Which of the following is the PRIMARY role of the IS auditor In an organization's information classification process?

• A.Securing information assets in accordance with the classification assigned
• B.Validating that assets are protected according to assigned classification
• C.Ensuring classification levels align with regulatory guidelines
• D.Defining classification levels for information assets within the organization

Comment: *

Name: *

Email: *

Verification: *

Which of the following is a concern when an organization's disaster recovery strategy utilizes a hot site?

• A.The lack of networking infrastructure
• B.Conflicts due to reciprocal agreements with other organizations
• C.Significant distance from the primary data center
• D.Insufficient environmental controls

Comment: *

Name: *

Email: *

Verification: *

After initial investigation, an IS auditor has reasons to believe that fraud may be present. The IS auditor should:

• A.expand activities to determine whether an investigation is warranted.
• B.report the matter to the audit committee.
• C.report the possibility of fraud to top management and ask how they would like to proceed.
• D.consult with external legal counsel to determine the course of action to be taken.

Comment: *

Name: *

Email: *

Verification: *

An IS auditor evaluating a three-tier client/server architecture observes an issue with graphical user interface (GUI) tasks. Which layer should the auditor recommend the client address?

• A.Application layer
• B.Presentation layer
• C.Transport layer
• D.Storage layer

Comment: *

Name: *

Email: *

Verification: *

Which of the following access control situations represents the MOST serious control weakness?

• A.Computer operators have access to system level flowcharts.
• B.Programmers have access to development hardware.
• C.End users have access to program development tools.
• D.System developers have access to production data.

Comment: *

Name: *

Email: *

Verification: *