1. Which of the following is the PRIMARY purpose of a risk-based audit?

2. An IS auditor notes that failed login attempts to a core financial system are automatically logged and the logs are retained for a year by the organization. This logging is:

3. A centralized antivirus system determines whether each personal computer has the latest signature files and installs the latest signature files before allowing a PC to connect to the network. This is an example of a:

4. An IS auditor is reviewing a project risk assessment and notices that the overall residual risk level is high due to confidentiality requirements. Which of the following types of risk is normally high due to the number of unauthorized users the project may affect?

5. An IS auditor is carrying out a system configuration review. Which of the following is the BEST evidence in support of the current system configuration settings?

6. In a risk-based IS audit, where both inherent and control risk have been assessed as high, an IS auditor would MOST likely compensate for this scenario by performing additional:

7. Which of the following should be the FIRST action of an IS auditor during a dispute with a department manager over audit findings?