An IS auditor is reviewing a contract management process to determine the financial viability of a software vendor for a critical business application. An IS auditor should determine whether the vendor being considered:A.can deliver on the immediate contract.B.is of similar financial standing as the organization.C.has significant financial obligations that can impose liability to the organization.D.can support the organization in the long term.A decision support system is used to help high-level management:A.solve highly structured problems.B.combine the use of decision models with predetermined criteria.C.make decisions based on data analysis and interactive models.D.support only structured decision-making tasks.While reviewing a quality management system, the IS auditor should PRIMARILY focus on collecting evidence to show that:A.quality management systems comply with good practices.B.continuous improvement targets are being monitored.C.standard operating procedures of IT are updated annually.D.key performance indicators are defined.When reviewing the development of information security policies, the PRIMARY focus of an IS auditor should be on assuring that these policies:A.are aligned with globally accepted industry good practices.B.are approved by the board of directors and senior management.C.strike a balance between business and security requirements.D.provide direction for implementing security procedures.Corporate IT policy for a call center requires that all users be assigned unique user accounts. On discovering that this is not the case for all current users, what is the MOST appropriate recommendation?A.Have the current configuration approved by operations management.B.Ensure that there is an audit trail for all existing accounts.C.Implement individual user accounts for all staff.D.Amend the IT policy to allow shared accounts.Which of the following should an IS auditor recommend to BEST enforce alignment of an IT project portfolio with strategic organizational priorities?A.Define a balanced scorecard for measuring performance.B.Consider user satisfaction in the key performance indicators.C.Select projects according to business benefits and risk.D.Modify the yearly process of defining the project portfolio.An IS auditor wants to analyze audit trails on critical servers to discover potential anomalies in user or system behavior. Which of the following is the MOST suitable for performing that task?A.Computer-aided software engineering toolsB.Embedded data collection toolsC.Trend/variance detection toolsD.Heuristic scanning toolsThe output of the risk management process is an input for making:A.business plans.B.audit charters.C.security policy decisions.D.software design decisions.Which of the following should be of GREATEST concern to an IS auditor when reviewing an information security policy? The policy:A.is driven by an IT department's objectives.B.is published, but users are not required to read the policy.C.does not include information security procedures.D.has not been updated in over a year.Which of the following goals do you expect to find in an organization's strategic plan?A.Results of new software testingB.An evaluation of information technology needsC.Short-term project plans for a new planning systemD.Approved suppliers for products offered by the companyWhich of the following is an implementation risk within the process of decision support systems?A.Management controlB.Semistructured dimensionsC.Inability to specify purpose and usage patternsD.Changes in decision processesWhich of the following user profiles should be of MOST concern to an IS auditor when performing an audit of an electronic funds transfer (EFT) system?A.Three users with the ability to capture and verify their own messagesB.Five users with the ability to capture and send their own messagesC.Five users with the ability to verify other users and to send their own messagesD.Three users with the ability to capture and verify the messages of other users and to send their own messagesThe PRIMARY benefit of implementing a security program as part of a security governance framework is the:A.alignment of the IT activities with IS audit recommendations.B.enforcement of the management of security risk.C.implementation of the chief information security officer's recommendations.D.reduction of the cost for IT security.Which of the following IT governance good practices improves strategic alignment?A.Supplier and partner risk is managed.B.A knowledge base on customers, products, markets and processes is in place.C.A structure is provided that facilitates the creation and sharing of business information.D.Top management mediates between the imperatives of business and technology.An IS auditor is reviewing an IT security risk management program. Measures of security risk should:A.address all of the network risk.B.be tracked over time against the IT strategic plan.C.consider the entire IT environment.D.result in the identification of vulnerability tolerances.Which of the following insurance types provide for a loss arising from fraudulent acts by employees?A.Business interruptionB.Fidelity coverageC.Errors and omissionsD.Extra expenseWhich of the following should an IS auditor use to detect duplicate invoice records within an invoice master file?A.Attribute samplingB.Computer-assisted audit techniquesC.Compliance testingD.Integrated test facilityAn IS auditor is determining the appropriate sample size for testing the existence of program change approvals. Previous audits did not indicate any exceptions, and management has confirmed that no exceptions have been reported for the review period. In this context, the IS auditor can adopt a:A.lower confidence coefficient, resulting in a smaller sample size.B.higher confidence coefficient, resulting in a smaller sample size.C.higher confidence coefficient, resulting in a larger sample size.D.lower confidence coefficient, resulting in a larger sample size.During an audit, an IS auditor notices that the IT department of a medium-sized organization has no separate risk management function, and the organization's operational risk documentation only contains a few broadly described types of IT risk. What is the MOST appropriate recommendation in this situation?A.Create an IT risk management department and establish an IT risk framework with the aid of external risk management experts.B.Use common industry standard aids to divide the existing risk documentation into several individual types of risk which will be easier to handle.C.No recommendation is necessary because the current approach is appropriate for a medium-sized organization.D.Establish regular IT risk management meetings to identify and assess risk and create a mitigation plan as input to the organization's risk management.Which of the following should be included in an organization's information security policy?A.A list of key IT resources to be securedB.The basis for access control authorizationC.Identity of sensitive security assetsD.Relevant software security features
Explore Features
Discover the full suite of AI-powered study tools.
Study Plan
Build a personalized study schedule powered by AI.
Record Lecture
Capture and generate enhanced notes from your lectures.
Notes
Automatically generate comprehensive notes from any course material.
Calendar
Plan personalized study sessions with AI-assisted scheduling
Tutor Me
Get comprehensive step-by-step explanations on any topic.
Spark.E Call
Have a live voice conversation with your AI tutor.
Spark.E Visuals
Analyze diagrams, charts, and images with AI-powered explanations.
Audio Recap
Generate podcast-style audio summaries of your study materials.
Explainer Video
Turn any topic into an AI-generated educational video.
Flashcards
Create smart flashcard decks from your study materials with one click.
QuizFetch
Auto-generated quizzes from your uploaded content.
Arcade
Learn through interactive study games.
Exam-Specific Questions
Practice with real exam formats and questions.
Practice Tests
Simulate full-length exams from your material.
Essay Grader
Receive personalized feedback and grading on your essays.
Plugins
Shape the way Spark.E teaches you.
Mini Apps
Explore interactive study apps or build your own.