Which task should an IS auditor complete FIRST during the preliminary planning phase of a database security review?

• A.Identify the most critical database controls.
• B.Perform a business impact analysis (BIA).
• C.Evaluate the types of databases being used
• D.Determine which databases will be in scope.

Comment: *

Name: *

Email: *

Verification: *

Malicious program code was found in an application and corrected prior to release into production. After the release, the same issue was reported. Which of the following is the IS auditor's BEST recommendation?

• A.Ensure the business signs off on end-to-end user acceptance test (UAT) results.
• B.Ensure change management reports are independently reviewed.
• C.Ensure corrected program code is compiled in a dedicated server.
• D.Ensure programmers cannot access code after the completion of program edits.

Comment: *

Name: *

Email: *

Verification: *

Documentation of workaround processes to keep a business function operational during recovery of IT systems is a core part of a:

• A.business continuity plan (BCP).
• B.threat and risk assessment.
• C.business impact analysis (BIA).
• D.disaster recovery plan (DRP).

Comment: *

Name: *

Email: *

Verification: *

What would be an IS auditor's BEST course of action when an auditee is unable to close all audit recommendations by the time of the follow-up audit?

• A.Recommend compensating controls for open issues.
• B.Terminate the follow-up because open issues are not resolved
• C.Ensure the open issues are retained in the audit results.
• D.Evaluate the residual risk due to open issues.

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST protects evidence in a forensic investigation?

• A.imaging the affected system
• B.Powering down the affected system
• C.Protecting the hardware of the affected system
• D.Rebooting the affected system

Comment: *

Name: *

Email: *

Verification: *