Which of the following is MOST critical for the successful implementation and maintenance of a security policy?

Assimilation of the framework and intent of a written security policy by all appropriate parties

Management support and approval for the implementation and maintenance of a security policy

Enforcement of security rules by providing punitive actions for any violation of security rules

Stringent implementation, monitoring and enforcing of rules by the security officer through access control software

The initial step in establishing an information security program is the:

Adoption of a corporate information security policy statement

Development and implementation of an information security standards manual

Performance of a comprehensive security control review by the IS auditor

Purchase of security access control software

Which of the following is the MOST important function to be performed by IT management when a service has been outsourced?

Monitoring the outsourcing provider's performance

Ensuring that invoices are paid to the provider

Participating in systems design with the provider

Renegotiating the provider's fees

While conducting an audit of a service provider, an IS auditor observes that the service provider has outsourced a part of the work to another provider. Because the work involves confidential information, the IS auditor's PRIMARY concern should be that the:

Requirement for securely protecting of information can be compromised.

Contract may be terminated because prior permission from the outsourcer was not obtained.

Other service provider to whom work has been outsourced is not subject to audit.

Outsourcer will approach the other service provider directly for further work.

A benefit of open system architecture is that it:

Facilitates interoperability within different systems.

Facilitates the integration of proprietary components.

Will be a basis for volume discounts from equipment vendors.

Allows for the achievement of more economies of scale for equipment.

An IS auditor reviewing the IT organization is MOST concerned if the IT steering committee:

Is responsible for determining business goals.

Is responsible for project approval and prioritization.

Is responsible for developing the long-term it plan.

Reports the status of IT projects to the board of directors.

An IS auditor was asked to review a contract for a vendor being considered to provide data center services. Which is the BEST way to determine whether the terms of the contract are adhered to after the contract is signed?

Conduct periodic audit reviews of the vendor.

Require the vendor to provide monthly status reports.

Have periodic meetings with the client IT manager.

Require that performance parameters be stated within the contract.

Which of the following is the PRIMARY objective of an IT performance measurement process?

Establish performance baselines

As an outcome of information security governance, strategic alignment provides:

Security requirements driven by enterprise requirements.

Baseline security following good practices.

Institutionalized and commoditized solutions.

An understanding of risk exposure.

Effective IT governance requires organizational structures and processes to ensure that:

The IT strategy extends the organization's strategies and objectives.

Risk is maintained at a level acceptable for IT management

The business strategy is derived from an IT strategy.

IT governance is separate and distinct from the overall governance.

Assessing IT risk is BEST achieved by:

Evaluating threats and vulnerabilities associated with existing IT assets and IT projects

Using the organization's past actual loss experience to determine current exposure

Reviewing published loss statistics from comparable organizations

Reviewing IT control weaknesses identified in audit reports

Which of the following should be of PRIMARY concern to an IS auditor reviewing the management of external IT service providers?

Determining if the services were provided as contracted

Minimizing costs for the services provided

Prohibiting the provider from subcontracting services

Evaluating the process for transferring knowledge to the IT department

Which of the following MOST likely indicates that a customer data warehouse should remain in-house rather than be outsourced to an offshore operation?

Privacy laws can prevent cross-border flow of information.

Time-zone differences can impede communications between IT teams.

Telecommunications cost can be much higher in the first year.

Software development may require more detailed specifications.

On which of the following factors should an IS auditor PRIMARILY focus when determining the appropriate level of protection for an information asset?

Results of a vulnerability assessment

From an IT governance perspective, what is the PRIMARY responsibility of the board of directors? To ensure that the IT strategy:

Is aligned with the business strategy.

Is future thinking and innovative.

Has the appropriate priority level assigned.

Which of the following is the BEST reference for an IS auditor to determine a vendor's ability to meet service level agreement requirements for a critical IT security service?

Agreed-on key performance indicators

Compliance with the master contract

Results of business continuity tests

Results of independent audit reports

An IS auditor identified a business process to be audited. The IS auditor should NEXT identify the:

Control objectives and activities.

Most valuable information assets.

IS audit resources to be deployed.

Auditee personnel to be interviewed.

An IS auditor is determining the appropriate sample size for testing the existence of program change approvals. Previous audits did not indicate any exceptions, and management has confirmed that no exceptions have been reported for the review period. In this context, the IS auditor can adopt a:

lower confidence coefficient, resulting in a smaller sample size.

higher confidence coefficient, resulting in a smaller sample size.

higher confidence coefficient, resulting in a larger sample size.

lower confidence coefficient, resulting in a larger sample size.

The PRIMARY objective of the audit initiation meeting with an IS audit client is to:

Discuss the scope of the audit.

Identify resource requirements of the audit.

Select the methodology of the audit.

During an IS audit, which is the BEST method for an IS auditor to evaluate the implementation of segregation of duties within an IT department?

Review the IT job descriptions.

Research past IT audit reports.

Evaluate the organizational structure.

When identifying an earlier project completion time, which is to be obtained by paying a premium for early completion, the activities that should be selected are those:

whose sum of activity time is the shortest.

that give the longest possible completion time.

whose sum of slack time is the shortest.

Which of the following should be developed during the requirements definition phase of a software development project to address aspects of software testing?

User acceptance test specifications

Test data covering critical applications

Quality assurance test specifications

The MAIN purpose of a transaction audit trail is to:

determine accountability and responsibility for processed transactions.

reduce the use of storage media.

help an IS auditor trace transactions.

provide useful information for capacity planning.

Auditing CIS

Authored by Fideliz Vidal

Other

University

Used 2+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

35 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 5 pts

Which of the following does an IS auditor consider the MOST relevant to short-term planning for an IT department?

Allocating resources

Adapting to changing technologies

Conducting control self-assessments

Evaluating hardware needs

MULTIPLE CHOICE QUESTION

30 sec • 5 pts

An organization has contracted with a vendor for a turnkey solution for their electronic toll collection
system (ETCS). The vendor has provided its proprietary application software as part of the solution. The contract should require that:

A backup server is available to run ETCS operations with up-to-date data.

A backup server is loaded with all relevant software and data.

The systems staff of the organization is trained to handle any event.

Source code of the ETCS application is placed in escrow.

MULTIPLE CHOICE QUESTION

30 sec • 5 pts

When reviewing the IT strategy, an IS auditor can BEST assess whether the strategy supports the
organizations' business objectives by determining whether IT:

Has all the personnel and equipment it needs.

Plans are consistent with management strategy.

Uses its equipment and personnel efficiently and effectively.

Has sufficient excess capacity to respond to changing directions.

MULTIPLE CHOICE QUESTION

30 sec • 5 pts

An IS audit department is planning to minimize the risk of short-term employees. Activities contributing to this objective are documented procedures, knowledge sharing, cross-training and:

Succession planning.

Staff job evaluation.

Responsibilities definitions.

Employee award programs.

MULTIPLE CHOICE QUESTION

1 min • 5 pts

The rate of change in technology increases the importance of:

Outsourcing the IT function.

Implementing and enforcing sound processes.

Hiring qualified personnel.

Meeting user requirement.

MULTIPLE CHOICE QUESTION

1 min • 5 pts

While reviewing the IT governance processes of an organization, an IS auditor discovers the firm has recently implemented an IT balanced scorecard (BSC). The implementation is complete; however, the IS auditor notices that performance indicators are not objectively measurable. What is the PRIMARY risk presented by this situation?

Key performance indicators are not reported to management and management cannot determine the effectiveness of the BSC.

IT projects could suffer from cost overruns.

Misleading indications of IT performance may be presented to management.

IT service level agreements may not be accurate.

MULTIPLE CHOICE QUESTION

30 sec • 5 pts

Which of the following should be included in an organization's information security policy?

A list of key IT resources to be secured

The basis for access control authorization

Identity of sensitive security assets

Relevant software security features

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

40 questions

Ekspor Impor

Quiz

•

University

30 questions

Awareness Roadshow!!

Quiz

•

University

35 questions

SM1 - Unit 3 - L2

Quiz

•

3rd Grade - University

30 questions

SIMULADOR COMPRENSIÓN LECTORA 12/06/25

Quiz

•

University

34 questions

Sketching and Shading Quiz

Quiz

•

6th Grade - University

30 questions

การปฏิบัติงานแม่บ้านในโรงแรม

Quiz

•

University

35 questions

Cooperative & Rural Market

Quiz

•

KG - University

30 questions

TCC 203

Quiz

•

University

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Other

7 questions

How James Brown Invented Funk

Interactive video

•

10th Grade - University

5 questions

Helping Build the Internet: Valerie Thomas | Great Minds

Interactive video

•

11th Grade - University

12 questions

IREAD Week 4 - Review

Quiz

•

3rd Grade - University

23 questions

Subject Verb Agreement

Quiz

•

9th Grade - University

7 questions

Renewable and Nonrenewable Resources

Interactive video

•

4th Grade - University

19 questions

Review2-TEACHER

Quiz

•

University

15 questions

Pre2_STUDENT

Quiz

•

University

20 questions

Ch. 7 Quadrilateral Quiz Review

Quiz

•

KG - University

Auditing CIS

Which of the following does an IS auditor consider the MOST relevant to short-term planning for an IT department?

An organization has contracted with a vendor for a turnkey solution for their electronic toll collectionsystem (ETCS). The vendor has provided its proprietary application software as part of the solution. The contract should require that:

When reviewing the IT strategy, an IS auditor can BEST assess whether the strategy supports theorganizations' business objectives by determining whether IT:

An IS audit department is planning to minimize the risk of short-term employees. Activities contributing to this objective are documented procedures, knowledge sharing, cross-training and:

The rate of change in technology increases the importance of:

Which of the following should be included in an organization's information security policy?

Which of the following is MOST critical for the successful implementation and maintenance of a security policy?

A comprehensive and effective email policy should address the issues of email structure, policy enforcement, monitoring and:

The initial step in establishing an information security program is the:

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Other

An organization has contracted with a vendor for a turnkey solution for their electronic toll collection
system (ETCS). The vendor has provided its proprietary application software as part of the solution. The contract should require that:

When reviewing the IT strategy, an IS auditor can BEST assess whether the strategy supports the
organizations' business objectives by determining whether IT: