Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following user profiles should be of MOST
concern to the IS auditor, when performing an audit of an
EFT system?
A. Three users with the ability to capture and verifiy their
own messages
B. Five users with the ability to capturr and send their own
messages
C. Five users with the ability to verificy other users and
to send of their own messages
D. Three users with the ability to capture and verifiy the
messages of other users and to send their own messages
- 1 Answers
- 6113 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
The ability by one individual to capture and verify messages
represents an inadequate segregation, since messages can be
taken as correct and as if they had already been verified.
| Is This Answer Correct ? | 2 Yes | 0 No |
The FIRST step in developing a business continuity plan (BCP) is to: A. classify the importance of systems. B. establish a disaster recovery strategy. C. determine the critical recovery time period. D. perform a risk ranking.
Which of the following would not prevent the loss of an asset but would assist in recovery by transferring part of the risk to a third party? A. Full system backups B. Insurance C. Testing D. Business impact analysis
Receiving an EDI transaction and passing it through the communications interface stage usually requires: A. translating and unbundling transactions. B. routing verification procedures. C. passing data to the appropriate application system. D. creating a point of receipt audit log.
An IS auditor attempting to determine whether access to program documentation is restricted to authorized persons would MOST likely: A. evaluate the record retention plans for off-premises storage. B. interview programmers about the procedures currently being followed. C. compare utilization records to operations schedules. D. review data file access records to test the librarian function.
Which of the following would be included in an IS strategic plan?
Following the development of an application system, it is determined that several design objectives have not been achieved. This is MOST likely to have been caused by: A. insufficient user involvement. B. early dismissal of the project manager. C. inadequate quality assurance (QA) tools. D. noncompliance with defined approval points.
An existing system is being extensively enhanced by extracting and reusing design and program components. This is an example of: A. reverse engineering. B. prototyping. C. software reuse. D. reengineering.
A primary function of risk management is the identification of cost-effective controls. In selecting appropriate controls, which of the following methods is best to study the effectiveness of adding various safeguards in reducing vulnerabilities? A. "What if" analysis B. Traditional cost/benefit analysis C. Screening analysis D. A "back-of-the-envelope" analysis
Antivirus software should be used as a: A. detective control. B. preventive control. C. corrective control. D. compensating control.
Which of the following logical access exposures involves changing data before, or as it is entered into the computer? A. Data diddling B. Trojan horse C. Worm D. Salami technique
Which of the following processes is the FIRST step in developing a business continuity and disaster recovery plan for an organization? A. Alternate site selection B. Business impact analysis C. Test procedures and frequency D. Information classification
The role of IT auditor in complying with the Management Assessment of Internal Controls (Section 404 of the Sarbanes-Oxley Act) is: A. planning internal controls B. documenting internal controls C. designing internal controls D. implementing internal controls
Cisco Certifications 
