Answer / heather chatterjee

The correct answer is C

A. Selecting a sample of change tickets and reviewing them for authorization helps test for authorization controls; however, it does not identify program changes that were made without supporting change tickets.

B. Performing a walk-through assists the IS auditor in understanding the process, but does not ensure that all changes adhere to the normal process.

C. Tracing a sample of modified programs to supporting change tickets is the best way to test change management controls. This method is most likely to identify instances in which a change was made without supporting documentation.

D. Using query software to analyze all change tickets for missing fields does not identify program changes that were made without supporting change tickets.

Question #: 559 CISA Job Practice Task Statement: 4.8

Answer / chatter

The correct answer is C

A. Selecting a sample of change tickets and reviewing them for authorization helps test for authorization controls; however, it does not identify program changes that were made without supporting change tickets.
B. Performing a walk-through assists the IS auditor in understanding the process, but does not ensure that all changes adhere to the normal process.
C. Tracing a sample of modified programs to supporting change tickets is the best way to test change management controls. This method is most likely to identify instances in which a change was made without supporting documentation.
D. Using query software to analyze all change tickets for missing fields does not identify program changes that were made without supporting change tickets.



Question #: 559 CISA Job Practice Task Statement: 4.8

Programs that can run independently and travel from machine to machine across network connections, with the ability to destroy data or utilize tremendous computer and communication resources, are referred to as: A. trojan horses. B. viruses. C. worms. D. logic bombs.

7 Answers  

---

A large chain of shops with EFT at point-of-sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communications processor? A. Offsite storage of daily backups B. Alternative standby processor onsite C. Installation of duplex communication links D. Alternative standby processor at another network node

3 Answers  

---

Applying a digital signature to data traveling in a network provides: A. confidentiality and integrity. B. security and nonrepudiation. C. integrity and nonrepudiation. D. confidentiality and nonrepudiation.

2 Answers  

---

Which of the following would allow a company to extend it?s enterprise?s intranet across the Internet to it?s business partners? A. Virtual private network B. Client-Server C. Dial-Up access D. Network service provider

1 Answers  

---

A hardware control that helps to detect errors when data are communicated from one computer to another is known as a: A. duplicate check. B. table lookup. C. validity check. D. parity check.

2 Answers  

---

A goal of processing controls is to ensure that: A. the data are delivered without compromised confidentiality. B. all transactions are authorized. C. accumulated data are accurate and complete through authorized routines. D. only authorized individuals perform sensitive functions.

1 Answers  

---

An IS auditor conducting a review of disaster recovery planning at a financial processing organization has discovered the following: * The existing disaster recovery plan was compiled two years ago by a systems analyst in the organization's IT department using transaction flow projections from the operations department. * The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his attention. * The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for their area in the event of a disruptive incident. The basis of an organization's disaster recovery plan is to reestablish live processing at an alternative site where a similar, but not identical hardware configuration is already established. The IS auditor should: A. take no action as the lack of a current plan is the only significant finding. B. recommend that the hardware configuration at each site should be identical. C. perform a review to verify that the second configuration can support live processing. D. report that the financial expenditure on the alternative site is wasted without an effective plan.

1 Answers  

---

The intent of application controls is to ensure that when inaccurate data is entered into the system, the data is: A. accepted and processed. B. accepted and not processed. C. not accepted and not processed. D. not accepted and processed.

1 Answers  

---

Which of the following should be in place to protect the purchaser of an application package in the event that the vendor ceases to trade? A. Source code held in escrow. B. Object code held by a trusted third party. C. Contractual obligation for software maintenance. D. Adequate training for internal programming staff.

1 Answers  

---

Which of the following will help detect changes made by an intruder to the system log of a server? A. Mirroring of the system log on another server B. Simultaneously duplicating the system log on a write-once disk C. Write protecting the directory containing the system log D. Storing the backup of the system log offsite

1 Answers   Orange,

---

Data edits are an example of: A. preventive controls. B. detective controls. C. corrective controls. D. compensating controls.

2 Answers  

---

Which of the following provisions in a contract for external information systems services would an IS auditor consider to be LEAST significant? A. Ownership of program and files B. Statement of due care and confidentiality C. Continued service of outsourcer in the event of a disaster D. Detailed description of computer hardware used by the vendor

1 Answers  

---