been assigned to review risk management at each milestone. The auditor finds that several risks to project benefits have not been addressed. Who should be accountable for managing these risks?A . Enterprise risk manager B. Project sponsor C. Information security officer...
Which of the following data would be used when performing a business impact analysis (BIA)?
Which of the following data would be used when performing a business impact analysis (BIA)?A . Projected impact of current business on future business B. Cost-benefit analysis of running the current business C. Cost of regulatory compliance D. Expected costs for recovering the businessView AnswerAnswer: A
Which of the following should the IS auditor review FIRST?
An IS auditor notes the transaction processing times in an order processing system have significantly increased after a major release . Which of the following should the IS auditor review FIRST?A . Capacity management plan B. Training plans C. Database conversion results D. Stress testing resultsView AnswerAnswer: D
Which of the following should be done FIRST when planning a penetration test?
Which of the following should be done FIRST when planning a penetration test?A . Execute nondisclosure agreements (NDAs). B. Determine reporting requirements for vulnerabilities. C. Define the testing scope. D. Obtain management consent for the testing.View AnswerAnswer: D
What should be the PRIMARY basis for selecting which IS audits to perform in the coming year?
What should be the PRIMARY basis for selecting which IS audits to perform in the coming year?A . Senior management's request B. Prior year's audit findings C. Organizational risk assessment D. Previous audit coverage and scopeView AnswerAnswer: C
During a disaster recovery audit, an IS auditor finds that a business impact analysis (BIA) has not been performed. The auditor should FIRST
During a disaster recovery audit, an IS auditor finds that a business impact analysis (BIA) has not been performed. The auditor should FIRSTA . perform a business impact analysis (BIA). B. issue an intermediate report to management. C. evaluate the impact on current disaster recovery capability. D. conduct additional compliance...
The implementation of an IT governance framework requires that the board of directors of an organization:
The implementation of an IT governance framework requires that the board of directors of an organization:A . Address technical IT issues. B. Be informed of all IT initiatives. C. Have an IT strategy committee. D. Approve the IT strategy.View AnswerAnswer: D
Which of the following is MOST important for the auditor to confirm when sourcing the population data?
An IS auditor will be testing accounts payable controls by performing data analytics on the entire population of transactions . Which of the following is MOST important for the auditor to confirm when sourcing the population data?A . The data is taken directly from the system. B. There is no...
Which of the following should be the IS auditor's NEXT course of action?
An IS auditor is following up on prior period items and finds management did not address an audit finding . Which of the following should be the IS auditor's NEXT course of action?A . Note the exception in a new report as the item was not addressed by management. B....
Which of the following is MOST important for an IS auditor to understand when reviewing this decision?
An organization's enterprise architecture (EA) department decides to change a legacy system's components while maintaining its original functionality . Which of the following is MOST important for an IS auditor to understand when reviewing this decision?A . The current business capabilities delivered by the legacy system B. The proposed network...
