1. IS auditors who have participated in the development of an application system might have their independence impaired if they:
A. perform an application development review.
B. recommend control and other system enhancements.
C. perform an independent evaluation of the application after its implementation.
D. are actively involved in the design and implementation of the application system.
2. An IS auditor conducting a review of software usage and licensing discovers that numerous PCs contain unauthorized software. Which of the following actions should the IS auditor take?
A. Personally delete all copies of the unauthorized software.
B. Inform auditee of the unauthorized software and follow-up to confirm deletion.
C. Report the use of the unauthorized software to auditee management and the need to prevent recurrence.
D. Take no action, as it is a commonly accepted practice and operations management is responsible for monitoring such use.
3. Which of the following procedures would MOST effectively detect the loading of illegal software packages onto a network?
A. The use of diskless workstations
B. Periodic checking of hard drives
C. The use of current anti-virus software
D. Policies that result in instant dismissal if violated
4. Which of the following is a role of an information systems steering committee?
A. Initiate computer applications.
B. Ensure efficient use of data processing resources.
C. Prepare and monitor system implementation plans.
D. Review the performance of the systems department.
5. An IS auditor reviewing an outsourcing contract of IT facilities would expect it to define the:
A. hardware configuration.
B. access control software.
C. ownership of intellectual property.
D. application development methodology.
6. Which of the following types of firewalls would BEST protect a network from an Internet attack?
A. Screened sub-net firewall
B. Application filtering gateway
C. Packet filtering router
D. Circuit level gateway
7. Applying a retention date on a file will ensure that:
A. data cannot be read until the date is set.
B. data will not be deleted before that date.
C. backup copies are not retained after that date.
D. datasets having the same name are differentiated.
8. A company disposing of personal computers that once were used to store confidential data should first:
A. demagnetize the hard disk.
B. low level format the hard disk.
C. delete all data contained on the hard disk.
D. defragment the data contained on the hard disk.
9. Which of the following controls will MOST effectively detect the presence of bursts of errors in network transmissions?
A. Parity check
B. Echo check
C. Block sum check
D. Cyclic redundancy check
10. A TCP/IP based environment is exposed to the Internet. Which of the following BEST ensures that complete encryption and authentication protocols exist for protecting information while transmitted?