Interested to Buy Any Domain ? << Click Here >> for more details...
To determine which users can gain access to the privileged
supervisory state, which of the following should an IS
auditor review?
A. System access log files
B. Enabled access control software parameters
C. Logs of access control violations
D. System configuration files for control options used
- 1 Answers
- 8296 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: D
Review of system configuration files for control options
used would show which users have access to the privileged
supervisory state. Both systems access log files and logs of
access violations are detective in nature. Access control
software is run under the operating system.
| Is This Answer Correct ? | 12 Yes | 0 No |
Which of the following types of controls is designed to provide the ability to verify data and record values through the stages of application processing? A. Range checks B. Run-to-run totals C. Limit checks on calculated amounts D. Exception reports
Passwords should be: A. assigned by the security administrator. B. changed every 30 days at the discretion of the user. C. reused often to ensure the user does not forget the password. D. displayed on the screen so that the user can ensure that it has been entered properly.
Which audit technique provides the BEST evidence of the segregation of duties in an IS department? A. Discussion with management B. Review of the organization chart C. Observation and interviews D. Testing of user access rights
Where adequate segregation of duties between operations and programming are not achievable, the IS auditor should look for: A. compensating controls. B. administrative controls. C. corrective controls. D. access controls.
When performing an audit of access rights, an IS auditor should be suspicious of which of the following if allocated to a computer operator? A. READ access to data B. DELETE access to transaction data files C. Logged READ/EXECUTE access to programs D. UPDATE access to job control language/script files
Which of the following would not prevent the loss of an asset but would assist in recovery by transferring part of the risk to a third party? A. Full system backups B. Insurance C. Testing D. Business impact analysis
Which of the following activities should the business continuity manager perform FIRST after the replacement of hardware at the primary information processing facility? A. Verify compatibility with the hot site. B. Review the implementation report. C. Perform a walk-through of the DRP. D. Update the IS assets inventory.
Which of the following should be in place to protect the purchaser of an application package in the event that the vendor ceases to trade? A. Source code held in escrow. B. Object code held by a trusted third party. C. Contractual obligation for software maintenance. D. Adequate training for internal programming staff.
After implementation of a disaster recovery plan (DRP), pre-disaster and post-disaster operational cost for an organization will: A. decrease. B. not change (remain the same). C. increase. D. increase or decrease depending upon nature of the business.
An IS auditor reviewing an organization's IS disaster recovery plan should verify that it is: A. tested every 6 months. B. regularly reviewed and updated. C. approved by the chief executive officer (CEO). D. communicated to every departmental head in the organization.
The purpose for requiring source code escrow in a contractual agreement is to: A. ensure the source code is available if the vendor ceases to exist. B. permit customization of the software to meet specified business requirements. C. review the source code for adequacy of controls. D. ensure the vendor has complied with legal requirements.
Which of the following information valuation methods is LEAST likely to be used during a security review? A. Processing cost B. Replacement cost C. Unavailability cost D. Disclosure cost
Cisco Certifications 
