【正文】 controls establish accountability for activity.C. Data classification regulates what information should be municated via .D. Within the enterprise, a clear policy for using ensures that evidence is available.The correct answer is:A. Multiple cycles of backup files remain available.You did not answer the question.Explanation:Backup files containing documents, which supposedly have been deleted, could be recovered from these files. Access controls may help establish accountability for the issuance of a particular document, but this does not provide evidence of the . Data classification standards may be in place with regards to what should be municated via , but the creation of the policy does not provide the information required for litigation purposes.Area: 128. Which of the following BEST describes an integrated test facility?A. A technique that enables the IS auditor to test a puter application for the purpose of verifying correct processingB. The utilization of hardware and/or software to review and test the functioning of a puter systemC. A method of using special programming options to permit the printout of the path through a puter program taken to process a specific transactionD. A procedure for tagging and extending transactions and master records that are used by an IS auditor for testsThe correct answer is:A. A technique that enables the IS auditor to test a puter application for the purpose of verifying correct processingYou did not answer the question.Explanation:Answer A best describes an integrated test facility, which is a specialized puterassisted audit process that allows an IS auditor to test an application on a continuous basis. Answer B is an example of a systems control audit review file。 answers C and D are examples of snapshots.Area: 129. The IS department of an organization wants to ensure that the puter files, used in the information processing facility, are adequately backed up to allow for proper recovery. This is a/an:A. control procedure.B. control objective.C. corrective control.D. operational control.The correct answer is:B. control objective.You did not answer the question.Explanation:IS control objectives specify the minimum set of controls to ensure efficiency and effectiveness in the operations and functions within an organization. Control procedures are developed to provide reasonable assurance that specific objectives will be achieved. A corrective control is a category of controls, which aims to minimizing the threat and/or remedy problems that were not prevented or were not initially detected. Operational controls address the daytoday operational functions and activities, and aid in ensuring that the operations are meeting the desired business objectives.Area: 130. The extent to which data will be collected during an IS audit should be determined based on the:A. availability of critical and required information.B. auditor’s familiarity with the circumstances.C. auditee’s ability to find relevant evidence.D. purpose and scope of the audit being done.The correct answer is:D. purpose and scope of the audit being done.You did not answer the question.Explanation:The extent to which data will be collected during an IS audit should be related directly to the scope and purpose of the audit. An audit with a narrow purpose and scope would result most likely in less data collection, than an audit with a wider purpose and scope. The scope of an IS audit should not be constrained by the ease of obtaining the information or by the auditor’s familiarity with the area being audited. Collecting all the required evidence is a required element of an IS audit, and the scope of the audit should not be limited by the auditee’s ability to find relevant evidence.Area: 131. An IS auditor is assigned to perform a postimplementation review of an application system. Which of the following situations may have impaired the independence of the IS auditor? The IS auditor:A. implemented a specific control during the development of the application system.B. designed an embedded audit module exclusively for auditing the application system.C. participated as a member of the application system project team, but did not have operational responsibilities.D. provided consulting advice concerning application system best practices.The correct answer is:A. implemented a specific control during the development of the application system.You did not answer the question.Explanation:Independence may be impaired if the IS auditor is, or has been, actively involved in the development, acquisition and implementation of the application system. Choices B and C are situations that do not impair the IS auditor’s independence. Choice D is incorrect because the IS auditor’s independence is not impaired by providing advice on known best practices.Area: 132. When evaluating the collective effect of preventive, detective or corrective controls within a process, an IS auditor should be aware:A. of the point at which controls are exercised as data flow through the system.B. that only preventive and detective controls are relevant.C. that corrective controls can only be regarded as pensating.D. that classification allows an IS auditor to determine which controls are missing.The correct answer is:A. of the point at which controls are exercised as data flow through the system.You did not answer the question.Explanation:An IS auditor should focus on when controls are exercised as data flow through a puter system. Choice B is incorrect since corrective controls may also be relevant. Choice C is incorrect since corrective controls remove or reduce the effects of errors or irregularities and are exclusively regarded as pensating controls. Choice D is incorrect and irrelevant since the existence and function of controls is impo