A4-1 -258 Flashcards
An organization is considering using a new IT service provider. From an audit perspective, which of the following would be the MOST important item to review?
A. References from other clients for the service providers
B. The physical security of the service provider site
C. The proposed service level agreement with the service provider.
D. Background checks of the service provider’s employees.
C. The proposed service level agreement with the service provider.
An IS auditor is to assess the suitability of a service level agreement (SLA) between the organization and the supplier of the outsources services. To which of the following observations should the IS auditor pay the MOST attention? The SLA does not contain a:
A. transition clause from the old supplier to a new supplier or back to internal in case of expiration or termination.
B. late payment clause between the customer and the supplier.
C. contractual commitment between the customer and the supplier
D. Dispute resolution procedure between the contracting parties.
A. transition clause from the old supplier to a new supplier or back to internal in case of expiration or termination.
An IS auditor reviewing a new outsourcing contract with a service provider would be MOST concerned if which of the following was missing?
A. a clause providing a “right to audit” the service provider
B. A clause providing penalty payments for poor performance.
C. Predefined service level report templates
D. a clause regarding supplier limitation of liability.
A. a clause providing a “right to audit” the service provider
When reviewing the desktop software compliance of an organization, the IS auditor should be MOST concerned if the installed software:
A. was installed, but not documented in the IT department records.
B. was being used by users not properly trained in its use.
C. is not listed in the approved software standards document.
D. license will expire in the next 15 days.
C. is not listed in the approved software standards document.
An IS auditor of a health care organization is reviewing contractual terms and conditions of a third-party cloud provider being considered to host patient health information. Which of the following contractual terms would be the GREATEST risk to the customer organization?
A. Data ownership is retained by the customer organization
B. The third-party provider reserves the right to access data to perform certain operations.
C. Bulk data withdrawal mechanisms are undermined.
D. The customer organization is responsible for backup, archive, and restore.
B. The third-party provider reserves the right to access data to perform certain operations.
Which of the following recovery strategies is MOST appropriate for a business having multiple offices within a region and a .limited recovery budget?
A. A hot site maintained by the business
B. A commercial cold site
C. A reciprocal arrangement between its offices
D. A third-party hot site
C. A reciprocal arrangement between its offices
During an application audit, an IS auditor is asked to provide assurance of the database referential integrity. Which of the following should be reviewed?
A. Field definition
B. Master table definition
C. Composite keys
D. Foreign Key structure
D. Foreign Key structure
An IS auditor is reviewing database security for an organization. Which of the following is the MOST important consideration for database hardening?
A. The default configurations are changed
B. All tables in the database are denormalized.
C. Stored procedures and triggers are encrypted
D. The service port used by the database os changed.
A. The default configurations are changed.
In auditing a database environment, an IS auditor will be MOST concerned if the database administrator is performing which of the following functions?
A. Performing database changes according to change management procedures
B. Installing patches or upgrades to the operating system
C. Sizing table space and consulting on table join limitations
D. Performing backup and recovery procedures.
B. Installing patches or upgrades to the operating system
Which of the following is the MOST reasonable option for recovering a non-critical system?
A. Warm site
B. Mobile site
C. Hot site
D. Cold site
D. Cold site
An IS auditor is evaluating the effectiveness of the change management process in an organization. What is the MOST important control that the IS auditor should look for to ensure system availability?
A. Changes are authorized by IT managers at all times.
B. User acceptance testing is performed and properly documented.
C. Test plans and procedures exist and are closely followed.
D. Capacity planning is performed as part of each development project.
C. Test plans and procedures exist and are closely followed.
Data flow diagrams are used by IS auditors to:
A. identify key controls
B. highlight high-level data definitions
C. graphically summarize data paths and storage
D. portray step-by-step details of data generation.
C. graphically summarize data paths and storage
Which of the following statement is useful while drafting a disaster recovery plan?
A. Downtime costs decrease as the recovery point objective increases
B. Downtime costs increase with time.
C. Recovery costs are independent of time
D. Recovery costs can only be controlled on a short-term basis.
B. Downtime costs increase with time.
Although management has stated otherwise, an IS auditor has reasons to believe that the organization is using software that is not licensed. In this situation, the IS auditor should FIRST:
A. include the statement from management in the audit report.
B. verify the software is in use through testing.
C. include the item in the audit report.
D. discuss the issue with senior management because it could have a negative impact on the organization.
B. verify the software is in use through testing.
An advantage of using unshielded twisted paid (UTP) cable for data communication over the copper based cables is the UTP cable:
A. reduces crosstalk between pairs.
B. provides protection against wiretapping.
C. can be used in long-distant networks.
D. is simple to install.
A. reduces crosstalk between pairs.