Interested to Buy Any Domain ? << Click Here >> for more details...
An IS auditor involved as a team member in the detailed
system design phase of a system under development would be
MOST concerned with:
A. internal control procedures.
B. user acceptance test schedules.
C. adequacy of the user training program.
D. clerical processes for resubmission of rejected items.
- 1 Answers
- 4300 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
As a member of the project team, the IS auditor's primary
role is to ensure that adequate and appropriate control
procedures are designed and programmed into the system. At
this stage, it is too early for user acceptance schedules,
training programs and user procedures to be the primary
concern of the IS auditor.
| Is This Answer Correct ? | 7 Yes | 0 No |
IS management has recently informed the IS auditor of its decision to disable certain referential integrity controls in the payroll system to provide users with a faster report generator. This will MOST likely increase the risk of: A. data entry by unauthorized users. B. a nonexistent employee being paid. C. an employee receiving an unauthorized raise. D. duplicate data entry by authorized users.
Which of the following is a function of an IS steering committee? A. Monitoring vendor controlled change control and testing B. Ensuring a separation of duties within the information's processing environment C. Approving and monitoring major projects, the status of IS plans and budgets D. Responsible for liaison between the IS department and the end users
The most likely error to occur when implementing a firewall is: A. incorrectly configuring the access lists. B. compromising the passwords due to social engineering. C. connecting a modem to the computers in the network. D. inadequately protecting the network and server from virus attacks.
The difference between a vulnerability assessment and a penetration test is that a vulnerability assessment: A. searches and checks the infrastructure to detect vulnerabilities, whereas penetration testing intends to exploit the vulnerabilities to probe the damage that could result from the vulnerabilities. B. and penetration tests are different names for the same activity. C. is executed by automated tools, whereas penetration testing is a totally manual process. D. is executed by commercial tools, whereas penetration testing is executed by public processes.
During the course of an audit, the IS auditor discovers that the human resources (HR) department uses a cloud-based application to manage employee records. The HR department engaged in a contract outside of the normal vendor management process and manages the application on its own. Which of the following choices is of MOST concern? A. Maximum acceptable downtime metrics have not been defined in the contract. B. The IT department does not manage the relationship with the cloud vendor. C. The help desk call center is in a different country, with different privacy requirements. D. Company-defined security policies are not applied to the cloud application.
In the development of an important application affecting the entire organization, which of the following would be the MOST appropriate project sponsor? A. The information systems manager B. A member of executive management C. An independent management consultant D. The manager of the key user department
Which of the following is an output control objective? A. Maintenance of accurate batch registers B. Completeness of batch processing C. Appropriate accounting for rejections and exceptions D. Authorization of file updates
Which of the following would BEST provide assurance of the integrity of new staff? A) Background screening B)References C) Bonding D)Qualifications listed on resume
E-mail message authenticity and confidentiality is BEST achieved by signing the message using the:
The responsibility, authority and accountability of the IS audit function is documented appropriately in an audit charter and MUST be: A. approved by the highest level of management. B. approved by audit department management. C. approved by user department management. D. changed every year before commencement of IS audits.
Which of the following is the FIRST step in a business process reengineering (BPR) project? A. Defining the areas to be reviewed B. Developing a project plan C. Understanding the process under review D. Reengineering and streamlining the process under review
Which of the following is an object-oriented technology characteristic that permits an enhanced degree of security over data? A. Inheritance B. Dynamic warehousing C. Encapsulation D. Polymorphism
Cisco Certifications 
