When two or more systems are integrated, input/output
controls must be reviewed by the IS auditor in the:
A. systems receiving the output of other systems.
B. systems sending output to other systems.
C. systems sending and receiving data.
D. interfaces between the two systems.
Answer / guest
Answer: C
Both of the systems must be reviewed for input/output
controls since the output for one system is the input for
the other.
Is This Answer Correct ? | 5 Yes | 0 No |
Sign-on procedures include the creation of a unique user ID and password. However, an IS auditor discovers that in many cases the user name and password are the same. The BEST control to mitigate this risk is to: A. change the company's security policy. B. educate users about the risk of weak passwords. C. build in validations to prevent this during user creation and password change. D. require a periodic review of matching user ID and passwords for detection and correction.
IS auditors who have participated in the development of an application system might have their independence impaired if they: A. perform an application development review. B. recommend control and other system enhancements. C. perform an independent evaluation of the application after its implementation. D. are involved actively in the design and implementation of the application system.
Java applets and ActiveX controls are distributed executable programs that execute in the background of a web browser client. This practice is considered reasonable when: A. a firewall exists. B. a secure web connection is used. C. the source of the executable is certain. D. the host website is part of your organization.
Which of the following would MOST likely ensure that a system development project meets business objectives? A. Maintenance of program change logs B. Development of a project plan identifying all development activities C. Release of application changes at specific times of the year D. User involvement in system specification and acceptance
Creation of an electronic signature: A. encrypts the message. B. verifies where the message came from. C. cannot be compromised when using a private key. D. cannot be used with e-mail systems.
To check the performance of flow and error control, an IS auditor should focus the use of a protocol analyzer on which of the following layers? A. Network B. Transport C. Data link D. Application
The application test plans are developed in which of the following systems development life cycle (SDLC) phases? A. Design B. Testing C. Requirement D. Development
Which of the following is the BEST form of transaction validation? A. Use of key field verification techniques in data entry B. Use of programs to check the transaction against criteria set by management C. Authorization of the transaction by supervisory personnel in an adjacent department D. Authorization of the transaction by a department supervisor prior to the batch process
An IS auditor doing penetration testing during an audit of Internet connections would: A. evaluate configurations. B. examine security settings. C. ensure virus-scanning software is in use. D. use tools and techniques that are available to a hacker.
Which of the following is an advantage of an integrated test facility (ITF)? A. It uses actual master files or dummies and the IS auditor does not have to review the source of the transaction. B. Periodic testing does not require separate test processes. C. It validates application systems and tests the ongoing operation of the system. D. It eliminates the need to prepare test data.
The corporate office of a company having branches worldwide, developed a control self-assessment program (CSA) for all its offices. Which of the following is the MOST important requirement for a successful CSA? A. Skills of the workshop facilitator B. Simplicity of the questionnaire C. Support from the audit department D. Involvement of line managers
The security level of a private key system depends on the number of: A. encryption key bits. B. messages sent. C. keys. D. channels used.