| 1. | An IS auditor is using a statistical sample to inventory the tape library. What type of test would this be considered? 
| A. | Substantive |
| B. | Compliance |
| C. | Integrated |
| D. | Continuous audit |
|
| 2. | Which of the following would prevent accountability for an action performed, thus allowing nonrepudiation?
| A. | Proper authentication |
| B. | Proper identification AND authentication |
| C. | Proper identification |
| D. | Proper identification, authentication, AND authorization |
|
| 3. | Which of the following is the MOST critical step in planning an audit?
| A. | Implementing a prescribed auditing framework such as COBIT |
| B. | Identifying current controls |
| C. | Identifying high-risk audit targets |
| D. | Testing controls |
|
| 4. | To properly evaluate the collective effect of preventative, detective, or corrective controls within a process, an IS auditor should be aware of which of the following? Choose the BEST answer.
| A. | The business objectives of the organization |
| B. | The effect of segregation of duties on internal controls |
| C. | The point at which controls are exercised as data flows through the system |
| D. | Organizational control policies |
|
| 5. | What is the recommended initial step for an IS auditor to implement continuous-monitoring systems?
| A. | Document existing internal controls |
| B. | Perform compliance testing on internal controls |
| C. | Establish a controls-monitoring steering committee |
| D. | Identify high-risk areas within the organization |
|
| 6. | What type of risk is associated with authorized program exits (trap doors)? Choose the BEST answer.
| A. | Business risk |
| B. | Audit risk |
| C. | Detective risk |
| D. | Inherent risk |
|
| 7. | Which of the following is best suited for searching for address field duplications?
| A. | Text search forensic utility software |
| B. | Generalized audit software |
| C. | Productivity audit software |
| D. | Manual review |
|
| 8. | Which of the following is of greatest concern to the IS auditor?
| A. | Failure to report a successful attack on the network |
| B. | Failure to prevent a successful attack on the network |
| C. | Failure to recover from a successful attack on the network |
| D. | Failure to detect a successful attack on the network |
|
| 9. | An integrated test facility is not considered a useful audit tool because it cannot compare processing output with independently calculated data. True or false?
| A. | True |
| B. | False |
|
| 10. | An advantage of a continuous audit approach is that it can improve system security when used in time-sharing environments that process a large number of transactions. True or false?
| A. | True |
| B. | False |
|
| 11. | If an IS auditor finds evidence of risk involved in not implementing proper segregation of duties, such as having the security administrator perform an operations function, what is the auditor's primary responsibility?
| A. | To advise senior management. |
| B. | To reassign job functions to eliminate potential fraud. |
| C. | To implement compensator controls. |
| D. | Segregation of duties is an administrative control not considered by an IS auditor. |
|
| 12. | Who is responsible for implementing cost-effective controls in an automated system?
| A. | Security policy administrators |
| B. | Business unit management |
| C. | Senior management |
| D. | Board of directors |
|
| 13. | Why does an IS auditor review an organization chart?
| A. | To optimize the responsibilities and authority of individuals |
| B. | To control the responsibilities and authority of individuals |
| C. | To better understand the responsibilities and authority of individuals |
| D. | To identify project sponsors |
|
| 14. | Ensuring that security and control policies support business and IT objectives is a primary objective of:
| A. | An IT security policies audit |
| B. | A processing audit |
| C. | A software audit |
| D. | A vulnerability assessment |
|
| 15. | When auditing third-party service providers, an IS auditor should be concerned with which of the following? Choose the BEST answer.
| A. | Ownership of the programs and files |
| B. | A statement of due care and confidentiality, and the capability for continued service of the service provider in the event of a disaster |
| C. | A statement of due care |
| D. | Ownership of programs and files, a statement of due care and confidentiality, and the capability for continued service of the service provider in the event of a disaster |
|
| 16. | When performing an IS strategy audit, an IS auditor should review both short-term (one-year) and long-term (three- to five-year) IS strategies, interview appropriate corporate management personnel, and ensure that the external environment has been considered. The auditor should especially focus on procedures in an audit of IS strategy. True or false?
| A. | True |
| B. | False |
|
| 17. | What process allows IS management to determine whether the activities of the organization differ from the planned or expected levels? Choose the BEST answer.
| A. | Business impact assessment |
| B. | Risk assessment |
| C. | IS assessment methods |
| D. | Key performance indicators (KPIs) |
|
| 18. | When should reviewing an audit client's business plan be performed relative to reviewing an organization's IT strategic plan?
| A. | Reviewing an audit client's business plan should be performed before reviewing an organization's IT strategic plan. |
| B. | Reviewing an audit client's business plan should be performed after reviewing an organization's IT strategic plan. |
| C. | Reviewing an audit client's business plan should be performed during the review of an organization's IT strategic plan. |
| D. | Reviewing an audit client's business plan should be performed without regard to an organization's IT strategic plan. |
|
| 19. | Allowing application programmers to directly patch or change code in production programs increases risk of fraud. True or false?
| A. | True |
| B. | False |
|
| 20. | Who should be responsible for network security operations?
| A. | Business unit managers |
| B. | Security administrators |
| C. | Network administrators |
| D. | IS auditors |
|
| 21. | Proper segregation of duties does not prohibit a quality control administrator from also being responsible for change control and problem management. True or false?
| A. | True |
| B. | False |
|
| 22. | What can be implemented to provide the highest level of protection from external attack?
| A. | Layering perimeter network protection by configuring the firewall as a screened host in a screened subnet behind the bastion host |
| B. | Configuring the firewall as a screened host behind a router |
| C. | Configuring the firewall as the protecting bastion host |
| D. | Configuring two load-sharing firewalls facilitating VPN access from external hosts to internal hosts |
|
| 23. | The directory system of a database-management system describes:
| A. | The access method to the data |
| B. | The location of data AND the access method |
| C. | The location of data |
| D. | Neither the location of data NOR the access method |
|
| 24. | How is the risk of improper file access affected upon implementing a database system?
| A. | Risk varies. |
| B. | Risk is reduced. |
| C. | Risk is not affected. |
| D. | Risk is increased. |
|
| 25. | In order to properly protect against unauthorized disclosure of sensitive data, how should hard disks be sanitized?
| A. | The data should be deleted and overwritten with binary 0s. |
| B. | The data should be demagnetized. |
| C. | The data should be low-level formatted. |
| D. | The data should be deleted. |
|
| 26. | When reviewing print systems spooling, an IS auditor is MOST concerned with which of the following vulnerabilities?
| A. | The potential for unauthorized deletion of report copies |
| B. | The potential for unauthorized modification of report copies |
| C. | The potential for unauthorized printing of report copies |
| D. | The potential for unauthorized editing of report copies |
|
| 27. | Why is the WAP gateway a component warranting critical concern and review for the IS auditor when auditing and testing controls enforcing message confidentiality?
| A. | WAP is often configured by default settings and is thus insecure. |
| B. | WAP provides weak encryption for wireless traffic. |
| C. | WAP functions as a protocol-conversion gateway for wireless TLS to Internet SSL. |
| D. | WAP often interfaces critical IT systems. |
|
| 28. | Proper segregation of duties prevents a computer operator (user) from performing security administration duties. True or false?
| A. | True |
| B. | False |
|
| 29. | How do modems (modulation/demodulation) function to facilitate analog transmissions to enter a digital network?
| A. | Modems convert analog transmissions to digital, and digital transmission to analog. |
| B. | Modems encapsulate analog transmissions within digital, and digital transmissions within analog. |
| C. | Modems convert digital transmissions to analog, and analog transmissions to digital. |
| D. | Modems encapsulate digital transmissions within analog, and analog transmissions within digital. |
|
| 30. | Which of the following are effective in detecting fraud because they have the capability to consider a large number of variables when trying to resolve a problem? Choose the BEST answer.
| A. | Expert systems |
| B. | Neural networks |
| C. | Integrated synchronized systems |
| D. | Multitasking applications |
|
| 31. | What supports data transmission through split cable facilities or duplicate cable facilities?
| A. | Diverse routing |
| B. | Dual routing |
| C. | Alternate routing |
| D. | Redundant routing |
|
| 32. | What type(s) of firewalls provide(s) the greatest degree of protection and control because both firewall technologies inspect all seven OSI layers of network traffic?
| A. | A first-generation packet-filtering firewall |
| B. | A circuit-level gateway |
| C. | An application-layer gateway, or proxy firewall, and stateful-inspection firewalls |
| D. | An application-layer gateway, or proxy firewall, but not stateful-inspection firewalls |
|
| 33. | Which of the following can degrade network performance? Choose the BEST answer.
| A. | Superfluous use of redundant load-sharing gateways |
| B. | Increasing traffic collisions due to host congestion by creating new collision domains |
| C. | Inefficient and superfluous use of network devices such as switches |
| D. | Inefficient and superfluous use of network devices such as hubs |
|
| 34. | Which of the following provide(s) near-immediate recoverability for time-sensitive systems and transaction processing?
| A. | Automated electronic journaling and parallel processing |
| B. | Data mirroring and parallel processing |
| C. | Data mirroring |
| D. | Parallel processing |
|
| 35. | What is an effective control for granting temporary access to vendors and external support personnel? Choose the BEST answer.
| A. | Creating user accounts that automatically expire by a predetermined date |
| B. | Creating permanent guest accounts for temporary use |
| C. | Creating user accounts that restrict logon access to certain hours of the day |
| D. | Creating a single shared vendor administrator account on the basis of least-privileged access |
|
| 36. | Which of the following help(s) prevent an organization's systems from participating in a distributed denial-of-service (DDoS) attack? Choose the BEST answer.
| A. | Inbound traffic filtering |
| B. | Using access control lists (ACLs) to restrict inbound connection attempts |
| C. | Outbound traffic filtering |
| D. | Recentralizing distributed systems |
|
| 37. | What is a common vulnerability, allowing denial-of-service attacks?
| A. | Assigning access to users according to the principle of least privilege |
| B. | Lack of employee awareness of organizational security policies |
| C. | Improperly configured routers and router access lists |
| D. | Configuring firewall access rules |
|
| 38. | What are trojan horse programs? Choose the BEST answer.
| A. | A common form of internal attack |
| B. | Malicious programs that require the aid of a carrier program such as email |
| C. | Malicious programs that can run independently and can propagate without the aid of a carrier program such as email |
| D. | A common form of Internet attack |
|
| 39. | What is/are used to measure and ensure proper network capacity management and availability of services? Choose the BEST answer.
| A. | Network performance-monitoring tools |
| B. | Network component redundancy |
| C. | Syslog reporting |
| D. | IT strategic planning |
|
| 40. | What can be used to gather evidence of network attacks?
| A. | Access control lists (ACL) |
| B. | Intrusion-detection systems (IDS) |
| C. | Syslog reporting |
| D. | Antivirus programs |
|
| 41. | Which of the following is a passive attack method used by intruders to determine potential network vulnerabilities?
| A. | Traffic analysis |
| B. | SYN flood |
| C. | Denial of service (DoS) |
| D. | Distributed denial of service (DoS) |
|
| 42. | Which of the following fire-suppression methods is considered to be the most environmentally friendly?
| A. | Halon gas |
| B. | Deluge sprinklers |
| C. | Dry-pipe sprinklers |
| D. | Wet-pipe sprinklers |
|
| 43. | What is a callback system?
| A. | It is a remote-access system whereby the remote-access server immediately calls the user back at a predetermined number if the dial-in connection fails. |
| B. | It is a remote-access system whereby the user's application automatically redials the remote-access server if the initial connection attempt fails. |
| C. | It is a remote-access control whereby the user initially connects to the network systems via dial-up access, only to have the initial connection terminated by the server, which then subsequently dials the user back at a predetermined number stored in the server's configuration database. |
| D. | It is a remote-access control whereby the user initially connects to the network systems via dial-up access, only to have the initial connection terminated by the server, which then subsequently allows the user to call back at an approved number for a limited period of time. |
|
| 44. | What type of fire-suppression system suppresses fire via water that is released from a main valve to be delivered via a system of dry pipes installed throughout the facilities?
| A. | A dry-pipe sprinkler system |
| B. | A deluge sprinkler system |
| C. | A wet-pipe system |
| D. | A halon sprinkler system |
|
| 45. | Digital signatures require the sender to "sign" the data by encrypting the data with the sender's public key, to then be decrypted by the recipient using the recipient's private key. True or false?
| A. | False |
| B. | True |
|
| 46. | Which of the following provides the BEST single-factor authentication?
| A. | Biometrics |
| B. | Password |
| C. | Token |
| D. | PIN |
|
| 47. | What is used to provide authentication of the website and can also be used to successfully authenticate keys used for data encryption?
| A. | An organizational certificate |
| B. | A user certificate |
| C. | A website certificate |
| D. | Authenticode |
|
| 48. | What determines the strength of a secret key within a symmetric key cryptosystem?
| A. | A combination of key length, degree of permutation, and the complexity of the data-encryption algorithm that uses the key |
| B. | A combination of key length, initial input vectors, and the complexity of the data-encryption algorithm that uses the key |
| C. | A combination of key length and the complexity of the data-encryption algorithm that uses the key |
| D. | Initial input vectors and the complexity of the data-encryption algorithm that uses the key |
|
| 49. | What process is used to validate a subject's identity?
| A. | Identification |
| B. | Nonrepudiation |
| C. | Authorization |
| D. | Authentication |
|
| 50. | What is often assured through table link verification and reference checks?
| A. | Database integrity |
| B. | Database synchronization |
| C. | Database normalcy |
| D. | Database accuracy |
|
| 51. | Which of the following should an IS auditor review to determine user permissions that have been granted for a particular resource? Choose the BEST answer.
| A. | Systems logs |
| B. | Access control lists (ACL) |
| C. | Application logs |
| D. | Error logs |
|
| 52. | What should IS auditors always check when auditing password files?
| A. | That deleting password files is protected |
| B. | That password files are encrypted |
| C. | That password files are not accessible over the network |
| D. | That password files are archived |
|
| 53. | Using the OSI reference model, what layer(s) is/are used to encrypt data?
| A. | Transport layer |
| B. | Session layer |
| C. | Session and transport layers |
| D. | Data link layer |
|
| 54. | When should systems administrators first assess the impact of applications or systems patches?
| A. | Within five business days following installation |
| B. | Prior to installation |
| C. | No sooner than five business days following installation |
| D. | Immediately following installation |
|
| 55. | Which of the following is the most fundamental step in preventing virus attacks?
| A. | Adopting and communicating a comprehensive antivirus policy |
| B. | Implementing antivirus protection software on users' desktop computers |
| C. | Implementing antivirus content checking at all network-to-Internet gateways |
| D. | Inoculating systems with antivirus code |
|
| 56. | Which of the following is of greatest concern when performing an IS audit?
| A. | Users' ability to directly modify the database |
| B. | Users' ability to submit queries to the database |
| C. | Users' ability to indirectly modify the database |
| D. | Users' ability to directly view the database |
|
| 57. | What are intrusion-detection systems (IDS) primarily used for?
| A. | To identify AND prevent intrusion attempts to a network |
| B. | To prevent intrusion attempts to a network |
| C. | Forensic incident response |
| D. | To identify intrusion attempts to a network |
|
| 58. | Rather than simply reviewing the adequacy of access control, appropriateness of access policies, and effectiveness of safeguards and procedures, the IS auditor is more concerned with effectiveness and utilization of assets. True or false?
| A. | True |
| B. | False |
|
| 59. | If a programmer has update access to a live system, IS auditors are more concerned with the programmer's ability to initiate or modify transactions and the ability to access production than with the programmer's ability to authorize transactions. True or false?
| A. | True |
| B. | False |
|
| 60. | Organizations should use off-site storage facilities to maintain _________________ (fill in the blank) of current and critical information within backup files. Choose the BEST answer.
| A. | Confidentiality |
| B. | Integrity |
| C. | Redundancy |
| D. | Concurrency |
|
| 61. | The purpose of business continuity planning and disaster-recovery planning is to:
| A. | Transfer the risk and impact of a business interruption or disaster |
| B. | Mitigate, or reduce, the risk and impact of a business interruption or disaster |
| C. | Accept the risk and impact of a business |
| D. | Eliminate the risk and impact of a business interruption or disaster |
|
| 62. | If a database is restored from information backed up before the last system image, which of the following is recommended?
| A. | The system should be restarted after the last transaction. |
| B. | The system should be restarted before the last transaction. |
| C. | The system should be restarted at the first transaction. |
| D. | The system should be restarted on the last transaction. |
|
| 63. | An off-site processing facility should be easily identifiable externally because easy identification helps ensure smoother recovery. True or false?
| A. | True |
| B. | False |
|
| 64. | Which of the following is the dominating objective of BCP and DRP?
| A. | To protect human life |
| B. | To mitigate the risk and impact of a business interruption |
| C. | To eliminate the risk and impact of a business interruption |
| D. | To transfer the risk and impact of a business interruption |
|
| 65. | How can minimizing single points of failure or vulnerabilities of a common disaster best be controlled?
| A. | By implementing redundant systems and applications onsite |
| B. | By geographically dispersing resources |
| C. | By retaining onsite data backup in fireproof vaults |
| D. | By preparing BCP and DRP documents for commonly identified disasters |
|
| 66. | Mitigating the risk and impact of a disaster or business interruption usually takes priority over transference of risk to a third party such as an insurer. True or false?
| A. | True |
| B. | False |
|
| 67. | Off-site data storage should be kept synchronized when preparing for recovery of time-sensitive data such as that resulting from which of the following? Choose the BEST answer.
| A. | Financial reporting |
| B. | Sales reporting |
| C. | Inventory reporting |
| D. | Transaction processing |
|
| 68. | What is an acceptable recovery mechanism for extremely time-sensitive transaction processing?
| A. | Off-site remote journaling |
| B. | Electronic vaulting |
| C. | Shadow file processing |
| D. | Storage area network |
|
| 69. | Off-site data backup and storage should be geographically separated so as to ________________ (fill in the blank) the risk of a widespread physical disaster such as a hurricane or earthquake.
| A. | Accept |
| B. | Eliminate |
| C. | Transfer |
| D. | Mitigate |
|
| 70. | Why is a clause for requiring source code escrow in an application vendor agreement important?
| A. | To segregate systems development and live environments |
| B. | To protect the organization from copyright disputes |
| C. | To ensure that sufficient code is available when needed |
| D. | To ensure that the source code remains available even if the application vendor goes out of business |
|
| 71. | What uses questionnaires to lead the user through a series of choices to reach a conclusion? Choose the BEST answer.
| A. | Logic trees |
| B. | Decision trees |
| C. | Decision algorithms |
| D. | Logic algorithms |
|
| 72. | What protects an application purchaser's ability to fix or change an application in case the application vendor goes out of business?
| A. | Assigning copyright to the organization |
| B. | Program back doors |
| C. | Source code escrow |
| D. | Internal programming expertise |
|
| 73. | Who is ultimately responsible for providing requirement specifications to the software-development team?
| A. | The project sponsor |
| B. | The project members |
| C. | The project leader |
| D. | The project steering committee |
|
| 74. | What should regression testing use to obtain accurate conclusions regarding the effects of changes or corrections to a program, and ensuring that those changes and corrections have not introduced new errors?
| A. | Contrived data |
| B. | Independently created data |
| C. | Live data |
| D. | Data from previous tests |
|
| 75. | An IS auditor should carefully review the functional requirements in a systems-development project to ensure that the project is designed to:
| A. | Meet business objectives |
| B. | Enforce data security |
| C. | Be culturally feasible |
| D. | Be financially feasible |
|
| 76. | Which of the following processes are performed during the design phase of the systems-development life cycle (SDLC) model?
| A. | Develop test plans. |
| B. | Baseline procedures to prevent scope creep. |
| C. | Define the need that requires resolution, and map to the major requirements of the solution. |
| D. | Program and test the new system. The tests verify and validate what has been developed. |
|
| 77. | When should application controls be considered within the system-development process?
| A. | After application unit testing |
| B. | After application module testing |
| C. | After applications systems testing |
| D. | As early as possible, even in the development of the project's functional specifications |
|
| 78. | What is used to develop strategically important systems faster, reduce development costs, and still maintain high quality? Choose the BEST answer.
| A. | Rapid application development (RAD) |
| B. | GANTT |
| C. | PERT |
| D. | Decision trees |
|
| 79. | Test and development environments should be separated. True or false?
| A. | True |
| B. | False |
|
| 80. | What kind of testing should programmers perform following any changes to an application or system?
| A. | Unit, module, and full regression testing |
| B. | Module testing |
| C. | Unit testing |
| D. | Regression testing |
|
| 81. | Which of the following uses a prototype that can be updated continually to meet changing user or business requirements?
| A. | PERT |
| B. | Rapid application development (RAD) |
| C. | Function point analysis (FPA) |
| D. | GANTT |
|
| 82. | What is the most common reason for information systems to fail to meet the needs of users? Choose the BEST answer.
| A. | Lack of funding |
| B. | Inadequate user participation during system requirements definition |
| C. | Inadequate senior management participation during system requirements definition |
| D. | Poor IT strategic planning |
|
| 83. | Who is responsible for the overall direction, costs, and timetables for systems-development projects?
| A. | The project sponsor |
| B. | The project steering committee |
| C. | Senior management |
| D. | The project team leader |
|
| 84. | When should plans for testing for user acceptance be prepared? Choose the BEST answer.
| A. | In the requirements definition phase of the systems-development project |
| B. | In the feasibility phase of the systems-development project |
| C. | In the design phase of the systems-development project |
| D. | In the development phase of the systems-development project |
|
| 85. | Above almost all other concerns, what often results in the greatest negative impact on the implementation of new application software?
| A. | Failing to perform user acceptance testing |
| B. | Lack of user training for the new system |
| C. | Lack of software documentation and run manuals |
| D. | Insufficient unit, module, and systems testing |
|
| 86. | Input/output controls should be implemented for which applications in an integrated systems environment?
| A. | The receiving application |
| B. | The sending application |
| C. | Both the sending and receiving applications |
| D. | Output on the sending application and input on the receiving application |
|
| 87. | Authentication techniques for sending and receiving data between EDI systems is crucial to prevent which of the following? Choose the BEST answer.
| A. | Unsynchronized transactions |
| B. | Unauthorized transactions |
| C. | Inaccurate transactions |
| D. | Incomplete transactions |
|
| 88. | After identifying potential security vulnerabilities, what should be the IS auditor's next step?
| A. | To evaluate potential countermeasures and compensatory controls |
| B. | To implement effective countermeasures and compensatory controls |
| C. | To perform a business impact analysis of the threats that would exploit the vulnerabilities |
| D. | To immediately advise senior management of the findings |
|
| 89. | What is the primary security concern for EDI environments? Choose the BEST answer.
| A. | Transaction authentication |
| B. | Transaction completeness |
| C. | Transaction accuracy |
| D. | Transaction authorization |
|
| 90. | Which of the following exploit vulnerabilities to cause loss or damage to the organization and its assets?
| A. | Exposures |
| B. | Threats |
| C. | Hazards |
| D. | Insufficient controls |
|
| 91. | Business process re-engineering often results in ______________ automation, which results in _____________ number of people using technology. Fill in the blanks.
| A. | Increased; a greater |
| B. | Increased; a fewer |
| C. | Less; a fewer |
| D. | Increased; the same |
|
| 92. | Whenever business processes have been re-engineered, the IS auditor attempts to identify and quantify the impact of any controls that might have been removed, or controls that might not work as effectively after business process changes. True or false?
| A. | True |
| B. | False |
|
| 93. | When should an application-level edit check to verify that availability of funds was completed at the electronic funds transfer (EFT) interface?
| A. | Before transaction completion |
| B. | Immediately after an EFT is initiated |
| C. | During run-to-run total testing |
| D. | Before an EFT is initiated |
|
| 94. | ________________ (fill in the blank) should be implemented as early as data preparation to support data integrity at the earliest point possible.
| A. | Control totals |
| B. | Authentication controls |
| C. | Parity bits |
| D. | Authorization controls |
|
| 95. | What is used as a control to detect loss, corruption, or duplication of data?
| A. | Redundancy check |
| B. | Reasonableness check |
| C. | Hash totals |
| D. | Accuracy check |
|
| 96. | Data edits are implemented before processing and are considered which of the following? Choose the BEST answer.
| A. | Deterrent integrity controls |
| B. | Detective integrity controls |
| C. | Corrective integrity controls |
| D. | Preventative integrity controls |
|
| 97. | In small office environments, it is not always possible to maintain proper segregation of duties for programmers. If a programmer has access to production data or applications, compensatory controls such as the reviewing of transaction results to approved input might be necessary. True or false?
| A. | True |
| B. | False |
|
| 98. | Processing controls ensure that data is accurate and complete, and is processed only through which of the following? Choose the BEST answer.
| A. | Documented routines |
| B. | Authorized routines |
| C. | Accepted routines |
| D. | Approved routines |
|
| 99. | What is a data validation edit control that matches input data to an occurrence rate? Choose the BEST answer.
| A. | Accuracy check |
| B. | Completeness check |
| C. | Reasonableness check |
| D. | Redundancy check |
|
| 100. | Database snapshots can provide an excellent audit trail for an IS auditor. True or false?
| A. | True |
| B. | False |
|
