Interested to Buy Any Domain ? << Click Here >> for more details...
In a small organization, an employee performs computer
operations and, when the situation demands, program
modifications. Which of the following should the IS auditor
recommend?
A. Automated logging of changes to development libraries
B. Additional staff to provide separation of duties
C. Procedures that verify that only approved program changes
are implemented
D. Access controls to prevent the operator from making
program modifications
- 1 Answers
- 9164 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
While it would be preferred that strict separation of duties
be adhered to and that additional staff is recruited, as
suggested in choice B, this practice is not always possible
in small organizations. The IS auditor must look at
recommended alternative processes. Of the choices, C is the
only practical one that has an impact. The IS auditor should
recommend processes that detect changes to production source
and object code, such as code comparisons, so the changes
can be reviewed by a third party on a regular basis. This
would be a compensating control process. Choice A, involving
logging of changes to development libraries, would not
detect changes to production libraries. Choice D is in
effect requiring a third party to do the changes, which may
not be practical in a small organization.
| Is This Answer Correct ? | 2 Yes | 1 No |
Which of the following user profiles should be of MOST concern to the IS auditor, when performing an audit of an EFT system? A. Three users with the ability to capture and verifiy their own messages B. Five users with the ability to capturr and send their own messages C. Five users with the ability to verificy other users and to send of their own messages D. Three users with the ability to capture and verifiy the messages of other users and to send their own messages
The FIRST step in data classification is to: A. establish ownership. B. perform a criticality analysis. C. define access rules. D. create a data dictionary.
Which of the following is a disadvantage of image processing? A. Verifies signatures B. Improves service C. Relatively inexpensive to use D. Reduces deterioration due to handling
Confidential data stored on a laptop is BEST protected by: A. storage on optical disks. B. logon ID and password. C. data encryption. D. physical locks.
Which of the following IS functions may be performed by the same individual, without compromising on control or violating segregation of duties? A. Job control analyst and applications programmer B. Mainframe operator and system programmer C. Change/problem and quality control administrator D. Applications and system programmer
Which of the following exposures could be caused by a line-grabbing technique? A. Unauthorized data access B. Excessive CPU cycle usage C. Lockout of terminal polling D. Multiplexor control dysfunction
Which of the following would be included in an IS strategic plan? A. Specifications for planned hardware purchases B. Analysis of future business objectives C. Target dates for development projects D. Annual budgetary targets for the IS department
Requiring passwords to be changed on a regular basis, assigning a new one-time password when a user forgets his/hers, and requiring users not to write down their passwords are all examples of: A. audit objectives. B. audit procedures. C. controls objectives. D. control procedures.
The risk of an IS auditor using an inadequate test procedure and concluding that material errors do not exist when, in fact, they exist is:
The initial step in establishing an information security program is the: A. development and implementation of an information security standards manual. B. performance of a comprehensive security control review by the IS auditor. C. adoption of a corporate information security policy statement. D. purchase of security access control software.
Which of the following will help detect changes made by an intruder to the system log of a server? A. Mirroring of the system log on another server B. Simultaneously duplicating the system log on a write-once disk C. Write protecting the directory containing the system log D. Storing the backup of the system log offsite
The purpose of debugging programs is to: A. generate random data that can be used to test programs before implementing them. B. protect, during the programming phase, valid changes from being overwritten by other changes. C. define the program development and maintenance costs to be include in the feasibility study. D. ensure that program abnormal terminations and program coding flaws are detected and corrected.
Cisco Certifications 
