A programmer managed to gain access to the production
library, modified a program that was then used to update a
sensitive table in the payroll database and restored the
original program. Which of the following methods would MOST
effectively detect this type of unauthorized changes?
A. Source code comparison
B. Executable code comparison
C. Integrated test facilities (ITF)
D. Review of transaction log files
The rate of change of technology increases the importance of:
A. outsourcing the IS function.
B. implementing and enforcing good processes.
C. hiring personnel willing to make a career within the
organization.
D. meeting user requirements.
Change management procedures are established by IS
management to:
A. control the movement of applications from the test
environment to the production environment.
B. control the interruption of business operations from lack
of attention to unresolved problems.
C. ensure the uninterrupted operation of the business in the
event of a disaster.
D. verify that system changes are properly documented.
Capacity monitoring software is used to ensure:
A. maximum use of available capacity.
B. that future acquisitions meet user needs.
C. concurrent use by a large number of users.
D. continuity of efficient operations.
The planning and monitoring of computer resources to ensure
that they are being used efficiently and effectively is:
A. hardware monitoring.
B. capacity management.
C. network management.
D. job scheduling.
E-mail message authenticity and confidentiality is BEST
achieved by signing the message using the:
A. sender's private key and encrypting the message using the
receiver's public key.
B. sender's public key and encrypting the message using the
receiver's private key.
C. the receiver's private key and encrypting the message
using the sender's public key.
D. the receiver's public key and encrypting the message
using the sender's private key.
Which audit technique provides the BEST evidence of the
segregation of duties in an IS department?
A. Discussion with management
B. Review of the organization chart
C. Observation and interviews
D. Testing of user access rights
An organization's disaster recovery plan should address
early recovery of:
A. all information systems processes.
B. all financial processing applications.
C. only those applications designated by the IS manager.
D. processing in priority order, as defined by business
management.
As a result of a business process reengineering (BPR) project:
A. an IS auditor would be concerned with the key controls
that existed in the prior business process and not those in
the new process.
B. system processes are automated in such a way that there
are more manual interventions and manual controls.
C. the newly designed business processes usually do not
involve changes in the way(s) of doing business.
D. advantages usually are realized when the reengineering
process appropriately suits the business and risk.
When two or more systems are integrated, input/output
controls must be reviewed by the IS auditor in the:
A. systems receiving the output of other systems.
B. systems sending output to other systems.
C. systems sending and receiving data.
D. interfaces between the two systems.
The difference between whitebox testing and blackbox testing
is that whitebox testing:
A. involves the IS auditor.
B. is performed by an independent programmer team.
C. examines a program's internal logical structure.
D. uses the bottom-up approach.
Which of the following security techniques is the BEST
method for authenticating a user's identity?
A. Smart card
B. Biometrics
C. Challenge-response token
D. User ID and password
Which of the following procedures can a biometric system
perform?
A. Measure airborne contamination.
B. Provide security over physical access.
C. Monitor temperature and humidity levels.
D. Detect hazardous electromagnetic fields in an area.
Which of the following risks would be increased by the
installation of a database system?
A. Programming errors
B. Data entry errors
C. Improper file access
D. Loss of parity
Responsibility and reporting lines cannot always be
established when auditing automated systems since:
A. diversified control makes ownership irrelevant.
B. staff traditionally change jobs with greater frequency.
C. ownership is difficult to establish where resources are
shared.
D. duties change frequently in the rapid development of
technology.
How are job oppurtunities for For Solries( Freshers)?
62
Hi i m a pst graduate in commerce and having wotking exp
more than 3 yrs in bpo sector (web based) my company moved
my self to software testing, i m not sure whether i should
continue there or not also i knoe this is better career opp
for me in software testing, can u people pls guide me for a
gud sotware testing institute which can provide gud
training, located in delhi (pref west delhi or in south
delhi)
Hi all,
Can u people explain about structure of ISTQB
Certification.what is pattern,how many marks ,time period
of the istqb.U people have any idea about this plz help me?
12
Can anybody provide me the material which is useful for the
bo xi r2 certification.Thanks in advance.
Hi Friends i have plan to do certifcation in mercury
Automation Tool QTP.But I Didnt get any clear details
regarding course syllabus,fees and where to approach so can
any one send me the details
54
I want to do a certification course on "corporate
communication" let me know if anyone comeacross this
5
What is Patch Management? Why we use. Basic requirement of
installing Patch Management?
10
Dear Friends, Currently i m working as Business Analyst in a
Bangalore based organization. Can you anyone tell what are
the certifications available for a Business Analyst? I got
few, but i m not sure how to proceed further. Please help
tech geeks.
Thanks in advance.
Cheers,
Ganesh
email: ganeshramanandv@rediffmail.com
hi! can anyone tel me is it worth doing IBM CEIS
certification course?? will it help me for a bright
career?? I'm looking forward to join tat but want some
advice?? so guys pls reply back ..
36
Anyone tried these SAP CERTIFICATION AND INTERVIEW QUESTIONS?
http://sapqanda.blogspot.com
39
do RECRUITERS HAVE ANY CERTIFICATIONS, IF SO WHAT ARE THERE?
• What are sites? What are they used for?
• What's the difference between a site link's schedule and
interval?
• What is the KCC?
• What is the ISTG? Who has that role by default?
• What are the requirements for installing AD on a new server?
• What can you do to promote a server to DC if you're in a
remote location with slow WAN link?
12
Hi, I am going to appear for ITIL V3 exam..........Can
anyone share the dumps for this exam with me.......Its very
urgrnt...Please help
Ask Questions on ANYTHING, that arise in your Daily Life at 
Site Map