Interested to Buy Any Domain ? << Click Here >> for more details...
During a review of a large data center an IS auditor
observed computer operators acting as backup tape librarians
and security administrators. Which of these situations would
be MOST critical to report?
A. Computer operators acting as tape librarians
B. Computer operators acting as security administrators
C. Computer operators acting as a tape librarian and
security administrator
D. It is not necessary to report any of these situations.
- 1 Answers
- 4487 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Computer operators should not be given security
administrator access. Computer operators acting as security
administrators could manipulate the security system to give
themselves access. The access could be used to set up
fictitious accounts and to eliminate any record of it from
the log. Computer operators in large data centers are often
called upon to act as tape librarians. As long as the
operator cannot manipulate the system logging, it is
acceptable for the librarian to track what has taken place.
| Is This Answer Correct ? | 2 Yes | 0 No |
Which of the following is the initial step in creating a firewall policy? A. A cost-benefits analysis of methods for securing the applications B. Identification of network applications to be externally accessed C. Identification of vulnerabilities associated with network applications to be externally accessed D. Creation of an applications traffic matrix showing protection methods
Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly? A. Field checks B. Control totals C. Reasonableness checks D. A before-and-after maintenance report
To develop a successful business continuity plan, end user involvement is critical during which of the following phases? A. Business recovery strategy B. Detailed plan development C. Business impact analysis D. Testing and maintenance
When auditing the proposed acquisition of a new computer system, the IS auditor should FIRST establish that: A. a clear business case has been approved by management. B. corporate security standards will be met. C. users will be involved in the implementation plan. D. the new system will meet all required user functionality.
Access rules normally are included in which of the following documentation categories? A. Technical reference documentation B. User manuals C. Functional design specifications D. System development methodology documents
The extent to which data will be collected during an IS audit should be determined, based on the: A. availability of critical and required information. B. auditor's familiarity with the circumstances. C. auditee's ability to find relevant evidence. D. purpose and scope of the audit being done.
A company uses a bank to process its weekly payroll. Time sheets and payroll adjustment forms (e.g., hourly rate changes, terminations) are completed and delivered to the bank, which prepares checks (cheques) and reports for distribution. To BEST ensure payroll data accuracy: A. payroll reports should be compared to input forms. B. gross payroll should be recalculated manually. C. checks (cheques) should be compared to input forms. D. checks (cheques) should be reconciled with output reports.
The key difference between a microwave radio system and a satellite radiolink system is that: A. microwave uses line-of-sight and satellite uses transponders during transmission. B. microwave operates through transponders placed on the earth's orbit. C. satellite uses line-of-sight during transmission. D. microwave uses fiber optic cables.
IS auditors are MOST likely to perform compliance tests of internal controls if, after their initial evaluation of the controls, they conclude that: A. a substantive test would be too costly. B. the control environment is poor. C. inherent risk is low. D. control risks are within the acceptable limits.
Testing the connection of two or more system components that pass information from one area to another is: A. pilot testing. B. parallel testing C. interface testing. D. regression testing.
Which of the following development methods uses a prototype that can be updated continually to meet changing user or business requirements? A. Data-oriented development (DOD) B. Object-oriented development (OOD) C. Business process reengineering (BPR) D. Rapid application development (RAD)
Which of the following duties would be a concern if performed along with systems administration? A. Maintenance of access rules B. Review of system audit trail C. Data librarian D. Performance monitoring
Cisco Certifications 
