COBIT (Control Objectives for Information and Related Technology) is based on existing Information Systems Audit and Control Foundation, control objectives enhanced with existing and emerging international technical, professional, regulatory, and industry-specific standards. COBIT has four domains or high-level classifications. Which is of the following is NOT out of those domains?
A. Planning and organization
B. Acquisition and implementation
C. Delivery and support
D. Evaluation
Feasibility studies and cost benefit analysis Approval process for initiating system development and implementation of systems that are developed Change control procedures for new system developments and modifications to existing systems to ensure that only authorized changes are moved to production General and detailed design specification Project review, including periodic milestones reviews and post-implementation reviews Contracting procedures that include the requirements for describing expected project deliverables such as system components and source codes, project timeframes, estimated hours, and the maximum allowable expenses for each phase These are some of the standards of:
A. System development methodology
B. Output controls
C. Security controls
D. Collection of Classified information
System tailoring is accomplished by setting optional system parameters and, therefore, has an impact on system performance and security. Control techniques for system's software include:
A. Setting appropriate system parameters and security options for operating system
B. Verifying the accuracy of output through manual or automated reconciliation activities
C. Using the security features of security software effectively
D. Controlling procurement and maintainace of software licenses
A sound data classification scheme sets the foundation for the effective implementation of access control to ensure that data is adequately protected. The elements of a data classification scheme are as follows EXCEPT:
A. Reporting
B. Storing
C. Collection
D. Public information
Information technology general controls set the foundation for effective control over computerized information system assets. General controls apply to the entire computer operation. Which of the following is/are NOT out of these controls?
A. Administrative controls
B. Security controls
C. Security administration
D. Input controls
Some organizations have information protection policies that place the burden of information protection on managers in individual organizational units. An information protection policy may include:
A. Statements that define information as an asset that must be protected to different degrees based on its sensitivity, criticality, and value, regardless of the media on which it is stored, the manual or automated systems that process it, or the methods by which it is distributed
B. Statements outlining the responsibilities of information owners, custodians and users
C. Definitions of the previously audited data and its classifications
D. Both A and B
"An element of information, from a transaction to an entire system, is appropriately entered, developed, changed, or used with proper authority." Which of the following element of integrity supports this statement?
A. Authorized
B. Accurate
C. Complete
D. Timely
Elements of information and process integrity are that it should be authorized, accurate, complete, timely, recorded processed, and reported in the proper time. Each of the elements in the above has a relationship to the:
A. Selection of data
B. Collection of data
C. Classification of data
D. All of these
An objective of an exit conference is that it provides the client management with findings and recommendations identified during the audit which addresses all of the followings EXCEPT:
A. Allow client management to state concerns and objections to the findings and recommendations
B. Give the client management and the audit team the opportunity to identify and correct any errors or misinterpretations that may appear in the draft report
C. It should include a description of significant noteworthy accomplishments and issues thatneed further work
D. Provide the audit team with the formal opportunity to explain the remaining steps in the auditprocess prior to the release of the final report
Obtaining feedback from client management throughout the audit is encouraged in order to ensure that appropriate information is being obtained and to alleviate problems at the conclusions of the audit. Some specific components of continual communication to consider include:
A. Keep client management informed of audit issues and concerns as they arise.
B. Submit a draft audit report ensure that accurate and appropriate information has beenreported
C. Advise client management of projected audit days and weeks
D. Both A and B
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your IIA-CFSA exam preparations and IIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.