After discovering a security vulnerability in a third-party application that interfaces with several external systems,
a patch is applied to a significant number of modules. Which of the following tests should an IS auditor
recommend?

An IS auditor performing an application maintenance audit would review the log of program changes for the:

A number of system failures are occurring when corrections to previously detected errors are resubmitted for
acceptance testing. This would indicate that the maintenance team is probably not performing adequately which
of the following types of testing?

An existing system is being extensively enhanced by extracting and reusing design and program components.
This is an example of:

When reviewing an organization’s approved software product list, which of the following is the MOST important
thing to verify?

When evaluating the controls of an EDI application, an IS auditor should PRIMARILY be concerned with the
risk of:

An IS auditor reviewing an accounts payable system discovers that audit logs are not being reviewed. When
this issue is raised with management the response is that additional controls are not necessary becauseeffective system access controls are in place. The BEST response the auditor can make is to:

The GREATEST advantage of using web services for the exchange of information between two systems is:

A clerk changed the interest rate for a loan on a master file. The rate entered is outside the normal range for
such a loan. Which of the following controls is MOST effective in providing reasonable assurance that the
change was authorized?

When using an integrated test facility (ITF), an IS auditor should ensure that: