Which of the following functions would be acceptable for the
security administrator to perform in addition to his/her
normal functions?
A. Systems analyst
B. Quality assurance
C. Computer operator
D. Systems programmer
Answer / guest
Answer: B
Quality assurance duties could be performed by the security
administrator and not cause a conflict with respect to
segregation of duties. They deal in different aspects of IS
with little overlap. The systems analyst function could
potentially allow the security administrator to obtain
knowledge, which in turn could be used to bypass security
procedures. The computer operations function could allow the
security administrator to bypass or deactivate security
procedures. The systems programmer function could allow the
security administrator to bypass or deactivate security
procedures for their own benefit.
Is This Answer Correct ? | 2 Yes | 0 No |
With the help of the security officer, granting access to data is the responsibility of: A. data owners. B. programmers. C. system analysts. D. librarians.
Which of the following is the MOST critical and contributes the MOST to the quality of data in a data warehouse? A. Accuracy of the source data B. Credibility of the data source C. Accuracy of the extraction process D. Accuracy of the data transformation
Detection risk refers to: A. concluding that material errors do not exist, when in fact they do. B. controls that fail to detect an error. C. controls that detect high-risk errors. D. detecting an error but failing to report it.
Which of the following is a practice that should be incorporated into the plan for testing disaster recovery procedures? A. Invite client participation. B. Involve all technical staff. C. Rotate recovery managers. D. Install locally stored backup.
Which of the following forms of evidence for the auditor would be considered the MOST reliable? A. An oral statement from the auditee B. The results of a test performed by an IS auditor C. An internally generated computer accounting report D. A confirmation letter received from an outside source
An IS auditor observed that some data entry operators leave their computers in the midst of data entry without logging off. Which of the following controls should be suggested to prevent unauthorized access? A. Encryption B. Switch off the computer when leaving C. Password control D. Screen saver password
Which of the following security techniques is the BEST method for authenticating a user's identity? A. Smart card B. Biometrics C. Challenge-response token D. User ID and password
Which of the following are data file controls? A. Internal and external labeling B. Limit check and logical relationship checks C. Total items and hash totals D. Report distribution procedures
Which of the following is a management technique that enables organizations to develop strategically important systems faster while reducing development costs and maintaining quality? A. Function point analysis B. Critical path methodology C. Rapid application development D. Program evaluation review technique
An installed Ethernet cable run in an unshielded twisted pair (UTP) network is more than 100 meters long. Which of the following could be caused by the length of the cable? A. Electromagnetic interference (EMI) B. Cross talk C. Dispersion D.Attenuation
When reviewing the quality of an IS department's development process, the IS auditor finds that they do not use any formal, documented methodology and standards. The IS auditor's MOST appropriate action would be to: A. complete the audit and report the finding. B. investigate and recommend appropriate formal standards. C. document the informal standards and test for compliance. D. withdraw and recommend a further audit when standards are implemented.
The window of time recovery of information processing capabilities is based on the: A. criticality of the processes affected. B. quality of the data to be processed. C. nature of the disaster. D. applications that are mainframe based.