IS auditors are MOST likely to perform compliance tests of internal controls if, after their initial
evaluation of the controls, they conclude that control risks are within the acceptable limits. True or
false?

What is the primary objective of a control self-assessment (CSA) program?

A control that detects transmission errors by appending calculated bits onto the end of each
segment of data is known as a:

Which of the following is a data validation edit and control?

In a public key infrastructure (PKI), the authority responsible for the identification and authentication
of an applicant for a digital certificate (i.e., certificate subjects) is the:

Company.com has contracted with an external consulting firm to implement a commercial financial
system to replace its existing in-house developed system. In reviewing the proposed development
approach, which of the following would be of GREATEST concern?

The IS auditor learns that when equipment was brought into the data center by a vendor, the
emergency power shutoff switch was accidentally pressed and the UPS was engaged. Which of
the following audit recommendations should the IS auditor suggest?

An organization having a number of offices across a wide geographical area has developed a
disaster recovery plan (DRP). Using actual resources, which of the following is the MOST
costeffective test of the DRP?

Which of the following is a continuity plan test that uses actual resources to simulate a system
crash to cost-effectively obtain evidence about the plan’s effectiveness?

A malicious code that changes itself with each file it infects is called a: