Answer / guest

Answer: A

The objectives of CSA programs include education for line
management in control responsibility and monitoring and
concentration by all on areas of high risk. The objectives
of CSA programs include the enhancement of audit
responsibilities, not replacement of audit responsibilities.
Choices C and D are tools of CSA, not objectives.

At the end of the testing phase of software development, an IS auditor observes that an intermittent software error has not been corrected. No action has been taken to resolve the error. The IS auditor should: A. report the error as a finding and leave further exploration to the auditee's discretion. B. attempt to resolve the error. C. recommend that problem resolution be escalated. D. ignore the error, as it is not possible to get objective evidence for the software error.

1 Answers  

---

A programmer included a routine into a payroll application to search for his/her own payroll number. As a result, if this payroll number does not appear during the payroll run, a routine will generate and place random numbers onto every paycheck. This routine is known as: A. scavenging. B. data leakage. C. piggybacking. D. a trojan horse.

1 Answers  

---

A critical function of a firewall is to act as a: A. special router that connects the Internet to a LAN. B. device for preventing authorized users from accessing the LAN. C. server used to connect authorized users to private trusted network resources. D. proxy server to increase the speed of access to authorized users.

2 Answers  

---

During which of the following steps in the business process reengineering should the benchmarking team visit the benchmarking partner? A. Observation B. Planning C. Analysis D. Adaptation

2 Answers  

---

Which of the following imaging technologies captures handwriting from a preprinted form and converts it into an electronic format? A. Magnetic ink character recognition (MICR) B. Intelligent voice recognition (IVR) C. Bar code recognition (BCR) D. Optical character recognition (OCR)

1 Answers  

---

To prevent an organization's computer systems from becoming part of a distributed denial-of-service attack, IP packets containing addresses that are listed as unroutable can be isolated by: A. establishing outbound traffic filtering. B. enabling broadcast blocking. C. limiting allowable services. D. network performance monitoring.

1 Answers  

---

Analysis of which of the following would MOST likely enable the IS auditor to determine if a non-approved program attempted to access sensitive data? A. Abnormal job termination reports B. Operator problem reports C. System logs D. Operator work schedules

1 Answers  

---

An existing system is being extensively enhanced by extracting and reusing design and program components. This is an example of: A. reverse engineering. B. prototyping. C. software reuse. D. reengineering.

2 Answers  

---

Which of the following is a detective control? A. Physical access controls B. Segregation of duties C. Backup procedures D. Audit trails

1 Answers  

---

An IS auditor finds that not all employees are aware of the enterprise's information security policy. The IS auditor should conclude that: A. this lack of knowledge may lead to unintentional disclosure of sensitive information. B. information security is not critical to all functions. C. IS audit should provide security training to the employees. D. the audit finding will cause management to provide continuous training to staff.

1 Answers  

---

Which of the following is a benefit of using callback devices? A. Provide an audit trail B. Can be used in a switchboard environment C. Permit unlimited user mobility D. Allow call forwarding

2 Answers  

---

An IS auditor should be able to identify and evaluate various types of risks and their potential effects. Which of the following risks is associated with authorized program exits (trap doors)? A. Inherent B. Detection C. Audit D. Error

2 Answers  

---