When evaluating the controls of an EDI application, an IS auditor should PRIMARILY be concerned with the risk of:

• A.excessive transaction turnaround time.
• B.application interface failure.
• C.improper transaction authorization.
• D.nonvalidated batch totals.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is a characteristic of timebox management?

• A.Not suitable for prototyping or rapid application development (RAD)
• B.Eliminates the need for a quality process
• C.Prevents cost overruns and delivery delays
• D.Separates system and user acceptance testing

Comment: *

Name: *

Email: *

Verification: *

An organization has just completed their annual risk assessment. Regarding the business continuity plan, what should an IS auditor recommend as the next step for the organization?

• A.Review and evaluate the business continuity plan for adequacy
• B.Perform a full simulation of the business continuity plan
• C.Train and educate employees regarding the business continuity plan
• D.Notify critical contacts in the business continuity plan

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST evidence of the maturity of an organization's information security
program?

• A.The number of reported incidents has increased.
• B.The information security department actively monitors security operations.
• C.The number of reported incidents has decreased.
• D.IT security staff implements strict technical security controls.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be MOST useful to an IS auditor confirming thai an IS department meets its service level agreements (SLAs)?

• A.Capacity planning tools
• B.System downtime reports
• C.System utilization reports
• D.IS strategic plan

Comment: *

Name: *

Email: *

Verification: *