11: When developing an information security policy, what is the FIRST step that should be taken? A. Obtain copies of mandatory regulations. B. Gain management approval. C. Seek acceptance from other departments. D. Ensure policy is compliant with current working practices.7: What is the function of a corporate information security policy? A. Issue corporate standard to be used when addressing specific security problems. B. Issue guidelines in selecting equipment, configuration, design, and secure operations. C. Define the specific assets to be protected and identify the specific tasks which must be completed to secure them. D. Define the main security objectives which must be achieved and the security framework to meet business objectives.An organization is implementing an enterprise resource planning application. Of the following, who is PRIMARILY responsible for overseeing the project to ensure that it is progressing in accordance with the project plan and that it will deliver the expected results?A.Project sponsorB.System development project teamC.Project steering committeeD.User project teamAn IS auditor has found time constraints and expanded needs to be the root causes for recent violations of corporate data definition standards in a new business intelligence project. Which of the following is the MOST appropriate suggestion for an auditor to make?A.Achieve standards alignment through an increase of resources devoted to the project.B.Align the data definition standards after completion of the project.C.Delay the project until compliance with standards can be achieved.D.Enforce standard compliance by adopting punitive measures against violators.Which of the following would be the MOST cost-effective recommendation for reducing the number of defects encountered during software development projects?A.Increase the time allocated for system testing.B.Implement formal software inspections.C.Increase the development staff.D.Require the sign-off of all project deliverables.Many IT projects experience problems because the development time and/or resource requirements are underestimated. Which of the following techniques provides the GREATEST assistance in developing an estimate of project duration?A.Function point analysisB.Program evaluation review technique chartC.Rapid application developmentD.Object-oriented system development6: Which of the following department managers would be best suited to oversee the development of an information security policy? A.) Information Systems B.) Human Resources C.) Business operations D.) Security administrationAn IS auditor who is auditing the software acquisition process will ensure that the:A.contract is reviewed and approved by the legal counsel before it is signed.B.requirements cannot be met with the systems already in place.C.requirements are found to be critical for the business.D.user participation is adequate in the process.When auditing the proposed acquisition of a new computer system, an IS auditor should FIRST ensure that:A.a clear business case has been approved by management.B.corporate security standards will be met.C.users will be involved in the implementation plan.D.the new system will meet all required user functionality.2: A security policy would include all of the following EXCEPT A. Background B. Scope statement C. Audit requirements D. EnforcementAn IS auditor is assigned to review IT structures and activities recently outsourced to various providers. Which of the following should the IS auditor determine FIRST?A.An audit clause is present in all contracts.B.The service level agreement of each contract is substantiated by appropriate key performance indicators.C.The contractual warranties of the providers support the business needs of the organization.D.At contract termination, support is guaranteed by each outsourcer for new outsourcers.When performing a review of a business process reengineering (BPR) effort, which of the following is of PRIMARY concern?A.Controls are eliminated as part of the streamlining BPR effort.B.Resources are not adequate to support the BPR process.C.The audit department does not have a consulting role in the BPR effort.D.The BPR effort includes employees with limited knowledge of the process area.An IS auditor is reviewing IT projects for a large company and wants to determine whether the IT projects undertaken in a given year are those which have been assigned the highest priority by the business and which will generate the greatest business value. Which of the following is MOST relevant?A.A capability maturity model (CMM)B.Portfolio managementC.Configuration managementD.Project management body of knowledge (PMBOK)An IS auditor is performing a review of an organization's governance model. Which of the following should be of MOST concern to the auditor?A.The information security policy is not periodically reviewed by senior management.B.A policy ensuring systems are patched in a timely manner does not exist.C.The audit committee did not review the organization's global mission statement.D.An organizational policy related to information asset protection does not exist.When auditing the IT governance framework and IT risk management practices that exist within an organization, the IS auditor identified some undefined responsibilities regarding IT management and governance roles. Which of the following recommendations is the MOST appropriate?A.Review the strategic alignment of IT with the business.B.Implement accountability rules within the organization.C.Ensure that independent IS audits are conducted periodically.D.Create a chief risk officer role in the organization.An enterprise is looking to obtain cloud hosting services from a cloud vendor with a high level of maturity. Which of the following is MOST important for the auditor to ensure continued alignment with the enterprise's security requirements?A.The vendor provides the latest third-party audit report for verification.B.The vendor provides the latest internal audit report for verification.C.The vendor agrees to implement controls in alignment with the enterprise.D.The vendor agrees to provide annual external audit reports in the contract.Which of the following should be included in a feasibility study for a project to implement an electronic data interchange process?A.The encryption algorithm formatB.The detailed internal control proceduresC.The necessary communication protocolsD.The proposed trusted third-party agreementAn organization has a well-established risk management process. Which of the following risk management practices would MOST likely expose the organization to the greatest amount of compliance risk?A.Risk reductionB.Risk transferC.Risk avoidanceD.Risk mitigationWhich of the following is the BEST reference for an IS auditor to determine a vendor's ability to meet service level agreement (SLA) requirements for a critical IT security service?A.Compliance with the master agreementB.Agreed-on key performance metricsC.Results of business continuity testsD.Results of independent audit reportsAn IS auditor reviewing the IT project management process is reviewing a feasibility study for a critical project to build a new data center. The IS auditor is MOST concerned about the fact that:A.it has not been determined how the project fits into the overall project portfolio.B.the organizational impact of the project has not been assessed.C.not all IT stakeholders have been given an opportunity to provide input.D.the environmental impact of the data center has not been considered.
Explore Features
Discover the full suite of AI-powered study tools.
Study Plan
Build a personalized study schedule powered by AI.
Record Lecture
Capture and generate enhanced notes from your lectures.
Notes
Automatically generate comprehensive notes from any course material.
Calendar
Plan personalized study sessions with AI-assisted scheduling
Tutor Me
Get comprehensive step-by-step explanations on any topic.
Spark.E Call
Have a live voice conversation with your AI tutor.
Spark.E Visuals
Analyze diagrams, charts, and images with AI-powered explanations.
Audio Recap
Generate podcast-style audio summaries of your study materials.
Explainer Video
Turn any topic into an AI-generated educational video.
Flashcards
Create smart flashcard decks from your study materials with one click.
QuizFetch
Auto-generated quizzes from your uploaded content.
Arcade
Learn through interactive study games.
Exam-Specific Questions
Practice with real exam formats and questions.
Practice Tests
Simulate full-length exams from your material.
Essay Grader
Receive personalized feedback and grading on your essays.
Plugins
Shape the way Spark.E teaches you.
Mini Apps
Explore interactive study apps or build your own.