Podcast
Questions and Answers
What aspect of IT projects within an organization's strategic plan should have IT requirements incorporated into?
What aspect of IT projects within an organization's strategic plan should have IT requirements incorporated into?
- Execution phase
- Planning phase (correct)
- Monitoring phase
- Closing phase
Which statement aligns best with data classification standards in terms of protecting information assets?
Which statement aligns best with data classification standards in terms of protecting information assets?
- Information assets should only be accessed by persons with a justified need.
- All information assets will be assigned a clearly defined level to facilitate proper employee handling. (correct)
- All information assets must be encrypted when stored on the organization's systems.
- Any Information assets transmitted over a public network must be approved by executive management.
Who is responsible for ensuring the representation of major stakeholders involved in a project?
Who is responsible for ensuring the representation of major stakeholders involved in a project?
- Change control board
- Project manager
- Steering committee (correct)
- Project management office (PMO)
What is the primary measure of an organization’s security program effectiveness?
What is the primary measure of an organization’s security program effectiveness?
What is the BEST course of action for an IS auditor when critical deficiencies have not been addressed after a follow-up audit?
What is the BEST course of action for an IS auditor when critical deficiencies have not been addressed after a follow-up audit?
Why would an organization separate the development and test IT processing environments?
Why would an organization separate the development and test IT processing environments?
What is a common issue that organizations face due to the lack of quick modification and deployment of solutions?
What is a common issue that organizations face due to the lack of quick modification and deployment of solutions?
What is a significant advantage of having three separate IT processing environments in an organization?
What is a significant advantage of having three separate IT processing environments in an organization?
Why is it important for an organization to mitigate calculation errors in spreadsheets?
Why is it important for an organization to mitigate calculation errors in spreadsheets?
What should an IS auditor look for to ensure management adequately balances business needs and risk management?
What should an IS auditor look for to ensure management adequately balances business needs and risk management?
What is the primary reason for implementing data encryption on desktops?
What is the primary reason for implementing data encryption on desktops?
Which scenario poses the GREATEST risk associated with data leakage?
Which scenario poses the GREATEST risk associated with data leakage?
When an intrusion into an organization's network is detected, what should be the FIRST step taken?
When an intrusion into an organization's network is detected, what should be the FIRST step taken?
What is the MOST important aspect for an IS auditor to assess in a project feasibility study?
What is the MOST important aspect for an IS auditor to assess in a project feasibility study?
What is the GREATEST concern when a business-critical application lacks fault tolerance?
What is the GREATEST concern when a business-critical application lacks fault tolerance?
Which action can help mitigate the risk of data leakage when staff work remotely?
Which action can help mitigate the risk of data leakage when staff work remotely?
Which of the following tasks would raise the LEAST segregation of duties (SoD) concern if performed by the person who reconciles the organization's device inventory?
Which of the following tasks would raise the LEAST segregation of duties (SoD) concern if performed by the person who reconciles the organization's device inventory?
What should be the IS auditor's PRIMARY recommendation regarding emergency fixes made by programmers in a data center?
What should be the IS auditor's PRIMARY recommendation regarding emergency fixes made by programmers in a data center?
What is a significant concern for an IS audit manager when a new auditor in the department previously worked for a cloud service provider?
What is a significant concern for an IS audit manager when a new auditor in the department previously worked for a cloud service provider?
If a person who reconciles the organization's device inventory also approves the issuing of devices, what segregation of duties (SoD) concern is MOST likely raised?
If a person who reconciles the organization's device inventory also approves the issuing of devices, what segregation of duties (SoD) concern is MOST likely raised?
What is the BEST way to address the segregation of duties (SoD) concern if the same individual is responsible for both tracking devices used for spare parts and issuing devices to employees?
What is the BEST way to address the segregation of duties (SoD) concern if the same individual is responsible for both tracking devices used for spare parts and issuing devices to employees?
What should be the primary focus of an IS auditor when evaluating emergency fixes made by programmers in operational systems?
What should be the primary focus of an IS auditor when evaluating emergency fixes made by programmers in operational systems?
What is the MOST reliable follow-up procedure for the IS auditor to determine if sequential order numbers are generated?
What is the MOST reliable follow-up procedure for the IS auditor to determine if sequential order numbers are generated?
When evaluating network monitoring controls, what is the MOST important for an IS auditor to review?
When evaluating network monitoring controls, what is the MOST important for an IS auditor to review?
What would be of GREATEST concern to an IS auditor reviewing the feasibility study for a new application system?
What would be of GREATEST concern to an IS auditor reviewing the feasibility study for a new application system?
Which of the following poses the GREATEST risk to an organization related to system interfaces?
Which of the following poses the GREATEST risk to an organization related to system interfaces?
What should an IS auditor primarily focus on while reviewing controls related to network monitoring?
What should an IS auditor primarily focus on while reviewing controls related to network monitoring?
When conducting a follow-up audit, what should an IS auditor prioritize in terms of assessing sequential order numbering generation?
When conducting a follow-up audit, what should an IS auditor prioritize in terms of assessing sequential order numbering generation?
