CIS Quizzes

System and application is available to those who need it when they need it. C. System and application is available to those who need it when they need it. Reliability D. Data should accurately reflect the state of the business (timeliness of equines transactions and business rules). D. Business transactions and business rules). Planning/Organization The organization has the appropriate staff with roles and responsibilities to support the use of the application E. Purport the use of the application Critical -Bankruptcy Important-possible loss would require the business to take out loans to continue operation Unimportant-Exposures can be accommodated by existing assets without undue financial strain Question 7 2 out Of 2 points Audit Lifestyle: preliminary survey-?identify controls—perform testing of controls-?-identify findings–?audit report—follow up Which is the best document to define the scope of an audit?

Engagement letter Match the terms with their definitions: Information Leakage – information is disclosed Integrity violation – data consistency is threatened through unauthorized creation, alteration or destruction of data. Denial of service – legitimate access to information or other resources is deliberately hampered. Illegitimate use – a resource used by an authorized person in an unauthorized way Effectiveness-Compliance versus substantive reviews Efficiency- Cost Of control versus the risk (level and probability) Compensating Controls-Formalized versus informal practices

Residual Risk-Remaining risk Preventative controls- prevent harm, such as not engaging in a certain type of business. If I don’t want to experience online risks, then I don’t sell online. Detective – detect after harm has occurred. Detective controls are like alarms. Something is telling us that something bad has happened. Corrective -? correct or recover from harm. Insurance is a corrective control Directive/Deterrent – these are the controls that try to direct people not to do something and deter them. So a notice informing the user that they are responsible if they violate copyright Question 18

O out of 2 points E-business presents risks to the following areas except: Repudiation of transactions… It should be NON repudiation of transactions. Question 21 O out Of 2 points In database recovery, a checkpoint is: A checkpoint is a point where all transactions have been committed and the database is stable. A threat is anything that presents danger to an asset’s confidentiality, integrity, availability, or legitimate use. An attack is the realization of the threat. Vulnerabilities are weaknesses in a safeguard, or the absence of a safeguard. What is the purpose off Request for Information (REF)?

Selected Answer: To gather information on the products and their vendors in the marketplace. The last decision regarding vendor selection is whether to proceed with the software acquisition. Answers: True An auditor’s audit plan for project management, includes all of the following except: Verifying adequate resources are assigned. Independent review of project deliverables. Independent review of the project task list and budget to verify completeness and definition. Obtaining commitment and participation from stakeholders. The primary purpose of a Feasibility Study is to ensure a successful outcome.