Interested to Buy Any Domain ? << Click Here >> for more details...
An IS auditor should be able to identify and evaluate
various types of risks and their potential effects. Which of
the following risks is associated with authorized program
exits (trap doors)?
A. Inherent
B. Detection
C. Audit
D. Error
- 2 Answers
- 6764 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: A
Inherent risk is the susceptibility of an area or process to
an error that could be material. Exits out of an authorized
program are an inherent risk as they provide a flexibility
for inserting code to modify or add functionality. The exits
(trap doors) also permit insertion of unauthorized code.
Detection risk (choice B) is the risk that IS auditor's
substantive procedures will not detect an error which could
be material, indivually or in combination with other errors.
Audit risk (choice C) is the risk of giving an incorrect
audit opinion, while error risk (choice D) is the risk of
errors occuring in the area being audited.
| Is This Answer Correct ? | 3 Yes | 1 No |
Which of the following is a threat? A. Lack of security B. Loss of goodwill C. Power outage D. Information services
IS auditors reviewing access control should review data classification to ensure that encryption parameters are classified as: A. sensitive. B. confidential. C. critical. D. private.
Which of the following groups should assume ownership of a systems development project and the resulting system? A. User management B. Senior management C. Project steering committee D. Systems development management
An IS auditor performing a telecommunication access control review should be concerned PRIMARILY with the: A. maintenance of access logs of usage of various system resources. B. authorization and authentication of the user prior to granting access to system resources. C. adequate protection of stored data on servers by encryption or other means. D. accountability system and the ability to identify any terminal accessing system resources.
Transmitting redundant information with each character or frame to facilitate detection and correction of errors is called: A. feedback error control. B. block sum check. C. forward error control. D. cyclic redundancy check.
When performing an audit of access rights, an IS auditor should be suspicious of which of the following if allocated to a computer operator? A. READ access to data B. DELETE access to transaction data files C. Logged READ/EXECUTE access to programs D. UPDATE access to job control language/script files
Requiring passwords to be changed on a regular basis, assigning a new one-time password when a user forgets his/hers, and requiring users not to write down their passwords are all examples of: A. audit objectives. B. audit procedures. C. controls objectives. D. control procedures.
The PRIMARY reason for using digital signatures is to ensure data: A. confidentiality. B. integrity. C. availability. D. timeliness.
Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly? A. Field checks B. Control totals C. Reasonableness checks D. A before-and-after maintenance report
An organization is considering connecting a critical PC-based system to the Internet. Which of the following would provide the BEST protection against hacking? A. An application-level gateway B. A remote access server C. A proxy server D. Port scanning
Which of the following would be included in an IS strategic plan? A. Specifications for planned hardware purchases B. Analysis of future business objectives C. Target dates for development projects D. Annual budgetary targets for the IS department
Which of the following is the MOST important consideration when developing a business continuity plan for a bank? A. Antivirus software B. Naming standards C. Customer balance list D. Password policy
Cisco Certifications 
