Answer / guest

Answer: A

"Production programs are used for processing an enterprise's
data. It is imperative that controls on changes to
production programs be stringent. Lack of control in this
area could result in application programs being modified to
manipulate the data. Application programmers are required to
implement changes to test programs. These are used only in
development and do not directly impact the live processing
of data. Operations support staff implementing changes to
batch schedules will affect the scheduling of the batches only

this does not impact the live data. Database administrators
are required to implement changes to data structures. This
is required for reorganization of the database to allow for
additions, modifications or deletions of fields or tables in
the database."

Which of the following normally would be the MOST reliable evidence for an auditor? A. A confirmation letter received from a third party verifying an account balance B. Assurance from line management that an application is working as designed C. Trend data obtained from World Wide Web (Internet) sources D. Ratio analysis developed by the IS auditor from reports supplied by line management

1 Answers  

---

Connection-oriented protocols in the TCP/IP suite are implemented in the: A. transport layer. B. application layer. C. physical layer. D. network layer.

1 Answers  

---

Which of the following would be the BEST population to take a sample from when testing program changes? A. Test library listings B. Source program listings C. Program change requests D. Production library listings

1 Answers  

---

Without causing a conflict of interest, a duty compatible with those of a security administrator would be: A. quality assurance. B. application programming. C. systems programming. D. data entry.

1 Answers  

---

Which of the following business recovery strategies would require the least expenditure of funds? A. Warm site facility B. Empty shell facility C. Hot site subscription D. Reciprocal agreement

1 Answers  

---

---

Which of the following controls is LEAST likely to detect changes made online to master records? A. Update access to master file is restricted to a supervisor independent of data entry. B. Clerks enter updates online and are finalized by an independent supervisor. C. An edit listing of all updates is produced daily and reviewed by an independent supervisor. D. An update authorization form must be approved by an independent supervisor before entry.

1 Answers  

---

Which of the following programs would a sound information security policy MOST likely include to handle suspected intrusions? A. Response B. Correction C. Detection D. Monitoring

1 Answers  

---

The most common problem in the operation of an intrusion detection system (IDS) is: A. the detection of false positives. B. receiving trap messages. C. reject error rates. D. denial-of-service attacks.

1 Answers   ABC,

---

E-mail message authenticity and confidentiality is BEST achieved by signing the message using the:

1 Answers  

---

While developing a risk-based audit program, which of the following would the IS auditor MOST likely focus on? A. Business processes B. Critical IT applications C. Corporate objectives D. Business strategies

3 Answers   CISA,

---

In large corporate networks having supply partners across the globe, network traffic may continue to rise. The infrastructure components in such environments should be scalable. Which of the following firewall architectures limits future scalability? A. Appliances B. Operating system based C. Host based D. Demilitarized

1 Answers  

---

An independent software program that connects two otherwise separate applications sharing computing resources across heterogeneous technologies is known as: A. middleware. B. firmware. C. application software. D. embedded systems.

1 Answers  

---