An IS auditor should be able to identify and evaluate
various types of risks and their potential effects. Which of
the following risks is associated with authorized program
exits (trap doors)?
A. Inherent
B. Detection
C. Audit
D. Error
Answers were Sorted based on User's Feedback
Answer / guest
Answer: A
Inherent risk is the susceptibility of an area or process to
an error that could be material. Exits out of an authorized
program are an inherent risk as they provide a flexibility
for inserting code to modify or add functionality. The exits
(trap doors) also permit insertion of unauthorized code.
Detection risk (choice B) is the risk that IS auditor's
substantive procedures will not detect an error which could
be material, indivually or in combination with other errors.
Audit risk (choice C) is the risk of giving an incorrect
audit opinion, while error risk (choice D) is the risk of
errors occuring in the area being audited.
Is This Answer Correct ? | 3 Yes | 1 No |
The MAJOR concern for an IS auditor when reviewing an organization's business process reengineering (BRP) efforts is: A. cost overrun of the project. B. employees resistance to change. C. key controls may be removed from a business process. D. lack of documentation of new processes.
There are several methods of providing telecommunications continuity. The method of routing traffic through split cable or duplicate cable facilities is: A. alternative routing. B. diverse routing. C. long-haul network diversity. D. last mile circuit protection.
An IS auditor doing penetration testing during an audit of Internet connections would: A. evaluate configurations. B. examine security settings. C. ensure virus-scanning software is in use. D. use tools and techniques that are available to a hacker.
The MOST effective method for limiting the damage of an attack by a software virus is: A. software controls. B. policies, standards and procedures. C. logical access controls. D. data communication standards.
When evaluating the collective effect of preventive, detective or corrective controls within a process an IS auditor should be aware: A. of the point at which controls are exercised as data flows through the system. B. that only preventive and detective controls are relevant. C. that corrective controls can only be regarded as compensating. D. that classification allows an IS auditor to determine which controls are missing.
A digital signature contains a message digest to: A. show if the message has been altered after transmission. B. define the encryption algorithm. C. confirm the identity of the originator. D. enable message transmission in a digital format.
The PRIMARY objective of a logical access controls review is to: A. review access controls provided through software. B. ensure access is granted per the organization's authorities. C. walkthrough and assess access provided in the IT environment. D. provide assurance that computer hardware is protected adequately against abuse.
A PING command is used to measure: A. attenuation. B. throughput. C. delay distortion. D. latency.
Access rules normally are included in which of the following documentation categories? A. Technical reference documentation B. User manuals C. Functional design specifications D. System development methodology documents
Which of the following testing methods is MOST effective during the initial phases of prototyping? A. System B. Parallel C. Volume D. Top-down
Which of the following normally would be the MOST reliable evidence for an auditor? A. A confirmation letter received from a third party verifying an account balance B. Assurance from line management that an application is working as designed C. Trend data obtained from World Wide Web (Internet) sources D. Ratio analysis developed by the IS auditor from reports supplied by line management
Which of the following message services provides the strongest protection that a specific action has occurred? A. Proof of delivery B. Nonrepudiation C. Proof of submission D. Message origin authentication