What should be the GREATEST concern to an IS auditor wh…
What should be the GREATEST concern to an IS auditor when employees use portable media
(MP3 players, flash drives)?
Which of the following would be an effective access control?
An organization is using an enterprise resource management (ERP) application. Which of the
following would be an effective access control?
What would be of GREATEST concern if discoveredduring a…
A technical lead who was working on a major project has left the organization. The project manager
reports suspicious system activities on one of the servers that is accessible to the whole team.
What would be of GREATEST concern if discoveredduring a forensic investigation?
Which of the following is the BEST practice to ensure t…
Which of the following is the BEST practice to ensure that access authorizations are still valid?
Which of the following would provide efficient access c…
A business application system accesses a corporate database using a single ID and password
embedded in a program. Which of the following would provide efficient access control over the
organization’s data?
When using a universal storage bus (USB) flash drive to…
When using a universal storage bus (USB) flash drive to transport confidential corporate data to an
offsite location, an effective control would be to:
The IS auditor should:
An IS auditor finds that a DBA has read and write access to production datA. The IS auditor should:
Minimum password length and password complexity verific…
Minimum password length and password complexity verification are examples of:
What should the IS auditor do next?
During an audit of the logical access control of an ERP financial system an IS auditor found some
user accounts shared by multiple individuals. The user IDs were based on roles rather than
individual identities. These accounts allow access to financial transactions on the ERP. What
should the IS auditor do next?
The responsibility for authorizing access to applicatio…
The responsibility for authorizing access to application data should be with the: