- (Exam Topic 1)
One benefit of return on investment (ROI) analysts in IT decision making is that it provides the:

1. A. basis for allocating indirect costs.
2. B. cost of replacing equipment.
3. C. estimated cost of ownership.
4. D. basis for allocating financial resources.

Correct Answer: D

- (Exam Topic 1)
Which of the following should an IS auditor be MOST concerned with during a post-implementation review?

1. A. The system does not have a maintenance plan.
2. B. The system contains several minor defects.
3. C. The system deployment was delayed by three weeks.
4. D. The system was over budget by 15%.

Correct Answer: A

- (Exam Topic 4)
Which of the following should be the FIRST step to successfully implement a corporate data classification program?

1. A. Approve a data classification policy.
2. B. Select a data loss prevention (DLP) product.
3. C. Confirm that adequate resources are available for the project.
4. D. Check for the required regulatory requirements.

Correct Answer: D

- (Exam Topic 3)
Which of the following is the BEST way to enforce the principle of least privilege on a server containing data with different security classifications?

1. A. Limiting access to the data files based on frequency of use
2. B. Obtaining formal agreement by users to comply with the data classification policy
3. C. Applying access controls determined by the data owner
4. D. Using scripted access control lists to prevent unauthorized access to the server

Correct Answer: C

- (Exam Topic 2)
Which of the following is the BEST audit procedure to determine whether a firewall is configured in compliance with the organization's security policy?

1. A. Reviewing the parameter settings
2. B. Reviewing the system log
3. C. Interviewing the firewall administrator
4. D. Reviewing the actual procedures

Correct Answer: D