Answer / guest

Answer: D

In an outsourcing environment, the company is dependent on
the performance of the service provider. Therefore, it is
critical the outsourcing provider's performance be monitored
to ensure that services are delivered to the company as
required. Payment of invoices is a finance function, which
would be done per contractual requirements. Participating in
systems design is a by-product of monitoring the outsourcing
provider's performance, while renegotiating fees is usually
a one-time activity.

Answer / guest

D. Monitoring the outsourcing provider's performance

Which of the following audit procedures would MOST likely be used in an audit of a systems development project? A. Develop test transactions B. Use code comparison utilities C. Develop audit software programs D. Review functional requirements documentation

1 Answers  

---

Which of the following is a control over database administration activities? A. A database checkpoint to restart processing after a system failure B. Database compression to reduce unused space C. Supervisory review of access logs D. Backup and recovery procedures to ensure database availability

1 Answers  

---

Which of the following functions is performed by a virtual private network (VPN)? A. Hiding information from sniffers on the net B. Enforcing security policies C. Detecting misuse or mistakes D. Regulating access

1 Answers  

---

Which of the following logical access exposures involves changing data before, or as it is entered into the computer? A. Data diddling B. Trojan horse C. Worm D. Salami technique

2 Answers  

---

Detection risk refers to: A. concluding that material errors do not exist, when in fact they do. B. controls that fail to detect an error. C. controls that detect high-risk errors. D. detecting an error but failing to report it.

1 Answers  

---

Which of the following applet intrusion issues poses the GREATEST risk of disruption to an organization? A. A program that deposits a virus on a client machine B. Applets recording keystrokes and, therefore, passwords C. Downloaded code that reads files on a client's hard drive D. Applets opening connections from the client machine

1 Answers  

---

Which of the following is a strength of a client-server security system? A. Change control and change management procedures are inherently strong. B. Users can manipulate data without controlling resources on the mainframe. C. Network components seldom become obsolete. D. Access to confidential data or data manipulation is controlled tightly.

2 Answers  

---

Which of the following is an example of a passive attack, initiated through the Internet? A. Traffic analysis B. Masquerading C. Denial of service D. E-mail spoofing

2 Answers  

---

Which of the following is an advantage of an integrated test facility (ITF)? A. It uses actual master files or dummies and the IS auditor does not have to review the source of the transaction. B. Periodic testing does not require separate test processes. C. It validates application systems and tests the ongoing operation of the system. D. It eliminates the need to prepare test data.

1 Answers  

---

Which of the following is an object-oriented technology characteristic that permits an enhanced degree of security over data? A. Inheritance B. Dynamic warehousing C. Encapsulation D. Polymorphism

3 Answers  

---

Which of the following functions would be acceptable for the security administrator to perform in addition to his/her normal functions? A. Systems analyst B. Quality assurance C. Computer operator D. Systems programmer

1 Answers  

---

The PRIMARY purpose of audit trails is to: A. improve response time for users. B. establish accountability and responsibility for processed transactions. C. improve the operational efficiency of the system. D. provide useful information to auditors who may wish to track transactions.

1 Answers  

---