Interested to Buy Any Domain ? << Click Here >> for more details...
When reviewing a system development project an IS auditor
would be PRIMARILY concerned with whether:
A. business objectives are achieved.
B. security and control procedures are adequate.
C. the system utilizes the strategic technical infrastructure.
D. development will comply with the approved quality
management processes
- 1 Answers
- 3976 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
The most important issue in reviewing system development
processes to ensure that business objectives are achieved. A
software development project should meet its objectives.
Security and control procedures are to be considered as a
subset of business objectives, because a well-controlled
system that does not meet business needs is of little
benefit to the organization.
| Is This Answer Correct ? | 1 Yes | 0 No |
An IS auditor should use statistical sampling and not judgmental (nonstatistical) sampling, when: A. the probability of error must be objectively quantified. B. the auditor wants to avoid sampling risk. C. generalized audit software is unavailable. D. the tolerable error rate cannot be determined.
An IS auditor conducting a review of disaster recovery planning at a financial processing organization has discovered the following: * The existing disaster recovery plan was compiled two years ago by a systems analyst in the organization's IT department using transaction flow projections from the operations department. * The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his attention. * The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for their area in the event of a disruptive incident. The basis of an organization's disaster recovery plan is to reestablish live processing at an alternative site where a similar, but not identical hardware configuration is already established. The IS auditor should: A. take no action as the lack of a current plan is the only significant finding. B. recommend that the hardware configuration at each site should be identical. C. perform a review to verify that the second configuration can support live processing. D. report that the financial expenditure on the alternative site is wasted without an effective plan.
The primary goal of a web site certificate is: A. authentication of the web site to be surfed through. B. authentication of the user who surfs through that site. C. preventing surfing of the web site by hackers. D. the same purpose as that of a digital certificate.
Which of the following should be in place to protect the purchaser of an application package in the event that the vendor ceases to trade? A. Source code held in escrow. B. Object code held by a trusted third party. C. Contractual obligation for software maintenance. D. Adequate training for internal programming staff.
Which of the following represents the MOST pervasive control over application development? A. IS auditors B. Standard development methodologies C. Extensive acceptance testing D. Quality assurance groups
Which of the following BEST determines that complete encryption and authentication protocols exist for protecting information while transmitted? A. A digital signature with RSA has been implemented. B. Work is being done in tunnel mode with the nested services of AH and ESP C. Digital certificates with RSA are being used. D. Work is being done in transport mode, with the nested services of AH and ESP
Which of the following is a dynamic analysis tool for the purpose of testing software modules? A. Blackbox test B. Desk checking C. Structured walk-through D. Design and code
E-cash is a form of electronic money that: A. can be used over any computer network. B. utilizes reusable e-cash coins to make payments. C. does not require the use of an Internet digital bank. D. contains unique serial numbering to track the identity of the buyer.
When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensure that:
Requiring passwords to be changed on a regular basis, assigning a new one-time password when a user forgets his/hers, and requiring users not to write down their passwords are all examples of: A. audit objectives. B. audit procedures. C. controls objectives. D. control procedures.
Which of the following would normally be found in application run manuals? A. Details of source documents B. Error codes and their recovery actions C. Program flowcharts and file definitions D. Change records for the application source code
An IS auditor who is reviewing application run manuals would expect them to contain: A. details of source documents. B. error codes and their recovery actions. C. program logic flowcharts and file definitions. D. change records for the application source code.
Cisco Certifications 
