By evaluating application development projects against the capability maturity model (CMM), an IS auditor should be able to verify that:

• A.reliable products are guaranteed.
• B.programmers' efficiency is improved.
• C.security requirements are designed.
• D.predictable software processes are followed.

Comment: *

Name: *

Email: *

Verification: *

Which of the following controls MOST effectively reduces the risk associated with use of instant messaging (IM) in the workplace?

• A.Traffic encryption
• B.Blocking peer-to-peer (P2P) clients
• C.Session border controllers
• D.Network address translation

Comment: *

Name: *

Email: *

Verification: *

A proposed transaction processing application will have many data capture sources and outputs in paper
and electronic form. To ensure that transactions are not lost during processing, an IS auditor should
recommend the inclusion of:

• A.validation controls.
• B.internal credibility checks.
• C.clerical control procedures.
• D.automated systems balancing.

Comment: *

Name: *

Email: *

Verification: *

An IS auditor is reviewing a sample of production incidents and notes that root cause analysis is not being performed. Which of the following is the GREATEST risk associated with this finding?

• A.Future incidents may not be resolved in a timely manner.
• B.Future incidents may be prioritized inappropriately.
• C.The same incident may occur in the future.
• D.Service level agreements (SLAs) may not be met.

Comment: *

Name: *

Email: *

Verification: *

Security should ALWAYS be an all or nothing issue.

• A.True
• B.True for trusted systems only
• C.True for untrusted systems only
• D.False
• E.None of the choices.

Comment: *

Name: *

Email: *

Verification: *