Interested to Buy Any Domain ? << Click Here >> for more details...
An IS auditor recommends that an initial validation control
be programmed into a credit card transaction capture
application. The initial validation process would MOST likely:
A. check to ensure the type of transaction is valid for that
card type.
B. verify the format of the number entered then locate it on
the database.
C. ensure that the transaction entered is within the
cardholder's credit limit.
D. confirm that the card is not shown as lost or stolen on
the master file.
- 1 Answers
- 9591 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
The initial validation should confirm whether the card is
valid. This validity is established through the card number
and PIN entered by the user. Based on this initial
validation, all other validations will proceed. A validation
control in data capture will ensure that the data entered is
valid (i.e., it can be processed by the system). If the data
captured in the initial validation is not valid (if the card
number or PIN do not match with the database), then the card
will be rejected or captured per the controls in place. Once
initial validation is completed, then other validations
specific to the card and cardholder would be performed.
| Is This Answer Correct ? | 8 Yes | 0 No |
An IS auditor who is reviewing application run manuals would expect them to contain: A. details of source documents. B. error codes and their recovery actions. C. program logic flowcharts and file definitions. D. change records for the application source code.
To make an electronic funds transfer (EFT), one employee enters the amount field and another employee reenters the same data again, before the money is transferred. The control adopted by the organization in this case is: A. sequence check. B. key verification. C. check digit. D. completeness check.
To prevent unauthorized entry to the data maintained in a dial-up fast response system, an IS auditor should recommend: A. online terminals be placed in restricted areas. B. online terminals be equipped with key locks. C. ID cards be required to gain access to online terminals. D. online access be terminated after three unsuccessful attempts.
An offsite information processing facility: A. should have the same amount of physical access restrictions as the primary processing site. B. should be easily identified from the outside so that in the event of an emergency it can be easily found. C. should be located in proximity to the originating site so that it can quickly be made operational. D. need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive.
IS auditors are MOST likely to perform compliance tests of internal controls if, after their initial evaluation of the controls, they conclude that: A. a substantive test would be too costly. B. the control environment is poor. C. inherent risk is low. D. control risks are within the acceptable limits.
In a web server, a common gateway interface (CGI) is MOST often used as a(n): A. consistent way for transferring data to the application program and back to the user. B. computer graphics imaging method for movies and TV. C. graphic user interface for web design. D. interface to access the private gateway domain.
Disaster recovery planning addresses the: A. technological aspect of business continuity planning. B. operational piece of business continuity planning. C. functional aspect of business continuity planning. D. overall coordination of business continuity planning.
When reviewing a service level agreement for an outsourced computer center an IS auditor should FIRST determine that: A. the cost proposed for the services is reasonable. B. security mechanisms are specified in the agreement. C. the services in the agreement are based on an analysis of business needs. D. audit access to the computer center is allowed under the agreement.
IS management has recently informed the IS auditor of its decision to disable certain referential integrity controls in the payroll system to provide users with a faster report generator. This will MOST likely increase the risk of: A. data entry by unauthorized users. B. a nonexistent employee being paid. C. an employee receiving an unauthorized raise. D. duplicate data entry by authorized users.
Which of the following translates e-mail formats from one network to another so that the message can travel through all the networks? A. Gateway B. Protocol converter C. Front-end communication processor D. Concentrator/multiplexor
Which of the following is a substantive audit test? A. Verifying that a management check has been performed regularly B. Observing that user IDs and passwords are required to sign on the computer C. Reviewing reports listing short shipments of goods received D. Reviewing an aged trial balance of accounts receivable
As a result of a business process reengineering (BPR) project: A. an IS auditor would be concerned with the key controls that existed in the prior business process and not those in the new process. B. system processes are automated in such a way that there are more manual interventions and manual controls. C. the newly designed business processes usually do not involve changes in the way(s) of doing business. D. advantages usually are realized when the reengineering process appropriately suits the business and risk.
Cisco Certifications 
