An IS auditor recommends that an initial validation control
be programmed into a credit card transaction capture
application. The initial validation process would MOST likely:
A. check to ensure the type of transaction is valid for that
card type.
B. verify the format of the number entered then locate it on
the database.
C. ensure that the transaction entered is within the
cardholder's credit limit.
D. confirm that the card is not shown as lost or stolen on
the master file.
- 1 Answers
- 8929 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
The initial validation should confirm whether the card is
valid. This validity is established through the card number
and PIN entered by the user. Based on this initial
validation, all other validations will proceed. A validation
control in data capture will ensure that the data entered is
valid (i.e., it can be processed by the system). If the data
captured in the initial validation is not valid (if the card
number or PIN do not match with the database), then the card
will be rejected or captured per the controls in place. Once
initial validation is completed, then other validations
specific to the card and cardholder would be performed.
| Is This Answer Correct ? | 8 Yes | 0 No |
Which of the following line media would provide the BEST security for a telecommunication network? A. Broad band network digital transmission B. Baseband network C. Dial-up D. Dedicated lines
Which of the following represents the MOST pervasive control over application development? A. IS auditors B. Standard development methodologies C. Extensive acceptance testing D. Quality assurance groups
Which of the following are data file controls? A. Internal and external labeling B. Limit check and logical relationship checks C. Total items and hash totals D. Report distribution procedures
A MAJOR risk of using single sign-on (SSO) is that it: A. has a single authentication point. B. represents a single point of failure. C. causes an administrative bottleneck. D. leads to a lockout of valid users.
In planning a software development project, which of the following is the MOST difficult to determine? A. Project slack times B. The project's critical path C. Time and resource requirements for individual tasks D. Relationships that preclude the start of an activity before others are complete
Which of the following is an objective of a control self-assessment (CSA) program? A. Concentration on areas of high risk B. Replacement of audit responsibilities C. Completion of control questionnaires D. Collaborative facilitative workshops
1. which of the following is used to achieve accountability. a.identification b. authentication c. authorization d. iniation
When conducting an audit of client/server database security, the IS auditor would be MOST concerned about the availability of: A. system utilities. B. application program generators. C. system security documentation. D. access to stored procedures.
The quality assurance group is typically responsible for: A. ensuring that the output received from system processing is complete. B. monitoring the execution of computer processing tasks. C. ensuring that programs and program changes and documentation adhere to established standards. D. designing procedures to protect data against accidental disclosure, modification or destruction.
During an audit of the tape management system at a data center, an IS auditor discovered that parameters are set to bypass or ignore the labels written on tape header records. The IS auditor also determined that effective staging and job setup procedures were in place. In this situation, the IS auditor should conclude that the: A. tape headers should be manually logged and checked by the operators. B. staging and job setup procedures are not appropriate compensating controls. C. staging and job setup procedures compensate for the tape label control weakness. D. tape management system parameters must be set to check all labels.
Which of the following is a control to compensate for a programmer having access to accounts payable production data? A. Processing controls such as range checks and logic edits B. Reviewing accounts payable output reports by data entry C. Reviewing system-produced reports for checks (cheques) over a stated amount D. Having the accounts payable supervisor match all checks (cheques) to approved invoices
Which of the following should concern an IS auditor when reviewing security in a client-server environment? A. Data is protected by an encryption technique. B. Diskless workstations prevent unauthorized access. C. Ability of users to access and modify the database directly. D. Disabling floppy drives on the users machines.
Cisco Certifications 
