Which of the following is a concern when data is transmitted through secure socket layer (SSL) encryption implemented on a trading partner's server? A. Organization does not have control over encryption. B. Messages are subjected to wire tapping. C. Data might not reach the intended recipient. D. The communication may not be secure.

The responsibility, authority and accountability of the IS audit function is documented appropriately in an audit charter and MUST be: A. approved by the highest level of management. B. approved by audit department management. C. approved by user department management. D. changed every year before commencement of IS audits.

In which of the following network configurations would problem resolution be the easiest? A. Bus B. Ring C.Star D. Mesh

Which of the following is the operating system mode in which all instructions can be executed? A. Problem B. Interrupt C. Supervisor D. Standard processing

Which of the following BEST describes the role of a systems analyst? A. Defines corporate databases B. Designs systems based on the needs of the user C. Schedules computer resources D. Tests and evaluates programmer and optimization tools

The PRIMARY reason for separating the test and development environments is to: A. restrict access to systems under test. B. segregate user and development staff. C. control the stability of the test environment. D. secure access to systems under development.

Information for detecting unauthorized input from a terminal would be BEST provided by the: A. console log printout. B. transaction journal. C. automated suspense file listing. D. user error report.

Congestion control is BEST handled by which OSI layer? A. Data link B. Session layer C. Transport layer D. Network layer

A universal serial bus (USB) port: A. connects the network without a network card. B. connects the network with an Ethernet adapter. C. replaces all existing connections. D. connects the monitor.

An IS auditor reviewing database controls discovered that changes to the database during normal working hours were handled through a standard set of procedures. However, changes made after normal hours required only an abbreviated number of steps. In this situation, which of the following would be considered an adequate set of compensating controls? A. Allow changes to be made only with the DBA user account. B. Make changes to the database after granting access to a normal user account C. Use the DBA user account to make changes, log the changes and review the change log the following day. D. Use the normal user account to make changes, log the changes and review the change log the following day.

When assessing the portability of a database application, the IS auditor should verify that: A. a structured query language (SQL) is used. B. information import and export procedures with other systems exist. C. indexes are used. D. all entities have a significant name and identified primary and foreign keys.

Utilizing audit software to compare the object code of two programs is an audit technique used to test program: A. logic. B. changes. C. efficiency. D. computations.

The PRIMARY advantage of a continuous audit approach is that it: A. does not require an IS auditor to collect evidence on system reliability while processing is taking place. B. requires the IS auditor to review and follow up immediately on all information collected. C. can improve system security when used in time-sharing environments that process a large number of transactions. D. does not depend on the complexity of an organization's computer systems.

Which of the following techniques would provide the BEST assurance that the estimate of program development effort is reliable? A. Function point analysis B. Estimates by business area C. A computer-based project schedule D. An estimate by experienced programmer

Which of the following would help to ensure the portability of an application connected to a database? The: A. verification of database import and export procedures. B. usage of a structured query language (SQL). C. analysis of stored procedures/triggers. D. synchronization of the entity-relation model with the database physical schema.