Where adequate segregation of duties between operations and
programming are not achievable, the IS auditor should look for:
A. compensating controls.
B. administrative controls.
C. corrective controls.
D. access controls.
- 1 Answers
- 6126 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
The IS auditor should identify compensating controls such as
strong computer security, reviewing access control logs,
end-user reconciliation of control reports and control
information in transaction reports, where adequate
segregation of duties is not achievable. Administrative
controls deal with operational effectiveness, efficiency and
adherence to management policies. Corrective controls are
designed to correct errors, omissions and unauthorized uses
and intrusions once they are detected. Access control is the
process that limits and controls access to resources of a
computer system.
| Is This Answer Correct ? | 7 Yes | 0 No |
Which of the following BEST determines that complete encryption and authentication protocols exist for protecting information while transmitted? A. A digital signature with RSA has been implemented. B. Work is being done in tunnel mode with the nested services of AH and ESP C. Digital certificates with RSA are being used. D. Work is being done in transport mode, with the nested services of AH and ESP
A digital signature contains a message digest to: A. show if the message has been altered after transmission. B. define the encryption algorithm. C. confirm the identity of the originator. D. enable message transmission in a digital format.
Which of the following would BEST provide assurance of the integrity of new staff? A) Background screening B)References C) Bonding D)Qualifications listed on resume
Which of the following is the FIRST step in a business process reengineering (BPR) project? A. Defining the areas to be reviewed B. Developing a project plan C. Understanding the process under review D. Reengineering and streamlining the process under review
When reviewing a system development project at the project initiation stage, an IS auditor finds that the project team is following the organization's quality manual. To meet critical deadlines the project team proposes to fast track the validation and verification processes, commencing some elements before the previous deliverable is signed off. Under these circumstances, the IS auditor would MOST likely: A. report this as a critical finding to senior management. B. accept that different quality processes can be adopted for each project. C. report to IS management the team's failure to follow quality procedures. D. report the risks associated with fast tracking to the project steering committee.
Which of the following BEST describes the necessary documentation for an enterprise product reengineering (EPR) software installation? A. Specific developments only B. Business requirements only C. All phases of the installation must be documented D. No need to develop a customer specific documentation
Which of the following is the BEST form of transaction validation? A. Use of key field verification techniques in data entry B. Use of programs to check the transaction against criteria set by management C. Authorization of the transaction by supervisory personnel in an adjacent department D. Authorization of the transaction by a department supervisor prior to the batch process
Functionality is a characteristic associated with evaluating the quality of software products throughout their lifecycle, and is BEST described as the set of attributes that bear on the: A. existence of a set of functions and their specified properties. B. ability of the software to be transferred from one environment to another. C. capability of software to maintain its level of performance under stated conditions. D. relationship between the performance of the software and the amount of resources used.
Which of the following integrity tests examines the accuracy, completeness, consistency and authorization of data? A. Data B. Relational C. Domain D. Referential
In a TCP/IP-based network, an IP address specifies a: A. network connection. B. router/gateway. C. computer in the network. D. device on the network.
Which of the following describes a difference between unit testing and system testing? A. Unit testing is more comprehensive. B. Programmers are not involved in system testing. C. System testing relates to interfaces between programs. D. System testing proves user requirements are complete.
The PRIMARY reason for using digital signatures is to ensure data: A. confidentiality. B. integrity. C. availability. D. timeliness.
Cisco Certifications 
