During an exit interview, in cases where there is disagreement regarding the impact of a finding, an IS auditor should:

• A.ask theauditee to sign a release form accepting full legal responsibility.
• B.elaborate on the significance of the finding and the risks of not correcting it.
• C.report the disagreement to the audit committee for resolution.
• D.accept theauditee's position since they are the process owners.

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be an IS auditor's GREATEST concern when an international organization intends to roll out a global data privacy policy?

• A.Requirements may become unreasonable.
• B.The policy may conflict with existing application requirements.
• C.Local regulations may contradict the policy.
• D.Local management may not accept the policy.

Comment: *

Name: *

Email: *

Verification: *

A company has decided to implement an electronic signature scheme based on public key infrastructure.
The user's private key will be stored on the computer's hard drive and protected by a password. The MOST significant risk of this approach is:

• A.use of the user's electronic signature by another person if the password is compromised.
• B.forgery by using another user's private key to sign a message with an electronic signature.
• C.impersonation of a user by substitution of the user's public key with another person's public key.
• D.forgery by substitution of another person's private key on the computer.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the GREATEST concern associated with a high number of IT policy exceptions approved by management?

• A.The exceptions are likely to continue indefinitely.
• B.The exceptions may result in noncompliance.
• C.The exceptions may elevate the level of operational risk.
• D.The exceptions may negatively impact process efficiency.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST effective way to verify an organization's ability to continue its essential business operations after a disruption event? Analysis of:

• A.end-to-end recovery flow
• B.recovery point objectives (RPOs)
• C.call trees
• D.business impact analysis (BIA)

Comment: *

Name: *

Email: *

Verification: *