- All Exams Instant Download
In the actual difficult audit review process, if the Business Impact Analysis (BIA) did not proceed, the auditor should first:
In the actual difficult audit review process, if the Business Impact Analysis (BIA) did not proceed, the auditor should first:A . Assess the impact on current disaster recovery capabilities.B . Submit an interim report to management.C . Perform business impact analysis.D . Perform additional compliance tests.View AnswerAnswer: D
Which of the following attacks is best suited for intrusion detection systems (IDS) checking?
Which of the following attacks is best suited for intrusion detection systems (IDS) checking?A . SpoofingB . System scanningC . Logic bombD . SpammingView AnswerAnswer: B
Which of the following is the most appropriate advice for an information systems auditor?
A bank wants to outsource the system to cloud-based supply in another country. Which of the following is the most appropriate advice for an information systems auditor?A . As expected, because the supplier must comply with all laws of the country where the customer is locatedB . Ensure that...
Which of the following is most helpful for information systems auditors when evaluating control effectiveness?
Which of the following is most helpful for information systems auditors when evaluating control effectiveness?A . Have interview communication with the management levelB . Results of control testC . Control self-assessmentD . Control matrixView AnswerAnswer: B
The biggest advantage of use prototype approach in software development is to help:
The biggest advantage of use prototype approach in software development is to help:A . Minimize changes to the scope of the system.B . Reduce the time allocated to user testing and reviewC . Improve the efficiency of quality assurance (QA) testing.D . Conceptualize and clarify requirementsView AnswerAnswer: D
Which of the following is most important when evaluating the retention period for a cloud provider's client data backup?
Which of the following is most important when evaluating the retention period for a cloud provider's client data backup?A . Last audit recommendationB . Contractual commitmentC . Industry best practicesD . Data storage costsView AnswerAnswer: B
Information systems auditors are conducting post-implementation analysis of enterprise resource planning (ERP) systems. The end user expressed concern about the accuracy of the system's critical automatic calculations.
Information systems auditors are conducting post-implementation analysis of enterprise resource planning (ERP) systems. The end user expressed concern about the accuracy of the system's critical automatic calculations. The auditor’s first action step should be:A . Verify the integrity of the user acceptance testB . Review the initial business requirementsC...
Which of the following observations of change management should be considered by the information system auditor to be the most serious risk?
Which of the following observations of change management should be considered by the information system auditor to be the most serious risk?A . Two weeks after the approval, the changes were deployed.B . The change has not been approved by the business ownerC . No software tracking change management.D...
Which of the following methods provides the best assurance and user confidence when companies move data to more complex enterprise resource planning (ERP) systems?
Which of the following methods provides the best assurance and user confidence when companies move data to more complex enterprise resource planning (ERP) systems?A . User acceptance testB . Staged conversionC . Pilot testD . Parallel processingView AnswerAnswer: A
Conduct a web review to assess security risks. During the review process, which of the following questions will be most noticed?
Conduct a web review to assess security risks. During the review process, which of the following questions will be most noticed?A . Accessing the Internet from PC via a modemB . Accessing the Internet through the router through the internal networkC . Access to the internal network through the...
