Many organizations require an employee to take a mandatory vacation (holiday) of a week or more
to:

A local area network (LAN) administrator normally would be restricted from:

A long-term IS employee with a strong technical background and broad managerial experience
has applied for a vacant position in the IS audit department. Determining whether to hire this

individual for this position should be based on the individual’sexperience and:

An IS auditor should be concerned when a telecommunication analyst:

When segregation of duties concerns exist between IT support staff and end users, what would be
a suitable compensating control?

An IS auditor reviewing an organization that uses cross-training practices should assess the risk
of:

Which of the following controls would an IS auditor look for in an environment where duties cannot
be appropriately segregated?

Which of the following reduces the potential impact of social engineering attacks?

Which of the following activities performed by a database administrator (DBA) should be
performed by a different person?

To gain an understanding of the effectiveness of an organization’s planning and management of
investments in IT assets, an IS auditor should review the: