Which of the following represents the MOST pervasive control
over application development?
A. IS auditors
B. Standard development methodologies
C. Extensive acceptance testing
D. Quality assurance groups
The secure socket layer (SSL) protocol addresses the
confidentiality of a message through:
A. symmetric encryption.
B. message authentication code.
C. hash function.
D. digital signature certificates.
If the decision has been made to acquire software rather
than develop it internally, this decision is normally made
during the:
A. requirements definition phase of the project.
B. feasibility study phase of the project.
C. detailed design phase of the project.
D. programming phase of the project.
A hacker could obtain passwords without the use of computer
tools or programs through the technique of:
A. social engineering.
B. sniffers.
C. backdoors.
D. trojan horses.
The process of using interpersonal communication skills to
get unauthorized access to company assets is called:
A. wire tapping.
B. trap doors.
C. war dialing.
D. social engineering.
Which of the following is a technique that could be used to
capture network user passwords?
A. Encryption
B. Sniffing
C. Spoofing
D. A signed document cannot be altered.
During a review of a customer master file an IS auditor
discovered numerous customer name duplications arising from
variations in customer first names. To determine the extent
of the duplication the IS auditor would use:
A. test data to validate data input.
B. test data to determine system sort capabilities.
C. generalized audit software to search for address field
duplications.
D. generalized audit software to search for account field
duplications.
Which of the following represents the GREATEST potential
risk in an EDI environment?
A. Transaction authorization
B. Loss or duplication of EDI transmissions
C. Transmission delay
D. Deletion or manipulation of transactions prior to or
after establishment of application controls
Which of the following is the MOST effective control
procedure for security of a stand-alone small business
computer environment?
A. Supervision of computer usage
B. Daily management review of the trouble log
C. Storage of computer media in a locked cabinet
D. Independent review of an application system design
The PRIMARY objective of a business continuity and disaster
recovery plan should be to:
A. safeguard critical IS assets.
B. provide for continuity of operations.
C. minimize the loss to an organization.
D. protect human life.
Which of the following fire suppressant systems would an IS
auditor expect to find when conducting an audit of an
unmanned computer center?
A. Carbon dioxide
B. Halon
C. Dry-pipe sprinkler
D. Wet-pipe sprinkler
An IS auditor observed that some data entry operators leave
their computers in the midst of data entry without logging
off. Which of the following controls should be suggested to
prevent unauthorized access?
A. Encryption
B. Switch off the computer when leaving
C. Password control
D. Screen saver password
The general ledger setup function in an enterprise resource
package (ERP) allows for setting accounting periods. Access
to this function has been permitted to users in finance, the
warehouse and order entry. The MOST likely reason for such
broad access is the:
A. need to change accounting periods on a regular basis..
B. requirement to post entries for a closed accounting period.
C. lack of policies and procedures for the proper
segregation of duties.
D. need to create/modify the chart of accounts and its
allocations.
i would like to learn free fluent english by online is
this possible? could you gime some usefull websites to my
mail id nagesh.iloveu64@yahoo.com
25
I am currently into Telecom Testing doing some Protocol-
level testing(SIP,SS7,CAP protocols) and some Black-Box
testing.Is there any certifications which I can do related
to this?
Hi there,
I am planning to take up CSTE exams next quarter. Could
some one guide me on how long do I need to prepare before I
take up the exams. Also do fwd me the study material that
would assist me prepare for the exams. It is also fine if
you could let me know where do i get the best study
material for the exams.
My emial is novfeb.jwm@gmail.com
Thanks much!
4
I want to do QTP Mercury Certification, give me an idea and
the where can i register for that?
Hi, I am going to appear for ITIL V3 exam..........Can
anyone share the dumps for this exam with me.......Its very
urgrnt...Please help
29
How can we know the certificates are fake or not. I applied
the Diploma Certificates from Bhihar State Board of
Technical Education and Trainning but now i am getting some
dought about this Certificates. so please tell me is their
any site to know the Certificates Fake or Orginal
15
Weather SAP Cerification from Siemens is worthfull in
getting job in SAP
along with your userid / name. ThanQ
Site Map