At the end of the testing phase of software development, an IS auditor observes that an intermittent software error has not been corrected. No action has been taken to resolve the error. The IS auditor should:

• A.report the error as a finding and leave further exploration to the auditee's discretion.
• B.attempt to resolve the error.
• C.recommend that problem resolution be escalated.
• D.ignore the error, as it is not possible to get objective evidence for the software error.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST type of program for an organization to implement to aggregate,
correlate and store different log and event files, and then produce weekly and monthly reports for IS
auditors?

• A.A security information event management (SIEM) product
• B.An open-source correlation engine
• C.A log management tool
• D.An extract, transform, load (ETL) system

Comment: *

Name: *

Email: *

Verification: *

Processing controls ensure that data is accurate and complete, and is processed only through which of the following?

• A.Documented routines
• B.Authorized routines
• C.Accepted routines
• D.Approved routines

Comment: *

Name: *

Email: *

Verification: *

What should an IS auditor do if he or she observes that project-approval procedures do not exist?

• A.Advise senior management to invest in project-management training for the staff
• B.Create project-approval procedures for future project implementations
• C.Assign project leaders
• D.Recommend to management that formal approval procedures be adopted and documented

Comment: *

Name: *

Email: *

Verification: *

Which of the following is a practice that should be incorporated into the plan for testing disaster recovery procedures?

• A.Invite client participation.
• B.involve all technical staff.
• C.Rotate recovery managers.
• D.install locally-stored backup.

Comment: *

Name: *

Email: *

Verification: *