Answer / guest

Answer: A

Escorting visitors will provide the best assurance that
visitors have permission to access the data processing
facility. Choices B and C are not reliable controls. Choice
D is incorrect because visitors should be accompanied at all
times while they are on the premises, not only when they are
in the data processing facility.

The initial step in establishing an information security program is the: A. development and implementation of an information security standards manual. B. performance of a comprehensive security control review by the IS auditor. C. adoption of a corporate information security policy statement. D. purchase of security access control software.

2 Answers  

---

Which audit technique provides the BEST evidence of the segregation of duties in an IS department? A. Discussion with management B. Review of the organization chart C. Observation and interviews D. Testing of user access rights

1 Answers  

---

Which of the following is a check (control) for completeness? A. Check digits B. Parity bits C. One-for-one checking D. Prerecorded input

1 Answers  

---

During an audit of the tape management system at a data center, an IS auditor discovered that parameters are set to bypass or ignore the labels written on tape header records. The IS auditor also determined that effective staging and job setup procedures were in place. In this situation, the IS auditor should conclude that the: A. tape headers should be manually logged and checked by the operators. B. staging and job setup procedures are not appropriate compensating controls. C. staging and job setup procedures compensate for the tape label control weakness. D. tape management system parameters must be set to check all labels.

1 Answers  

---

Which of the ISO/OSI model layers provides for routing packets between nodes? A. Data link B. Network C. Transport D. Session

1 Answers   Network,

---

Which of the following is a role of an IS steering committee? A. Initiate computer applications. B. Ensure efficient use of data processing resources. C. Prepare and monitor system implementation plans. D. Review the performance of the systems department.

1 Answers  

---

During the review of a biometrics system operation, the IS auditor should FIRST review the stage of: A. enrollment. B. identification. C. verification. D. storage.

1 Answers  

---

If the decision has been made to acquire software rather than develop it internally, this decision is normally made during the: A. requirements definition phase of the project. B. feasibility study phase of the project. C. detailed design phase of the project. D. programming phase of the project.

1 Answers  

---

When reviewing the quality of an IS department's development process, the IS auditor finds that they do not use any formal, documented methodology and standards. The IS auditor's MOST appropriate action would be to: A. complete the audit and report the finding. B. investigate and recommend appropriate formal standards. C. document the informal standards and test for compliance. D. withdraw and recommend a further audit when standards are implemented.

1 Answers  

---

In a risk-based audit approach an IS auditor should FIRST complete a/an: A. inherent risk assessment. B. control risk assessment. C. test of control assessment. D. substantive test assessment.

1 Answers  

---

Once an organization has finished the business process reengineering (BPR) of all its critical operations, the IS auditor would MOST likely focus on a review of: A. pre-BPR process flowcharts. B. post-BPR process flowcharts. C. BPR project plans. D. continuous improvement and monitoring plans.

2 Answers  

---

Which of the following systems or tools can recognize that a credit card transaction is more likely to have resulted from a stolen credit card than from the holder of the credit card? A. Intrusion detection systems B. Data mining techniques C. Firewalls D. Packet filtering routers

1 Answers  

---