The PRIMARY advantage of a continuous audit approach is that it:
A. does not require an IS auditor to collect evidence on
system reliability while processing is taking place.
B. requires the IS auditor to review and follow up
immediately on all information collected.
C. can improve system security when used in time-sharing
environments that process a large number of transactions.
D. does not depend on the complexity of an organization's
computer systems.
- 1 Answers
- 4305 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
The use of continuous auditing techniques can actually
improve system security when used in time-sharing
environments that process a large number of transactions,
but leave a scarce paper trail. Choice A is incorrect since
the continuous audit approach often does require an IS
auditor to collect evidence on system reliability while
processing is taking place. Choice B is incorrect since an
IS auditor normally would review and follow up only on
material deficiencies or errors detected. Choice D is
incorrect since the use of continuous audit techniques does
depend on the complexity of an organization's computer systems.
| Is This Answer Correct ? | 3 Yes | 0 No |
An organization has contracted with a vendor for a turnkey solution for their electronic toll collection system (ETCS). The vendor has provided its proprietary application software as part of the solution. The contract should require that: A. a backup server be available to run ETCS operations with up-to-date data. B. a backup server be loaded with all the relevant software and data. C. the systems staff of the organization be trained to handle any event. D. source code of the ETCS application be placed in escrow.
Which of the following audit procedures would MOST likely be used in an audit of a systems development project? A. Develop test transactions B. Use code comparison utilities C. Develop audit software programs D. Review functional requirements documentation
The implementation of cost-effective controls in an automated system is ultimately the responsibility of the: A. system administrator. B. quality assurance function. C. business unit management. D. chief of internal audit.
A web-based bookstore has included the customer relationship management (CRM) system in its operations. An IS auditor has been assigned to perform a call center review. Which of the following is the MOST appropriate first step for the IS auditor to take? A. Review the company's performance since the CRM was implemented. B. Review the IT strategy. C. Understand the business focus of the bookstore. D. Interview salespeople and supervisors.
A hacker could obtain passwords without the use of computer tools or programs through the technique of: A. social engineering. B. sniffers. C. backdoors. D. trojan horses.
A retail company recently installed data warehousing client software at geographically diverse sites. Due to time zone differences between the sites, updates to the warehouse are not synchronized. Which of the following will be affected the MOST? A. Data availability B. Data completeness C. Data redundancy D. Data inaccuracy
Information for detecting unauthorized input from a terminal would be BEST provided by the: A. console log printout. B. transaction journal. C. automated suspense file listing. D. user error report.
Which of the following tests confirm that the new system can operate in its target environment? A. Sociability testing B. Regression testing C. Validation testing D. Black box testing
Programs that can run independently and travel from machine to machine across network connections, with the ability to destroy data or utilize tremendous computer and communication resources, are referred to as: A. trojan horses. B. viruses. C. worms. D. logic bombs.
A critical function of a firewall is to act as a: A. special router that connects the Internet to a LAN. B. device for preventing authorized users from accessing the LAN. C. server used to connect authorized users to private trusted network resources. D. proxy server to increase the speed of access to authorized users.
An IS auditor who is reviewing application run manuals would expect them to contain: A. details of source documents. B. error codes and their recovery actions. C. program logic flowcharts and file definitions. D. change records for the application source code.
Which of the following is a feature of an intrusion detection system (IDS)? A. Gathering evidence on attack attempts B. Identifying weakness in the policy definition C. Blocking access to particular sites on the Internet D. Preventing certain users from accessing specific servers
Cisco Certifications 
