An information security team has discovered that users are sharing a login account to an application with sensitive information, in violation of the access policy. Business management indicates that the practice creates operational efficiencies. The information security manager's BEST course of action should be to:

• A.modify the policy
• B.present the risk to senior management
• C.enforce the policy
• D.create an exception for the deviation

Comment: *

Name: *

Email: *

Verification: *

An IS auditor finds that, in accordance with IS policy, IDs of terminated users are deactivated within 90 days of termination. The IS auditor should:

• A.report that the control is operating effectively since deactivation happens within the time frame stated in the IS policy.
• B.verify that user access rights have been granted on a need-to-have basis.
• C.recommend changes to the IS policy to ensure deactivation of user IDs upon termination.
• D.recommend that activity logs of terminated users be reviewed on a regular basis.

Comment: *

Name: *

Email: *

Verification: *

A database administrator (DBA) should be prevented from having end user responsibilities:

• A.having end user responsibilities
• B.accessing sensitive information
• C.having access to production files
• D.using an emergency user ID

Comment: *

Name: *

Email: *

Verification: *

When developing a risk-based IS audit plan, the PRIMARY focus should be on functions:

• A.considered important by IT management.
• B.with the most ineffective controls.
• C.with the greatest number of threats.
• D.considered critical to business operations.

Comment: *

Name: *

Email: *

Verification: *

Which of the following procedures would BEST contribute to the reliability of information in a data
warehouse?

• A.Retaining only current data
• B.Storing only a single type of data
• C.Maintaining archive data
• D.Maintaining current metadata

Comment: *

Name: *

Email: *

Verification: *