Which of the following is a logical access control designed to enhance the security of a computer-based application system?

• A.Users will automatically lose access to the system after 15 minutes of inactivity
• B.Users will be assigned rights to access the system based on their job responsibilities
• C.Users will not be allowed to use any of their last five passwords to access the system
• D.User accounts will be locked alter three unsuccessful attempts to access the system

Comment: *

Name: *

Email: *

Verification: *

Which of the following is a systems software control?

• A.Restricting server room access to specific individuals
• B.Performing of intrusion testing on a regular basis
• C.Housing servers with sensitive software away from environmental hazards.
• D.Ensuring that ail user requirements are documented.

Comment: *

Name: *

Email: *

Verification: *

An internal auditor performed a review of IT outsourcing and found that the service provider was failing to meet the terms of the service level agreement. Which of the following approaches is most appropriate to address this concern?

• A.The organization should proactively monitor the performance of the service provider, escalate concerns, and use penalty clauses in the contract where necessary.
• B.The organization should review the skill requirements and ensure that the service provider is maintaining sufficient expertise and retaining skilled resources.
• C.The organization should ensure that there is a clear management communication strategy and path for evaluating and reporting on all outsourced services concerns.
• D.The organization should work with the service provider to review the current agreement and expectations relating to objectives, processes, and overall performance.

Comment: *

Name: *

Email: *

Verification: *

During which phase of disaster recovery planning should an organization identify the business units, assets, and systems that are critical to continuing an acceptable level of operations?

• A.Business impact analysis.
• B.Scope and initiation phase.
• C.Plan development.
• D.Testing.

Comment: *

Name: *

Email: *

Verification: *

When developing an effective risk-based plan to determine audit priorities, an internal audit activity should start by:

• A.Identifying risks to the organization's operations.
• B.Observing and analyzing controls.
• C.Reviewing organizational objectives.
• D.Prioritizing known risks.

Comment: *

Name: *

Email: *

Verification: *