Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following tasks is performed by the same person
in a well-controlled information processing
facility/computer center?
A. Security administration and management
B. Computer operations and system development
C. System development and change management
D. System development and systems maintenance
- 1 Answers
- 9204 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: D
It is common for system development and maintenance to be
undertaken by the same person. In both cases, the programmer
requires access to the source code in the development
environment, but should not be allowed access in the
production environment. Choice A is not correct because the
roles of security administration and change management are
incompatible functions. The level of security administration
access rights could allow changes to go undetected. Computer
operations and system development (choice B) are
incompatible since it would be possible for an operator to
run a program that he/she had amended. Choice C is incorrect
because the combination of system development and change
control would allow program modifications to bypass change
control approvals.
| Is This Answer Correct ? | 7 Yes | 2 No |
IS auditors, in performing detailed network assessments and access control reviews should FIRST: A. determine the points of entry. B. evaluate users access authorization. C. assess users identification and authorization. D. evaluate the domain-controlling server configuration.
Which of the following would be considered a business risk? A. Former employees B. Part-time and temporary personnel C. Loss of competitive edge D. Hackers
Which of the following is the most important element in the design of a data warehouse? A. Quality of the metadata B. Speed of the transactions C. Volatility of the data D. Vulnerability of the system
The security level of a private key system depends on the number of: A. encryption key bits. B. messages sent. C. keys. D. channels used.
Which of the following would an IS auditor consider a weakness when performing an audit of an organization that uses a public key infrastructure (PKI) with digital certificates for its business-to-consumer transactions via the Internet? A. Customers are widely dispersed geographically, but the certificate authorities (CAs) are not. B. Customers can make their transactions from any computer or mobile device. C. The CA has several data processing subcenters to administer certificates. D. The organization is the owner of the CA.
The phases and deliverables of a systems development life cycle (SDLC) project should be determined: A. during the initial planning stages of the project. B. after early planning has been completed, but before work has begun. C. through out the work stages based on risks and exposures. D. only after all risks and exposures have been identified and the IS auditor has recommended appropriate controls.
Which of the following is the BEST audit procedure to determine if a firewall is configured in compliance with an organization's security policy? A. Review the parameter settings B. Interview the firewall administrator C. Review the actual procedures D. Review the device's log file for recent attacks
Which of the following is an IS control objective? A. Output reports are locked in a safe place. B. Duplicate transactions do not occur. C. System backup/recovery procedures are updated periodically. D. System design and development meet users' requirements.
In a risk-based audit approach, an IS auditor, in addition to risk, would be influenced by: A. the availability of CAATs. B. management's representation. C. organizational structure and job responsibilities. D. the existence of internal and operational controls
The difference between a vulnerability assessment and a penetration test is that a vulnerability assessment: A. searches and checks the infrastructure to detect vulnerabilities, whereas penetration testing intends to exploit the vulnerabilities to probe the damage that could result from the vulnerabilities. B. and penetration tests are different names for the same activity. C. is executed by automated tools, whereas penetration testing is a totally manual process. D. is executed by commercial tools, whereas penetration testing is executed by public processes.
An IS auditor conducting a review of disaster recovery planning at a financial processing organization has discovered the following: * The existing disaster recovery plan was compiled two years ago by a systems analyst in the organization's IT department using transaction flow projections from the operations department. * The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his attention. * The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for their area in the event of a disruptive incident. The basis of an organization's disaster recovery plan is to reestablish live processing at an alternative site where a similar, but not identical hardware configuration is already established. The IS auditor should: A. take no action as the lack of a current plan is the only significant finding. B. recommend that the hardware configuration at each site should be identical. C. perform a review to verify that the second configuration can support live processing. D. report that the financial expenditure on the alternative site is wasted without an effective plan.
In a small organization, where segregation of duties is not practical, an employee performs the function of computer operator and application programmer. Which of the following controls should the IS auditor recommend? A. Automated logging of changes to development libraries B. Additional staff to provide segregation of duties C. Procedures that verify that only approved program changes are implemented D. Access controls to prevent the operator from making program modifications
Cisco Certifications 
