Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following is a benefit of a risk-based approach
to audit planning? Audit:
A. scheduling may be performed months in advance.
B. budgets are more likely to be met by the IS audit staff.
C. staff will be exposed to a variety of technologies.
D. resources are allocated to the areas of highest concern.
- 1 Answers
- 8884 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: D
The risk-based approach is designed to ensure audit time is
spent on the areas of highest risk. The development of an
audit schedule is not addressed by a risk-based approach.
Audit schedules may be prepared months in advance using
various scheduling methods. A risk approach does not have a
direct correlation to the audit staff meeting time budgets
on a particular audit, nor does it necessarily mean a wider
variety of audits will be performed in a given year.
| Is This Answer Correct ? | 6 Yes | 0 No |
An offsite information processing facility having electrical wiring, air conditioning and flooring, but no computer or communications equipment is a: A. cold site. B. warm site. C. dial-up site. D. duplicate processing facility.
The PRIMARY objective of a firewall is to protect: A. internal systems from exploitation by external threats. B. external systems from exploitation by internal threats. C. internal systems from exploitation by internal threats. D. itself and attached systems against being used to attack other systems.
An organization has outsourced network and desktop support. Although the relationship has been reasonably successful, risks remain due to connectivity issues. Which of the following controls should FIRST be performed to assure the organization reasonably mitigates these possible risks? A. Network defense program B. Encryption/Authentication C. Adequate reporting between organizations D. Adequate definition in contractual relationship
Congestion control is BEST handled by which OSI layer? A. Data link B. Session layer C. Transport layer D. Network layer
The IS department of an organization wants to ensure that the computer files, used in the information processing facility, are backed up adequately to allow for proper recovery. This is a/an: A. control procedure. B. control objective. C. corrective control. D. operational control.
Many IT projects experience problems because the development time and/or resource requirements are underestimated. Which of the following techniques would provide the GREATEST assistance in developing an estimate of project duration? A. Function point analysis B. PERT chart C. Rapid application development D. Object-oriented system development
Which of the following is the MOST effective control over visitor access to a data center? A. Visitors are escorted. B. Visitor badges are required. C. Visitors sign in. D. Visitors are spot-checked by operators.
purchase orders issued to vendors have been authorized as per the authorization matrix
An IS auditor when reviewing a network used for Internet communications, will FIRST examine the: A. validity of passwords change occurrences. B. architecture of the client-server application. C. network architecture and design. D. firewall protection and proxy servers.
Which of the following methods of suppressing a fire in a data center is the MOST effective and environmentally friendly? A. Halon gas B. Wet-pipe sprinklers C. Dry-pipe sprinklers D. Carbon dioxide gas
When auditing the requirements phase of a system development project, an IS auditor would: A. assess the adequacy of audit trails. B. identify and determine the criticality of the need. C. verify cost justifications and anticipated benefits. D. ensure that control specifications have been defined.
The document used by the top management of organizations to delegate authority to the IS audit function is the: A. long-term audit plan. B. audit charter. C. audit planning methodology. D. steering committee minutes.
Cisco Certifications 
