Interested to Buy Any Domain ? << Click Here >> for more details...
In a small organization, where segregation of duties is not
practical, an employee performs the function of computer
operator and application programmer. Which of the following
controls should the IS auditor recommend?
A. Automated logging of changes to development libraries
B. Additional staff to provide segregation of duties
C. Procedures that verify that only approved program changes
are implemented
D. Access controls to prevent the operator from making
program modifications
- 1 Answers
- 9203 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
In smaller organizations, it generally is not appropriate to
recruit additional staff to achieve a strict segregation of
duties. The IS auditor must look at alternatives. Of the
choices, C is the only practical one that has an impact. The
IS auditor should recommend processes that detect changes to
production source and object code, such as code comparisons
so that the changes can be reviewed by a third party on a
regular basis. This would be a compensating control process.
Choice A, involving logging of changes to development
libraries, would not detect changes to production libraries.
Choice D is in effect requiring a third party to do the
changes, which may not be practical in a small organization.
| Is This Answer Correct ? | 8 Yes | 0 No |
Which of the following development methods uses a prototype that can be updated continually to meet changing user or business requirements? A. Data-oriented development (DOD) B. Object-oriented development (OOD) C. Business process reengineering (BPR) D. Rapid application development (RAD)
A B-to-C e-commerce web site as part of its information security program wants to monitor, detect and prevent hacking activities and alert the system administrator when suspicious activities occur. Which of the following infrastructure components could be used for this purpose? A. Intrusion detection systems B. Firewalls C. Routers D. Asymmetric encryption
Which of the following tests confirm that the new system can operate in its target environment? A. Sociability testing B. Regression testing C. Validation testing D. Black box testing
A call-back system requires that a user with an id and password call a remote server through a dial-up line, then the server disconnects and: A. dials back to the user machine based on the user id and password using a telephone number from its database. B. dials back to the user machine based on the user id and password using a telephone number provided by the user during this connection. C. waits for a redial back from the user machine for reconfirmation and then verifies the user id and password using its database. D. waits for a redial back from the user machine for reconfirmation and then verifies the user id and password using the sender's database.
During an audit of an enterprise that is dedicated to e-commerce, the IS manager states that digital signatures are used in the establishment of its commercial relations. To substantiate this, the IS auditor must prove that which of the following is used? A. A biometric, digitalized and encrypted parameter with the customer's public key B. A hash of the data that is transmitted and encrypted with the customer's private key C. A hash of the data that is transmitted and encrypted with the customer's public key D. The customer's scanned signature, encrypted with the customer's public key
An audit charter should: A. be dynamic and change often to coincide with the changing nature of technology and the audit profession. B. clearly state audit objectives for the delegation of authority for the maintenance and review of internal controls. C. document the audit procedures designed to achieve the planned audit objectives. D. outline the overall authority, scope and responsibilities of the audit function.
Which of the following is the MOST effective control procedure for security of a stand-alone small business computer environment? A. Supervision of computer usage B. Daily management review of the trouble log C. Storage of computer media in a locked cabinet D. Independent review of an application system design
Which of the following is an advantage of an integrated test facility (ITF)? A. It uses actual master files or dummies and the IS auditor does not have to review the source of the transaction. B. Periodic testing does not require separate test processes. C. It validates application systems and tests the ongoing operation of the system. D. It eliminates the need to prepare test data.
While designing the business continuity plan (BCP) for an airline reservation system, the MOST appropriate method of data transfer/back up at an offsite location would be: A. shadow file processing. B. electronic vaulting. C. hard-disk mirroring. D. hot-site provisioning.
Which of the following functions, if performed by scheduling and operations personnel, would be in conflict with a policy requiring a proper segregation of duties? A. Job submission B. Resource management C. Code correction D. Output distribution
To review access to ceratin data base to determine whether the "new user" forms were correctly authorized. This is an example of:
Authentication is the process by which the: A. system verifies that the user is entitled to input the transaction requested. B. system verifies the identity of the user. C. user identifies himself to the system. D. user indicates to the system that the transaction was processed correctly.
Cisco Certifications 
