Interested to Buy Any Domain ? << Click Here >> for more details...
When auditing the proposed acquisition of a new computer
system, the IS auditor should FIRST establish that:
A. a clear business case has been approved by management.
B. corporate security standards will be met.
C. users will be involved in the implementation plan.
D. the new system will meet all required user functionality.
- 2 Answers
- 9624 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: A
The first concern of the IS auditor should be to establish
that the proposal meets the needs of the business, and this
should be established by a clear business case. Although
compliance with security standards is essential, as are
meeting the needs of the users and having users involved in
the implementation process, it is too early in the
procurement process for these to be the IS auditor's first
concern.
| Is This Answer Correct ? | 8 Yes | 1 No |
Answer / kasturi
D
Since this is a proposed acquisition, the approval of
management will not be in place yet. Hence D is the best option
| Is This Answer Correct ? | 0 Yes | 3 No |
During an IS audit of the disaster recovery plan (DRP) of a global enterprise, the auditor observes that some remote offices have very limited local IT resources. Which of the following observations would be the MOST critical for the IS auditor? A. A test has not been made to ensure that local resources could maintain security and service standards when recovering from a disaster or incident. B. The corporate business continuity plan (BCP) does not accurately document the systems that exist at remote offices. C. Corporate security measures have not been incorporated into the test plan. D. A test has not been made to ensure that tape backups from the remote offices are usable.
Which of the following provides a mechanism for coding and compiling programs interactively? A. Firmware B. Utility programs C. Online programming facilities D. Network management software
Which of the following controls would be the MOST comprehensive in a remote access network with multiple and diverse subsystems? A. Proxy server B. Firewall installation C. Network administrator D. Password implementation and administration
A hardware control that helps to detect errors when data are communicated from one computer to another is known as a: A. duplicate check. B. table lookup. C. validity check. D. parity check.
Which of the following is a role of an IS steering committee? A. Initiate computer applications. B. Ensure efficient use of data processing resources. C. Prepare and monitor system implementation plans. D. Review the performance of the systems department.
The PRIMARY advantage of a continuous audit approach is that it: A. does not require an IS auditor to collect evidence on system reliability while processing is taking place. B. requires the IS auditor to review and follow up immediately on all information collected. C. can improve system security when used in time-sharing environments that process a large number of transactions. D. does not depend on the complexity of an organization's computer systems.
While planning an audit, an assessment of risk should be made to provide: A. reasonable assurance that the audit will cover material items. B. definite assurance that material items will be covered during the audit work. C. reasonable assurance that all items will be covered by the audit. D. sufficient assurance that all items will be covered during the audit work.
The reason for having controls in an IS environment: A. remains unchanged from a manual environment, but the implemented control features may be different. B. changes from a manual environment, therefore the implemented control features may be different. C. changes from a manual environment, but the implemented control features will be the same. D. remains unchanged from a manual environment and the implemented control features will also be the same.
Which of the following is the MOST effective type of antivirus software to detect an infected application? A. Scanners B. Active monitors C. Integrity checkers D. Vaccines
Which of the following is a measure of the size of an information system based on the number and complexity of a system's inputs, outputs and files? A. Program evaluation review technique (PERT) B. Rapid application development (RAD) C. Function point analysis (FPA) D. Critical path method (CPM)
Which of the following functions would be acceptable for the security administrator to perform in addition to his/her normal functions? A. Systems analyst B. Quality assurance C. Computer operator D. Systems programmer
During an audit, an IS auditor learns that lengthy and complex passwords are required to reach the network via modem. These passwords were established by an outside provider. The communications software allows users to select a ?remember password? option. What should the IS auditor's PRIMARY recommendation be? A. Disable the save password option and have users record them elsewhere. B. Request that the provider change the dial-in password to a group password. C. Establish and enforce a process to have users change their passwords. D. Allow users to change their passwords to something less complex.
Cisco Certifications 
