An IS auditor has identified the lack of an authorization process for users of an application. The IS auditor's main concern should be that:

• A.more than one individual can claim to be a specific user.
• B.there is no way to limit the functions assigned to users.
• C.user accounts can be shared.
• D.users have a need-to-know privilege.

Comment: *

Name: *

Email: *

Verification: *

Which of the following processes are performed during the design phase of the systems development life
cycle (SDLC) model?

• A.Develop test plans.
• B.Baseline procedures to prevent scope creep.
• C.Define the need that requires resolution, and map to the major requirements of the solution.
• D.Program and test the new system. The tests verify and validate what has been developed.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important to include in a business continuity plan (BCP)?

• A.Vendor contact information
• B.Documentation of critical systems
• C.Backup site location information
• D.Documentation of data center floor plans

Comment: *

Name: *

Email: *

Verification: *

An organization allows employees to use personally owned mobile devices to access customers' personal information Which of the following is MOST important for an IS auditor to verify?

• A.Devices have adequate storage and backup capabilities
• B.Mobile device security policies have been implemented
• C.Mobile devices are compatible with company infrastructure
• D.Employees have signed off on an acceptable use policy.

Comment: *

Name: *

Email: *

Verification: *

The PRIMARY purpose of requiring source code escrow in a contractual agreement is to:

• A.comply with vendor management policy
• B.convert source code to new executable code.
• C.satisfy regulatory requirements.
• D.ensure the source code is available.

Comment: *

Name: *

Email: *

Verification: *