How does the process of systems auditing benefit from using a risk-based approach to audit planning?

• A.Controls testing starts earlier.
• B.Auditing resources are allocated to the areas of highest concern.
• C.Auditing risk is reduced.
• D.Controls testing is more thorough.

Comment: *

Name: *

Email: *

Verification: *

An IS audit reveals an organization's IT department reports any deviations from its security standards to an internal IT risk committee involving IT senior management. Which of the following should be the IS auditor's GREATEST concern?

• A.The IT risk committee meeting minutes are not signed off by all participants.
• B.The chief information officer (CIO) did not attend a number of IT risk committee meetings during the past year.
• C.The list of IT risk committee members does not include the board member responsible for IT.
• D.The IT risk committee has no reporting line to any governance committee outside IT.

Comment: *

Name: *

Email: *

Verification: *

In an IS audit of several critical servers, the IS auditor wants to analyze audit trails to discover potential anomalies in user or system behavior. Which of the following tools are MOST suitable for performing that task?

• A.CASE tools
• B.Embedded data collection tools
• C.Heuristic scanning tools
• D.Trend/variance detection tools

Comment: *

Name: *

Email: *

Verification: *

Which of the following provides the MOST assurance of the integrity of a firewall log?

• A.The log is reviewed on a monthly basis.
• B.Authorized access is required to view the log.
• C.The log cannot be modified.
• D.The log is retained per policy.

Comment: *

Name: *

Email: *

Verification: *

A control that detects transmission errors by appending calculated bits onto the end of each segment of data is known as a:

• A.reasonableness check.
• B.parity check.
• C.redundancy check.
• D.check digits.

Comment: *

Name: *

Email: *

Verification: *