QUESTION 37 Identify the activity below that the external auditor should not be involved O Examining system access logs. O Making recommendations to management for improvement of existing internal controls Examining logical access policies and procedures. O Developing the information system QUESTION 38 This network access control determines which IP packets are allowed entry to a network and which are dropped. static packet filtering deep packet inspection statelul packet filtering access control list QUESTION 39 Which of the following is not one of the essential criteria for successfully implementing each of the principles that contribute to systems reliability, as discussed in the Trust Services Framework? Monitoring the system and taking corrective action to maintain compliance with policies Developing and documenting policies. Designing and employing appropriate control procedures to implement policies Effectively communicating policies to all outsiders