When should application controls be considered within the system-development process?

• A.After application unit testing
• B.After application module testing
• C.After applications systems testing
• D.As early as possible, even in the development of the project's functional specifications

Comment: *

Name: *

Email: *

Verification: *

What would be an IS auditor's BEST recommendation upon finding that a third-party IT service provider hosts the organization's human resources (HR) system in a foreign country?

• A.Conduct a privacy impact analysis.
• B.Implement change management review.
• C.Review third-party audit reports.
• D.Perform background verification checks.

Comment: *

Name: *

Email: *

Verification: *

In the event of a data center disaster, which of the following would be the MOST appropriate strategy to enable a complete recovery of a critical database?

• A.Daily data backup to tape and storage at a remote site
• B.Real-time replication to a remote site
• C.Hard disk mirroring to a local server
• D.Real-time data backup to the local storage area network (SAN)

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST significant obstacle to establishing a new privacy program?

• A.Failure to perform a business impact analysis (BIA)
• B.An insufficient privacy awareness training program
• C.A complex legal and regulatory landscape
• D.Unresolved overlap of security and privacy roles and responsibilities

Comment: *

Name: *

Email: *

Verification: *

After observing suspicious activities in a server, a manager requests a forensic analysis.
Which of the following findings should be of MOST concern to the investigator?

• A.Server is a member of a workgroup and not part of the server domain
• B.Guest account is enabled on the server
• C.Recently, 100 users were created in the server
• D.Audit logs are not enabled for the server

Comment: *

Name: *

Email: *

Verification: *