PrepAway - Latest Free Exam Questions & Answers

While evaluating logical access control the IS auditor should follow all of the steps mentioned below EXCEPT o

While evaluating logical access control the IS auditor should follow all of the steps mentioned below EXCEPT one?

1. Obtain general understanding of security risk facing information processing, through a review of relevant documentation, inquiry and observation,etc

2. Document and evaluate controls over potential access paths into the system to assess their adequacy, efficiency and effectiveness

3. Test Control over access paths to determine whether they are functioning and effective by applying appropriate audit technique

4. Evaluate the access control environment to determine if the control objective are achieved by analyzing test result and other audit evidence

5. Evaluate the security environment to assess its adequacy by reviewing written policies, observing practices and procedures, and comparing them with appropriate security standard or practice and procedures used by other organization.

6. Evaluate and deploy technical controls to mitigate all identified risks during audit.

A. 2

B. 3

C. 1

D. 6

The word EXCEPT is the keyword used in the question. You need find out the item an IS auditor should not perform while evaluating logical access control. It is not an IT auditors responsibility to evaluate and deploy technical controls to mitigate all identified risks during audit.

For CISA exam you should know below information about auditing logical access:

Obtain general understanding of security risk facing information processing, through a review of relevant documentation, inquiry and observation,etc

Document and evaluate controls over potential access paths into the system to assess their adequacy, efficiency and effectiveness

Test Control over access paths to determine whether they are functioning and effective by applying appropriate audit technique

Evaluate the access control environment to determine if the control objective are achieved by analyzing test result and other audit evidence

Evaluate the security environment to assess its adequacy by reviewing written policies, observing practices and procedures, and comparing them with appropriate security standard or practice and procedures used by other organization.

The following were incorrect answers:

The other options presented are valid choices which IS auditor needs to follow while evaluating logical access control.

The following reference(s) were/was used to create this question:

CISA review manual 2014 Page number362


Leave a Reply