An IS auditor has been asked to audit the proposed acquisition of new computer hardware. The auditor's PRIMARY concern is that:
Correct Answer: A
When auditing the proposed acquisition of new computer hardware, the primary concern of an IS auditor should be to ensure that there is a clear business case established. This is because the acquisition must align with the strategic goals and objectives of the organization, ensuring that the hardware will provide value and support the needs of the business. This foundational step must be validated before considering other aspects like security standards, audit trails, or user requirements.
To confirm integrity for a hashed message, the receiver should use:
Correct Answer: D
To confirm the integrity of a hashed message, the receiver must use the same hashing algorithm as the sender to create a numerical representation of the file. The process involves the receiver hashing the received message using the same algorithm, resulting in a hash value. This hash value is then compared to the original hash value generated by the sender. If both hash values match, the integrity of the message is confirmed, verifying that the message has not been altered during transmission. The hash value serves as a unique fingerprint for the message, ensuring data consistency and integrity.
An organization is implementing a new system that supports a month-end business process. Which of the following implementation strategies would be MOST efficient to decrease business downtime?
Correct Answer: D
A parallel implementation strategy runs both the old and new systems simultaneously and independently of each other. This minimizes the risk of business downtime, as if there is an issue with the new system, the old system can still be relied upon to continue business operations. This ensures continuity and allows for a trial period where issues can be identified and corrected without impacting the business workflow.
Which of the following should be the FIRST step in managing the impact of a recently discovered zero-day attack?
Correct Answer: B
In managing the impact of a recently discovered zero-day attack, the first step is to identify the vulnerable assets. This is because knowing which assets are vulnerable allows you to prioritize and protect those assets immediately, thus mitigating potential damage efficiently. Without knowing the specific assets that are at risk, subsequent actions like estimating potential damage or evaluating the impact are less effective.
Which of the following is the BEST way to ensure that an application is performing according to its specifications?
Correct Answer: B
System testing is the most comprehensive way to ensure that an application is performing according to its specifications. It involves evaluating the application as a whole, checking its functionality against the defined specifications and requirements. This form of testing is conducted in an environment that closely resembles the actual production setup, ensuring that all components of the application work together correctly and that the application meets its intended objectives and specifications.