Which of the following audit techniques would an IS auditor
place the MOST reliance on when determining whether an
employee practices good preventive and detective security
measures?
A. Observation
B. Detail testing
C. Compliance testing
D. Risk assessment
- 1 Answers
- 3775 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
Observation is considered to be the best test to ensure that
an employee understands and practices good preventive and
detective security.
| Is This Answer Correct ? | 5 Yes | 0 No |
A data center has a badge-entry system. Which of the following is MOSTimportant to protect the computing assets in the center? A. Badge readers are installed in locations where tampering would be noticed B. The computer that controls the badge system is backed up frequently C. A process for promptly deactivating lost or stolen badges exists D. All badge entry attempts are logged
In an EDI process, the device which transmits and receives electronic documents is the: A. communications handler. B. EDI translator. C. application interface. D. EDI interface.
IS auditors reviewing access control should review data classification to ensure that encryption parameters are classified as: A. sensitive. B. confidential. C. critical. D. private.
Large-scale systems development efforts: A. are not affected by the use of prototyping tools. B. can be carried out independent of other organizational practices. C. require that business requirements be defined before the project begins. D. require that project phases and deliverables be defined during the duration of the project.
While designing the business continuity plan (BCP) for an airline reservation system, the MOST appropriate method of data transfer/back up at an offsite location would be: A. shadow file processing. B. electronic vaulting. C. hard-disk mirroring. D. hot-site provisioning.
When evaluating the collective effect of preventive, detective or corrective controls within a process an IS auditor should be aware: A. of the point at which controls are exercised as data flows through the system. B. that only preventive and detective controls are relevant. C. that corrective controls can only be regarded as compensating. D. that classification allows an IS auditor to determine which controls are missing.
Naming conventions for system resources are important for access control because they: A. ensure that resource names are not ambiguous. B. reduce the number of rules required to adequately protect resources. C. ensure that user access to resources is clearly and uniquely identified. D. ensure that internationally recognized names are used to protect resources.
Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly? A. Field checks B. Control totals C. Reasonableness checks D. A before-and-after maintenance report
Which of the following is the MOST important reason for an IS auditor to be involved in a system development project? A. Evaluate the efficiency of resource utilization. B. Develop audit programs for subsequent audits of the system. C. Evaluate the selection of hardware to be used by the system. D. Ensure that adequate controls are built into the system during development.
E-mail message authenticity and confidentiality is BEST achieved by signing the message using the: A. sender's private key and encrypting the message using the receiver's public key. B. sender's public key and encrypting the message using the receiver's private key. C. the receiver's private key and encrypting the message using the sender's public key. D. the receiver's public key and encrypting the message using the sender's private key.
The risk that an IS auditor uses an inadequate test procedure and concludes that material errors do not exist when, in fact, they do, is an example of: A. inherent risk. B.control risk. C. detection risk. D. audit risk.
Sign-on procedures include the creation of a unique user ID and password. However, an IS auditor discovers that in many cases the user name and password are the same. The BEST control to mitigate this risk is to: A. change the company's security policy. B. educate users about the risk of weak passwords. C. build in validations to prevent this during user creation and password change. D. require a periodic review of matching user ID and passwords for detection and correction.
Cisco Certifications 
