Question 1

Which of the following is a corrective control?

Options :

A : Verifying duplicate calculations in data processing

B : Separating equipment development, testing, and production

C : Executing emergency response plans

D : Reviewing user access rights for segregation of duties

Answer: C

Question 2

Which of the following fire suppression systems needs to be combined with an automatic switch to shut down the electricity supply in the event of activation?

Options :

A : FM-200

B : Dry pipe

C : Carbon dioxide

D : Halon

Answer: B

Question 3

An organization recently implemented a cloud document storage solution and removed the ability for end users to save data to their local workstation hard drives. Which of the following findings should be the IS auditor's GREATEST concern?

Options :

A : Mobile devices are not encrypted.

B : Users are not required to sign updated acceptable use agreements.

C : The business continuity plan (BCP) was not updated.

D : Users have not been trained on the new system.

Answer: C

Question 4

The MOST important measure of the effectiveness of an organization's security program is the:

Options :

A : comparison with critical incidents experienced by competitors

B : adverse impact of incidents on critical business activities.

C : number of vulnerability alerts escalated to senior management

D : number of new vulnerabilities reported.

Answer: B

Question 5

An IS auditor requests direct access to data required to perform audit procedures instead of asking management to provide the data. Which of the following is the PRIMARY advantage of this approach?

Options :

A : Professionalism

B : Audit efficiency

C : Audit transparency

D : Data confidentiality

Answer: B