Which of the following is the BEST compensating control when segregation of duties is lacking in a small IS department?

• A.Background checks
• B.User awareness training
• C.Transaction log review
• D.Mandatory holidays

Comment: *

Name: *

Email: *

Verification: *

IT disaster recovery lime objectives (RTOs) should be based on the:

• A.maximum tolerable loss of data.
• B.business-defined critically of the systems.
• C.maximum tolerable downtime (MTD).
• D.nature of the outage.

Comment: *

Name: *

Email: *

Verification: *

An IS auditor discovers that due to resource constraints a database administrator (DBA) is responsible for developing and executing changes into the production environment Which of the following should the auditor do FIRST?

• A.Report a potential segregation of duties (SoD) violation
• B.Identify whether any compensating controls exist
• C.Determine whether another database administrator (DBA) could make the changes
• D.Ensure a change management process is followed prior to implementation

Comment: *

Name: *

Email: *

Verification: *

A virus typically consists of what major parts (choose all that apply):

• A.a mechanism that allows them to infect other files and reproduce" a trigger that activates delivery of a
  ""payload"""
• B.a payload
• C.a signature
• D.None of the choices.

Comment: *

Name: *

Email: *

Verification: *

What would be an IS auditor's BEST course of action when an auditee is unable to close all audit recommendations by the time of the follow-up audit?

• A.Evaluate the residual risk due to open issues.
• B.Terminate the follow-up because open issues are not resolved
• C.Recommend compensating controls for open issues.
• D.Ensure the open issues are retained in the audit results.

Comment: *

Name: *

Email: *

Verification: *