An organization performs nightly backups but does not have a formal policy. An IS auditor should FIRST

• A.recommend automated backup.
• B.evaluate current backup procedures.
• C.document a policy for the organization.
• D.escalate to senior management.

Comment: *

Name: *

Email: *

Verification: *

Which of the following security risks can be reduced by a properly configured network firewall?

• A.Insider attacks
• B.SQL injection attacks
• C.Denial of service (DoS) attacks
• D.Phishing attacks

Comment: *

Name: *

Email: *

Verification: *

A manufacturing firm wants to automate its invoice payment system. Objectives state that the system should require considerably less time for review and authorization and the system should be capable of identifying errors that require follow up. Which of the following would BEST meet these objectives?

• A.Establishing an inter-networked system of client servers with suppliers for increased efficiencies
• B.Outsourcing the function to a firm specializing in automated payments and accounts receivable/invoice processing
• C.Establishing an EDI system of electronic business documents and transactions with key suppliers, computer to computer, in a standard format
• D.Reengineering the existing processing and redesigning the existing system

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST restricts users to those functions needed to perform their duties?

• A.Application level access control
• B.Data encryption
• C.Disabling floppy disk drives
• D.Network monitoring device

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important requirement for an IS auditor to evaluate when reviewing a
transmission of personally identifiable information between two organizations?

• A.Completeness
• B.Timeliness
• C.Necessity
• D.Accuracy

Comment: *

Name: *

Email: *

Verification: *