Interested to Buy Any Domain ? << Click Here >> for more details...
Prices are charged on the basis of a standard master file
rate that changes as volume increases. Any exceptions must
be manually approved. What is the MOST effective automated
control to help ensure that all price exceptions are approved?
A. All amounts are displayed back to the data entry clerk,
who must verify them visually.
B. Prices outside the normal range should be entered twice
to verify data entry accuracy.
C. The system beeps when price exceptions are entered and
prints such occurrences on a report.
D. A second-level password must be entered before a price
exception can be processed.
- 1 Answers
- 5120 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: D
"Automated control should ensure that the system processes
the price exceptions only on approval of another user who is
authorized to approve such exceptions. A second-level
password would ensure that price exceptions will be approved
by a user who has been authorized by management. Visual
verification of all amounts by a data entry clerk is not a
control, but a basic requirement for any data entry. The
user being able to visually verify what has been entered is
a basic manual control. Entry of price exceptions twice, is
an input control. This does not ensure that exceptions will
be verified automatically by another user. The system
beeping on entry of a price exception is only a warning to
the data entry clerk
it does not prevent proceeding further. Printing of these
exceptions on a report is a detective (manual) control."
| Is This Answer Correct ? | 5 Yes | 0 No |
The rate of change of technology increases the importance of: A. outsourcing the IS function. B. implementing and enforcing good processes. C. hiring personnel willing to make a career within the organization. D. meeting user requirements.
The window of time recovery of information processing capabilities is based on the: A. criticality of the processes affected. B. quality of the data to be processed. C. nature of the disaster. D. applications that are mainframe based.
An IS auditor reviewing database controls discovered that changes to the database during normal working hours were handled through a standard set of procedures. However, changes made after normal hours required only an abbreviated number of steps. In this situation, which of the following would be considered an adequate set of compensating controls? A. Allow changes to be made only with the DBA user account. B. Make changes to the database after granting access to a normal user account C. Use the DBA user account to make changes, log the changes and review the change log the following day. D. Use the normal user account to make changes, log the changes and review the change log the following day.
Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly? A. Field checks B. Control totals C. Reasonableness checks D. A before-and-after maintenance report
Authentication is the process by which the: A. system verifies that the user is entitled to input the transaction requested. B. system verifies the identity of the user. C. user identifies himself to the system. D. user indicates to the system that the transaction was processed correctly.
Responsibility and reporting lines cannot always be established when auditing automated systems since: A. diversified control makes ownership irrelevant. B. staff traditionally change jobs with greater frequency. C. ownership is difficult to establish where resources are shared. D. duties change frequently in the rapid development of technology.
Which of the following types of firewalls would BEST protect a network from an Internet attack? A. Screened subnet firewall B. Application filtering gateway C. Packet filtering router D. Circuit-level gateway
The role of IT auditor in complying with the Management Assessment of Internal Controls (Section 404 of the Sarbanes-Oxley Act) is: A. planning internal controls B. documenting internal controls C. designing internal controls D. implementing internal controls
An IS auditor conducting an access controls review in a client-server environment discovers that all printing options are accessible by all users. In this situation, the IS auditor is MOST likely to conclude that: A. exposure is greater since information is available to unauthorized users. B. operating efficiency is enhanced since anyone can print any report, any time. C. operating procedures are more effective since information is easily available. D. user friendliness and flexibility is facilitated since there is a smooth flow of information among users.
In an online transaction processing system, data integrity is maintained by ensuring that a transaction is either completed in its entirety or not at all. This principle of data integrity is known as: A. isolation. B. consistency. C. atomicity. D. durability.
Which of the following functions, if performed by scheduling and operations personnel, would be in conflict with a policy requiring a proper segregation of duties? A. Job submission B. Resource management C. Code correction D. Output distribution
Which audit technique provides the BEST evidence of the segregation of duties in an IS department? A. Discussion with management B. Review of the organization chart C. Observation and interviews D. Testing of user access rights
Cisco Certifications 
