Which of the following would contribute MOST to an effective
business continuity plan (BCP)? The BCP:
A. document was circulated to all interested parties.
B. planning involved all user departments.
C. was approved by senior management.
D. was audited by an external IS auditor.
Answer / guest
Answer: B
The involvement of user departments in the BCP is crucial
for the identification of the business processing
priorities. The BCP circulation will ensure that the BCP
document is received by all users, though essential, this
does not contribute significantly to the success of the BCP.
A BCP approved by senior management would not ensure the
quality of the BCP, nor would an audit necessarily improve
the quality of the BCP.
| Is This Answer Correct ? | 2 Yes | 0 No |
Which of the following would be a compensating control to mitigate risks resulting from an inadequate segregation of duties? A. Sequence check B. Check digit C. Source documentation retention D. Batch control reconciliations
1. which of the following is used to achieve accountability. a.identification b. authentication c. authorization d. iniation
The use of a GANTT chart can: A. aid in scheduling project tasks. B. determine project checkpoints. C. ensure documentation standards. D. direct the post-implementation review.
A company has contracted with an external consulting firm to implement a commercial financial system to replace its existing in-house developed system. In reviewing the proposed development approach, which of the following would be of GREATEST concern? A. Acceptance testing is to be managed by users. B. A quality plan is not part of the contracted deliverables. C. Not all business functions will be available on initial implementation. D. Prototyping is being used to confirm that the system meets business requirements.
When a complete segregation of duties cannot be achieved in an online system environment, which of the following functions should be separated from the others? A. Origination B. Authorization C. Recording D. Correction
Where adequate segregation of duties between operations and programming are not achievable, the IS auditor should look for: A. compensating controls. B. administrative controls. C. corrective controls. D. access controls.
A primary reason for an IS auditor's involvement in the development of a new application system is to ensure that: A. adequate controls are built into the system. B. user requirements are satisfied by the system. C. sufficient hardware is available to process the system. D. data are being developed for pre-implementation testing of the system.
The process of using interpersonal communication skills to get unauthorized access to company assets is called: A. wire tapping. B. trap doors. C. war dialing. D. social engineering.
An organization has an integrated development environment (IDE), where the program libraries reside on the server, but modification/development and testing are done from PC workstations. Which of the following would be a strength of an integrated development environment? A. Controls the proliferation of multiple versions of programs B. Expands the programming resources and aids available C. Increases program and processing integrity D. Prevents valid changes from being overwritten by other changes
Which of the following types of firewalls would BEST protect a network from an Internet attack? A. Screened subnet firewall B. Application filtering gateway C. Packet filtering router D. Circuit-level gateway
Which of the following findings would an IS auditor be MOST concerned about when performing an audit of backup and recovery and the offsite storage vault? A. There are three individuals with a key to enter the area. B. Paper documents also are stored in the offsite vault. C. Data files, which are stored in the vault, are synchronized. D. The offsite vault is located in a separate facility.
The management of an organization has decided to establish a security awareness program. Which of the following would MOST likely be a part of the program? A. Utilization of an intrusion detection system to report incidents. B. Mandating the use of passwords to access all software. C. Installing an efficient user log system to track the actions of each user D. Provide training on a regular basis to all current and new employees.