Which of the following would an IS auditor consider to be the MOST important when evaluating an organization's IS strategy? That it:

• A.has been approved by line management.
• B.does not vary from the IS department's preliminary budget.
• C.complies with procurement procedures.
• D.supports the business objectives of the organization.

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST enables alignment of IT with business objectives?

• A.Completing an IT risk assessment
• B.Benchmarking against peer organizations
• C.Developing key performance indicators (KPIs)
• D.Leveraging an IT governance framework

Comment: *

Name: *

Email: *

Verification: *

What is an IS auditor's BEST recommendation for management if a network vulnerability assessment confirms that critical patches have not been applied since the last assessment?

• A.Implement a process to test and apply appropriate patches.
• B.Apply available patches and continue periodic monitoring.
• C.Configure servers to automatically apply available patches.
• D.Remove unpatched devices from the network.

Comment: *

Name: *

Email: *

Verification: *

An IS auditor is reviewing an organization's implementation of a bring your own device (BYOD) program.
Which of following would be the BEST recommendation to help ensure sensitive data is protected if a device is in the possession of an unauthorized individual?

• A.Enable the location service feature on devices.
• B.Encrypt data on devices including storage media.
• C.Authenticate device users when accessing the corporate network.
• D.Enable remote wiping of critical data.

Comment: *

Name: *

Email: *

Verification: *

How does the process of systems auditing benefit from using a risk-based approach to audit planning?

• A.Controls testing starts earlier.
• B.Auditing resources are allocated to the areas of highest concern.
• C.Auditing risk is reduced.
• D.Controls testing is more thorough.

Comment: *

Name: *

Email: *

Verification: *