In a follow-up audit, an IS auditor notes that management has addressed the original findings in a different way than originally agreed upon. The auditor should FIRST:
A. mark the recommendation as satisfied and close the finding
B. verify if management's action mitigates the identified risk
C. re-perform the audit to assess the changed control environment
D. escalate the deviation to the audit committee
Which of the following is MOST important for an IS auditor to determine when reviewing how the organization's incident response team handles devices that may be involved in criminal activity?
A. Whether devices are checked for malicious applications
B. Whether the access logs are checked before seizing the devices
C. Whether users have knowledge of their devices being examined
D. Whether there is a chain of custody for the devices
An IS auditor is evaluating a virtual server environment and learns that the production server, development server, and management console are housed in the same physical host. What should be the auditor's PRIMARY concern?
A. The physical host is a single point of failure
B. The management console is a single point of failure
C. The development server and management console share the same host
D. The development and production servers share the same host
Which of the following is the GREATEST risk resulting from conducting periodic reviews of IT over several years based on the same audit program?
A. The amount of errors will increase because the routine work promotes inattentiveness.
B. Detection risk is increased because auditees already know the audit program.
C. Audit risk is increased because the programs might not be adapted to the organization's current situation.
D. Staff turnover in the audit department will increase because fieldwork becomes less interesting.
Which of the following layer of an enterprise data flow architecture does the scheduling of the tasks necessary to build and maintain the Data Warehouse (DW) and also populates Data Marts?
A. Data preparation layer
B. Desktop Access Layer
C. Warehouse management layer
D. Data access layer
Which of the following is the PRIMARY benefit to an organization using an automated event monitoring solution?
A. Enhanced forensic analysis
B. Improved response time to incidents
C. Improved network protection
D. Reduced need for manual analysis
An organization plans to eliminate pilot releases and instead deliver all functionality in a single release. Which of the following is the GREATEST risk with this approach?
A. Likelihood of scope creep over time
B. Increased oversight required to track projects
C. Inability to track project costs
D. Releasing critical deficiencies into production
A computer forensic audit is MOST relevant in which of the following situations?
A. Inadequate controls in the IT environment
B. Mismatches in transaction data
C. Missing server patches
D. Data loss due to hacking of servers
During a project audit, an IS auditor notes that project reporting does not accurately reflect current progress. Which of the following is the GREATEST resulting impact?
A. The project manager will have to be replaced.
B. The project reporting to the board of directors will be incomplete.
C. The project steering committee cannot provide effective governance.
D. The project will not withstand a quality assurance (QA) review.
Which of the following can only be provided by asymmetric encryption?
A. Information privacy
B. 256-brt key length
C. Data availability
D. Nonrepudiation