Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following types of risks assumes an absence of
compensating controls in the area being reviewed?
A. Control risk
B. Detection risk
C. Inherent risk
D. Sampling risk
- 1 Answers
- 13492 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
The risk that an error exists that could be material or
significant when combined with other errors encountered
during the audit, there being no related compensating
controls, is the inherent risk. Control risk is the risk
that a material error exists that will not be prevented or
detected on a timely basis by the system of internal
controls. Detection risk is the risk when an IS auditor uses
an inadequate test procedure and concludes that material
errors do not exist, when they do. Sampling risk is the risk
that incorrect assumptions are made about the
characteristics of a population from which a sample is taken.
| Is This Answer Correct ? | 17 Yes | 1 No |
The most likely error to occur when implementing a firewall is: A. incorrectly configuring the access lists. B. compromising the passwords due to social engineering. C. connecting a modem to the computers in the network. D. inadequately protecting the network and server from virus attacks.
A call-back system requires that a user with an id and password call a remote server through a dial-up line, then the server disconnects and: A. dials back to the user machine based on the user id and password using a telephone number from its database. B. dials back to the user machine based on the user id and password using a telephone number provided by the user during this connection. C. waits for a redial back from the user machine for reconfirmation and then verifies the user id and password using its database. D. waits for a redial back from the user machine for reconfirmation and then verifies the user id and password using the sender's database.
An IS auditor conducting a review of software usage and licensing discovers that numerous PCs contain unauthorized software. Which of the following actions should the IS auditor take? A. Personally delete all copies of the unauthorized software. B. Inform auditee of the unauthorized software, and follow up to confirm deletion. C. Report the use of the unauthorized software to auditee management and the need to prevent recurrence. D. Take no action, as it is a commonly accepted practice and operations management is responsible for monitoring such use.
Which of the following is the MOST reliable sender authentication method? A. Digital signatures B. Asymmetric cryptography C. Digital certificates D. Message authentication code
An internal audit department, that organizationally reports exclusively to the chief financial officer (CFO) rather than to an audit committee, is MOST likely to: A. have its audit independence questioned. B. report more business-oriented and relevant findings. C. enhance the implementation of the auditor's recommendations. D. result in more effective action being taken on the recommendations.
Which of the following would enable an enterprise to provide access to its intranet (i.e., extranet) across the Internet to its business partners? A. Virtual private network B. Client-server C. Dial-in access D. Network service provider
Which of the following can consume valuable network bandwidth? A. Trojan horses B. Trap doors C. Worms D. Vaccines
IS auditors reviewing access control should review data classification to ensure that encryption parameters are classified as: A. sensitive. B. confidential. C. critical. D. private.
Which of the following controls will detect MOST effectively the presence of bursts of errors in network transmissions? A. Parity check B. Echo check C. Block sum check D. Cyclic redundancy check
An organization is introducing a single sign-on (SSO) system. Under the SSO system, users will be required to enter only one user ID and password for access to all application systems. Under the SSO system, unauthorized access: A. is less likely. B. is more likely. C. will have a greater impact. D. will have a smaller impact.
When reviewing an organization's logical access security, which of the following would be of the MOST concern to an IS auditor? A. Passwords are not shared. B. Password files are encrypted. C. Redundant logon IDs are deleted. D. The allocation of logon IDs is controlled.
An IS auditor involved as a team member in the detailed system design phase of a system under development would be MOST concerned with: A. internal control procedures. B. user acceptance test schedules. C. adequacy of the user training program. D. clerical processes for resubmission of rejected items.
Cisco Certifications 
