Which of the following should be established FIRST when initiating a control sell-assessment (CSA> program in a small organization?

• A.Control register
• B.Staff questionnaires
• C.Facilitated workshops
• D.Assessor competency

Comment: *

Name: *

Email: *

Verification: *

The IS auditor has recommended that management test a new system before using it in production mode The BEST approach for management in developing a test plan is to use processing parameters that are

• A.randomly selected by the user
• B.provided by the vendor of the application.
• C.simulated by production entities and customers
• D.randomly selected by a test generator

Comment: *

Name: *

Email: *

Verification: *

Which of the following is a corrective control?

• A.Reviewing user access rights for segregation of duties
• B.Executing emergency response plans
• C.Verifying duplicate calculations in data processing
• D.Separating equipment development, testing, and production

Comment: *

Name: *

Email: *

Verification: *

Due to system limitations, segregation of duties (SoD) cannot be enforced in an accounts payable system. Which of the following is the IS auditor s BEST recommendation for a compensating control?

• A.Review payment transaction history.
• B.Restrict payment authorization to senior staff members
• C.Reconcile payment transactions with invoices.
• D.Require written authorization for all payment transactions.

Comment: *

Name: *

Email: *

Verification: *

In an online banking application, which of the following would BEST protect against identity theft?

• A.Encryption of personal password
• B.Restricting the user to a specific terminal
• C.Two-factor authentication
• D.Periodic review of access logs

Comment: *

Name: *

Email: *

Verification: *