- All Exams Instant Download
An IS auditor who was instrumental in designing an application is called upon to review the application. The auditor should:
An IS auditor who was instrumental in designing an application is called upon to review the application. The auditor should:A . refuse the assignment to avoid conflict of interest. B. use the knowledge of the application to carry out the audit. C. inform audit management of the earlier involvement. D....
During an audit of a reciprocal disaster recovery agreement between two companies, the
During an audit of a reciprocal disaster recovery agreement between two companies, the IS auditor would be MOST concerned with the:A . allocation of resources during an emergency. B. frequency of system testing. C. differences in IS policies and procedures. D. maintenance of hardware and software compatibility.View AnswerAnswer: D
Which of the following would be of GREATEST concern?
An IS auditor is evaluating an organization's IT strategy and plans . Which of the following would be of GREATEST concern?A . There is not a defined IT security policy. B. The business strategy meeting minutes are not distributed. C. IT is not engaged in business strategic planning. D. There...
Which of the following is the auditor's BEST recommendation?
An IS auditor has found that an organization is unable to add new servers on demand in a cost-efficient manner . Which of the following is the auditor's BEST recommendation?A . Increase the capacity of existing systems. B. Upgrade hardware to newer technology. C. Hire temporary contract workers for the...
When an intrusion into an organization network is deleted, which of the following should be done FIRST?
When an intrusion into an organization network is deleted, which of the following should be done FIRST?A . Block all compromised network nodes. B. Contact law enforcement. C. Notify senior management. D. Identity nodes that have been compromised.View AnswerAnswer: A
Which of the following is the MOST important prerequisite for the protection of physical information assets in a data center?
Which of the following is the MOST important prerequisite for the protection of physical information assets in a data center?A . Segregation of duties between staff ordering and staff receiving information assets B. Complete and accurate list of information assets that have been deployed C. Availability and testing of onsite...
Which of the following should be the auditor's NEXT course of action?
An IS auditor finds that firewalls are outdated and not supported by vendors . Which of the following should be the auditor's NEXT course of action?A . Report the mitigating controls. B. Report the security posture of the organization. C. Determine the value of the firewall. D. Determine the risk...
Which of the following is the BEST way to protect this sensitive information while allowing the developers to use it in development and test environments?
An organization's software developers need access to personally identifiable information (Pll) stored in a particular data format . Which of the following is the BEST way to protect this sensitive information while allowing the developers to use it in development and test environments?A . Data masking B. Data tokenization C....
Documentation of workaround processes to keep a business function operational during recovery of IT systems is a core part of a:
Documentation of workaround processes to keep a business function operational during recovery of IT systems is a core part of a:A . business impact analysis (BIA). B. threat and risk assessment. C. business continuity plan (BCP). D. disaster recovery plan (DRP).View AnswerAnswer: C
Which of the following should be the MOST important consideration when conducting a review of IT portfolio management?
Which of the following should be the MOST important consideration when conducting a review of IT portfolio management?A . Assignment of responsibility for each project to an IT team member B. Adherence to best practice and industry approved methodologies C. Controls to minimize risk and maximize value for the IT...
