Interested to Buy Any Domain ? << Click Here >> for more details...
The IS department of an organization wants to ensure that
the computer files, used in the information processing
facility, are backed up adequately to allow for proper
recovery. This is a/an:
A. control procedure.
B. control objective.
C. corrective control.
D. operational control.
- 2 Answers
- 9961 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: B
IS control objectives specify the minimum set of controls to
ensure efficiency and effectiveness in the operations and
functions within an organization. Control procedures are
developed to provide reasonable assurance that specific
objectives will be achieved. A corrective control is a
category of controls, which aims to minimizing the threat
and/or remedy problems that were not prevented or were not
initially detected. Operational controls address the
day-to-day operational functions and activities, and aid in
ensuring that the operations are meeting the desired
business objectives.
| Is This Answer Correct ? | 10 Yes | 0 No |
Which of the following steps would an IS auditor normally perform FIRST in a data center security review? A. Evaluate physical access test results. B. Determine the risks/threats to the data center site. C. Review business continuity procedures. D. Test for evidence of physical access at suspect locations.
The potential for unauthorized system access by way of terminals or workstations within an organization's facility is increased when: A. connecting points are available in the facility to connect laptops to the network. B. users take precautions to keep their passwords confidential. C. terminals with password protection are located in unsecured locations. D. terminals are located within the facility in small clusters under the supervision of an administrator.
A referential integrity constraint consists of: A. ensuring the integrity of transaction processing. B. ensuring that data are updated through triggers. C. ensuring controlled user updates to database. D. rules for designing tables and queries.
A malicious code that changes itself with each file it infects is called a: A. logic bomb. B. stealth virus. C. trojan horse. D. polymorphic virus.
An IS auditor conducting a review of disaster recovery planning at a financial processing organization has discovered the following: * The existing disaster recovery plan was compiled two years ago by a systems analyst in the organization's IT department using transaction flow projections from the operations department. * The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his attention. * The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for their area in the event of a disruptive incident. The basis of an organization's disaster recovery plan is to reestablish live processing at an alternative site where a similar, but not identical hardware configuration is already established. The IS auditor should: A. take no action as the lack of a current plan is the only significant finding. B. recommend that the hardware configuration at each site should be identical. C. perform a review to verify that the second configuration can support live processing. D. report that the financial expenditure on the alternative site is wasted without an effective plan.
Which of the following is a strength of the program evaluation review technique (PERT) over other techniques? PERT: A. considers different scenarios for planning and control projects. B. allows the user to input program and system parameters. C. tests system maintenance processes accurately. D. estimates costs of system projects.
A decision support system (DSS): A. is aimed at solving highly structured problems. B. combines the use of models with nontraditional data access and retrieval functions. C. emphasizes flexibility in the decision making approach of users. D. supports only structured decision-making tasks.
Which of the following is an implementation risk within the process of decision support systems? A. Management control B. Semistructured dimensions C. Inability to specify purpose and usage patterns D. Changes in decision processes
The use of a GANTT chart can: A. aid in scheduling project tasks. B. determine project checkpoints. C. ensure documentation standards. D. direct the post-implementation review.
Which of the following is the MOST likely reason why e-mail systems have become a useful source of evidence for litigation? A. Multiple cycles of backup files remain available. B. Access controls establish accountability for e-mail activity. C. Data classification regulates what information should be communicated via e-mail. D. Within the enterprise, a clear policy for using e-mail ensures that evidence is available.
The BEST method of proving the accuracy of a system tax calculation is by: A. detailed visual review and analysis of the source code of the calculation programs. B. recreating program logic using generalized audit software to calculate monthly totals. C. preparing simulated transactions for processing and comparing the results to predetermined results. D. automatic flowcharting and analysis of the source code of the calculation programs.
Which of the following controls would provide the GREATEST assurance of database integrity? A. Audit log procedures B. Table link/reference checks C. Query/table access time checks D. Rollback and rollforward database features
Cisco Certifications 
