An IS auditor is performing an audit of a remotely managed server backup. The IS auditor reviews the logs for
An IS auditor is performing an audit of a remotely managed server backup. The IS auditor reviews the logs for one day and finds one case where logging on a server has failed with the result that backup restarts cannot be confirmed. What should the auditor do?
In an IS audit of several critical servers, the IS auditor wants to analyze audit trails to discover potential
In an IS audit of several critical servers, the IS auditor wants to analyze audit trails to discover potential anomalies in user or system behavior. Which of the following tools are MOST suitable for performing that task?
An IS auditor is evaluating a corporate network for a possible penetration by employees. Which of the followin
An IS auditor is evaluating a corporate network for a possible penetration by employees. Which of the following findings should give the IS auditor the GREATEST concern?
Which of the following is the PRIMARY advantage of using computer forensic software for investigations?
Which of the following is the PRIMARY advantage of using computer forensic software for investigations?
An IS auditor has imported data from the clients database. The next step-confirming whether the imported data
An IS auditor has imported data from the clients database. The next step-confirming whether the imported data are complete-is performed by:
The vice president of human resources has requested an audit to identify payroll overpayments for the previous
The vice president of human resources has requested an audit to identify payroll overpayments for the previous year. Which would be the BEST audit technique to use in this situation?
During a security audit of IT processes, an IS auditor found that there were no documented security procedures
During a security audit of IT processes, an IS auditor found that there were no documented security procedures. The IS auditor should:
In the course of performing a risk analysis, an IS auditor has identified threats and potential impacts. Next,
In the course of performing a risk analysis, an IS auditor has identified threats and potential impacts. Next, the IS auditor should:
Which of the following should be of MOST concern to an IS auditor?
Which of the following should be of MOST concern to an IS auditor?
Which of the following would normally be the MOST reliable evidence for an auditor?
Which of the following would normally be the MOST reliable evidence for an auditor?