Answer / guest

Answer: C

Run-to-run totals would have been an effective detective
control over processing in this situation. Table lookups and
range checks are used for data validation before input, or
as close to the point of origination as possible.
One-for-one checking is time consuming and therefore less
effective.

To detect attack attempts that the firewall is unable to recognize, an IS auditor should recommend placing a network intrusion detection system (IDS) between the:

2 Answers  

---

An organization is considering installing a LAN in a site under construction. If system availability is the main concern, which of the following topologies is MOST appropriate? A. Ring B. Line C. Star D. Bus

1 Answers  

---

Which of the following facilitates program maintenance? A. More cohesive and loosely coupled programs B. Less cohesive and loosely coupled programs C. More cohesive and strongly coupled programs D. Less cohesive and strongly coupled programs

1 Answers  

---

Which of the following should be of MOST concern to an IS auditor? A. Lack of reporting of a successful attack on the network B. Failure to notify police of an attempted intrusion C. Lack of periodic examination of access rights D. Lack of notification to the public of an intrusion

1 Answers  

---

Which of the following components of a business continuity plan is PRIMARILY the responsibility of an organization?s IS department? A. Developing the business continuity plan B. Selecting and approving the strategy for business continuity plan C. Declaring a disaster D. Restoring the IS systems and data after a disaster

1 Answers  

---

To meet pre-defined criteria, which of the following continuous audit techniques would BEST identify transactions to audit? A. Systems Control Audit Review File and Embedded Audit Modules (SCARF/EAM) B. Continuous and Intermittent Simulation (CIS) C. Integrated Test Facilities (ITF) D. Audit hooks

2 Answers  

---

Which of the following controls would be MOST effective in ensuring that production source code and object code are synchronized? A. Release-to-release source and object comparison reports B. Library control software restricting changes to source code C. Restricted access to source code and object code D. Date and time-stamp reviews of source and object code

2 Answers  

---

Which of the following represents the MOST pervasive control over application development? A. IS auditors B. Standard development methodologies C. Extensive acceptance testing D. Quality assurance groups

1 Answers  

---

In which of the following network configurations would problem resolution be the easiest? A. Bus B. Ring C.Star D. Mesh

1 Answers  

---

During an audit of an enterprise that is dedicated to e-commerce, the IS manager states that digital signatures are used in the establishment of its commercial relations. To substantiate this, the IS auditor must prove that which of the following is used? A. A biometric, digitalized and encrypted parameter with the customer's public key B. A hash of the data that is transmitted and encrypted with the customer's private key C. A hash of the data that is transmitted and encrypted with the customer's public key D. The customer's scanned signature, encrypted with the customer's public key

1 Answers  

---

A key element in a risk analysis is/are: A. audit planning. B. controls. C. vulnerabilities. D. liabilities.

1 Answers  

---

An IS auditor is assigned to perform a post implementation review of an application system. Which of the following situations may have impaired the independence of the IS auditor? The IS auditor: A. implemented a specific control during the development of the application system. B. designed an embedded audit module exclusively for auditing the application system. C. participated as a member of the application system project team, but did not have operational responsibilities. D.provided consulting advice concerning application system best practices.

2 Answers  

---