Which of the following is MOST important to consider when assessing the scope of privacy concerns for an
IT project?

• A.Applicable laws and regulations
• B.End user access rights
• C.Business requirements
• D.Classification of data

Comment: *

Name: *

Email: *

Verification: *

The source code of an application has just been debugged. Which type of testing should be performed to help ensure that new errors are not been introduced by the debugging process?

• A.Validation
• B.Black-box
• C.Sociability
• D.Regression

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST way to detect potentially fraudulent purchases where an employee can approve a receipt of an item or service that the employee also procured?

• A.Require purchase orders to originate from the same individual with designated authority.
• B.Require trial invoices can only be paid when matched with purchase orders.
• C.Require receipts to be entered against purchase orders by someone other than the buyer.
• D.Require staff training on entering purchase orders into the enterprise resource planning (ERP) system.

Comment: *

Name: *

Email: *

Verification: *

What is an IS auditor's BEST recommendation for management if a network vulnerability assessment confirms that critical patches have not been applied since the last assessment?

• A.Implement a process to test and apply appropriate patches.
• B.Apply available patches and continue periodic monitoring.
• C.Configure servers to automatically apply available patches.
• D.Remove unpatched devices from the network.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST indicator of an effective employee information security program?

• A.Increased management support for security
• B.More efficient and effective incident handling
• C.Increased detection and reporting of incidents
• D.Reduced operational cost of security

Comment: *

Name: *

Email: *

Verification: *