Once an organization has finished the business process reengineering (BPR) of all its critical operations, an IS auditor would MOST likely focus on a review of:

• A.pre-BPR process flowcharts.
• B.post-BPR process flowcharts.
• C.BPR project plans.
• D.continuous improvement and monitoring plans.

Comment: *

Name: *

Email: *

Verification: *

In the context of physical access control, what is known as the process of verifying user identities?

• A.Authentication
• B.Authorization
• C.Accounting
• D.Encryption
• E.Compression
• F.None of the choices.

Comment: *

Name: *

Email: *

Verification: *

E-mail traffic from the Internet is routed via firewall-1 to the mail gateway. Mail is routed from the mail gateway, via firewall-2, to the mail recipients in the internal network. Other traffic is not allowed. For example, the firewalls do not allow direct traffic from the Internet to the internal network.

The intrusion detection system (IDS) detects traffic for the internal network that did not originate from the mail gateway. The FIRST action triggered by the IDS should be to:

• A.alert the appropriate staff.
• B.create an entry in the log.
• C.close firewall-2.
• D.close firewall-1.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the FIRST step in initiating a data classification program?

• A.Assignment of data ownership
• B.Assignment of sensitivity levels
• C.Risk appetite assessment
• D.Inventory of data assets

Comment: *

Name: *

Email: *

Verification: *

Which of the following is an IS auditor's BEST course of action upon learning that preventive controls have been replaced with detective and corrective controls'

• A.Recommend the implementation of preventive controls in addition to the other controls.
• B.Report the issue to management as the risk level has increased.
• C.Evaluate whether new controls manage the risk at an acceptable level.
• D.Verify the revised controls enhance the efficiency of related business processes.

Comment: *

Name: *

Email: *

Verification: *