The request for proposal (RFP) for the acquisition of an application system would MOST likely be

approved by the:

A. A. steering committee. correct

B. B. strategy committee
C. C. board of management
D. D. user project team.
Difficulty: Easy70% got this correct
Incorrect Discuss this Question
2) IS department is in process of floating the request for proposal (RFP) for the acquisition of
an application system. Who would MOST likely to approve content of RFP:

A. A. project steering committee. correct

B. B. project sponsor.
C. C. project manager.
D. D. IS Strategy committee.
Difficulty: Easy70% got this correct
Incorrect Discuss this Question
3) Which of the following is a PRIME role of an IS strategy committee?

A. A. Ensuring installation of genuine software in every computer.

B. B. Ensure efficient use of IT resources.
C. C. Prepare and monitor system implementation plans.
D. D. Advise board members about new projects. correct
Difficulty: Easy84% got this correct
Incorrect Discuss this Question
4) The IT steering committee's role in the IT planning process is to:

A. A. document meeting notes.

B. B. to approve expenditure of the funds correct
C. C. conduct meetings regularly.
D. D. approve meeting notes.
Difficulty: Easy57% got this correct
Incorrect Discuss this Question
5) When reviewing a application development project, an IS auditor finds that the project team
is skipping the validation and verification processes to meet the project deadlines. Under
these circumstances, the IS auditor would MOST likely:

A. A. report the risks associated with such process to IT Strategy Committee.

B. B. report the risks associated with such process to IT Steering Committee.
C. C. report the risks associated with such process to board.
D. D report the risks associated with such process to project team. correct
Incorrect Difficulty: Easy86% got this correct
 Discuss this Question
6) IS auditor is reviewing software development process. Which of the following is best way to
ensure that business requirements are met during software development?

A. A. Proper training to developer.

B. B. Programmers with good business knowledge.
C. C. Adequate documentation.
D. D. user engagement in development process. Correct
Difficulty: Easy90% got this correct
Incorrect Discuss this Question
7) An organisation has outsourced IT support service. A probable advantage of outsourcing is
that:

A. A. reliance can be placed on expertise of outsourcing vendors. correct

B. B. more control can be exercised over IT processing.
C. C. organisation can transfer their accountability in terms of privacy laws.
D. D. employee satisfaction may increases.
Difficulty: Easy82% got this correct
Incorrect Discuss this Question
8) An IS auditor reviewing an outsourcing operations of IT facilities. He should be MOST
concerned about which of the following findings?

A. A. clause with respect to BCP/DRP of IT operations not included in outsourcing

contract. Correct
B. B. The service provider does not have incident handling procedures.
C. C. Employees of outsourced vendors are not trained on regular basis.
D. D. Incident logs are not being reviewed.
Difficulty: Easy81% got this correct
Incorrect Discuss this Question
9) Accountability for the maintenance of appropriate security measures over information assets
resides with the:

A. A. security administrator.
B. B. database administrator.
C. C. resource owners. correct
D. D. IT group.
Difficulty: Hard30% got this correct
Incorrect Discuss this Question
10) An IS auditor should expect which of the following items to be included in the request for
proposal (RFP) when IS is procuring services from an independent service provider for
proposal (RFP) when IS is procuring services from an independent service provider

A. A. Compliance with regulatory requirements

 B. B. Promoting ethical understanding
C. C. Security awareness programs correct
D. D. Effective performance incentives
Difficulty: Easy82% got this correct
Incorrect Discuss this Question
11) Which of the following is a major control weakness that can adversely affect a system
development project?

A. A. Out of 10 recommendation from IT strategy committee, board has approved only 8

recommendations.
B. B. Project deadlines have not been specified in project approval plan.
C. C. Project Manager has not been specified in project approval plan.
D. D. The organization has decided that a project steering committee is not required
correct.

Difficulty: Easy69% got this correct

Incorrect Discuss this Question
1) Which of the following is a PRIME role of an IS steering committee?

A. A. Ensuring installation of genuine software in every computer.

B. B. Ensure efficient use of IT resources.
C. C. Vendor assessment.
D. D. Advise board members about new projects.
Difficulty: Easy59% got this correct
Incorrect Discuss this Question
2) An IS steering committee should:

A. A. include a mix of members from different departments and management levels.

B. B. ensure that IS security policies and procedures have been properly executed.
C. C. key executives and representative from user management .
D. D. includes all board members.
Difficulty: Hard48% got this correct
Incorrect Discuss this Question
3) In an organization where an IT security baseline has been defined, the IS auditor should
FIRST ensure:

A. A. that they are consistent across the organization.

B. B. that they are implemented as a part of risk assessment.
C. C. compliance with all policies.
D. D. that they are reviewed periodically.
Difficulty: Hard49% got this correct
Incorrect Discuss this Question
4) In an organization, the responsibilities for IT security are clearly assigned and enforced and
an IT security risk and impact analysis is consistently performed. This represents and an IT
security risk and impact analysis is consistently performed. This represents

A. A. stored offsite.
B. B. written by IS management.
C. C. circulated to users.
D. D. updated frequently.

1) Which of the following ensures a sender's authenticity ?

A. A. Encrypting the hash of the message with the sender's private key

B. B. Encrypting the message with the receiver's Public key

C. C. Encrypting the hash of the message with the sender's public

D. D. Encrypting the message with the receiver's private key

Difficulty: Easy94% got this correct

Incorrect
Discuss this Question

2) An organization wants to protect a network from Internet attack. Which of the following
firewall structure would BEST ensure the protection?

A. A. Screened subnet firewall

B. B. Screened host firewall

C. C. Packet filtering router

D. D. Circuit-level gateway

Difficulty: Easy51% got this correct

Incorrect
Discuss this Question

3) E-mail traffic from the Internet is routed via firewall-1 to the mail gateway. Mail is routed
from the mail gateway, via firewall-2, to the mail recipients in the internal network. Other
traffic is not allowed. For example, the firewalls do not allow direct traffic from the Internet
to the internal network. The intrusion detection system (IDS) detects traffic for the internal
 network that did not originate from the mail gateway. The FIRST action triggered by the IDS
should be to:

A. A. alert the appropriate staff.

B. B. create an entry in the log.

C. C. close firewall-2.

D. D. close firewall-1.

Difficulty: Easy58% got this correct

Incorrect
Discuss this Question

4) Which of the following ensures a sender's authenticity and an e-mail's confidentiality?

A. A. Encrypting the hash of the message with the sender's private key and thereafter
encrypting the hash of the message with the receiver's public key

B. B. The sender digitally signing the message and thereafter encrypting the hash of the
message with the sender's private key

C. C. Encrypting the hash of the message with the sender's private key and thereafter
encrypting the message with the receiver's public key

D. D. Encrypting the message with the sender's private key and encrypting the message
hash with the receiver's public key encrypting the message with the receiver's public key