Vendors have released patches fixing security flaws in their software. Which of the following should
an IS auditor recommend in this situation?

Which of the following controls would be MOST effective in ensuring that production source code
and object code are synchronized?

Change management procedures are established by IS management to:

In regard to moving an application program from the test environment to the production
environment, the BEST control would be to have the:

An IS auditor reviewing database controls discovered that changes to the database during normal
working hours were handled through a standard set of procedures. However, changes made after
normal hours required only an abbreviated number of steps. Inthis situation, which of the following
would be considered an adequate set of compensating controls?

Which of the following tests performed by an IS auditor would be the MOST effective in determining
compliance with an organization’s change control procedures?

An IS auditor reviewing a database application discovers that the current configuration does not
match the originally designed structure. Which of the following should be the IS auditor’s next
action?

A programmer maliciously modified a production program to change data and then restored the
original code. Which of the following would MOST effectively detect the malicious activity?

The purpose of code signing is to provide assurance that:

An IS auditor should recommend the use of library control software to provide reasonable assurance
that: