Which of the following sampling methods is MOST useful when testing for compliance?

• A.Attribute sampling
• B.Variable sampling
• C.Stratified mean per unit
• D.Difference estimation

Comment: *

Name: *

Email: *

Verification: *

Which of the following provides the best evidence of the adequacy of a security awareness program?

• A.The number of stakeholders including employees trained at various levels
• B.Coverage of training at all locations across the enterprise
• C.The implementation of security devices from different vendors
• D.Periodic reviews and comparison with best practices

Comment: *

Name: *

Email: *

Verification: *

An IS auditor should expect the responsibility for authorizing access rights to production data and systems to be entrusted to the:

• A.process owners.
• B.system administrators.
• C.security administrator.
• D.data owners.

Comment: *

Name: *

Email: *

Verification: *

Data flow diagrams are used by IS auditors to:

• A.order data hierarchically.
• B.highlight high-level data definitions.
• C.graphically summarize data paths and storage.
• D.portray step-by-step details of data generation.

Comment: *

Name: *

Email: *

Verification: *

A CEO requests access to corporate documents from a mobile device that does not comply with
organizational policy. The information security manager should FIRST:

• A.evaluate the business risk
• B.evaluate a third-party solution
• C.initiate an exception approval process
• D.deploy additional security controls

Comment: *

Name: *

Email: *

Verification: *