During a privileged access review, an IS auditor observes many help desk employees have privileges
within systems not required for their job functions. Implementing which of the following would have
prevented this situation?

• A.Separation of duties
• B.Multi-factor authentication
• C.Least privilege access
• D.Privileged access reviews

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the PRIMARY objective of implementing IT governance?

• A.Value delivery
• B.Resource management
• C.Performance measurement
• D.Strategic planning

Comment: *

Name: *

Email: *

Verification: *

Following an IS audit, which of the following types of risk would be MOST critical to communicate to key stakeholders?

• A.Residual
• B.Control
• C.Audit
• D.Inherent

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST guidance from an IS auditor to an organization planning an initiative to improve the effectiveness of its IT processes?

• A.The organization should use a capability maturity model to identify current maturity levels for each IT process.
• B.IT management should include process improvement requirements in staff performance objectives
• C.The organization should refer to poor audit reports to identify the specific IT processes to be improved
• D.IT staff should be surveyed to identify current IT process weaknesses and suggest improvements.

Comment: *

Name: *

Email: *

Verification: *

A sample for testing must include the 80 largest client balances and a random sample of the rest.
What should the IS auditor recommend?

• A.Leverage a random number generator
• B.Develop an integrated test facility (ITF)
• C.Use generalized audit software
• D.Query the database

Comment: *

Name: *

Email: *

Verification: *