Interested to Buy Any Domain ? << Click Here >> for more details...
In the course of performing a risk analysis, an IS auditor
has identified threats and potential impacts. Next, an IS
auditor should:
A. identify and assess the risk assessment process used by
management.
B. identify information assets and the underlying systems.
C. disclose the threats and impacts to management.
D. identify and evaluate the existing controls.
- 1 Answers
- 10107 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: D
It is important for an IS auditor to identify and evaluate
the existing controls and security once the potential
threats and possible impacts are identified. Upon completion
of an audit an IS auditor should describe and discuss with
management the threats and potential impacts on the assets.
| Is This Answer Correct ? | 12 Yes | 0 No |
Testing the connection of two or more system components that pass information from one area to another is: A. pilot testing. B. parallel testing C. interface testing. D. regression testing.
A control for a company that wants to prevent virus-infected programs (or other type of unauthorized modified programs) would be to: A. utilize integrity checkers. B. verify program's lengths. C. backup the source and object code. D. implement segregation of duties.
Which of the following would be of MOST concern to an IS auditor reviewing a VPN implementation? Computers on the network that are located: A. on the enterprise's facilities. B. at the backup site. C. in employees' homes. D. at the enterprise's remote offices.
A critical function of a firewall is to act as a: A. special router that connects the Internet to a LAN. B. device for preventing authorized users from accessing the LAN. C. server used to connect authorized users to private trusted network resources. D. proxy server to increase the speed of access to authorized users.
Which of the following is the MOST effective technique for providing security during data transmission? A. Communication log B. Systems software log C. Encryption D. Standard protocol
A team conducting a risk analysis is having difficulty projecting the financial losses that could result from a risk. To evaluate the potential losses the team should: A. compute the amortization of the related assets. B. calculate a return on investment (ROI). C. apply a qualitative approach. D. spend the time needed to define exactly the loss amount.
Which of the following would be of the LEAST value to an IS auditor attempting to gain an understanding of an organization's IT process? A. IT planning documents with deliverables and performance results B. Policies and procedures relating to planning, managing, monitoring and reporting on performance C. Prior audit reports D. Reports of IT functional activities
An IS auditor is reviewing a project that is using an agile software development approach. Which of the following should the IS auditor expect to find? A. Use of a capability maturity model (CMM) B. Regular monitoring of task-level progress against schedule C. Extensive use of software development tools to maximize team productivity D. Postiteration reviews that identify lessons learned for future use in the project
Which of the following types of firewalls would BEST protect a network from an Internet attack? A. Screened subnet firewall B. Application filtering gateway C. Packet filtering router D. Circuit-level gateway
During the course of an audit, the IS auditor discovers that the human resources (HR) department uses a cloud-based application to manage employee records. The HR department engaged in a contract outside of the normal vendor management process and manages the application on its own. Which of the following choices is of MOST concern? A. Maximum acceptable downtime metrics have not been defined in the contract. B. The IT department does not manage the relationship with the cloud vendor. C. The help desk call center is in a different country, with different privacy requirements. D. Company-defined security policies are not applied to the cloud application.
Sales orders are automatically numbered sequentially at each of a retailer's multiple outlets. Small orders are processed directly at the outlets, with large orders sent to a central production facility. The MOST appropriate control to ensure that all orders transmitted to production are received and processed would be to: A. send and reconcile transaction counts and totals. B. have data transmitted back to the local site for comparison. C. compare data communications protocols with parity checking. D. track and account for the numerical sequence of sales orders at the production facility.
An IS auditor who is reviewing application run manuals would expect them to contain: A. details of source documents. B. error codes and their recovery actions. C. program logic flowcharts and file definitions. D. change records for the application source code.
Cisco Certifications 
