Which of the following audit is mainly designed to evaluate the internal control structure in a given process or area?

During an IS audit, auditor has observed that authentication and authorization steps are split into two functions and there is a possibility to force the authorization step to be completed before the authentication step. Which of the following technique an attacker could user to force authorization step before authentication?

Which of the following audit combines financial and operational audit steps?

Which of the following attack is also known as Time of Check(TOC)/Time of Use(TOU)?

Which of the following audit mainly focuses on discovering and disclosing on frauds and crimes?

Which of the following attack occurs when a malicious action is performed by invoking the operating system to execute a particular system call?

Which of the following audit risk is related to exposure of a process or entity to be audited without taking into account the control that management has implemented?

Which of the following attack includes social engineering, link manipulation or web site forgery techniques?

Which of the following audit risk is related to material error exist that would not be prevented or detected on timely basis by the system of internal controls?

Which of the following attack is MOSTLY performed by an attacker to steal the identity information of a user such as credit card number, passwords, etc?