Answer / guest

Answer: C

The server and system security should be defined to allow
only authorized staff access to information about the staff
whose records they handle on a day to day basis. Choice A is
a good control in that it will allow access to be analyzed
if there is concern that there is unauthorized access.
However, it will not prevent access. Choice B, restricting
access to sensitive transactions, will only restrict access
to part of the data. It will not prevent access to other
data. Choice D, system access restricted to business hours,
only restricts when unauthorized access can occur, and would
not prevent such access at other times.

An IS auditor who is reviewing application run manuals would expect them to contain: A. details of source documents. B. error codes and their recovery actions. C. program logic flowcharts and file definitions. D. change records for the application source code.

3 Answers  

---

Which of the following types of firewalls provide the GREATEST degree and granularity of control? A. Screening router B. Packet filter C. Application gateway D. Circuit gateway

1 Answers  

---

Which of the following audit procedures would MOST likely be used in an audit of a systems development project? A. Develop test transactions B. Use code comparison utilities C. Develop audit software programs D. Review functional requirements documentation

1 Answers  

---

Which of the following is the initial step in creating a firewall policy? A. A cost-benefits analysis of methods for securing the applications B. Identification of network applications to be externally accessed C. Identification of vulnerabilities associated with network applications to be externally accessed D. Creation of an applications traffic matrix showing protection methods

1 Answers  

---

To review access to ceratin data base to determine whether the "new user" forms were correctly authorized. This is an example of:

4 Answers  

---

---

Good quality software is BEST achieved: A. through thorough testing. B. by finding and quickly correcting programming errors. C. determining the amount of testing by the available time and budget. D. by applying well-defined processes and structured reviews throughout the project.

2 Answers  

---

Which of the following would be the BEST population to take a sample from when testing program changes? A. Test library listings B. Source program listings C. Program change requests D. Production library listings

1 Answers  

---

Confidential data residing on a PC is BEST protected by: A. a password. B. file encryption. C. removable diskettes. D. a key operated power source.

1 Answers  

---

When an employee is terminated from service, the MOST important action is to: A. hand over all of the employee's files to another designated employee. B. take a back up of the employee's work. C. notify other employees of the termination. D. disable the employee's logical access.

1 Answers  

---

Which of the following data entry controls provides the GREATEST assurance that the data is entered correctly? A. Using key verification B. Segregating the data entry function from data entry verification C. Maintaining a log/record detailing the time, date, employee's initials/user id and progress of various data preparation and verification tasks D. Adding check digits

1 Answers  

---

A team conducting a risk analysis is having difficulty projecting the financial losses that could result from a risk. To evaluate the potential losses the team should: A. compute the amortization of the related assets. B. calculate a return on investment (ROI). C. apply a qualitative approach. D. spend the time needed to define exactly the loss amount.

1 Answers  

---

Which of the following implementation modes would provide the GREATEST amount of security for outbound data connecting to the Internet? A. Transport mode with authentication header plus encapsulating security payload (ESP) B. Secure socket layer (SSL) mode C. Tunnel mode with AH plus ESP D. Triple-DES encryption mode

1 Answers  

---