Which audit technique provides the BEST evidence of the segregation of duties in an IS department?
Which audit technique provides the BEST evidence of the segregation of duties in an IS
department?
After assessing and mitigating the risks of a web application, who should decide on the acceptance of residual
After assessing and mitigating the risks of a web application, who should decide on the
acceptance of residual application risks?
To determine the extent of the duplication, the IS auditor would use:
During a review of a customer master file, an IS auditor discovered numerous customer
name duplications arising from variations in customer first names. To determine the extent of the
duplication, the IS auditor would use:
The purpose of a corrective control is to:
The purpose of a corrective control is to:
Which of the following would be the BEST population to take a sample from when testing program changes?
Which of the following would be the BEST population to take a sample from when testing program
changes?
Which of the following is the MOST important requirement for setting up an information security infrastructure
Which of the following is the MOST important requirement for setting up an information security
infrastructure for a new system?
what risk response?
Your project is an agricultural-based project that deals with plant irrigation systems. You have
discovered a byproduct in your project that your organization could use to make a profit. If your
organization seizes this opportunity it would be an example of what risk response?
An integrated test facility is considered a useful audit tool because it:
An integrated test facility is considered a useful audit tool because it:
Previously accepted risk should be:
Previously accepted risk should be:
Data flow diagrams are used by IS auditors to:
Data flow diagrams are used by IS auditors to: