Answer: B

Designing, implementing and maintaining a system of internal
controls, including the prevention and detection of fraud is
the responsibility of management. The IS auditor assesses
the risks, and performs tests to detect irregularities
created by weaknesses in the structure of internal controls.

Answer: D

Depending on the complexity of the network environment,
implementation of program-to-program communication features
becomes progressively more difficult. It is possible to
implement program-to-program communication to isolate a user
in the multi-vendor network. program-to-program
communication can be implemented to control and monitor the
files that a user can transfer between systems, and the
remote program-to-program will be transparent to the end
user. All of these are security features.

Answer: A

Demagnetizing the hard disk is the best way to ensure that
confidential data once stored on the hard disk cannot be
recovered. Low-level formatting destroys the file allocation
table not the data and the data could be reconstructed with
the appropriate software. Deleting data merely removes its
reference in the file allocation table and the data can be
recovered. Defragmenting is an efficient procedure and does
not remove data.

Answer: B

Deletion of transaction data files should be a function of
the application support team, not operations staff. Read
access to production data is a normal requirement of a
computer operator, as well as logged access to programs and
access to JCL in order to control job execution.

Answer: D

Dedicated lines are set apart for a particular user or
organization. Since there is no sharing of lines or
intermediate entry points, the risk of interception or
disruption of telecommunications messages is lower.

Answer: B

Decision trees use questionnaires to lead a user through a
series of choices until a conclusion is reached. Rules refer
to the expression of declarative knowledge through the use
of if-then relationships. Semantic nets consist of a graph
in which nodes represent physical or conceptual objects and
the arcs describe the relationship between the nodes.
Semantic nets resemble a data flow diagram and make use of
an inheritance mechanism to prevent duplication of data.

Answer: D

Date and time stamp reviews of source and object code would
ensure that source code, which has been compiled matches the
production object code. This is the most effective way to
ensure that the approved production source code is compiled
and is the one being used.

Answer: D

Database commits ensure the data are saved to disk while the
transaction processing is underway or complete. Rollback
ensures that the processing already completed is reversed
back and the data already processed are not saved to the
disk in the event of the failure of the completion of the
transaction processing. All other options do not ensure
integrity while processing is underway.

Answer: B

Data warehouses are subject oriented. The data warehouse is
meant to help make decisions when the function(s) to be
affected by the decision transgress across departments
within an organization. They are nonvolatile. Object
orientation and volatility are irrelevant to a data
warehouse system.

Answer: A

Data security controls are the controls that ensure data
integrity, not accuracy. None of the other controls listed
ensure data integrity.

Answer: C

Data recovery, as a corrective action, occurs after a total
network failure (denial of service) and therefore is least
important in assuring security in a networked environment.
The other choices are proactive in nature and directly
impact network security. Server and client authentication
provides a way of verifying that the server bring
communicating with is a valid server, and the server needs
to know that the clients are in fact valid client machines.
Data integrity is required for verifying that the data
received over the network has not been modified during its
transmission, and data confidentiality is required for
protecting information sent over the network from eavesdropping.

Answer: A

Data owners are responsible for the use of data. Written
authorization for users to gain access to computerized
information should be provided by the data owners. Security
administration with the owners approval sets up access rules
stipulating which users or group of users are authorized to
access data or files and the level of authorized access
(read or update).

Answer: B

Data mining is a technique to detect trends or patterns of
transactions or data. If the historical pattern of charges
against a credit card account is changed than it is a flag
that the transaction may have resulted from a fraudulent use
of the card.

Answer: A

Data integrity testing examines the accuracy, completeness,
consistency and authorization of data. Relational integrity
testing detects modification to sensitive data by the use of
control totals. Domain integrity testing verifies that data
conforms to specifications. Referential integrity testing
ensures that data exists in its parent or original file
before it exists in the child or another file.

Answer: C

Data flow diagrams are used as aids to graph or chart data
flow and storage. They trace the data from its origination
to destination, highlighting the paths and storage of data.
They do not order data in any hierarchy. The flow of the
data will not necessarily match any hierarchy or data
generation order.