Which of the following is the BEST information source for management to use as an aid in the identification of
assets that are subject to laws and regulations?

While conducting an audit of a service provider, an IS auditor observes that the service provider has
outsourced a part of the work to another provider. Since the work involves confidential information, the IS
auditor’s PRIMARY concern shouldbe that the:

With respect to the outsourcing of IT services, which of the following conditions should be of GREATEST
concern to an IS auditor?

An IS auditor has been assigned to review IT structures and activities recently outsourced to various providers.
Which of the following should the IS auditor determine FIRST?

When an organization is outsourcing their information security function, which of the following should be kept in
the organization?

To minimize costs and improve service levels an outsourcer should seek which of the following contract
clauses?

An IS auditor should expect which of the following items to be included in the request for proposal (RFP) when
IS is procuring services from an independent service provider (ISP)?

When performing a review of the structure of an electronic funds transfer (EFT) system, an IS auditor observes
that the technological infrastructure is based on a centralized processing scheme that has been outsourced to a
provider in another country. Based on this information, which of the following conclusions should be the main
concern of the IS auditor?

An IS auditor reviewing an outsourcing contract of IT facilities would expect it to define the:

Is it appropriate for an IS auditor from a company that is considering outsourcing its IS processing to request
and review a copy of each vendor’s business continuity plan?