To identify the value of inventory that has been kept for
more than eight weeks, an IS auditor would MOST likely use:
A. test data.
B. statistical sampling.
C. an integrated test facility.
D. generalized audit software.
Answer / guest
Answer: D
Generalized audit software will facilitate reviewing the
entire inventory file to look for those items that meet the
selection criteria. Generalized audit software provides
direct access to data and provides for features of
computation, stratification, etc. Test data are used to
verify programs, but will not confirm anything about the
transactions in question. The use of statistical sampling
methods are not intended to select specific conditions, but
are to select on a random basis from a file. In this case
the IS auditor would want to check all of the items that
meet the criteria and not just a sample of them. An
integrated test facility allows the IS auditor to test
transactions through the production system.
Is This Answer Correct ? | 6 Yes | 0 No |
A debugging tool, which reports on the sequence of steps executed by a program, is called a/an: A. output analyzer. B. memory dump. C. compiler. D. logic path monitor.
When a PC that has been used for the storage of confidential data is sold on the open market the: A. hard disk should be demagnetized. B. hard disk should be mid-level formatted.s C. data on the hard disk should be deleted. D. data on the hard disk should be defragmented.
Which of the following is a technique that could be used to capture network user passwords? A. Encryption B. Sniffing C. Spoofing D. A signed document cannot be altered.
Which of the following is the MOST important issue to the IS auditor in a business process re-engineering (BPR) project would be? A. The loss of middle management, which often is a result of a BPR project B. That controls are usually given low priority in a BPR project C. The considerable negative impact that information protection could have on BPR D. The risk of failure due to the large size of the task usually undertaken in a BPR project
An IS auditor discovers that programmers have update access to the live environment. In this situation, the IS auditor is LEAST likely to be concerned that programmers can: A. authorize transactions. B. add transactions directly to the database. C. make modifications to programs directly. D. access data from live environment and provide faster maintenance.
An organization acquiring other businesses continues using its legacy EDI systems, and uses three separate value added network (VAN) providers. No written VAN agreements exist. The IS auditor should recommend that management: A. obtain independent assurance of the third party service providers. B. set up a process for monitoring the service delivery of the third party. C. ensure that formal contracts are in place. D. consider agreements with third party service providers in the development of continuity plans.
An Internet-based attack using password sniffing can: A. enable one party to act as if they are another party. B. cause modification to the contents of certain transactions. C. be used to gain access to systems containing proprietary information. D. result in major problems with billing systems and transaction processing agreements.
The planning and monitoring of computer resources to ensure that they are being used efficiently and effectively is: A. hardware monitoring. B. capacity management. C. network management. D. job scheduling.
Which of the following techniques would provide the BEST assurance that the estimate of program development effort is reliable? A. Function point analysis B. Estimates by business area C. A computer-based project schedule D. An estimate by experienced programmer
The PRIMARY objective of conducting a post-implementation review is to assess whether the system A) achieved the desired objectives B) provides for backup and recovery C) provides for information security D) documentation is clear and understandable
An offsite information processing facility having electrical wiring, air conditioning and flooring, but no computer or communications equipment is a: A. cold site. B. warm site. C. dial-up site. D. duplicate processing facility.
As part of the business continuity planning process, which of the following should be identified FIRST in the business impact analysis (BIA)? A. Organizational risks, such as single point-of-failure and infrastructure risk B. Threats to critical business processes C. Critical business processes for ascertaining the priority for recovery D. Resources required for resumption of business