Which of the following concerns is MOST effectively addressed by implementing an IT framework for alignment between IT and business objectives?

• A.Inaccurate business impact analysis (BIA)
• B.Inadequate IT change management practices
• C.Lack of a benchmark analysis
• D.Inadequate IT portfolio management

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST way to mitigate the risk associated with unintentional modifications of complex calculations in end-user computing (EUC)?

• A.Execute copies of EUC programs out of a secure library
• B.implement complex password controls
• C.Have an independent party review the source calculations
• D.Verify EUC results through manual calculations

Comment: *

Name: *

Email: *

Verification: *

Which of the following would MOST likely impair the independence of the IS auditor when performing a post-implementation review of an application system?

• A.The IS auditor designed an embedded audit module exclusively for auditing the application system.
• B.The IS auditor provided consulting advice concerning application system best practices.
• C.The IS auditor participated as a member of the application system project team, but did not have operational responsibilities.
• D.The IS auditor implemented a specific control during the development of the application system.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST way to verify the effectiveness of a data restoration process?

• A.Validating off ne backups using software utilities
• B.Reviewing and updating data restoration policies annually
• C.Performing periodic reviews of physical access to backup media
• D.Performing periodic complete data restorations

Comment: *

Name: *

Email: *

Verification: *

During a follow-up audit, it was found that a complex security vulnerability of low risk was not resolved within the agreed-upon timeframe. IT has stated that the system with the identified vulnerability is being replaced and is expected to be fully functional in two months Which of the following is the BEST course of action?

• A.Schedule a meeting to discuss the issue with senior management
• B.Recommend the finding be resolved prior to implementing the new system
• C.Perform an ad hoc audit to determine if the vulnerability has been exploited
• D.Require documentation that the finding will be addressed within the new system

Comment: *

Name: *

Email: *

Verification: *