Which of the following is the best method for an IS auditor to verify that critical production servers are running the latest security updates released by the vendor?

CISA Exam

Gap Analysis would be the best method to identify issues that need to be addressed in the reengineering process. Gap analysis indicates which parts of current processes conform to best practices (desired state) and which do not.

An application gateway firewall is effective in preventing applications such as File Transfer Protocols (FTPs) from entering the organization's network.

Inform appropriate personnel immediately

The first thing an IS auditor should do after detecting the virus is to alert the organization to its presence, then wait for their response.

The MAIN reason for requiring that all computer clocks across an organization be sychronized is to:
Support the incident investigation process

During an investigation of incidents, audit logs used as evidence, and the time stamp information in them is useful. If the checks are not synchronized investigations will be more difficult because a time line of event occurring on different systems might

An Is auditor is assessing services provided by an internet service provider (ISP) during an IS compliance audit of a nationwide corporation that operates a governmental program. Which of the following is MOST Important?
Review the Service Level Agreement

A service level agreement (SLA) provides the basis for adequate assessment of the degree to which the provider is meeting the level of agreed-on service.

When performing a database review, an Is auditor notices that some tables in the database are not normalized. The IS auditor should next:
review the justification

If the database is not normalized, the IS auditor should review the justification because, in some situations, denormalization is recommended for performance reasons.

The objecting of concurrency control in a database system is to:
Prevent integrity problems when two processes attempt to update the same data at the same time

Concurrency controls prevent data integrity problems. which can arise when two update processes access the same data them at the same time
(Concurrency is a property of systems in which several computations are executing simultaneously, and potentially in

Which of the following BEST limits the impacts of server failures in a distributed environment?
Clustering

Clustering allows two or more servers to work as a unit so that when one of them fails, the other takes over.

During an audit of a small enterprise, the IS auditor noted that the IS director has superuser-privilege access that allows the director to process requests for changes to the application access roles (access types). Which of the following should the IS a

The IS auditor should recommend implementation of processes that could prevent or detect improper changes from being made to the major application roles. The application role change request process should start and be approved by the business owner; then,

An IS auditor reviewing a cloud computing environment managed by a third party should be MOST concerned when:
The service level agreement does not address the responsibility of the vendor in the case of a security breach

Administration of cloud computing occurs over the Internet and involves more than one participating entity. It is the responsibility of each of the partners in the cloud computing environment to take care of security issues in their own environments. when

An IS auditor discovers that some hard drives disposed of by an enterprise were not sanitized in a manner that would reasonably ensure the data could not be recovered. In addition, enterprise doesn't have a written policy on data disposal. The IS auditor

Even though a policy is not available, the IS auditor should make a determination as to the nature of the information on the hard drives to quantify, as much as possible, the risk.
*An IS Auditor should not develop policies

What is the BEST backup strategy for a large database with data supporting online sales
Mirrored Hard disks

Mirrored hard disks will ensure that all data are backed up to more than one disk so that a failure of one disk will not result in loss of data.

And organization is reviewing its contract with a cloud computing provider. For which of the following reasons would the organization want to remove a lock-in clause from the contract?
Portability

When drawing up a contract with a cloud service provider, the ideal practice is to remove the customer lock-in clause. It may be important for the client to secure portability of their system assets, i.e., the right to transfer from one vendor to another.

In a small organization, an employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend?
Procedures that verify that only approved program changes are implemented

An IS auditor must consider recommending a better process. An IS auditor should recommend a formal change control process that manages and could detect changes to production source and object code, such as code comparisons, so the changes can be reviewed

Which of the following backup techniques is the MOST appropriate when an organization requires extremely granular data restore points, as defined in the recovery point objective (RPO)?
Continuous data backup

Recovery point objective (RPO) is based on the acceptable data loss in the case of a disruption. In this scenario the organization needs a short RPO and continuous data backup is the best option.

An IS auditor find that DBAs have access to the log location on the database server and the ability to purge logs from the system. What is the BEST audit recommendation to ensure that DBA activity is effectively monitored?
Forward database logs to a centr

To protect the availability and integrity of the database logs, it is feasible to forward the database logs to a centralized log server to which the DBAs do not have access.

The purpose of code signing is to provide assurance that:The software has not been subsequently modified

*Not The private key of the signer has not been compromised

Code signing ensures that the executable code came from a reputable source and has not been modified after being signed

Doing which of the following during peak production hours could result in unexpected downtime?Promoting applications from development to the staging environment

*Not Promoting applications from development to the staging environment.

Preventive maintenance activities should be scheduled for non peak times of the day, and preferably during a maintenance window time period. A mishap or incident caused by a maintenance worker could result in unplanned downtime.

Which of the following controls will MOST effectively detect the presence of bursts of errors in network transmissions?
Cyclic Redundancy Check (CRC)

The cyclic reduncancy check (CRC) can check for a block of transmitted data. The workstations generate the CRC and transmit it with the data. The receiving workstation computes a CRC and compares it to the transmitted CRC. If both of them are equal, then

Parity check (known as vertical redundancy check) alsi involves a bit (known as the parity bit to each character during transmission. In this case, where there is a presence of bursts of errors (i.e., Impulsing noise during high transmission rates), it ha

Echo checks detect line errors by retransmitting data to the sending device for comparison with the orginal tranmission

A block sum check is a form of parity checking and has a low level of reliability

The PRIMARY benefit of an IT manager monitoring technical capacity is to:
ensure that the service level agreement (SLA) requirements are met.

Capacity monitoring has multiple objectives; however, the primary objective is to ensure compliance with the internal service level agreement (SLA) between the business and IT.

Which of the following should be the MOST important criterion in evaluating a backup solution for sensitive data that must be retained for a long period of time due to regulatory requirementsMedia reliability*Not Full backup window*Not Media costs

*Not

To comply with regulatory requirements, the media should be reliable enough to ensure an organization's ability to recover the data should they be required for any reason.

When reviewing the configuration of network devices, an IS auditor should FIRST identify:The importance of the network devices in the topology*Not- the best practices for the type of network devices deployed

*Not- whether components of the network are m

The first step is to understand the importance and role of the network device within the organization's network topology

In a disaster recovery situation, which of the following is the MOST important metric to ensure that data are synchronized between critical systems?A-Recovery point objectiveB-Recovery Time objectiveC- Recovery service resilience

D- Recovery service sc

A-Recovery Point Objective (RPO)
Establishing a common recovery point objective (RPO) is most critical for ensuring that interdependencies between systems are properly synchronized. It ensures that systems do not contain data from different points in time

Which of the following is a network diagnostic tool that monitors and reocrds network information?A- Online monitorB- Downtime reportC- Help desk report

D- Protocol analyzer

D- Protocol Analyzer
Protocol analyzers are network diagnostic tools that monitor and reocrd network information from packets traveling in the link to which the analyzer is attached

Which of the following is widely accepted as one of the critical components in networking management?A- Configuration managementB- Topological MappingsC- Application of monitoring tools

D- Proxy server troubleshooting

A- Configuration Management
Config. Mgmt. is widely accepted as one of the key components of any network because it establishes how the network will function internally and externally. It also deals with the management of configuration and monitoring perf

During the audit of a database server, which of the following would be considered the GREATEST exposure?A- The password on the administrator account does not expireB- Default global security settings for the database remain unchanged.

C- Old data have n

B- Default global security settings for the database remain unchanged.
Default security settings for the database could allow issues such as blank user passwords or passwords that were as the username.

Which of the following would BEST support 24/7 availability?A- Daily backupB- Offsite storageC- Mirroring

D- Periodic testing

C- Mirroring
Mirroring of critical elements is a tool that facilitates immediate (failover) recoverability.

A new business requirement required an enterprise to change database vendors. Which is the following areas should the IS auditor PRIMARILY examine in relation to this implementation?A. integrity od the dataB. timing of the cutover

C. Authorization level

A. Integrity of the data
A critical issue when migrating data from one database to another is the integrity of the data and ensuring that the data migrated completely and correctly.

An IS auditor discovers that develops have operator access to the command line of a production environment operating system. Which of the following controls would BEST mitigate the risk of undetected and unauthorized program changes to the production envi

B- Hash keys are calculated periodically for programs and matched against hash keys calculated for the most recent authorized versions of the programs.
The matching of Hash keys over time would allow detection of changes to files.

Which of the following will be MOST effective in reducing the risk that unauthorized software on a backup server is distributed to the production server?A- Manually copy files to accomplish replication

B- Review changes in the software version control sy

B- Review changes in the software version control system
It is common practice for software changes to be tracked and controlled using version control software. An IS audtior should review reports or logs from this system to identify the software that is

Which of the following would an IS auditor consider to be MOST helpful when evaluating the effectiveness and adequacy of a preventive computer maintenance program?A. A system downtime logB. Vendors' reliability figures

C. Regularly scheduled maintenance

You answered B. The correct answer is A.
A. A system downtime log provides information regarding the effectiveness and adequacy of computer preventive maintenance programs. The log is a detective control, but because it is validating the effectiveness of

Which of the following is the MOST likely reason an organization implements an emergency change to an application using the emergency change control process?A. The application owner requested new functionality.

B. Changes are developed using an agile met

You answered D. The correct answer is C.A. Requests for new functionality by the application owner generally follow normal change control procedures, unless they have an impact on the business function.

B. The agile system development methodology breaks

Which of the following is the MOST efficient strategy for the backup of large quantities of mission-critical data when the systems need to be online to take sales orders 24 hours a day?A. Implementing a fault-tolerant disk-to-disk backup solution

B. Maki

You answered D. The correct answer is A.
A. Disk-to-disk backup, also called disk-to-disk-to-tape backup or tape cache, is when the primary backup is written to disk instead of tape. That backup can then be copied, cloned or migrated to tape at a later ti

A large chain of shops with electronic funds transfer (EFT) at point-of-sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communications processor?

You are correct, the answer is D.A. Offsite storage of backups would not help, because electronic funds transfer (EFT) tends to be an online process and offsite storage will not replace the dysfunctional processor.

B. The provision of an alternate proces

During a data center audit, an IS auditor observes that some parameters in the tape management system are set to bypass or ignore tape header records. Which of the following is the MOST effective compensating control for this weakness?
A. Staging and job

You answered B. The correct answer is A.
A. If the IS auditor finds that there are effective staging and job setup processes, this can be accepted as a compensating control. Not reading header records may otherwise result in loading the wrong tape and del

Which of the following ways is the BEST for an IS auditor to verify that critical production servers are running the latest security updates released by the vendor?A. Ensure that automatic updates are enabled on critical production servers.

B. Verify man

You answered A. The correct answer is D.A. Ensuring that automatic updates are enabled on production servers may be a valid way to manage the patching process; however, this would not provide assurance that all servers are being patched appropriately.

B.

Which of the following is MOST directly affected by network performance monitoring tools?A. IntegrityB. AvailabilityC. Completeness

D. Confidentiality

You answered C. The correct answer is B.A. Network monitoring tools can be used to detect errors that are propagating through a network, but their primary focus is on network reliability so that the network is available when required.

B. Network monitori

An IS auditor finds out-of-range data in some tables of a database. Which of the following controls should the IS auditor recommend to avoid this situation?A. Log all table update transactions.B. Implement before-and-after image reporting.

C. Use tracin

You are correct, the answer is D.A. Logging all table update transactions is a detective control that would not help avoid invalid data entry.

B. Implementing before-and-after image reporting is a detective control that would not help avoid the situation

Due to resource constraints, a developer requires full access to production data to support certain problems reported by production users. Which of the following choices would be a good compensating control for controlling unauthorized changes in producti

You answered D. The correct answer is A.
A. Providing separate login IDs that would only allow a developer privileged access when required is a good compensating control, but it must also be backed up with monitoring and supervision of the activity of the

During the review of an enterprise's preventive maintenance process for systems at a data center, the IS auditor has determined that adequate maintenance is being performed on all critical computing, power and cooling systems. Additionally, it is MOST imp

You are correct, the answer is C.
A. While the trustworthiness of the service personnel is important, it is normal practice for these individuals to be escorted and supervised by the data center personnel. It is also expected that the service provider wou

Recovery procedures for an information processing facility are BEST based on:A. recovery time objective (RTO).B. recovery point objective (RPO).C. maximum tolerable outage (MTO).

D. information security policy.

You are correct, the answer is A.
A. The recovery time objective (RTO) is the amount of time allowed for the recovery of a business function or resource after a disaster occurs; the RTO is the desired recovery timeframe based on maximum tolerable outage (

An IS auditor notes during an audit that an organization's business continuity plan (BCP) does not adequately address information confidentiality during the recovery process. The IS auditor should recommend that the plan be modified to include:
A. the lev

You are correct, the answer is A.
A. Business should consider whether information security levels required during recovery should be the same, lower or higher than when business is operating normally. In particular, any special rules for access to confide

A database administrator has detected a performance problem with some tables, which could be solved through denormalization. This situation will increase the risk of:A. concurrent access.B. deadlocks.C. unauthorized access to data.

D. a loss of data in

You are correct, the answer is D.A. Denormalization will have no effect on concurrent access to data in a database; concurrent access is resolved through locking.B. Deadlocks are a result of locking of records. This is not related to normalization.

C. A

A company with a limited budget has a recovery time objective (RTO) of 72 hours and a recovery point objective (RPO) of 24 hours. Which of the following would BEST meet the requirements of the business?A. A hot siteB. A cold siteC. A mirrored site

D. A

You answered B. The correct answer is D.
A. Although a hot site enables the business to meets its recovery point objective (RPO) and recovery time objective (RTO), the cost to maintain a hot site is more than the cost to maintain a warm site, which could

While performing a review of a critical third-party application, an IS auditor would be MOST concerned with discovering:A. inadequate procedures for ensuring adequate system portability.B. inadequate operational documentation for the system.

C. an inade

You are correct, the answer is D.
A. Procedures to ensure that systems are developed so that they can be ported to other system platforms will help ensure that the system can still continue functioning without affecting the business process if changes to

An IS auditor examining the security configuration of an operating system should review the:A. transaction logs.B. authorization tables.C. parameter settings.

D. routing tables.

You are correct, the answer is C.A. Transaction logs are used to track and analyze transactions related to an application or system interface, but that is not the primary source of audit evidence in an OS audit.

B. Authorization tables are used to verify

An IS auditor evaluating the resilience of a high-availability network should be MOST concerned if:A. the setup is geographically dispersed.B. the network servers are clustered in one site.C. a hot site is ready for activation.

D. diverse routing is im

You are correct, the answer is B.A. Dispersed geographic locations provide backup if a site has been destroyed.B. A clustered setup in one location makes the entire network vulnerable to natural disasters or other disruptive events.

C. A hot site would

Which of the following is the GREATEST concern when an organization's backup facility is at a warm site?A. Timely availability of hardwareB. Availability of heat, humidity and air conditioning equipmentC. Adequacy of electrical power connections

D. Eff

You are correct, the answer is A.
A. A warm site, unlike a cold site, has the basic infrastructure facilities implemented, such as power, air conditioning and networking. A warm site, however, is normally lacking some computing equipment. Therefore, the a

Which of the following would BEST maintain the integrity of a firewall log?A. Granting access to log information only to administratorsB. Capturing log events in the operating system layerC. Writing dual logs onto separate storage media

D. Sending log

You answered B. The correct answer is D.A. To enforce segregation of duties, administrators should not have access to log files. This primarily contributes to the assurance of confidentiality rather than integrity.

B. There are many ways to capture log i

During an application audit, the IS auditor finds several problems related to corrupt data in the database. Which of the following is a corrective control that the IS auditor should recommend?Select an answer:

A. Define the standards, and closely monitor

You answered A. The correct answer is D.A. Establishing standards is a preventive control, and monitoring for compliance is a detective control.B. Ensuring that only authorized personnel can update the database is a preventive control.

C. Establishing c

During a human resources (HR) audit, an IS auditor is informed that there is a verbal agreement between the IT and HR departments as to the level of IT services expected. In this situation, what should the IS auditor do FIRST?
A. Postpone the audit until

You are correct, the answer is C.
A. There is no reason to postpone an audit because a service agreement is not documented, unless that is all that is being audited. The agreement can be documented after it has been established that there is an agreement

An IS auditor is reviewing the network infrastructure of a call center and determines that the internal telephone system is based on Voice-over Internet Protocol (VoIP) technology. Which of the following is the GREATEST concern?
A. Voice communication use

You answered C. The correct answer is B.
A. Voice-over Internet Protocol (VoIP) telephone systems use the local area network (LAN) infrastructure of a company for communication, which can save on wiring cost and simplify both the installation and support

Which of the following procedures would MOST effectively detect the loading of illegal software packages onto a network?A. The use of diskless workstationsB. Periodic checking of hard drivesC. The use of current antivirus software

D. Policies that resu

You answered C. The correct answer is B.A. Diskless workstations act as a preventive control and are not totally effective in preventing users from accessing illegal software over the network.

B. The periodic checking of hard drives would be the most eff

While designing the business continuity plan (BCP) for an airline reservation system, the MOST appropriate method of data transfer/backup at an offsite location would be:A. shadow file processing.B. electronic vaulting.C. hard-disk mirroring.

D. hot-si

You answered C. The correct answer is A.
A. In shadow file processing, exact duplicates of the files are maintained at the same site or at a remote site. The two files are processed concurrently. This is used for critical data files such as airline bookin

Which of the following recovery strategies is MOST appropriate for a business having multiple offices within a region and a limited recovery budget?A. A hot site maintained by the businessB. A commercial cold site

C. A reciprocal arrangement between its

You answered A. The correct answer is C.A. A hot site maintained by the business would be a costly solution but would provide a high degree of confidence.

B. Multiple cold sites leased for the multiple offices would lead to an ineffective solution with p

What's a Hot site, Cold site, and warm site?

Which of the following inputs would PRIMARILY help in designing the data backup strategy in case of potential natural disasters?A. Recovery point objective (RPO)B. Volume of data to be backed upC. Data backup technologies

D. Recovery time objective (RT

You answered D. The correct answer is A.
A. The recovery point objective (RPO) is determined based on the acceptable data loss in case of a disruption of operations. It indicates the earliest point in time that is acceptable to recover the data. The RPO e

An IS auditor is to assess the suitability of a service level agreement (SLA) between the organization and the supplier of outsourced services. To which of the following observations should the IS auditor pay the MOST attention? The SLA does not contain a

You answered C. The correct answer is A.
A. The delivery of IT services for a specific customer always implies a close linkage between the client and the supplier of the service. If there are no contract terms to specify how the transition to a new suppli

Which of the following is the MOST critical element of an effective disaster recovery plan (DRP)?A. Offsite storage of backup dataB. Up-to-date list of key disaster recovery contactsC. Availability of a replacement data center

D. Clearly defined recove

You answered D. The correct answer is A.A. Remote storage of backups is the most critical disaster recovery plan (DRP) element of the items listed because access to backup data is required to restore systems.

B. Having a list of key contacts is important

Business units are concerned about the performance of a newly implemented system. Which of the following should an IS auditor recommend?A. Develop a baseline and monitor system usage.B. Define alternate processing procedures.

C. Prepare the maintenance

You are correct, the answer is A.A. An IS auditor should recommend the development of a performance baseline and monitor the system's performance against the baseline to develop empirical data upon which decisions for modifying the system can be made.

B.

Which of the following is the BEST method to ensure that critical IT system failures do not recur?A. Invest in redundant systems.B. Conduct a follow-up audit.C. Monitor system performance.

D. Perform root cause analysis.

You answered C. The correct answer is D.A. Redundancy may be a solution; however, a root cause analysis enables an educated decision to address the origin of the problem instead of simply assuming that system redundancy is the solution.

B. While an audit

In addition to the backup considerations for all systems, which of the following is an important consideration in providing backup for online systems?A. Maintaining system software parametersB. Ensuring periodic dumps of transaction logs

C. Ensuring gra

You answered C. The correct answer is B.A. Maintaining system software parameters is important for all systems, not just online systems.

B. Ensuring periodic dumps of transaction logs is the only safe way of preserving timely historic data. Because onlin

Which of the following database controls would ensure that the integrity of transactions is maintained in an online transaction processing system's database?A. Authentication controlsB. Data normalization controlsC. Read/write access log controls

D. Co

You answered A. The correct answer is D.A. Authentication controls would ensure that only authorized personnel can make changes, but would not ensure the integrity of the changes.

B. Data normalization is not used to protect the integrity of online trans

An IS auditor observed that users are occasionally granted the authority to change system data. This elevated system access is not consistent with company policy yet is required for smooth functioning of business operations. Which of the following control

You answered A. The correct answer is C.
A. Data authorization controls should be driven by the policy. While there may be some technical controls that could be adjusted, if the data changes happen infrequently, then an exception process would be the bett

An enterprise uses privileged accounts to process configuration changes for mission-critical applications. Which of the following would be the BEST and appropriate control to limit the risk in such a situation?
A. Ensure that audit trails are accurate and

You answered B. The correct answer is D.A. Audit trails are a detective control and, in many cases, can be altered by those with privileged access.

B. Staff proficiency is important and good training may be somewhat of a deterrent, but supervisory approv

A financial institution has decided to outsource its customer service division to an offshore vendor. The MOST important consideration would be to ensure that the contract contains:A. a limited liability clause.B. a right-to-audit clause.

C. a data owne

You answered B. The correct answer is C.
A. Limited liability means that a company's financial liability is limited to a fixed sum and, in the event of a lawsuit, the fines or debts are not transferred to owners or investors. While this is an important cl

A financial institution that processes millions of transactions each day has a central communications processor (switch) for connecting to automated teller machines (ATMs). Which of the following would be the BEST contingency plan for the communications p

You are correct, the answer is C.A. Reciprocal agreements make an organization dependent on the other organization and raise privacy, competition and regulatory issues.

B. Having an alternate processor in the same location resolves the equipment problem,

While conducting an audit on the customer relationship management (CRM) application, the IS auditor observes that it takes a significantly long time for users to log on to the system during peak business hours as compared with other times of the day. Once

You are correct, the answer is D.A. The IS auditor recommending nothing is not the right choice because a delayed login process has a negative impact on employee productivity.

B. Network bandwidth may or may not be the root cause of this issue. Performan

In a small organization, developers may release emergency changes directly to production. Which of the following will BEST control the risk in this situation?A. Approve and document the change the next business day.

B. Limit developer access to productio

You answered C. The correct answer is A.A. It may be appropriate to allow programmers to make emergency changes as long as they are documented and approved after the fact.

B. Restricting release time frame may help somewhat; however, it would not apply t

An organization has outsourced its help desk function. Which of the following indicators would be the BEST to include in the service level agreement (SLA)?A. Overall number of users supportedB. Percentage of incidents solved in the first call

C. Number

You answered D. The correct answer is B.A. The contract price will usually be based on the number of users supported, but the performance metrics should be based on the ability to provide effective support and address user problems rapidly.

B. Because it

Which of the following will prevent dangling tuples in a database?A. Cyclic integrityB. Domain integrityC. Relational integrity

D. Referential integrity

You answered B. The correct answer is D.A. Cyclical checking is the control technique for the regular checking of accumulated data on a file against authorized source documentation. There is no cyclical integrity testing.

B. Domain integrity testing ensu

Which of the following choices would MOST likely ensure that a disaster recovery (DR) effort is successful?A. The tabletop test was performed.B. Data restoration was completed.C. Recovery procedures are approved.

D. Appropriate staff resources are comm

You are correct, the answer is B.A. Performing a tabletop test is extremely helpful, but does not ensure that the recovery process is working properly.

B. The most reliable method to determine whether a backup is valid would be to restore it to a system.

The PRIMARY objective of performing a postincident review is that it presents an opportunity to:A. improve internal control procedures.B. harden the network to industry best practices.

C. highlight the importance of incident response management to manag

You are correct, the answer is A.
A. A postincident review examines both the cause and response to an incident. The lessons learned from the review can be used to improve internal controls. Understanding the purpose and structure of postincident reviews a

Segmenting a highly sensitive database results in:A. reduced exposure.B. reduced threat.C. less criticality.

D. less sensitivity.

You answered C. The correct answer is A.A. Segmenting data reduces the quantity of data exposed as a result of a particular event.B. The threat may remain constant, but each segment may represent a different vector against which it must be directed.

C.

A database has suffered a catastrophic failure that caused the loss of all data since the last backup was done four hours earlier. How can the data for the last four hours be recovered promptly?
A. The data cannot be recovered because there is no record o

You answered B. The correct answer is C.A. Most database management systems create transaction logs while updating transactions in the database. These can be used to update the database since the last backup.

B. It would rarely be possible to manually re

An offsite information processing facility with electrical wiring, air conditioning and flooring, but no computer or communications equipment, is a:A. cold site.B. warm site.C. dial-up site.

D. duplicate processing facility.

You answered D. The correct answer is A.A. A cold site is ready to receive equipment but does not offer any components at the site in advance of the need.

B. A warm site is an offsite backup facility that is partially configured with network connections

An IS auditor is performing a review of the disaster recovery hot site used by a financial institution. Which of the following would be the GREATEST concern?A. System administrators use shared accounts which never expire at the hot site.

B. Disk space ut

You answered A. The correct answer is B.A. While it is not a best practice for security administrators to share accounts that do not expire, the greater risk in this scenario would be running out of disk space.

B. Not knowing how much disk space is in us

Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization's change control procedures?A. Review software migration records and verify approvals.

B. Identify changes that have occurr

You answered C. The correct answer is B.A. Software migration records may not have all changes listed�changes could have been made that were not included in the migration records.

B. The most effective method is to determine what changes have been made (

To verify that the correct version of a data file was used for a production run, an IS auditor should review:A. operator problem reports.B. operator work schedules.C. system logs.

D. output distribution reports.

You are correct, the answer is C.A. Operator problem reports are used by operators to log computer operation problems.B. Operator work schedules are maintained to assist in human resource planning.

C. System logs are automated reports which identify mos

Which of the following issues should be a MAJOR concern to an IS auditor who is reviewing a service level agreement (SLA)?A. A service adjustment resulting from an exception report took a day to implement.

B. The complexity of application logs used for s

You are correct, the answer is C.
A. Resolving issues related to exception reports is an operational issue that should be addressed in the service level agreement (SLA); however, a response time of one day may be acceptable depending on the terms of the S

An IS auditor is reviewing the backup strategy and the backup technology in use by an organization. The IS auditor would be MOST concerned if:A. data restoration tests are not being regularly performed.

B. disk subsystems are being backed up to other dis

You answered D. The correct answer is A.A. The only way to ensure with certainty that a backup is working is to perform a data restoration test. If this were not being done regularly, it would be a concern.

B. Current backup technology utilizes disk-to-d

An IS auditor is assisting in the design of the emergency change control procedures for an organization with a limited budget. Which of the following recommendations BEST helps to establish accountability for the system support personnel?
A. Production ac

You answered D. The correct answer is A.
A. Production access should be controlled and monitored to ensure segregation of duties. During an emergency change, a user who normally does not have access to production may require access. The best process to en