100%(8)8 out of 8 people found this document helpful
This preview shows page 7 - 10 out of 10 pages.
User finger and user retina to obtain access to the system3.User password and USB token required to obtain access to the system
4.User password and user challenge question to obtain access to the system29. During the planning stage of an IT audit, the PRIMARY goal of the IT auditor is tospecify appropriatetests.collect sufficient evidence.address audit objectives.minimize audit resources.30. An IT auditor reviewing the log of failed logon attempts would be MOST concerned if which of the following accounts was targeted?1.Network administrator2.System administrator3.Data administrator4.Database administrator31. In performing a risk-based audit, which risk assessment is completed initially by the IT auditor?Detection risk assessmentControl risk assessmentFraud risk assessmentInherent risk assessment32. During the planning stage of an IT audit, the PRIMARY goal of the IT auditor is tominimize audit resources.collect sufficient evidence.
c.address audit objectives.33. During an audit of a large bank, the IT auditor observes that no formal risk assessment exercise has been carried out of the various business applications to arrive at their relative importance and recovery time requirements. The risk to which the bank is exposed is that the:1.business continuity plan may not have been calibrated to the relative risk that disruption of each application poses to the organization2.business continuity plan may not include all relevant applications and, therefore, may lack completeness in terms of its coverage3.business impact of a disaster may not have been accurately understood by the management4.business continuity plan may lack an effective ownership by the business owners of such applications34. A primary purpose of the closing conference is toa.b.c.d.determine the scope of the audit.resolve remaining issues.gather audit evidence.implement audit findings.35. Which of the following is a proper step in an audit program?Definition of audit objectives.Planning for audit reporting.Notification of the audit.Observation of procedures.36. While developing a risk-based audit program, on which of the following would the IT auditor MOST likely focus?
a.Business processesb.Business strategiesc.Critical IT applicationsd.Operational controls