Interested to Buy Any Domain ? << Click Here >> for more details...
An IS auditor performing an application maintenance audit
would review the log of program changes for the:
A. authorization for program changes.
B. creation date of a current object module.
C. number of program changes actually made.
D. creation date of a current source program.
- 1 Answers
- 7535 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
The manual log will most likely contain information on
authorized changes to a program. Deliberate, unauthorized
changes will not be documented by the responsible party. An
automated log, found usually in library management products,
and not a change log would most likely contain date
information for the source and executable modules.
| Is This Answer Correct ? | 12 Yes | 0 No |
A PRIMARY benefit derived from an organization employing control self-assessment (CSA) techniques is that it: A. can identify high-risk areas that might need a detailed review later. B. allows IS auditors to independently assess risk. C. can be used as a replacement for traditional audits. D. allows management to relinquish responsibility for control.
An IS auditor's primary concern when application developers wish to use a copy of yesterday's production transaction file for volume tests is that: A. users may prefer to use contrived data for testing. B. unauthorized access to sensitive data may result. C. error handling and credibility checks may not be fully proven. D. full functionality of the new process is not necessarily tested.
Assumptions while planning an IS project involve a high degree of risk because they are: A. based on known constraints. B. based on objective past data. C. a result of lack of information. D. often made by unqualified people.
When an information security policy has been designed, it is MOST important that the information security policy be: A. stored offsite. B. written by IS management. C. circulated to users. D. updated frequently.
The primary role of an IS auditor during the system design phase of an application development project is to: A. advise on specific and detailed control procedures. B. ensure the design accurately reflects the requirement. C. ensure all necessary controls are included in the initial design. D. advise the development manager on adherence to the schedule.
Which of the following functions should be performed by the application owners to ensure an adequate segregation of duties between IS and end users? A. System analysis B. Authorization of access to data C. Application programming D. Data administration
During an IT audit of a large bank, an IS auditor observes that no formal risk assessment exercise has been carried out for the various business applications to arrive at their relative importance and recovery time requirements. The risk that the bank is exposed to is that the: A. business continuity plan may not have been calibrated to the relative risk that disruption of each application poses to the organization. B. business continuity plan may not include all relevant applications and therefore may lack completeness in terms of its coverage. C. business impact of a disaster may not have been accurately understood by the management. D. business continuity plan may lack an effective ownership by the business owners of such applications.
In a system development project the purpose of the program and procedure development phase is to: A. prepare, test and document all programs and manual procedures. B. document a business or system problem to a level at which management can select a solution. C. prepare a high-level design of a proposed system solution and present reasons for adopting a solution. D. expand the general design of an approved solution so that program and procedure writing can begin.
When logging on to an online system, which of the following processes would the system perform FIRST? A. Initiation B. Verification C. Authorization D. Authentication
An IS auditor performing a review of the IS department discovers that formal project approval procedures do not exist. In the absence of these procedures the IS manager has been arbitrarily approving projects that can be completed in a short duration and referring other more complicated projects to higher levels of management for approval. The IS auditor should recommend as a FIRST course of action that: A. users participate in the review and approval process. B. formal approval procedures be adopted and documented. C. projects be referred to appropriate levels of management for approval. D. the IS manager's job description be changed to include approval authority.
The FIRST step in developing a business continuity plan (BCP) is to: A. classify the importance of systems. B. establish a disaster recovery strategy. C. determine the critical recovery time period. D. perform a risk ranking.
The PRIMARY objective of conducting a post-implementation review is to assess whether the system A) achieved the desired objectives B) provides for backup and recovery C) provides for information security D) documentation is clear and understandable
Cisco Certifications 
