IS auditors reviewing access control should review data
classification to ensure that encryption parameters are
classified as:
A. sensitive.
B. confidential.
C. critical.
D. private.
Sales orders are automatically numbered sequentially at each
of a retailer's multiple outlets. Small orders are processed
directly at the outlets, with large orders sent to a central
production facility. The MOST appropriate control to ensure
that all orders transmitted to production are received and
processed would be to:
A. send and reconcile transaction counts and totals.
B. have data transmitted back to the local site for comparison.
C. compare data communications protocols with parity checking.
D. track and account for the numerical sequence of sales
orders at the production facility.
Of the following who is MOST likely to be responsible for
network security operations?
A. Users
B. Security administrators
C. Line managers
D. Security officers
Following a reorganization of a company's legacy database,
it was discovered that records were accidentally deleted.
Which of the following controls would have MOST effectively
detected this occurrence?
A. Range check
B. Table lookups
C. Run-to-run totals
D. One-for-one checking
Which of the following types of controls is designed to
provide the ability to verify data and record values through
the stages of application processing?
A. Range checks
B. Run-to-run totals
C. Limit checks on calculated amounts
D. Exception reports
Which of the following is a control to detect an
unauthorized change in a production environment?
A. Denying programmers access to production data.
B. Requiring change request to include benefits and costs.
C. Periodically comparing control and current object and
source programs.
D. Establishing procedures for emergency changes.
To prevent an organization's computer systems from becoming
part of a distributed denial-of-service attack, IP packets
containing addresses that are listed as unroutable can be
isolated by:
A. establishing outbound traffic filtering.
B. enabling broadcast blocking.
C. limiting allowable services.
D. network performance monitoring.
When performing a general controls review, an IS auditor
checks the relative location of the computer room inside the
building. What potential threat is the IS auditor trying to
identify?
A. Social engineering
B. Windstorm
C. Earthquake
D. Flooding
Which of the following audit procedures would an IS auditor
be LEAST likely to include in a security audit?
A. Review the effectiveness and utilization of assets.
B. Test to determine that access to assets is adequate.
C. Validate physical, environmental and logical access
policies per job profiles.
D. Evaluate asset safeguards and procedures that prevent
unauthorized access to the assets.
During a post-implementation review of an enterprise
resource management system, an IS auditor would MOST likely:
A. review access control configuration.
B. evaluate interface testing.
C. review detailed design documentation.
D. evaluate system testing.
To determine which users can gain access to the privileged
supervisory state, which of the following should an IS
auditor review?
A. System access log files
B. Enabled access control software parameters
C. Logs of access control violations
D. System configuration files for control options used
Which of the following MUST exist to ensure the viability of
a duplicate information processing facility?
A. The site is near the primary site to ensure quick and
efficient recovery.
B. The site contains the most advanced hardware available.
C. The workload of the primary site is monitored to ensure
adequate backup is available.
D. The hardware is tested when it is installed to ensure it
is working properly.
During an audit, an IS auditor learns that lengthy and
complex passwords are required to reach the network via
modem. These passwords were established by an outside
provider. The communications software allows users to select
a ?remember password? option. What should the IS auditor's
PRIMARY recommendation be?
A. Disable the save password option and have users record
them elsewhere.
B. Request that the provider change the dial-in password to
a group password.
C. Establish and enforce a process to have users change
their passwords.
D. Allow users to change their passwords to something less
complex.
Many organizations require an employee to take a mandatory
vacation (holiday) of a week or more to:
A. ensure the employee maintains a quality of life, which
will lead to greater productivity.
B. reduce the opportunity for an employee to commit an
improper or illegal act.
C. provide proper cross training for another employee.
D. eliminate the potential disruption caused when an
employee takes vacation one day at a time.
What technique would you use to fix the 10 leftmost columns
on a list when scrolling to the right?
a) Set Left Scroll-Boundary Column 10
b) Set Right Scroll-Boundary Column 10
c) Scroll List PS+<10>
d) Scroll List Left
Note: My answer for this question is A. But if you think
different then pls give link or explain how.
I want take up LoadRunner Testing Certification. Can anyone
help me with the Syllabus and some sample questions.
Also please tell me how much it costs for the Basic level
testing.
An update function module VF is called within subprogram VU
.The program contains the call , VU on commit . At which
point are the parameters for the update function VF evaluated ?
a) when perform is executed
b) at the beginning of function
c) at commit work
d) at start of v1 update
e) at the end of the dialog step.
Please answer only if you are very sure about this. Else
please dont try.
Hai friends......I want to do ISTQB certification.Am in Navi Mumbai and i want to know abt the study centre and the course details for ISTQB in Navi Mumbai.Pls mail me as soon as possible
6
i am planning to give cognos cerification exam can u
please help me question guide
175
Hi i m a pst graduate in commerce and having wotking exp
more than 3 yrs in bpo sector (web based) my company moved
my self to software testing, i m not sure whether i should
continue there or not also i knoe this is better career opp
for me in software testing, can u people pls guide me for a
gud sotware testing institute which can provide gud
training, located in delhi (pref west delhi or in south
delhi)
168
Hi I want to do certification on security trading.Any idea ?
90
I want take up LoadRunner Testing Certification. Can anyone
send me material for that?
461
I have been completed I.T.I(Industrial Technicial Institute)
Course in instrumentation.At present iam working in gulf,i
want to do correspondence diploma in instrumentation,can
any one suggest me how can i apply for it,any registered
organization.
88
Hi. I wish to appear for OCA exam. Can anyone pls guide me
on the syllabus n fee structure of the exam. I know that
there are 2 tracks : developer and dba. What is the
difference between the two? All suggestions are welcome.
Thanks.
23
what is leased line and if any issue occur what will u do
thai is trouble shootin occurs let leased line is down
What is NOT a valid functional area type?
a) LDB
b) Sequential Data Set
c) Program
d) Search Help
e) Joined Tables
note: Please answer only if you are very sure. Else pls ignore.
is there use of doing CEIS certification by karRox for
other industry rather than IBM? if yes name the company's
who approve for such certifications?
164
hey!! can any one tell me any training institute which
provides training on HP-UNIX in mumbai ?
Please send me details on saif.sicsr@gmail.com
Thanks in advance.
36
primary & secondary storages are 2 main type of storage
64
can any one give about the COGNOS and CRYSTAL REPORTS
certification details?
To Refer this Site to Your Friends 
Site Map
