Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following is a control to detect an
unauthorized change in a production environment?
A. Denying programmers access to production data.
B. Requiring change request to include benefits and costs.
C. Periodically comparing control and current object and
source programs.
D. Establishing procedures for emergency changes.
- 1 Answers
- 7955 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
Running the code comparison program on the control and
current object and source programs allows for the detection
of unauthorized changes in the production environment.
Choices A, B and D are preventive controls that are
effective as long as they are being applied consistently.
| Is This Answer Correct ? | 3 Yes | 2 No |
Which of the following is a benefit of a risk-based approach to audit planning? Audit: A. scheduling may be performed months in advance. B. budgets are more likely to be met by the IS audit staff. C. staff will be exposed to a variety of technologies. D. resources are allocated to the areas of highest concern.
An IS auditor who has discovered unauthorized transactions during a review of EDI transactions is likely to recommend improving the: A. EDI trading partner agreements. B. physical controls for terminals. C. authentication techniques for sending and receiving messages. D. program change control procedures.
An enterprise has established a steering committee to oversee its e-business program. The steering committee would MOST likely be involved in the: A. documentation of requirements. B. escalation of project issues. C. design of interface controls. D. specification of reports.
Which of the following is a control to compensate for a programmer having access to accounts payable production data? A. Processing controls such as range checks and logic edits B. Reviewing accounts payable output reports by data entry C. Reviewing system-produced reports for checks (cheques) over a stated amount D. Having the accounts payable supervisor match all checks (cheques) to approved invoices
To detect attack attempts that the firewall is unable to recognize, an IS auditor should recommend placing a network intrusion detection system (IDS) between the:
In a risk-based audit approach, an IS auditor, in addition to risk, would be influenced by: A. the availability of CAATs. B. management's representation. C. organizational structure and job responsibilities. D. the existence of internal and operational controls
Which of the following controls is LEAST likely to detect changes made online to master records? A. Update access to master file is restricted to a supervisor independent of data entry. B. Clerks enter updates online and are finalized by an independent supervisor. C. An edit listing of all updates is produced daily and reviewed by an independent supervisor. D. An update authorization form must be approved by an independent supervisor before entry.
The impact of EDI on internal controls will be: A. that fewer opportunities for review and authorization will exist. B. an inherent authentication. C. a proper distribution of EDI transactions while in the possession of third parties. D. that IPF management will have increased responsibilities over data center controls.
The primary purpose of an audit charter is to: A. document the audit process used by the enterprise. B. formally document the audit department's plan of action. C. document a code of professional conduct for the auditor. D. describe the authority and responsibilities of the audit department.
Which of the following BEST describes an IT department?s strategic planning process? A. The IT department will have either short-range or long-range plans depending on the organization?s broader plans and objectives. B. The IT department?s strategic plan must be time and project oriented, but not so detailed as to address and help determine priorities to meet business needs. C. Long-range planning for the IT department should recognize organizational goals, technological advances and regulatory requirements. D. Short-range planning for the IT department does not need to be integrated into the short-range plans of the organization since technological advances will drive the IT department plans much quicker than organizational plans.
Business continuity/disaster recovery is PRIMARILY the responsibility of: A. IS management. B. business unit managers. C. the security administrator. D. the board of directors.
Which of the following is a concern when data is transmitted through secure socket layer (SSL) encryption implemented on a trading partner's server? A. Organization does not have control over encryption. B. Messages are subjected to wire tapping. C. Data might not reach the intended recipient. D. The communication may not be secure.
Cisco Certifications 
