Answer / guest

Answer: A

Including the finding in the final report is a generally
accepted audit practice. If an action is taken after the
audit started and before it ended, the audit report should
identify the finding and describe the corrective action
taken. An audit report should reflect the situation, as it
existed at the start of the audit. All corrective actions
taken by the auditee should be reported in writing.

Answer / guest

A. include the finding in the final report because the IS
auditor is responsible for an accurate report of all
findings.

An organization has contracted with a vendor for a turnkey solution for their electronic toll collection system (ETCS). The vendor has provided its proprietary application software as part of the solution. The contract should require that: A. a backup server be available to run ETCS operations with up-to-date data. B. a backup server be loaded with all the relevant software and data. C. the systems staff of the organization be trained to handle any event. D. source code of the ETCS application be placed in escrow.

1 Answers  

---

A PING command is used to measure: A. attenuation. B. throughput. C. delay distortion. D. latency.

2 Answers  

---

A data administrator is responsible for: A. maintaining database system software. B. defining data elements, data names and their relationship. C. developing physical database structures. D. developing data dictionary system software.

3 Answers  

---

In large corporate networks having supply partners across the globe, network traffic may continue to rise. The infrastructure components in such environments should be scalable. Which of the following firewall architectures limits future scalability? A. Appliances B. Operating system based C. Host based D. Demilitarized

1 Answers  

---

The PRIMARY purpose of undertaking a parallel run of a new system is to: A. verify that the system provides required business functionality. B. validate the operation of the new system against its predecessor. C. resolve any errors in the program and file interfaces. D. verify that the system can process the production load.

2 Answers  

---

---

Which of the following would be included in an IS strategic plan? A. Specifications for planned hardware purchases B. Analysis of future business objectives C. Target dates for development projects D. Annual budgetary targets for the IS department

2 Answers  

---

Of the following, the MAIN purpose for periodically testing offsite backup facilities is to: A. ensure the integrity of the data in the database. B. eliminate the need to develop detailed contingency plans. C. ensure the continued compatibility of the contingency facilities. D. ensure that program and system documentation remains current.

1 Answers  

---

Data edits are an example of: A. preventive controls. B. detective controls. C. corrective controls. D. compensating controls.

2 Answers  

---

While developing a risk-based audit program, which of the following would the IS auditor MOST likely focus on? A. Business processes B. Critical IT applications C. Corporate objectives D. Business strategies

3 Answers   CISA,

---

Which of the following would not prevent the loss of an asset but would assist in recovery by transferring part of the risk to a third party? A. Full system backups B. Insurance C. Testing D. Business impact analysis

1 Answers  

---

Which of the following sampling methods is MOST useful when testing for compliance? A. Attribute sampling B. Variable sampling C. Stratified mean per unit D. Difference estimation

1 Answers  

---

An internal audit department, that organizationally reports exclusively to the chief financial officer (CFO) rather than to an audit committee, is MOST likely to: A. have its audit independence questioned. B. report more business-oriented and relevant findings. C. enhance the implementation of the auditor's recommendations. D. result in more effective action being taken on the recommendations.

2 Answers   ABC, CISA,

---