An IS auditor is reviewing access to an application to determine whether the 10 most recent
"new user" forms were correctly authorized. This is an example of: - answer✔✔compliance
testing.
The decisions and actions of an IS auditor are MOST likely to affect which of the following
risks? - answer✔✔Detection
Overall business risk for a particular threat can be expressed as: - answer✔✔a product of the
probability and magnitude of the impact if a threat successfully exploits a vulnerability.
Which of the following is a substantive test? - answer✔✔Using a statistical sample to inventory
the tape library
Which of the following is a benefit of a risk-based approach to audit planning? Audit: -
answer✔✔resources are allocated to the areas of highest concern
An audit charter should: - answer✔✔outline the overall authority, scope and responsibilities of
the audit function.
The MAJOR advantage of the risk assessment approach over the baseline approach to
information security management is that it ensures: - answer✔✔appropriate levels of protection
are applied to information assets.
Which of the following sampling methods is MOST useful when testing for compliance? -
answer✔✔Attribute sampling
Which of the following is the MOST likely reason why e-mail systems have become a useful
source of evidence for litigation? - answer✔✔Multiple cycles of backup files remain available.
An IS auditor is assigned to perform a postimplementation review of an application system.
Which of the following situations may have impaired the independence of the IS auditor? The IS
auditor: - answer✔✔implemented a specific control during the development of the application
system.
The PRIMARY advantage of a continuous audit approach is that it: - answer✔✔can improve
system security when used in time-sharing environments that process a large number of
transactions.
The PRIMARY purpose of audit trails is to: - answer✔✔establish accountability and
responsibility for processed transactions.
When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to
ensure that: - answer✔✔vulnerabilities and threats are identified.
To ensure that audit resources deliver the best value to the organization, the FIRST step would
be to: - answer✔✔develop the audit plan on the basis of a detailed risk assessment.
An organization's IS audit charter should specify the: - answer✔✔role of the IS audit function.
An IS auditor is evaluating management's risk assessment of information systems. The IS auditor
should FIRST review: - answer✔✔the threats/vulnerabilities affecting the assets.
In planning an audit, the MOST critical step is the identification of the: - answer✔✔areas of high
risk.
The extent to which data will be collected during an IS audit should be determined based on the:
- answer✔✔purpose and scope of the audit being done.
While planning an audit, an assessment of risk should be made to provide: -
answer✔✔reasonable assurance that the audit will cover material items.
An IS auditor should use statistical sampling and not judgment (nonstatistical) sampling, when: -
answer✔✔the probability of error must be objectively quantified.
During the planning stage of an IS audit, the PRIMARY goal of an IS auditor is to: -
answer✔✔address audit objectives.
When selecting audit procedures, an IS auditor should use professional judgment to ensure that: -
answer✔✔sufficient evidence will be collected.
An IS auditor evaluating logical access controls should FIRST: - answer✔✔obtain an
understanding of the security risks to information processing.
The PRIMARY purpose of an IT forensic audit is: - answer✔✔the systematic collection of
evidence after a system irregularity.
An IS auditor is performing an audit of a remotely managed server backup. The IS auditor
reviews the logs for one day and finds one case where logging on a server has failed with the
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Brightstars. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.49. You're not tied to anything after your purchase.
