Examice

Exam IIA-CIA-Part2 All QuestionsBrowse all questions from this exam

Question 6

An internal auditor is assigned to conduct an audit of security for a local area network (LAN) in the finance department of the organization. Investment decisions, including the use of hedging strategies and financial derivatives, use data and financial models which run on the LAN. The LAN is also used to download data from the mainframe to assist in decisions. Which of the following should be considered outside the scope of this security audit engagement?

Investigation of the physical security over access to the components of the LAN.

The ability of the LAN application to identify data items at the field or record level and implement user access security at that level.

Interviews with users to determine their assessment of the level of security in the system and the vulnerability of the system to compromise.

The level of security of other LANs in the company which also utilize sensitive data.

Correct Answer: D

The primary task of the internal auditor is to evaluate the security of the LAN specific to the finance department where sensitive financial data and models are managed. Examining the physical security, user access controls, and user feedback regarding the system's security are all relevant to this task. However, assessing the security levels of other LANs in the company falls outside the specific scope of auditing the LAN used by the finance department.

Discussion

NG19Option: D

The key phrase in the question is "outside the scope". The first three answers are what an auditor would do to check the security of the LAN. Only the last answer is related to outside of the scope of this security audit.

ProssynOption: D

The objective is to assess the security of LAN in the finance department in particular not LANs in the whole company

thabashOption: D

the first 3 answers will evaluate the security implemented, the last one will not add any helpful information