Interested to Buy Any Domain ? << Click Here >> for more details...
An IS auditor performing a review of the IS department
discovers that formal project approval procedures do not
exist. In the absence of these procedures the IS manager has
been arbitrarily approving projects that can be completed in
a short duration and referring other more complicated
projects to higher levels of management for approval. The IS
auditor should recommend as a FIRST course of action that:
A. users participate in the review and approval process.
B. formal approval procedures be adopted and documented.
C. projects be referred to appropriate levels of management
for approval.
D. the IS manager's job description be changed to include
approval authority.
- 2 Answers
- 5501 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: B
It is imperative that formal written approval procedures be
established to set accountability. This is true of both the
IS manager and higher levels of management. Choices A, C and
D would be subsequent recommendations once authority has
been established.
| Is This Answer Correct ? | 7 Yes | 0 No |
Answer / guest
B. formal approval procedures be adopted and documented.
| Is This Answer Correct ? | 0 Yes | 0 No |
After installing a network, an organization installed a vulnerability assessment tool or security scanner to identify possible weaknesses. Which is the MOST serious risk associated with such tools? A. Differential reporting B. False positive reporting C. False negative reporting D. Less detail reporting
Which of the following would normally be found in application run manuals? A. Details of source documents B. Error codes and their recovery actions C. Program flowcharts and file definitions D. Change records for the application source code
Which of the following is a check (control) for completeness? A. Check digits B. Parity bits C. One-for-one checking D. Prerecorded input
An organization wants to enforce data integrity principles and achieve faster performance/execution in a database application. Which of the following design principles should be applied? A. User (customized) triggers B. Data validation at the front end C. Data validation at the back end D. Referential integrity
Which of the following sampling methods is MOST useful when testing for compliance? A. Attribute sampling B. Variable sampling C. Stratified mean per unit D. Difference estimation
Business continuity/disaster recovery is PRIMARILY the responsibility of: A. IS management. B. business unit managers. C. the security administrator. D. the board of directors.
An organization is considering connecting a critical PC-based system to the Internet. Which of the following would provide the BEST protection against hacking? A. An application-level gateway B. A remote access server C. A proxy server D. Port scanning
The PRIMARY objective of a firewall is to protect: A. internal systems from exploitation by external threats. B. external systems from exploitation by internal threats. C. internal systems from exploitation by internal threats. D. itself and attached systems against being used to attack other systems.
The PRIMARY objective of conducting a post-implementation review is to assess whether the system A) achieved the desired objectives B) provides for backup and recovery C) provides for information security D) documentation is clear and understandable
Congestion control is BEST handled by which OSI layer? A. Data link B. Session layer C. Transport layer D. Network layer
A debugging tool, which reports on the sequence of steps executed by a program, is called a/an: A. output analyzer. B. memory dump. C. compiler. D. logic path monitor.
Which of the following is the FIRST step in a business process reengineering (BPR) project? A. Defining the areas to be reviewed B. Developing a project plan C. Understanding the process under review D. Reengineering and streamlining the process under review
Cisco Certifications 
