An IS auditor should recommend the use of library control software to provide reasonable assurance that:

The purpose of code signing is to provide assurance that:

A programmer maliciously modified a production program to change data and then restored the original code.
Which of the following would MOST effectively detect the malicious activity?

An IS auditor reviewing a database application discovers that the current configuration does not match the
originally designed structure. Which of the following should be the IS auditor’s next action?

Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance
with an organization’s change control procedures?

An IS auditor reviewing database controls discovered that changes to the database during normal working
hours were handled through a standard set of procedures. However, changes made after normal hours
required only an abbreviated number of steps. In this situation, which of the following would be considered an
adequate set of compensating controls?

In regard to moving an application program from the test environment to the production environment, the BEST
control would be to have the:

Change management procedures are established by IS management to:

Which of the following controls would be MOST effective in ensuring that production source code and object
code are synchronized?

Vendors have released patches fixing security flaws in their software. Which of the following should an IS
auditor recommend in this situation?