Professional Documents
Culture Documents
An IS auditor has been assigned to review an organization’s information security policy. Which
of the following issues represents the HIGHEST potential risk?
A. Strategic Plan
A. Board of Directors
A key IT system developer has suddenly resigned from an enterprise. Which of the
following will be the MOST important action?
Which of the following should be of MOST concern to an IS auditor reviewing the BCP?
buss continuity plan
A. The responsibility of declaring a disaster is not identified. : لم يتم تحديد مسؤولية إعالن الكارثة
Which of the following reasons BEST describes the purpose of a mandatory vacation policy?
When reviewing the IT strategic planning process, an IS auditor should ensure that the plan:
A. Articulates the IT mission and vision. توضيح مهمة ورؤية تكنولوجيا المعلومات
Which of the following task should be performed FIRST when preparing a DRP?
A. Board of Directors
DOMAIN 3
Normally, it would be essential to involve which of the following stakeholders in the initiation
stage of a project?
A. System owners
When reviewing an active project, an IS auditor observed that the business case was no longer
valid because of a reduction in anticipated benefits and increased costs. The IS auditor should
recommend that the:
During which of the following phases in system development would user acceptance test plans
normally be prepared?
A. Requirement Definition
Which of the following should an IS auditor review to understand project progress in term of time,
budget and deliverables for early detection of possible overruns تجاوزand for projecting estimation at
completion?
Which of the following is MOST relevant to an IS auditor evaluating how the project manager has
monitor the progress of the project?
A. Gantt Chart
Which of the following would BEST help to prioritize project activities and determine the time line
for a project?
During which phase of software application testing should an organization perform the testing of
architectural design?
A.Integration testing
The most common reason for the failure of information systems to meet the need of users is that:
A. User participation is defining the system’s requirements was inadequate.
Which of the following types of testing would determine whether a new or modified system can
operate in its target environment without adversely impacting other existing systems?
A. Sociability testing
The waterfall life cycle model of software development is MOST appropriately used when:
A. Requirements are well understood and are expected to remain stable, as is the business
environment in which the system will operate. (Dr)
B. Requirement are well understood and the project is subject to time pressure.
A. Integrity
When transmitting a payment instruction, which of the following will help verify that the
instruction was not duplicated?
An IS auditor finds out-of-range data in some tables of a database. Which of the following controls
should the IS auditor recommend to avoid this situation?
The editing/ validation of data entered at a remote site would be performed MOST effectively at
the:
A. Remote processing site prior transmission of the data to the central processing site
Which of the following would BEST help to detect errors in data processing?
A. Hash totals
Which of the following system and data conversion strategies provides the GREATEST
redundancy? التكرار االكبر
A. Parallel run
At the completion of a system development project, a post-project review should include which of
the following:
The PRIMARY objectives of conducting a postimplementation review for a business for a business
process automation project is to:
Which of the following BEST ensures that business requirements are met prior to implementation?
Data Owner
Cold Site
The MOST significant security concern when using flash memory (e.g., USB removable disk) is
that the:
Which of the following types of transmission media provide the BEST security against
unauthorized access?
Which of the following exposures associated with the spooling of sensitive reports for offline
printing should an IS auditor consider to be the MOST serious?
Which of the following propagation problems do wired and wireless transmissions have in
common
Attenuation
A network diagnostic tool that monitors and records network information is a(n):
Protocol analyzer
An alternate recovery site with space and basic infrastructure like electrical wiring, air-
conditioning and flooring, but no computer or communications equipment is a:
Cold site
Which of the following group is BEST source of information for determining the criticality of
application systems as part of a business impact analysis (BIA)?
A. IT management
B. Business processes owners (Dr)
A new business requirement required to changing data vendors. Which of the following areas
should be the IS auditor PRIMARY examine in relation to this implementation?
Integrity of data
A. Authorization logs
Foreign Key
Which of the following BEST mitigates the risk of backup media containing irreplaceable
information being stolen or lost while in transit?
Which of the following would BEST maintain the integrity of a firewall log?
Which of the following is the GREATEST concern when an organizations backup facility is at a
hot site?
Requirement of updated database
Which of the following procedures would MOST effectively detect the loading of illegal
software packages onto a network?
Which of the following is the GREATEST risk related to the monitoring of audit logs?
DOMAIN 5
Which of the following message services provides the strongest evidence that a specific action
has occurred?
B. Non-repudiation
Which of the following technique is more relevant to test wireless (Wi-Fi) security of an
organization?
C. War driving
Network layer
Which of the following is the MOST effective technique for providing security during data
transmission?
C. Encryption
An information security policy stating that "the display of passwords must be masked or
suppressed" addresses which of the following attack methods?
C. Shoulder surfing
When planning an audit of a network setup, the IS auditor should give highest priority to
obtaining which of the following network documentation?
A hacker could obtain passwords without the use of computer tools or programs through the
technique of:
social engineering.