Which of the following is the GREATEST benefit related to disaster recovery for an organization that has converted its infrastructure to a virtualized environment?
Correct Answer: B
Question 697
An IS auditor is evaluating management's risk assessment of information systems. The IS auditor should FIRST review:
Correct Answer: D
Explanation/Reference: Explanation: One of the key factors to be considered while assessing the risks related to the use of various information systems is the threats and vulnerabilities affecting the assets. The risks related to the use of information assets should be evaluated in isolation from the installed controls. Similarly, the effectiveness of the controls should be considered during the risk mitigation stage and not during the risk assessment phase A mechanism to continuously monitor the risks related to assets should be put in place during the risk monitoring function that follows the risk assessment phase.
Question 698
Which of the following approaches would utilize data analytics to facilitate the testing of a new account creation process?
Correct Answer: C
Data analytics is the process of collecting, transforming, analyzing, and visualizing data to gain insights and support decision making1. Data analytics can be used to facilitate the testing of a new account creation process by applying various techniques and methods to evaluate the quality, functionality, performance, and security of the process. One of the approaches that would utilize data analytics to test the new account creation process is to review new account applications submitted in the past month for invalid dates of birth. This approach would involve the following steps: Extract the data of new account applications from the source system, such as a database or a web service, using appropriate tools and methods. Transform and clean the data to ensure its accuracy, completeness, consistency, and validity, using techniques such as data profiling, data cleansing, data mapping, and data validation2. Analyze the data to identify any anomalies, errors, or outliers in the date of birth field, using methods such as descriptive statistics, exploratory data analysis, hypothesis testing, or anomaly detection3. Visualize the data to present the findings and insights in a clear and understandable way, using tools and techniques such as charts, graphs, dashboards, or reports. By reviewing new account applications submitted in the past month for invalid dates of birth, the tester can use data analytics to: Verify if the new account creation process is working as expected and meets the business requirements and specifications for the date of birth field. Detect any defects or issues in the new account creation process that may cause invalid dates of birth to be accepted or rejected incorrectly. Measure and monitor the performance and reliability of the new account creation process in terms of data quality, accuracy, and completeness. Evaluate and improve the test coverage and effectiveness of the new account creation process by identifying any gaps or risks in the test cases or scenarios. Therefore, option C is the correct answer. Option A is not correct because attempting to submit new account applications with invalid dates of birth is not a data analytics approach, but a functional testing approach that involves executing test cases or scenarios manually or automatically to validate the behavior and functionality of the new account creation process. Option B is not correct because reviewing the business requirements document for date of birth field requirements is not a data analytics approach, but a requirements analysis approach that involves examining and understanding the needs and expectations of the stakeholders for the new account creation process. Option D is not correct because evaluating configuration settings for date of birth field requirements is not a data analytics approach, but a configuration testing approach that involves verifying if the settings and parameters of the new account creation process are correct and consistent with the requirements. References: What is Data Analytics? Definition & Examples1 Data Transformation: Definition & Examples2 Data Analysis: Definition & Examples3 Data Visualization: Definition & Examples Functional Testing: Definition & Examples Requirements Analysis: Definition & Examples Configuration Testing: Definition & Examples
Question 699
Effective transactional controls are often capable of offering which of the following benefits (Choose four.):
Correct Answer: A,B,C,D
Section: Protection of Information Assets Explanation: Transactional systems provide a baseline necessary to measure and monitor contract performance and provide a method for appraising efficiency against possible areas of exposure. Effective transactional controls reduce administrative and material costs, shorten contract cycle times, enhance procurement decisions, and diminish legal risk.
Question 700
Regarding a disaster recovery plan, the role of an IS auditor should include:
Correct Answer: C
Section: Protection of Information Assets Explanation: The IS auditor should be present when disaster recovery plans are tested, to ensure that the test meets the targets for restoration, and the recovery procedures are effective and efficient. As appropriate, the auditor should provide a report of the test results. All other choices are a responsibility of management.
