A project team has decided to switch to an agile approach to develop a replacement tor an existing business application Which of the following should an IS auditor do FIRST to the effectiveness of the project audit?
Correct Answer: B
Question 547
Which of the following is the PRIMARY purpose of conducting an IS audit follow-up?
Correct Answer: D
Question 548
An IS audit reveals that an organization operating in business continuity mode during a pandemic situation has not performed a simulation test of the business continuity plan (BCP). Which of the following is the auditor's BEST course of action?
Correct Answer: B
Explanation This is because the auditor's primary objective is to evaluate the adequacy and performance of the business continuity plan (BCP) in ensuring the continuity and resilience of the organization's critical functions and processes during a disruption. The auditor should review the actual results and outcomes of the business response, such as the recovery time, recovery point, service level, customer satisfaction, and incident management, and compare them with the predefined objectives and criteria of the BCP. The auditor should also identify and analyze any gaps, issues, or lessons learned from the business response, and provide recommendations for improvement12. Answer A. Confirm the BCP has been recently updated. is not the best answer, because it is not directly related to the auditor's course of action. Confirming the BCP has been recently updated is a part of the audit planning and scoping process, not the audit execution or reporting process. The auditor should confirm the BCP has been recently updated before conducting the audit, not after revealing that a simulation test has not been performed. Moreover, confirming the BCP has been recently updated does not provide sufficient evidence of the effectiveness of the business response12. Answer C. Raise an audit issue for the lack of simulated testing. is not the best answer, because it is not relevant to the auditor's course of action. Raising an audit issue for the lack of simulated testing is a part of the audit reporting and follow-up process, not the audit execution or evaluation process. The auditor should raise an audit issue for the lack of simulated testing after reviewing the effectiveness of the business response, not before or instead of doing so. Furthermore, raising an audit issue for the lack of simulated testing does not address the root cause or impact of the problem, nor does it provide any constructive feedback or guidance for improvement12. Answer D. Interview staff members to obtain commentary on the BCP's effectiveness. is not the best answer, because it is not sufficient to guide the auditor's course of action. Interviewing staff members to obtain commentary on the BCP's effectiveness is a part of the audit evidence collection and analysis process, not the audit evaluation or conclusion process. The auditor should interview staff members to obtain commentary on the BCP's effectiveness as one of the sources of information, not as the only or main source of information. Additionally, interviewing staff members to obtain commentary on the BCP's effectiveness may be subjective, biased, or incomplete, and may not reflect the actual performance or outcomes of the business response12. References: Business Continuity Management Audit/Assurance Program Business Continuity Plan Testing: Types and Best Practices
Question 549
An intruder accesses an application server and makes changes to the system log. Which of the following would enable the identification of the changes?
Correct Answer: B
Section: Protection of Information Assets Explanation: A write-once CD cannot be overwritten. Therefore, the system log duplicated on the disk could be compared to the original log to detect differences, which could be the result of changes made by an intruder. Write-protecting the system log does not prevent deletion or modification, since the superuser can override the write protection. Backup and mirroring may overwrite earlier files and may not be current.
Question 550
A global organization's policy states that all workstations must be scanned for malware each day. Which of the following would provide an IS auditor with the BEST evidence of continuous compliance with this policy?
Correct Answer: C
Explanation Anti-malware tool audit logs would provide an IS auditor with the best evidence of continuous compliance with the global organization's policy that states that all workstations must be scanned for malware each day. Anti-malware tool audit logs are records that capture the activities and events related to the anti-malware software installed on the workstations, such as scan schedules, scan results, updates, alerts, and actions taken1. These logs can help the IS auditor to verify that the anti-malware software is functioning properly, that the scans are performed regularly and effectively, and that any malware incidents are detected and resolved in a timely manner2. Anti-malware tool audit logs can also help the IS auditor to identify any gaps or weaknesses in the anti-malware policy or implementation, and to provide recommendations for improvement3. The other options are not the best evidence of continuous compliance with the anti-malware policy. Penetration testing results are reports that show the vulnerabilities and risks of the workstations and network from an external or internal attacker's perspective4. While penetration testing can help to assess the security posture and resilience of the organization, it does not provide information on the daily anti-malware scans or their outcomes. Management attestation is a statement or declaration from the management that they have complied with the anti-malware policy5. While management attestation can demonstrate commitment and accountability, it does not provide objective or verifiable evidence of compliance. Recent malware scan reports are documents that show the summary or details of the latest anti-malware scans performed on the workstations. While recent malware scan reports can indicate the current status and performance of the anti-malware software, they do not provide historical or comprehensive evidence of compliance. References: Malwarebytes Anti-Malware (MBAM) log collection and threat reports ... Malicious Behavior Detection using Windows Audit Logs PCI Requirement 5.2 - Ensure all Anti-Virus Mechanisms are Current ... Management Attestation - an overview | ScienceDirect Topics How to Read a Malware Scan Report | Techwalla
