Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following steps would an IS auditor normally
perform FIRST in a data center security review?
A. Evaluate physical access test results.
B. Determine the risks/threats to the data center site.
C. Review business continuity procedures.
D. Test for evidence of physical access at suspect locations.
- 1 Answers
- 9213 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
During planning, the IS auditor should get an overview of
the functions being audited and evaluate the audit and
business risks. Choices A and D are part of the audit
fieldwork process that occurs subsequent to this planning
and preparation. Choice C is not part of a security review.
| Is This Answer Correct ? | 6 Yes | 0 No |
In a risk-based audit approach an IS auditor should FIRST complete a/an: A. inherent risk assessment. B. control risk assessment. C. test of control assessment. D. substantive test assessment.
Access rules normally are included in which of the following documentation categories? A. Technical reference documentation B. User manuals C. Functional design specifications D. System development methodology documents
Which of the following concerns about the security of an electronic message would be addressed by digital signatures? A. Unauthorized reading B. Theft C. Unauthorized copying D. Alteration
Connection-oriented protocols in the TCP/IP suite are implemented in the: A. transport layer. B. application layer. C. physical layer. D. network layer.
An IS auditor performing a telecommunication access control review should be concerned PRIMARILY with the: A. maintenance of access logs of usage of various system resources. B. authorization and authentication of the user prior to granting access to system resources. C. adequate protection of stored data on servers by encryption or other means. D. accountability system and the ability to identify any terminal accessing system resources.
Which of the following would allow a company to extend it?s enterprise?s intranet across the Internet to it?s business partners? A. Virtual private network B. Client-Server C. Dial-Up access D. Network service provider
The primary role of an IS auditor during the system design phase of an application development project is to: A. advise on specific and detailed control procedures. B. ensure the design accurately reflects the requirement. C. ensure all necessary controls are included in the initial design. D. advise the development manager on adherence to the schedule.
Which of the following would normally be found in application run manuals? A. Details of source documents B. Error codes and their recovery actions C. Program flowcharts and file definitions D. Change records for the application source code
An IS auditor performing a review of the EFT operations of a retailing company would verify that the customers credit limit is checked before funds are transferred by reviewing the EFT: A. system's interface. B. switch facility. C. personal identification number generating procedure. D. operation backup procedures.
Which of the following is widely accepted as one of the critical components in networking management? A. Configuration management B. Topological mappings C. Application of monitoring tools D. Proxy server trouble shooting
Which of the following would not prevent the loss of an asset but would assist in recovery by transferring part of the risk to a third party? A. Full system backups B. Insurance C. Testing D. Business impact analysis
Separation of duties between computer opeartors and other data processing personnel is intended to: A. Prevent unauthorized modifications to program or data. B. Reduce overall cost of operations C. Allow operators to concentrate on their assigned duties D. Restrict operator access to data
Cisco Certifications 
