Change management procedures are established by IS management to:

• A.control the movement of applications from the test environment to the production environment.
• B.control the interruption of business operations from lack of attention to unresolved problems.
• C.ensure the uninterrupted operation of the business in the event of a disaster.
• D.verify that system changes are properly documented.

Comment: *

Name: *

Email: *

Verification: *

An organization conducted an exercise to test the security awareness level of users by sending an email offering a cash reward 10 those who click on a link embedded in the body of the email. Which of the following metrics BEST indicates the effectiveness of awareness training?

• A.The number of users deleting the email without reporting because it is a phishing email
• B.The number of users clicking on the link to learn more about the sender of the email
• C.The number of users forwarding the email to their business unit managers
• D.The number of users reporting receipt of the email to the information security team

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be the PRIMARY role of an internal audit function in the management of identified business risks?

• A.Establishing a risk appetite
• B.Establishing a risk management framework
• C.Validating enterprise risk management (ERM)
• D.Operating the risk management framework

Comment: *

Name: *

Email: *

Verification: *

For a company that outsources payroll processing, which of the following is the BEST way to ensure that only authorized employees are paid?

• A.Electronic payroll reports should be independently reviewed.
• B.Employees should receive pay statements showing gross pay, net pay. and deductions.
• C.Only payroll employees should be given the password for data entry and report retrieval.
• D.The company's bank reconciliations should be independently prepared and checked.

Comment: *

Name: *

Email: *

Verification: *

An IS auditor can verify that an organization's business continuity plan (BCP) is effective by reviewing the:

• A.alignment of the BCP with industry best practices.
• B.results of business continuity tests performed by IS and end-user personnel.
• C.off-site facility, its contents, security and environmental controls.
• D.annual financial cost of the BCP activities versus the expected benefit of implementation of the plan.

Comment: *

Name: *

Email: *

Verification: *