When reviewing an organization's logical access security,
which of the following would be of the MOST concern to an IS
auditor?
A. Passwords are not shared.
B. Password files are encrypted.
C. Redundant logon IDs are deleted.
D. The allocation of logon IDs is controlled.
Answer / guest
Answer: B
When evaluating the technical aspects of logical security,
unencrypted files represent the greatest risk. The sharing
of passwords, checking for the redundancy of logon ids, and
proper logon ID procedures are essential, but they are less
important than ensuring that the password files are encrypted.
Is This Answer Correct ? | 5 Yes | 1 No |
Which of the following is a telecommunication device that translates data from digital form to analog form and back to digital? A. Multiplexer B. Modem C. Protocol converter D. Concentrator
An IS auditor is reviewing the risk management process. Which of the following is the MOST important consideration during this review? A. Controls are implemented based on cost-benefit analysis. B. The risk management framework is based on global standards. C. The approval process for risk response is in place. D. IT risk is presented in business terms.
The technique used to ensure security in virtual private networks (VPNs) is: A. encapsulation. B. wrapping. C. transform. D. encryption.
Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly? A. Field checks B. Control totals C. Reasonableness checks D. A before-and-after maintenance report
A company uses a bank to process its weekly payroll. Time sheets and payroll adjustment forms (e.g., hourly rate changes, terminations) are completed and delivered to the bank, which prepares checks (cheques) and reports for distribution. To BEST ensure payroll data accuracy: A. payroll reports should be compared to input forms. B. gross payroll should be recalculated manually. C. checks (cheques) should be compared to input forms. D. checks (cheques) should be reconciled with output reports.
The extent to which data will be collected during an IS audit should be determined, based on the: A. availability of critical and required information. B. auditor's familiarity with the circumstances. C. auditee's ability to find relevant evidence. D. purpose and scope of the audit being done.
An IS auditor's MAJOR concern as a result of reviewing a business process reengineering (BPR) project should be whether the: A. newly designed business process has key controls in place. B. changed process will affect organization structure, finances and personnel. C. roles for suppliers have been redefined. D. process has been documented before and after reengineering.
Reconfiguring which of the following firewall types will prevent inward downloading of files through the file transfer protocol (FTP)? A. Circuit gateway B. Application gateway C. Packet filter D. Screening router
Which of the following techniques or tools would assist an IS auditor when performing a statistical sampling of financial transactions maintained in a financial management information system? A. Spreadsheets B. Parallel simulation C. Generalized audit software D. Regression testing
An IS auditor observed that some data entry operators leave their computers in the midst of data entry without logging off. Which of the following controls should be suggested to prevent unauthorized access? A. Encryption B. Switch off the computer when leaving C. Password control D. Screen saver password
The PRIMARY reason for replacing checks (cheques) with EFT systems in the accounts payable area is to: A. make the payment process more efficient. B. comply with international EFT banking standards. C. decrease the number of paper-based payment forms. D. reduce the risk of unauthorized changes to payment transactions.
Which of the following is a substantive test?