A long-term IS employee with a strong technical background
and broad managerial experience has applied for a vacant
position in the IS audit department. Determining whether to
hire this individual for this position should be based on
the individual's experience and:
A. the length of service since this will help ensure
technical competence.
B. age as training in audit techniques may be impractical.
C. IS knowledge since this will bring enhanced credibility
to the audit function.
D. ability, as an IS auditor, to be independent of existing
IS relationships.
- 2 Answers
- 6963 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: D
Independence should be continually assessed by the auditor
and management. This assessment should consider such factors
as changes in personal relationships, financial interests
and prior job assignments and responsibilities. The fact
that the employee has worked in IS for many years may not in
itself ensure credibility. The audit department's needs
should be defined and any candidate should be evaluated
against those requirements. In addition, the length of
service will not ensure technical competency, and evaluating
an individual's qualifications based on the age of the
individual is not a good criterion and is illegal in many
parts of the world.
| Is This Answer Correct ? | 6 Yes | 0 No |
Answer / guest
D. ability, as an IS auditor, to be independent of existing
IS relationships.
| Is This Answer Correct ? | 5 Yes | 0 No |
An IS auditor performing a telecommunication access control review should be concerned PRIMARILY with the: A. maintenance of access logs of usage of various system resources. B. authorization and authentication of the user prior to granting access to system resources. C. adequate protection of stored data on servers by encryption or other means. D. accountability system and the ability to identify any terminal accessing system resources.
WHICH OF THE FOLLOWING IS OFTEN AN ADVANTAGE OF USING PROTOTYPING GOR DYDTEM DVELOPMENT
When conducting an audit of client/server database security, the IS auditor would be MOST concerned about the availability of: A. system utilities. B. application program generators. C. system security documentation. D. access to stored procedures.
Which of the following would contribute MOST to an effective business continuity plan (BCP)? The BCP: A. document was circulated to all interested parties. B. planning involved all user departments. C. was approved by senior management. D. was audited by an external IS auditor.
Which of the following disaster recovery/continuity plan components provides the GREATEST assurance of recovery after a disaster? A. The alternate facility will be available until the original information processing facility is restored. B. User management was involved in the identification of critical systems and their associated critical recovery times. C. Copies of the plan are kept at the homes of key decision making personnel. D. Feedback to management assuring them that the business continuity plans are indeed workable and that the procedures are current.
Which of the following is a telecommunication device that translates data from digital form to analog form and back to digital? A. Multiplexer B. Modem C. Protocol converter D. Concentrator
As a business process reengineering (BPR) project takes hold it is expected that: A. business priorities will remain stable. B. information technologies will not change. C. the process will improve product, service and profitability. D. input from clients and customers will no longer be necessary.
A retail company recently installed data warehousing client software at geographically diverse sites. Due to time zone differences between the sites, updates to the warehouse are not synchronized. Which of the following will be affected the MOST? A. Data availability B. Data completeness C. Data redundancy D. Data inaccuracy
An organization is introducing a single sign-on (SSO) system. Under the SSO system, users will be required to enter only one user ID and password for access to all application systems. Under the SSO system, unauthorized access: A. is less likely. B. is more likely. C. will have a greater impact. D. will have a smaller impact.
An advantage of the use of hot sites as a backup alternative is that: A. the costs associated with hot sites are low. B. hot sites can be used for an extended amount of time. C. hot sites can be made ready for operation within a short period of time. D. they do not require that equipment and systems software be compatible with the primary site.
One of the purposes of library control software is to allow: A. programmers access to production source and object libraries. B. batch program updating. C. operators to update the control library with the production version before testing is completed. D. read-only access to source code.
Which of the following is a control to detect an unauthorized change in a production environment? A. Denying programmers access to production data. B. Requiring change request to include benefits and costs. C. Periodically comparing control and current object and source programs. D. Establishing procedures for emergency changes.
Cisco Certifications 
