Where adequate segregation of duties between operations and programming ar

Advertise your Business Here

Refer this Site

Login | Sign Up


	To Refer this Site to Your Friends Click Here

Categories >> Certifications >> CISA Certification

Cisco Certifications Interview Questions

Microsoft Certifications Interview Questions

Sun Certifications Interview Questions

CISA Certification Interview Questions

Oracle Certifications Interview Questions

ISTQB Certification Interview Questions

Certifications AllOther Interview Questions

Question

Where adequate segregation of duties between operations and
programming are not achievable, the IS auditor should look for:

A. compensating controls.

B. administrative controls.

C. corrective controls.

D. access controls.

Question Submitted By :: Guest

I also faced this Question!!

Rank

Answer Posted By

Re: Where adequate segregation of duties between operations and programming are not achievable, the IS auditor should look for: A. compensating controls. B. administrative controls. C. corrective controls. D. access controls.

Answer
# 1

Answer: A

The IS auditor should identify compensating controls such as
strong computer security, reviewing access control logs,
end-user reconciliation of control reports and control
information in transaction reports, where adequate
segregation of duties is not achievable. Administrative
controls deal with operational effectiveness, efficiency and
adherence to management policies. Corrective controls are
designed to correct errors, omissions and unauthorized uses
and intrusions once they are detected. Access control is the
process that limits and controls access to resources of a
computer system.

Is This Answer Correct ?

1 Yes

0 No

Guest

Question	Asked @	Answers
Other CISA Certification Interview Questions


Which of the following is a control over component communication failure/errors? A. Restricting operator access and maintaining audit trails B. Monitoring and reviewing system engineering activity C. Providing network redundancy D. Establishing physical barriers to the data transmitted over the network		1
If a database is restored using before-image dumps, where should the process be restarted following an interruption? A. Before the last transaction B. After the last transaction C. The first transaction after the latest checkpoint D. The last transaction before the latest checkpoint		2
The difference between whitebox testing and blackbox testing is that whitebox testing: A. involves the IS auditor. B. is performed by an independent programmer team. C. examines a program's internal logical structure. D. uses the bottom-up approach.		1
During a review of a large data center an IS auditor observed computer operators acting as backup tape librarians and security administrators. Which of these situations would be MOST critical to report? A. Computer operators acting as tape librarians B. Computer operators acting as security administrators C. Computer operators acting as a tape librarian and security administrator D. It is not necessary to report any of these situations.		1
An organization wants to enforce data integrity principles and achieve faster performance/execution in a database application. Which of the following design principles should be applied? A. User (customized) triggers B. Data validation at the front end C. Data validation at the back end D. Referential integrity		1
Using test data as part of a comprehensive test of program controls in a continuous online manner is called a/an: A. test data/deck. B. base case system evaluation. C. integrated test facility (ITF). D. parallel simulation.		1
Birth date and marriage date items were switched while entering data. Which of the following data validation checks could detect this? A. Logical relationship B. Sequence C. Reasonableness D. Validity		1
Which is the first software capability maturity model (CMM) level to include a standard software development process? A. Initial (level 1) B. Repeatable (level 2) C. Defined (level 3) D. Optimizing (level 5)		1
Which of the following is the basic objective of a control self-assessment program?		2
An internal audit department, that organizationally reports exclusively to the chief financial officer (CFO) rather than to an audit committee, is MOST likely to: A. have its audit independence questioned. B. report more business-oriented and relevant findings. C. enhance the implementation of the auditor's recommendations. D. result in more effective action being taken on the recommendations.		1
A key element in a risk analysis is/are: A. audit planning. B. controls. C. vulnerabilities. D. liabilities.		1
Which of the following is the MOST fundamental step in effectively preventing a virus attack? A. Executing updated antivirus software in the background on a periodic basis B. Buying standard antivirus software, which is installed on all servers and workstations C. Ensuring that all software is checked for a virus in a separate PC before being loaded into the production environment D. Adopting a comprehensive antivirus policy and communicating it to all users		1
An installed Ethernet cable run in an unshielded twisted pair (UTP) network is more than 100 meters long. Which of the following could be caused by the length of the cable? A. Electromagnetic interference (EMI) B. Cross talk C. Dispersion D.Attenuation		1
In an EDI process, the device which transmits and receives electronic documents is the: A. communications handler. B. EDI translator. C. application interface. D. EDI interface.		1
Which of the following is a practice that should be incorporated into the plan for testing disaster recovery procedures? A. Invite client participation. B. Involve all technical staff. C. Rotate recovery managers. D. Install locally stored backup.	CISA	1
When reviewing the quality of an IS department's development process, the IS auditor finds that they do not use any formal, documented methodology and standards. The IS auditor's MOST appropriate action would be to: A. complete the audit and report the finding. B. investigate and recommend appropriate formal standards. C. document the informal standards and test for compliance. D. withdraw and recommend a further audit when standards are implemented.		1
Software maintainability BEST relates to which of the following software attributes? A. Resources needed to make specified modifications. B. Effort needed to use the system application. C. Relationship between software performance and the resources needed. D. Fulfillment of user needs.		2
Which of the following situations would increase the likelihood of fraud? A. Application programmers are implementing changes to production programs. B. Application programmers are implementing changes to test programs. C. Operations support staff are implementing changes to batch schedules. D. Database administrators are implementing changes to data structures.		1
Which of the following provides the GREATEST assurance of message authenticity? A. The pre-hash code is derived mathematically from the message being sent. B. The pre-hash code is encrypted using the sender's private key. C. Encryption of the pre-hash code and the message using the secret key. D. Sender attains the recipient's public key and verifies the authenticity of its digital certificate with a certificate authority.		1
Which of the following can be used to verify output results and control totals by matching them against the input data and control totals? A. Batch header forms B. Batch balancing C. Data conversion error corrections D. Access controls over print spools		1

For more CISA Certification Interview Questions Click Here


Copyright Policy \| Terms of Service \| Help \| Site Map 1 \| Articles \| Site Map \| Site Map \| Contact Us

Copyright © 2007 ALLInterview.com. All Rights Reserved.

ALLInterview.com :: Forum9.com :: KalAajKal.com