Answer / guest

Answer: D

BPR is the process of responding to competitive, economic
pressures and customer demands to survive in the current
business environment. Advantages of BPR usually are
experienced when the reengineering process appropriately
suits the business needs. Choice A is not correct, because
in a BPR, an IS auditor should have a concern that all
controls, especially both those in the new processes and
those key controls that may have been reengineered out of a
business process. Choice B is not correct because what BPR
seeks is to have less manual interventions and controls.
Choice C is also incorrect because in BPR the newly designed
business processes, inevitably involve changes in the way of
doing business.

Which of the following procedures would MOST effectively detect the loading of illegal software packages onto a network? A. The use of diskless workstations B. Periodic checking of hard drives C. The use of current antivirus software D. Policies that result in instant dismissal if violated

1 Answers  

---

Which of the following encrypt/decrypt steps provides the GREATEST assurance in achieving confidentiality, message integrity and nonrepudiation by either sender or recipient? A. The recipient uses his/her private key to decrypt the secret key. B. The encrypted pre-hash code and the message are encrypted using a secret key. C. The encrypted pre-hash code is derived mathematically from the message to be sent. D. The recipient uses the sender's public key, verified with a certificate authority, to decrypt the pre-hash code.

1 Answers  

---

Electronic signatures can prevent messages from being: A. suppressed. B. repudiated. C. disclosed. D. copied.

1 Answers  

---

Requiring passwords to be changed on a regular basis, assigning a new one-time password when a user forgets his/hers, and requiring users not to write down their passwords are all examples of: A. audit objectives. B. audit procedures. C. controls objectives. D. control procedures.

1 Answers  

---

Which of the following findings would an IS auditor be MOST concerned about when performing an audit of backup and recovery and the offsite storage vault? A. There are three individuals with a key to enter the area. B. Paper documents also are stored in the offsite vault. C. Data files, which are stored in the vault, are synchronized. D. The offsite vault is located in a separate facility.

1 Answers   Apple,

---

Creation of an electronic signature: A. encrypts the message. B. verifies where the message came from. C. cannot be compromised when using a private key. D. cannot be used with e-mail systems.

1 Answers  

---

An offsite information processing facility having electrical wiring, air conditioning and flooring, but no computer or communications equipment is a: A. cold site. B. warm site. C. dial-up site. D. duplicate processing facility.

2 Answers  

---

Security administration procedures require read-only access to: A. access control tables. B. security log files. C. logging options. D. user profiles.

1 Answers  

---

An IS auditor performing a review of the EFT operations of a retailing company would verify that the customers credit limit is checked before funds are transferred by reviewing the EFT: A. system's interface. B. switch facility. C. personal identification number generating procedure. D. operation backup procedures.

1 Answers  

---

Which of the following is the BEST way to handle obsolete magnetic tapes before disposing of them? A. Overwriting the tapes B. Initializing the tape labels C. Degaussing the tapes D. Erasing the tapes

1 Answers  

---

Which of the following independent duties is traditionally performed by the data control group? A. Access to data B. Authorization tables C. Custody of assets D. Reconciliation

1 Answers  

---

Which of the following information valuation methods is LEAST likely to be used during a security review? A. Processing cost B. Replacement cost C. Unavailability cost D. Disclosure cost

1 Answers  

---