An IT steering committee should review information systems PRIMARILY to assess:

• A.whether IT processes support business requirements.
• B.if proposed system functionality is adequate.
• C.the stability of existing software.
• D.the complexity of installed technology.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the GREATEST risk associated with conducting penetration testing on a business-critical application production environment?

• A.System owners may not be informed in advance
• B.Results may differ from those obtained in the test environment
• C.This type of testing may not adhere to audit standards
• D.Data integrity may become compromised

Comment: *

Name: *

Email: *

Verification: *

What is a primary high-level goal for an auditor who is reviewing a system development project?

• A.To ensure that programming and processing environments are segregated
• B.To ensure that proper approval for the project has been obtained
• C.To ensure that business objectives are achieved
• D.To ensure that projects are monitored and administrated effectively

Comment: *

Name: *

Email: *

Verification: *

Management considered two projections for its business continuity plan; plan A with two months to recover and plan B with eight months to recover. The recovery objectives are the same in both plans. It is reasonable to expect that plan B projected higher:

• A.downtime costs.
• B.resumption costs.
• C.recovery costs.
• D.walkthrough costs.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is an oft-cited cause of vulnerability of networks?

• A.software monoculture
• B.software diversification
• C.single line of defense
• D.multiple DMZ
• E.None of the choices.

Comment: *

Name: *

Email: *

Verification: *