An IS auditor performing an application maintenance audit would review the log of program
changes for the:

A number of system failures are occurring when corrections to previously detected errors are
resubmitted for acceptance testing. This would indicate that the maintenance team is probably not
performing adequately which of the following types of testing?

An existing system is being extensively enhanced by extracting and reusing design and program
components. This is an example of:

When reviewing an organization’s approved software product list, which of the following is the
MOST important thing to verify?

When evaluating the controls of an EDI application, an IS auditor should PRIMARILY be concerned
with the risk of:

An IS auditor reviewing an accounts payable system discovers that audit logs are not being
reviewed. When this issue is raised with management the response is that additional controls are
not necessary because effective system access controls are inplace. The BEST response the
auditor can make is to:

The GREATEST advantage of using web services for the exchange of information between two
systems is:

A clerk changed the interest rate for a loan on a master file. The rate entered is outside the normal
range for such a loan. Which of the following controls is MOST effective in providing reasonable
assurance that the change was authorized?

When using an integrated test facility (ITF), an IS auditor should ensure that:

When reviewing input controls, an IS auditor observes that, in accordance with corporate policy,
procedures allow supervisory override of data validation edits. The IS auditor should: