Question 1

During an audit of identity and access management, an IS auditor finds that the engagement audit plan does not include the testing of controls that regulate access by third parties. Which of the following would be the auditor's BEST course of action?

Options :

A : Add testing of third-party access controls to the scope of the audit.

B : Plan to test these controls in another audit.

C : Determine whether the risk has been identified in the planning documents.

D : Escalate the deficiency to audit management.

Answer: C

Question 2

An IS auditor detects that event logging has been disabled on a critical server. Which of the following is the GREATEST concern?

Options :

A : Users have the ability to disable logging.

B : Organizational policies do not prohibit disabling of event logs.

C : The ability to troubleshoot incidents is limited.

D : Unauthorized transactions may go undetected.

Answer: D

Question 3

Which of the following fire suppression systems needs to be combined with an automatic switch to shut down the electricity supply in the event of activation?

Options :

A : FM-200

B : Dry pipe

C : Carbon dioxide

D : Halon

Answer: B

Question 4

An organization has shifted from a bottom-up approach to a top-down approach in the development of IT policies. This should result in:

Options :

A : greater consistency across the organization

B : greater adherence to best practices

C : a more comprehensive risk assessment plan

D : a synthesis of existing operational policies

Answer: B

Question 5

Which of the following occurs during the issues management process for a system development project?

Options :

A : Configuration management

B : Help desk management

C : Contingency planning

D : Impact assessment

Answer: D