- All Exams Instant Download
An IS auditor reviewing the threat assessment for a data center would be MOST concerned if:
An IS auditor reviewing the threat assessment for a data center would be MOST concerned if:A . all identified threats relate to external entitiesB . some of the identified threats are unlikely to occurC . neighboring organizations’ operations have been includedD . the exercise was completed by local managementView AnswerAnswer:...
The GREATEST risk when performing data normalization is:
The GREATEST risk when performing data normalization is:A . the increased complexity of the data modelB . duplication of audit logsC . reduced data redundancyD . decreased performanceView AnswerAnswer: A
An audit of the quality management system (QMS) begins with an evaluation of the:
An audit of the quality management system (QMS) begins with an evaluation of the:A . organization’s QMS policyB . sequence and interaction of QMS processesC . QMS processes and their applicationD . QMS document control proceduresView AnswerAnswer: A
An IS auditor has discovered that a cloud-based application was not included in an application inventory that was used to confirm the scope of an audit. The business process owner explained that the application will be audited by a third party in the next year.
An IS auditor has discovered that a cloud-based application was not included in an application inventory that was used to confirm the scope of an audit. The business process owner explained that the application will be audited by a third party in the next year. The auditor’s NEXT step should...
Which of the following would provide the BEST evidence of successfully completed batch uploads?
Which of the following would provide the BEST evidence of successfully completed batch uploads?A . Sign-off on the batch journalB . Using sequence controlsC . Enforcing batch cut-off timesD . Reviewing process logsView AnswerAnswer: B
Which of the following should the IS auditor recommend to BEST address this situation?
Assessments of critical information systems are based on a cyclical audit plan that has not been updated for several years. Which of the following should the IS auditor recommend to BEST address this situation?A . Use a revolving set of audit plans to cover all systemsB . Update the audit...
The objectives of business process improvement should PRIMARILY include:
The objectives of business process improvement should PRIMARILY include:A . minimal impact on staffB . incremental changes in productivityC . changes of organizational boundariesD . performance optimizationView AnswerAnswer: D
Which of the following should be of GREATEST concern?
An IS auditor is assessing risk associated with peer-to-peer file sharing within an organization. Which of the following should be of GREATEST concern?A . File-sharing policies have not been reviewed since last yearB . Only some employees are required to attend security awareness trainingC . Not all devices are running...
Which of the following should be the auditor’s PRIMARY concern?
When conducting a review of security incident management, an IS auditor found there are no defined escalation processes. All incidents are managed by the service desk. Which of the following should be the auditor’s PRIMARY concern?A . Inefficient use of service desk resourcesB . Management’s lack of high impact incidentsC...
What is the MOST effective way for the audit team to leverage this risk management maturity?
An organization has developed mature risk management practices that are followed across all departments. What is the MOST effective way for the audit team to leverage this risk management maturity?A . Facilitating audit risk identification and evaluation workshopsB . Implementing risk responses on management’s behalfC . Providing assurances to management...
