DOMAIN 4 QUIZ 1 QUESTIONS 2. An IS auditor is to assess the suitability of a service level agreement (SLA) between the organization and the supplier of outsourced services. To which of the following observations should the IS auditor pay MOST attention? The SLA does not contain a: A. transition clause from the old supplier to a new supplier in the case of expiration or termination. B. late payment clause between the customer and the supplier. C. contractual commitment for service improvement. D. dispute resolution procedure between the contracting parties.

3. An IS auditor reviewing a new outsourcing contract with a service provider would be MOST concerned if which of the following was missing? A. A clause providing a right to audit the service provider B. A clause defining penalty payments for poor performance C. Predefined service level report templates D. A clause regarding supplier limitation of liability

4. When reviewing the desktop software compliance of an organization, the IS auditor should be MOST concerned if the installed software: A. was installed, but not documented in the IT department records. B. was being used by users not properly trained in its use. C. is not listed in the approved software standards document. D. license will expire in the next 15 days.

5. An IS auditor of a health care organization is reviewing contractual terms and conditions of a third-party cloud provider being considered to host patient health information (PHI). Which of the follow contractual terms would be the GREATEST risk to the customer organization? A. Data ownership is retained by the customer organization. B. The third-party provider reserves the rest to access data to perform certain operations. C. Bulk data withdrawal mechanisms are undefined D. The customer organization is responsible for backup, archive and restore.

6. Which of the following recovery strategies is MOST appropriate for a business having multiple offices within a region and a limited recovery budget? A. A hot site maintained by the business B. A commercial cold site C. A reciprocal arrangement between its offices D. A third-party hot site

7. During an application audit, an IS auditor is asked to provide assurance of the database referential integrity. Which of the following should be reviewed? A. Field definition B. Master table definition C. Composite keys D. Foreign key structure

8. An IS auditor is reviewing database security for an organization. Which of the following is the MOST important consideration for database hardening? A. The default configurations are changed. B. All tables in the database are normalized. C. Stored procedures and triggers are encrypted D. The service port used by the database server is changed.

9. In auditing a database environment, an IS auditor will be MOST concerned if the database administrator (DBA) is performing which of the following functions? A. Performing database changes according to change management procedures B. Installing patches or upgrades to the operating system C. Sizing table space and consulting on table join limitations D. Performing backup and recovery procedures

10. Which of the following is the MOST reasonable option for recovering a noncritical system? A. Warm site B. Mobile site C. Hot site D. Cold site