A primary benefit derived from an organization employing controls self assessment techniques is that it: A: Can identify high risk areas that might need a detailed review later B: Allow IS auditors to independently assess risk C: Can be used as a replacement for traditional audits D: Allows management to relinquish responsibility for control

A poor choice of passwords and transmission over unprotected communications lines are examples of: A: Vulnerability B: Threats C: Probabilities D: Impacts

During which of the following phases in system development would user acceptance test plans normally be prepared? A: Feasibility study B: Requirements definition C: Implementation planning D: Post implementation review

Which of the following recovery strategies is most appropriate for a business having multiple offices within a region and a limited recovery budget? A: A hot site maintained by the business B: A commercial cold site C: A reciprocal arrangement between its offices D: A third-party hot site

The auditor is reviewing prior findings from an IT audit of a hospital. One finding indicates that the organization was using e-mail to communicate sensitive patient issues. The IT manager indicates that to address the finding, the organization has implemented digital signatures for all e-mail users. What should the IS auditor's response be? A: Digital signatures are adequate to protect confidentiality. B: Digital signatures are not adequate to protect confidentiality. C: The auditor should recommend implementation of digital watermarking for secure email. D: The auditor should gather more information about the specific implementation.

An IS auditor is reviewing a testing procedure and has concluded that material errors were not identified. What type of risk does this represent? A: Detection risk B: Audit risk C: Control risk D: Inherent risk

To aid management in achieving IT and business alignment, an IS auditor should recommend the use of: A: Control Self Assessment (CSA) B: A business impact analysis (BIA) C: An IT balanced scorecard (BSC) D: Business Process Re-engineering

Which testing approach is most appropriate to ensure that internal application interface errors are identified as soon as possible? A: Bottom-up B: Sociability testing C: Top-down D: System test

An IS auditor has completed an audit of the IT department of an organization. Which of the following findings should be considered the most critical? A: Workstation operating system patch levels are not consistent on each machine B: The business continuity plan is current, but is not tested annually C: The password change policy is not being actively enforced D: Servers are not backed up on a regular basis

An installed Ethernet cable run in an unshielded twisted pair (UTP) network is more than 100 meters long. Which of the following could be caused by the length of the cable? A: Electromagnetic interference B: Crosstalk C: Dispersion D: Attenuation

Which of the following forms of evidence will an IS auditor consider the most reliable? A: An oral statement from the auditee B: The results of a test performed by an external IS auditor C: An internally generated computer accounting report D: A confirmation letter received from an outside source

The ultimate purpose of IT governance is to: A: Encourage optimal use of IT B: Reduce IT costs C: Decentralize IT resources across the organization D: Centralize control of IT

Which of the following line media would provide the best security for a telecommunication network? A: Broadband network digital transmission B: Baseband network C: Dial-up D: Dedicated lines

An organization has a recovery time objective (RTO) equal to zero and a recovery point objective close to one minute for a critical system. This implies that the system can tolerate: A: A data loss of up to one minute, but the processing must be continuous B: A 1-minute processing interruption but cannot tolerate any data loss C: A processing interruption of one minute or more D: Both a data loss and a processing interruption longer than one minute

Digital signatures require the: A: Signer to have a public key and the receiver to have a private key B: Signer to have a private key and the receiver to have a public key C: Signer and receiver to have a public key D: Signer and receiver to have a private key