Interested to Buy Any Domain ? << Click Here >> for more details...
An IS auditor discovers that programmers have update access
to the live environment. In this situation, the IS auditor
is LEAST likely to be concerned that programmers can:
A. authorize transactions.
B. add transactions directly to the database.
C. make modifications to programs directly.
D. access data from live environment and provide faster
maintenance.
- 1 Answers
- 4779 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
Authorizing transactions implies that transactions have been
initiated by another person and hence would provide the
least risk. The other situations, where programmers on their
own can access data and make modifications or add
transactions to a database, all present a greater risk and
would be of concern to the IS auditor.
| Is This Answer Correct ? | 4 Yes | 0 No |
Connection-oriented protocols in the TCP/IP suite are implemented in the: A. transport layer. B. application layer. C. physical layer. D. network layer.
The MOST significant level of effort for business continuity planning (BCP) generally is required during the: A. testing stage. B. evaluation stage. C. maintenance stage. D. early stages of planning.
Which of the following would an IS auditor consider a weakness when performing an audit of an organization that uses a public key infrastructure with digital certificates for its business-to-consumer transactions via the Internet? A. Customers are widely dispersed geographically, but not the certificate authorities. B. Customers can make their transactions from any computer or mobile device. C. The certificate authority has several data processing subcenters to administrate certificates. D. The organization is the owner of the certificate authority.
Losses can be minimized MOST effectively by using outside storage facilities to do which of the following? A. Provide current, critical information in backup files B. Ensure that current documentation is maintained at the backup facility C. Test backup hardware D. Train personnel in backup procedures
During an audit of a telecommunications system the IS auditor finds that the risk of intercepting data transmitted to and from remote sites is very high. The MOST effective control for reducing this exposure is: A. encryption. B. callback modems. C. message authentication. D. dedicated leased lines.
In an audit of a business continuity plan, which of the following findings is of MOST concern? A. There is no insurance for the addition of assets during the year. B. BCP manual is not updated on a regular basis. C. Testing of the backup of data has not been done regularly. D. Records for maintenance of access system have not been maintained.
Which of the following BEST determines that complete encryption and authentication protocols exist for protecting information while transmitted? A. A digital signature with RSA has been implemented. B. Work is being done in tunnel mode with the nested services of AH and ESP C. Digital certificates with RSA are being used. D. Work is being done in transport mode, with the nested services of AH and ESP
An IS auditor reviewing an organization's IS disaster recovery plan should verify that it is: A. tested every 6 months. B. regularly reviewed and updated. C. approved by the chief executive officer (CEO). D. communicated to every departmental head in the organization.
Which of the following imaging technologies captures handwriting from a preprinted form and converts it into an electronic format? A. Magnetic ink character recognition (MICR) B. Intelligent voice recognition (IVR) C. Bar code recognition (BCR) D. Optical character recognition (OCR)
An IS auditor who is participating in a systems development project should: A. recommend appropriate control mechanisms regardless of cost. B. obtain and read project team meeting minutes to determine the status of the project. C. ensure that adequate and complete documentation exists for all project phases. D. not worry about his/her own ability to meet target dates since work will progress regardless.
The MAJOR advantage of the risk assessment approach over the baseline approach to information security management is that it ensures: A. information assets are over protected. B. a basic level of protection is applied regardless of asset value. C. appropriate levels of protection are applied to information assets. D. an equal proportion of resources are devoted to protecting all information assets.
When auditing the proposed acquisition of a new computer system, the IS auditor should FIRST establish that: A. a clear business case has been approved by management. B. corporate security standards will be met. C. users will be involved in the implementation plan. D. the new system will meet all required user functionality.
Cisco Certifications 
