The PRIMARY objective of a business continuity and disaster recovery plan should be to: A. safeguard critical IS assets. B. provide for continuity of operations. C. minimize the loss to an organization. D. protect human life.

What type of transmission requires modems? A. Encrypted B. Digital C. Analog D. Modulated

Which of the following is the MOST effective control procedure for security of a stand-alone small business computer environment? A. Supervision of computer usage B. Daily management review of the trouble log C. Storage of computer media in a locked cabinet D. Independent review of an application system design

Which of the following represents the GREATEST potential risk in an EDI environment? A. Transaction authorization B. Loss or duplication of EDI transmissions C. Transmission delay D. Deletion or manipulation of transactions prior to or after establishment of application controls

CTS,

During a review of a customer master file an IS auditor discovered numerous customer name duplications arising from variations in customer first names. To determine the extent of the duplication the IS auditor would use: A. test data to validate data input. B. test data to determine system sort capabilities. C. generalized audit software to search for address field duplications. D. generalized audit software to search for account field duplications.

A control log basic to a real-time application system is a(n): A. audit log. B. console log. C. terminal log. D. transaction log.

Which of the following is a technique that could be used to capture network user passwords? A. Encryption B. Sniffing C. Spoofing D. A signed document cannot be altered.

The process of using interpersonal communication skills to get unauthorized access to company assets is called: A. wire tapping. B. trap doors. C. war dialing. D. social engineering.

A hacker could obtain passwords without the use of computer tools or programs through the technique of: A. social engineering. B. sniffers. C. backdoors. D. trojan horses.

If the decision has been made to acquire software rather than develop it internally, this decision is normally made during the: A. requirements definition phase of the project. B. feasibility study phase of the project. C. detailed design phase of the project. D. programming phase of the project.

The secure socket layer (SSL) protocol addresses the confidentiality of a message through: A. symmetric encryption. B. message authentication code. C. hash function. D. digital signature certificates.

Which of the following represents the MOST pervasive control over application development? A. IS auditors B. Standard development methodologies C. Extensive acceptance testing D. Quality assurance groups

With regard to sampling it can be said that: A. sampling is generally applicable when the population relates to an intangible or undocumented control. B. if an auditor knows internal controls are strong, the confidence coefficient may be lowered. C. attribute sampling would help prevent excessive sampling of an attribute by stopping an audit test at the earliest possible moment. D. variable sampling is a technique to estimate the rate of occurrence of a given control or set of related controls.

Which of the following would an IS auditor consider to be the MOST important when evaluating an organization's IS strategy? That it: A. has been approved by line management. B. does not vary from the IS department's preliminary budget. C. complies with procurement procedures. D. supports the business objectives of the organization.

Which of the following goals would you expect to find in an organization's strategic plan? A. Test a new accounting package. B. Perform an evaluation of information technology needs. C. Implement a new project planning system within the next 12 months. D. Become the supplier of choice within a given time period for the product offered.