Which of the following BEST describes the early stages of an
IS audit?
A. Observing key organizational facilities.
B. Assessing the IS environment.
C. Understanding business process and environment applicable
to the review.
D. Reviewing prior IS audit reports.
- 1 Answers
- 9965 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
Understanding the business process and environment
applicable to the review is most representative of what
occurs early on, in the course of an audit. Other choices
relate to activities actually occurring within this process.
| Is This Answer Correct ? | 14 Yes | 1 No |
Which of the following provisions in a contract for external information systems services would an IS auditor consider to be LEAST significant? A. Ownership of program and files B. Statement of due care and confidentiality C. Continued service of outsourcer in the event of a disaster D. Detailed description of computer hardware used by the vendor
Which of the following types of risks assumes an absence of compensating controls in the area being reviewed? A. Control risk B. Detection risk C. Inherent risk D. Sampling risk
To detect attack attempts that the firewall is unable to recognize, an IS auditor should recommend placing a network intrusion detection system (IDS) between the:
Which of the following programs would a sound information security policy MOST likely include to handle suspected intrusions? A. Response B. Correction C. Detection D. Monitoring
Which of the following is the MOST fundamental step in effectively preventing a virus attack? A. Executing updated antivirus software in the background on a periodic basis B. Buying standard antivirus software, which is installed on all servers and workstations C. Ensuring that all software is checked for a virus in a separate PC before being loaded into the production environment D. Adopting a comprehensive antivirus policy and communicating it to all users
Capacity monitoring software is used to ensure: A. maximum use of available capacity. B. that future acquisitions meet user needs. C. concurrent use by a large number of users. D. continuity of efficient operations.
During the review of an organization's disaster recovery and business continuity plan, the IS auditor found that a paper test was performed to verify the existence of all necessary procedures and actions within the recovery plan. This is a: A. preparedness test. B. module test. C. full test. D. walk-through test.
In which of the following phases of the system development life cycle (SDLC) is it the MOST important for the IS auditor to participate? A. Design B. Testing C. Programming D. Implementation
Which of the following is a substantive audit test? A. Verifying that a management check has been performed regularly B. Observing that user IDs and passwords are required to sign on the computer C. Reviewing reports listing short shipments of goods received D. Reviewing an aged trial balance of accounts receivable
When reviewing a business process reengineering (BPR) project, which of the following is the MOST important for an IS auditor to evaluate? A. The impact of removed controls. B. The cost of new controls. C. The BPR project plans. D. The continuous improvement and monitoring plans.
In reviewing the IS short-range (tactical) plan, the IS auditor should determine whether: A. there is an integration of IS and business staffs within projects. B. there is a clear definition of the IS mission and vision. C. there is a strategic information technology planning methodology in place. D. the plan correlates business objectives to IS goals and objectives.
Losses can be minimized MOST effectively by using outside storage facilities to do which of the following? A. Provide current, critical information in backup files B. Ensure that current documentation is maintained at the backup facility C. Test backup hardware D. Train personnel in backup procedures
Cisco Certifications 
