An IS auditor reviewing an accounts payable system discovers that audit logs are not being
reviewed. When this issue is raised with management the response is that additional controls are
not necessary because effective system access controls are inplace. The BEST response the
auditor can make is to:

When evaluating the controls of an EDI application, an IS auditor should PRIMARILY be
concerned with the risk of:

When reviewing an organization’s approved software product list, which of the following is the
MOST important thing to verify?

An existing system is being extensively enhanced by extracting and reusing design and program
components. This is an example of:

A number of system failures are occurring when corrections to previously detected errors are
resubmitted for acceptance testing. This would indicate that the maintenance team is probably not
performing adequately which of the following types of testing?

An IS auditor performing an application maintenance audit would review the log of program
changes for the:

After discovering a security vulnerability in a third-party application that interfaces with several
external systems, a patch is applied to a significant number of modules. Which of the following
tests should an IS auditor recommend?

When performing an audit of a client relationship management (CRM) system migration project,
which of the following should be of GREATEST concern to an IS auditor?

Which of the following reports should an IS auditor use to check compliance with a service level
agreement’s (SLA) requirement for uptime?

A benefit of quality of service (QoS) is that the: