IT Auditing Exam 1
Which of the following uses "engagements" to report on the evaluation of controls of third-party service businesses that host or process data on behalf of customers?
SOC
Which act, which consists of 11 "titles," mandated many reforms to enhance corporate responsibility, enhance financial disclosures, and prevent fraud?
Sarbanes-Oxley (SOX) Act
National Institute of Standards and Technology (NIST) security controls are classified as being preventive, detective, or __________.
Corrective
An IT infrastructure audit __________ is the system in a known acceptable state, with the applied minimum controls relative to the accepted risk.
Baseline
True or False: A security assessment is a method for proving the strength of a security system.
False
Regarding privacy, what is a common characteristic of "personal information"?
It can be used to identify a person
Which of the following is NOT an important step for conducting effective IT audit interviews?
Setting organizational goals during the interview
Which NIST IT security control category includes the following controls: identification and authorization, logical access control, audit trail, cryptography?
Technical
True or False: Whereas only qualified auditors issue opinions for security audits, anyone can perform a security assessment.
True
This is a widely used control framework for IT.
COBIT
Which of the following requires organizations to have an annual assessment by a Qualified Security Assessor (QSA)?
Payment Card Industry Data Security Standard (PCI DSS)
An acceptable use policy (AUP) is part of the _____________ Domain.
User
What term describes the identification, control, logging, and auditing of all changes made across the infrastructure?
configuration and change management
An unauthorized user has gained access to data and viewed it. What has been lost?
Confidentiality
Three IT security controls covered by the National Institute of Standards and Technology (NIST) include management, operational, and ______________ controls
Technical