Which of the following steps would an IS auditor normally
perform FIRST in a data center security review?
A. Evaluate physical access test results.
B. Determine the risks/threats to the data center site.
C. Review business continuity procedures.
D. Test for evidence of physical access at suspect locations.
- 1 Answers
- 8202 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
During planning, the IS auditor should get an overview of
the functions being audited and evaluate the audit and
business risks. Choices A and D are part of the audit
fieldwork process that occurs subsequent to this planning
and preparation. Choice C is not part of a security review.
| Is This Answer Correct ? | 6 Yes | 0 No |
The MOST important responsibility of a data security officer in an organization is: A. recommending and monitoring data security policies. B. promoting security awareness within the organization. C. establishing procedures for IT security policies. D. administering physical and logical access controls.
The primary role of an IS auditor during the system design phase of an application development project is to: A. advise on specific and detailed control procedures. B. ensure the design accurately reflects the requirement. C. ensure all necessary controls are included in the initial design. D. advise the development manager on adherence to the schedule.
A programmer included a routine into a payroll application to search for his/her own payroll number. As a result, if this payroll number does not appear during the payroll run, a routine will generate and place random numbers onto every paycheck. This routine is known as: A. scavenging. B. data leakage. C. piggybacking. D. a trojan horse.
The BEST time to perform a control self-assessment involving line management, line staff and the audit department is at the time of: A. compliance testing. B. the preliminary survey. C. substantive testing. D. the preparation of the audit report.
A TCP/IP-based environment is exposed to the Internet. Which of the following BEST ensures that complete encryption and authentication protocols exist for protecting information while transmitted? A. Work is completed in tunnel mode with IP security using the nested services of authentication header (AH) and encapsulating security payload (ESP). B. A digital signature with RSA has been implemented. C. Digital certificates with RSA are being used. D. Work is being completed in TCP services.
Which of the following represents the MOST pervasive control over application development? A. IS auditors B. Standard development methodologies C. Extensive acceptance testing D. Quality assurance groups
Which of the following is the FIRST step in a business process reengineering (BPR) project? A. Defining the areas to be reviewed B. Developing a project plan C. Understanding the process under review D. Reengineering and streamlining the process under review
The use of statistical sampling procedures helps minimize: A. sampling risk. B. detection risk. C. inherent risk. D. control risk.
When implementing continuous monitoring systems an IS auditor's first step is to identify: A. reasonable target thresholds. B. high-risk areas within the organization. C. the location and format of output files. D. applications that provide the highest potential payback.
While planning an audit, an assessment of risk should be made to provide: A. reasonable assurance that the audit will cover material items. B. definite assurance that material items will be covered during the audit work. C. reasonable assurance that all items will be covered by the audit. D. sufficient assurance that all items will be covered during the audit work.
When planning an audit of a network set up, the IS auditor should give highest priority to obtaining which of the following network documentation? A. Wiring and schematic diagram B. Users list and responsibilities C. Applications list and their details D. Backup and recovery procedures
The act that describes a computer intruder capturing a stream of data packets and inserting these packets into the network as if it were another genuine message stream is called: A. eavesdropping. B. message modification. C. a brute-force attack. D. packet replay.
Cisco Certifications 
