Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following procedures would BEST determine
whether adequate recovery/restart procedures exist?
A. Reviewing program code
B. Reviewing operations documentation
C. Turning off the UPS, then the power
D. Reviewing program documentation
- 1 Answers
- 4820 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Operations documentation should contain recovery/restart
procedures, so operations can return to normal processing in
a timely manner. Turning off the UPS and then turning off
the power might create a situation for recovery and restart,
but the negative effect on operations would prove this
method to be undesirable. The review of program code and
documentation generally does not provide evidence regarding
recovery/restart procedures.
| Is This Answer Correct ? | 5 Yes | 0 No |
When auditing the proposed acquisition of a new computer system, the IS auditor should FIRST establish that: A. a clear business case has been approved by management. B. corporate security standards will be met. C. users will be involved in the implementation plan. D. the new system will meet all required user functionality.
In a small organization, where segregation of duties is not practical, an employee performs the function of computer operator and application programmer. Which of the following controls should the IS auditor recommend? A. Automated logging of changes to development libraries B. Additional staff to provide segregation of duties C. Procedures that verify that only approved program changes are implemented D. Access controls to prevent the operator from making program modifications
After installing a network, an organization installed a vulnerability assessment tool or security scanner to identify possible weaknesses. Which is the MOST serious risk associated with such tools? A. Differential reporting B. False positive reporting C. False negative reporting D. Less detail reporting
An IS auditor performing a review of the backup processing facilities should be MOST concerned that: A. adequate fire insurance exists. B. regular hardware maintenance is performed. C. offsite storage of transaction and master files exists. D. backup processing facilities are tested fully.
An IS auditor reviewing database controls discovered that changes to the database during normal working hours were handled through a standard set of procedures. However, changes made after normal hours required only an abbreviated number of steps. In this situation, which of the following would be considered an adequate set of compensating controls? A. Allow changes to be made only with the DBA user account. B. Make changes to the database after granting access to a normal user account C. Use the DBA user account to make changes, log the changes and review the change log the following day. D. Use the normal user account to make changes, log the changes and review the change log the following day.
Which of the following would an IS auditor consider the MOST relevant to short-term planning for the IS department? A. Allocating resources B. Keeping current with technology advances C. Conducting control self-assessment D. Evaluating hardware needs
Which of the following is a form of an Internet attack? A. Searching for software design errors B. Guessing user passwords based on their personal information C. Breaking the deadman's door to gain entry D. Planting a trojan horse
Which of the following is the BEST form of transaction validation? A. Use of key field verification techniques in data entry B. Use of programs to check the transaction against criteria set by management C. Authorization of the transaction by supervisory personnel in an adjacent department D. Authorization of the transaction by a department supervisor prior to the batch process
Which of the following types of risks assumes an absence of compensating controls in the area being reviewed? A. Control risk B. Detection risk C. Inherent risk D. Sampling risk
Which of the following implementation modes would provide the GREATEST amount of security for outbound data connecting to the Internet? A. Transport mode with authentication header plus encapsulating security payload (ESP) B. Secure socket layer (SSL) mode C. Tunnel mode with AH plus ESP D. Triple-DES encryption mode
When logging on to an online system, which of the following processes would the system perform FIRST? A. Initiation B. Verification C. Authorization D. Authentication
An organization wants to enforce data integrity principles and achieve faster performance/execution in a database application. Which of the following design principles should be applied? A. User (customized) triggers B. Data validation at the front end C. Data validation at the back end D. Referential integrity
Cisco Certifications 
