Interested to Buy Any Domain ? << Click Here >> for more details...
The extent to which data will be collected during an IS
audit should be determined, based on the:
A. availability of critical and required information.
B. auditor's familiarity with the circumstances.
C. auditee's ability to find relevant evidence.
D. purpose and scope of the audit being done.
- 1 Answers
- 8354 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: D
The extent to which data will be collected during an IS
audit should be related directly to the scope and purpose of
the audit. An audit with a narrow purpose and scope would
result most likely in less data collection, than an audit
with a wider purpose and scope. The scope of an IS audit
should not be constrained by the ease of obtaining the
information or by the auditor's familiarity with the area
being audited. Collecting all the required evidence is a
required element of an IS audit and the scope of the audit
should not be limited by the auditee's ability to find
relevant evidence.
| Is This Answer Correct ? | 4 Yes | 0 No |
Which of the following is a feature of an intrusion detection system (IDS)? A. Gathering evidence on attack attempts B. Identifying weakness in the policy definition C. Blocking access to particular sites on the Internet D. Preventing certain users from accessing specific servers
Corrective action has been taken by an auditee immediately after the identification of a reportable finding. The auditor should: A. include the finding in the final report because the IS auditor is responsible for an accurate report of all findings. B. not include the finding in the final report because the audit report should include only unresolved findings. C. not include the finding in the final report because corrective action can be verified by the IS auditor during the audit. D. include the finding in the closing meeting for discussion purposes only.
An IS auditor who is reviewing application run manuals would expect them to contain: A. details of source documents. B. error codes and their recovery actions. C. program logic flowcharts and file definitions. D. change records for the application source code.
A consulting firm has created a File Transfer Protocol (FTP) site for the purpose of receiving financial data and has communicated the site's address, user ID and password to the financial services company in separate email messages. The company is to transmit its data to the FTP site after manually encrypting the data. The IS auditor's GREATEST concern with this process is that: A. the users may not remember to manually encrypt the data before transmission. B. the site credentials were sent to the financial services company via email. C. personnel at the consulting firm may obtain access to sensitive data. D. the use of a shared user ID to the FTP site does not allow for user accountability.
An organization having a number of offices across a wide geographical area has developed a disaster recovery plan (DRP). Using actual resources, which of the following is the MOST cost-effective test of the DRP? A. Full operational test B. Preparedness test C. Paper test D. Regression test
When performing an audit of access rights, an IS auditor should be suspicious of which of the following if allocated to a computer operator? A. READ access to data B. DELETE access to transaction data files C. Logged READ/EXECUTE access to programs D. UPDATE access to job control language/script files
An IS auditor is reviewing the change management process for an enterprise resource planning (ERP) application. Which of the following is the BEST method for testing program changes? A. Select a sample of change tickets and review them for authorization. B. Perform a walk-through by tracing a program change from start to finish. C. Trace a sample of modified programs to supporting change tickets. D. Use query software to analyze all change tickets for missing fields.
The corporate office of a company having branches worldwide, developed a control self-assessment program (CSA) for all its offices. Which of the following is the MOST important requirement for a successful CSA? A. Skills of the workshop facilitator B. Simplicity of the questionnaire C. Support from the audit department D. Involvement of line managers
Which of the following is the MOST important objective of data protection? A. Identifying persons who need access to information B. Ensuring the integrity of information C. Denying or authorizing access to the IS system D. Monitoring logical accesses
Which of the following is a control to detect an unauthorized change in a production environment? A. Denying programmers access to production data. B. Requiring change request to include benefits and costs. C. Periodically comparing control and current object and source programs. D. Establishing procedures for emergency changes.
An IS auditor performing a telecommunication access control review should be concerned PRIMARILY with the: A. maintenance of access logs of usage of various system resources. B. authorization and authentication of the user prior to granting access to system resources. C. adequate protection of stored data on servers by encryption or other means. D. accountability system and the ability to identify any terminal accessing system resources.
Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly? A. Field checks B. Control totals C. Reasonableness checks D. A before-and-after maintenance report
Cisco Certifications 
