An IS auditor discovers that validation controls in a web application have been moved from the server side into the browser to boost performance. This would
MOST likely increase the risk of a successful attack by:
Answer : B
In a follow-up audit, an IS auditor notes that management has addressed the original findings in a different way than originally agreed upon. The auditor should
FIRST:
Answer : D
An organization is considering outsourcing the processing of customer insurance claims. An IS auditor notes that customer data will be sent offshore for processing. Which of the following would be the BEST way to address the risk of exposing customer data?
Answer : D
An IS audit team is evaluating the documentation related to the most recent application user-access review performed by IT and business management. It is determined the user list was not system-generated. Which of the following should be the GREATEST concern?
Answer : A
Which of the following should an IS auditor determine FIRST when evaluating additional hardware required to support the acquisition of a new accounting system?
Answer : C
A company requires that all program change requests (PCRs) be approved and all modifications be automatically logged. Which of the following IS audit procedures will BEST determine whether unauthorized changes have been made to production programs?
Answer : C
An IS auditor submitted audit reports and scheduled a follow-up audit engagement with a client. The client has requested to engage the services of the same auditor to develop enhanced controls. What is the GREATEST concern with this request?
Answer : C
An IS auditor is evaluating the completeness of privacy procedures involving personally identifiable information (PII). Which of the following is MOST important for the auditor to verify is included in the procedures?
Answer : A
The risk that the IS auditor will not find an error that has occurred is identified by which of the following terms?
Answer : A
An IS auditor finds that application servers had inconsistent security settings leading to potential vulnerabilities. Which of the following is the BEST recommendation by the IS auditor?
Answer : B
An IS auditor reviewing a new application for compliance with information privacy principles should be the MOST concerned with:
Answer : B
Which of the following is the PRIMARY reason for an IS auditor to issue an interim audit report?
Answer : C
Which of the following conditions would be of MOST concern to an IS auditor assessing the risk of a successful brute force attack encrypted data at rest?
Answer : D
In which of the following SDLC phases would the IS auditor expect to find that controls have been incorporated into system specifications?
Answer : B
An IS auditor has been invited to join an IT project team responsible for building and deploying a new digital customer marketing platform. Which of the following is the BEST way for the auditor to support this project while maintaining independence?
Answer : A
Have any questions or issues ? Please dont hesitate to contact us