Interested to Buy Any Domain ? << Click Here >> for more details...
Where adequate segregation of duties between operations and
programming are not achievable, the IS auditor should look for:
A. compensating controls.
B. administrative controls.
C. corrective controls.
D. access controls.
- 1 Answers
- 7020 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
The IS auditor should identify compensating controls such as
strong computer security, reviewing access control logs,
end-user reconciliation of control reports and control
information in transaction reports, where adequate
segregation of duties is not achievable. Administrative
controls deal with operational effectiveness, efficiency and
adherence to management policies. Corrective controls are
designed to correct errors, omissions and unauthorized uses
and intrusions once they are detected. Access control is the
process that limits and controls access to resources of a
computer system.
| Is This Answer Correct ? | 7 Yes | 0 No |
Which of the following message services provides the strongest protection that a specific action has occurred? A. Proof of delivery B. Nonrepudiation C. Proof of submission D. Message origin authentication
Which of the following BEST describes the objectives of following a standard system development methodology? A. To ensure that appropriate staffing is assigned and to provide a method of controlling costs and schedules B. To provide a method of controlling costs and schedules and to ensure communication among users, IS auditors, management and IS personnel C. To provide a method of controlling costs and schedules and an effective means of auditing project development D. To ensure communication among users, IS auditors, management and personnel and to ensure that appropriate staffing is assigned
An organization wants to enforce data integrity principles and achieve faster performance/execution in a database application. Which of the following design principles should be applied? A. User (customized) triggers B. Data validation at the front end C. Data validation at the back end D. Referential integrity
The IS department of an organization wants to ensure that the computer files, used in the information processing facility, are backed up adequately to allow for proper recovery. This is a/an: A. control procedure. B. control objective. C. corrective control. D. operational control.
The responsibility for designing, implementing and maintaining a system of internal control lies with: A. the IS auditor. B. management. C. the external auditor. D. the programming staff.
A validation which ensures that input data are matched to predetermined reasonable limits or occurrence rates, is known as: A. Reasonableness check. B. Validity check. C. Existence check. D. Limit check.
A disaster recovery plan (DRP) for an organization should: A. reduce the length of the recovery time and the cost of recovery. B. increase the length of the recovery time and the cost of recovery. C. reduce the duration of the recovery time and increase the cost of recovery. D. not affect the recovery time nor the cost of recovery.
With the help of the security officer, granting access to data is the responsibility of: A. data owners. B. programmers. C. system analysts. D. librarians.
During the review of an organization's disaster recovery and business continuity plan, the IS auditor found that a paper test was performed to verify the existence of all necessary procedures and actions within the recovery plan. This is a: A. preparedness test. B. module test. C. full test. D. walk-through test.
The use of residual biometric information to gain unauthorized access is an example of which of the following attacks? A. Replay B. Brute force C. Cryptographic D. Mimic
During an implementation review of a multiuser distributed application, the IS auditor finds minor weaknesses in three areas-the initial setting of parameters is improperly installed, weak passwords are being used and some vital reports are not being checked properly. While preparing the audit report, the IS auditor should: A. record the observations separately with the impact of each of them marked against each respective finding. B. advise the manager of probable risks without recording the observations, as the control weaknesses are minor ones. C. record the observations and the risk arising from the collective weaknesses. D. apprise the departmental heads concerned with each observation and properly document it in the report.
The PRIMARY objective of a logical access controls review is to: A. review access controls provided through software. B. ensure access is granted per the organization's authorities. C. walkthrough and assess access provided in the IT environment. D. provide assurance that computer hardware is protected adequately against abuse.
Cisco Certifications 
