Professional Documents
Culture Documents
3. A company performs a daily backup of critical data and software files and stores the backup
tapes at an offsite location. The backup tapes are used to restore the files in case of a
disruption. This is a:
a. preventive control. c. corrective control.
b. management control. d. detective control.
4. What is considered the MOST critical element for the successful implementation of an
information security (IS) program?
a. An effective enterprise risk management (ERM)framework
b. Senior management commitment
c. An adequate budgeting process
d. Meticulous program planning
5. Which of the following tasks may be performed by the same person in a well-controlled
information processing computer center?
a. Security administration and change management
b. Computer operations and system development
c. System development and change management
d. System development and systems maintenance
7. An IS auditor is verifying the IT policies and found that some of the policies have not been
approved by management (as required by policy), but the employees strictly follow the policies.
What should the IS auditor do first?
a. Ignore the absence of management approval because employees follow the policies
b. Recommend the immediate management approval of the policies.
c. Emphasize the importance of approval to management
d. Report the absence of documented approval
9. A poor choice of passwords and transmission over unprotected communications lines are
example of:
a. Vulnerabilities c. Probabilities
b. Threats d. Impacts
10. An IS auditor is planning an audit of a bank wire transfer systems in the context of a regulation
that requires bank to accurately report transactions. Which of the following represents the
PRIMARY focus of the audit scope?
a. Data availability c. Currency of data
b. Data confidentiality d. Data integrity