Interested to Buy Any Domain ? << Click Here >> for more details...
Prices are charged on the basis of a standard master file
rate that changes as volume increases. Any exceptions must
be manually approved. What is the MOST effective automated
control to help ensure that all price exceptions are approved?
A. All amounts are displayed back to the data entry clerk,
who must verify them visually.
B. Prices outside the normal range should be entered twice
to verify data entry accuracy.
C. The system beeps when price exceptions are entered and
prints such occurrences on a report.
D. A second-level password must be entered before a price
exception can be processed.
- 1 Answers
- 5052 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: D
"Automated control should ensure that the system processes
the price exceptions only on approval of another user who is
authorized to approve such exceptions. A second-level
password would ensure that price exceptions will be approved
by a user who has been authorized by management. Visual
verification of all amounts by a data entry clerk is not a
control, but a basic requirement for any data entry. The
user being able to visually verify what has been entered is
a basic manual control. Entry of price exceptions twice, is
an input control. This does not ensure that exceptions will
be verified automatically by another user. The system
beeping on entry of a price exception is only a warning to
the data entry clerk
it does not prevent proceeding further. Printing of these
exceptions on a report is a detective (manual) control."
| Is This Answer Correct ? | 5 Yes | 0 No |
The MOST effective method for limiting the damage of an attack by a software virus is: A. software controls. B. policies, standards and procedures. C. logical access controls. D. data communication standards.
A large chain of shops with EFT at point-of-sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communications processor? A. Offsite storage of daily backups B. Alternative standby processor onsite C. Installation of duplex communication links D. Alternative standby processor at another network node
Which of the following provides a mechanism for coding and compiling programs interactively? A. Firmware B. Utility programs C. Online programming facilities D. Network management software
Which of the following applet intrusion issues poses the GREATEST risk of disruption to an organization? A. A program that deposits a virus on a client machine B. Applets recording keystrokes and, therefore, passwords C. Downloaded code that reads files on a client's hard drive D. Applets opening connections from the client machine
When reviewing the implementation of a LAN the IS auditor should FIRST review the: A. node list. B. acceptance test report. C. network diagram. D. user's list.
Sign-on procedures include the creation of a unique user ID and password. However, an IS auditor discovers that in many cases the user name and password are the same. The BEST control to mitigate this risk is to: A. change the company's security policy. B. educate users about the risk of weak passwords. C. build in validations to prevent this during user creation and password change. D. require a periodic review of matching user ID and passwords for detection and correction.
WHICH OF THE FOLLOWING IS OFTEN AN ADVANTAGE OF USING PROTOTYPING GOR DYDTEM DVELOPMENT
An IS auditor doing penetration testing during an audit of Internet connections would: A. evaluate configurations. B. examine security settings. C. ensure virus-scanning software is in use. D. use tools and techniques that are available to a hacker.
To meet pre-defined criteria, which of the following continuous audit techniques would BEST identify transactions to audit? A. Systems Control Audit Review File and Embedded Audit Modules (SCARF/EAM) B. Continuous and Intermittent Simulation (CIS) C. Integrated Test Facilities (ITF) D. Audit hooks
Which of the following steps would an IS auditor normally perform FIRST in a data center security review? A. Evaluate physical access test results. B. Determine the risks/threats to the data center site. C. Review business continuity procedures. D. Test for evidence of physical access at suspect locations.
The interface that allows access to lower or higher level network services is called: A. firmware. B. middleware. C. X.25 interface. D. utilities.
An IS auditor is reviewing the change management process for an enterprise resource planning (ERP) application. Which of the following is the BEST method for testing program changes? A. Select a sample of change tickets and review them for authorization. B. Perform a walk-through by tracing a program change from start to finish. C. Trace a sample of modified programs to supporting change tickets. D. Use query software to analyze all change tickets for missing fields.
Cisco Certifications 
