Answer / guest

Answer: C

"Assumptions are made when adequate information is not
available. When an IS project manager makes an assumption,
there is a high degree of risk because the lack of proper
information can cause unexpected loss to an IS project.
Assumptions are not based on "

known"

constraints. When constraints are known in advance, a
project manager can plan according to those constraints
rather than assuming the constraints won't affect the
project. Having objective data about past IS projects will
not lead to making assumptions, but rather helps the IS
project manager in planning the project in a better manner.
Hence, if objective past data are available and the project
manager makes use of them, risk to the project is less.
Regardless of whether made by qualified people or
unqualified people, assumptions are risky."

There are several methods of providing telecommunications continuity. The method of routing traffic through split cable or duplicate cable facilities is: A. alternative routing. B. diverse routing. C. long-haul network diversity. D. last mile circuit protection.

1 Answers  

---

Which of the following reports should an IS auditor use to check compliance with a service level agreement (SLA) requirement for uptime? A. Utilization reports B. Hardware error reports C. System logs D. Availability reports

2 Answers  

---

A distinction that can be made between compliance testing and substantive testing is that compliance testing tests: A. details, while substantive testing tests procedures. B. controls, while substantive testing tests details. C. plans, while substantive testing tests procedures. D. for regulatory requirements, while substantive testing tests validations.

3 Answers  

---

Which of the following logical access exposures involves changing data before, or as it is entered into the computer? A. Data diddling B. Trojan horse C. Worm D. Salami technique

2 Answers  

---

A primary benefit derived from an organization employing control self-assessment (CSA) techniques is that it:

5 Answers   Cognizant,

---

When a systems development life cycle (SDLC) methodology is inadequate, the MOST serious immediate risk is that the new system will: A. be completed late. B. exceed the cost estimates. C. not meet business and user needs. D. be incompatible with existing systems.

1 Answers  

---

Which of the following controls will detect MOST effectively the presence of bursts of errors in network transmissions? A. Parity check B. Echo check C. Block sum check D. Cyclic redundancy check

3 Answers  

---

Which of the following manages the digital certificate life cycle to ensure adequate security and controls exist in digital signature applications related to e-commerce? A. Registration authority B. Certification authority C. Certification relocation list D. Certification practice statement

1 Answers  

---

A company uses a bank to process its weekly payroll. Time sheets and payroll adjustment forms (e.g., hourly rate changes, terminations) are completed and delivered to the bank, which prepares checks (cheques) and reports for distribution. To BEST ensure payroll data accuracy: A. payroll reports should be compared to input forms. B. gross payroll should be recalculated manually. C. checks (cheques) should be compared to input forms. D. checks (cheques) should be reconciled with output reports.

1 Answers  

---

To detect attack attempts that the firewall is unable to recognize, an IS auditor should recommend placing a network intrusion detection system (IDS) between the:

2 Answers  

---

Which of the following is an objective of a control self-assessment (CSA) program? A. Audit responsibility enhancement B. Problem identification C. Solution brainstorming D. Substitution for an audit

1 Answers  

---

A network diagnostic tool that monitors and records network information is a/an: A. online monitor. B. downtime report. C. help desk report. D. protocol analyzer.

1 Answers  

---