Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following would an IS auditor place LEAST
reliance on when determining management's effectiveness in
communicating information systems policies to appropriate
personnel?
A. Interviews with user and IS personnel
B. Minutes of IS steering committee meetings
C. User department systems and procedures manuals
D.Information processing facilities operations and
procedures manuals
- 1 Answers
- 4136 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Minutes of IS steering committee meetings are not objective
measures of the effectiveness of management. They generally
represent the views of management, not staff, and thus may
not indicate how effective policies have been communicated
to appropriate personnel.
| Is This Answer Correct ? | 5 Yes | 0 No |
The potential for unauthorized system access by way of terminals or workstations within an organization's facility is increased when: A. connecting points are available in the facility to connect laptops to the network. B. users take precautions to keep their passwords confidential. C. terminals with password protection are located in unsecured locations. D. terminals are located within the facility in small clusters under the supervision of an administrator.
An IS auditor performing a telecommunication access control review should be concerned PRIMARILY with the: A. maintenance of access logs of usage of various system resources. B. authorization and authentication of the user prior to granting access to system resources. C. adequate protection of stored data on servers by encryption or other means. D. accountability system and the ability to identify any terminal accessing system resources.
Which of the following applet intrusion issues poses the GREATEST risk of disruption to an organization? A. A program that deposits a virus on a client machine B. Applets recording keystrokes and, therefore, passwords C. Downloaded code that reads files on a client's hard drive D. Applets opening connections from the client machine
Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly? A. Field checks B. Control totals C. Reasonableness checks D. A before-and-after maintenance report
For which of the following applications would rapid recovery be MOST crucial? A. Point-of-sale system B. Corporate planning C. Regulatory reporting D. Departmental chargeback
An IS auditor performing a review of the IS department discovers that formal project approval procedures do not exist. In the absence of these procedures the IS manager has been arbitrarily approving projects that can be completed in a short duration and referring other more complicated projects to higher levels of management for approval. The IS auditor should recommend as a FIRST course of action that: A. users participate in the review and approval process. B. formal approval procedures be adopted and documented. C. projects be referred to appropriate levels of management for approval. D. the IS manager's job description be changed to include approval authority.
A company has recently upgraded its purchase system to incorporate EDI transmissions. Which of the following controls should be implemented in the EDI interface in order to provide for efficient data mapping? A. Key verification B. One-for-one checking C. Manual recalculations D. Functional acknowledgements
An IS auditor reviewing operating system access discovers that the system is not secured properly. In this situation, the IS auditor is LEAST likely to be concerned that the user might: A. create new users. B. delete database and log files. C. access the system utility tools. D. access the system writeable directories.
Which of the following security techniques is the BEST method for authenticating a user's identity? A. Smart card B. Biometrics C. Challenge-response token D. User ID and password
An IS auditor performing a review of an application's controls would evaluate the: A. efficiency of the application in meeting the business processes. B. impact of any exposures discovered. C. business processes served by the application. D. the application's optimization.
Detection risk refers to: A. concluding that material errors do not exist, when in fact they do. B. controls that fail to detect an error. C. controls that detect high-risk errors. D. detecting an error but failing to report it.
Which of the following should be included in an organization's IS security policy? A. A list of key IT resources to be secured B. The basis for access authorization C. Identity of sensitive security features D. Relevant software security features
Cisco Certifications 
