Interested to Buy Any Domain ? << Click Here >> for more details...
In a risk-based audit approach, an IS auditor, in addition
to risk, would be influenced by:
A. the availability of CAATs.
B. management's representation.
C. organizational structure and job responsibilities.
D. the existence of internal and operational controls
- 2 Answers
- 10483 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: D
The existence of internal and operational controls will have
a bearing on the IS auditor's approach to the audit. In a
risk-based approach the IS auditor is not just relying on
risk, but also on internal and operational controls as well
as knowledge of the company and the business. This type of
risk assessment decision can help relate the cost-benefit
analysis of the control to the known risk, allowing
practical choices. The nature of available testing
techniques and management's representations, have little
impact on the risk-based audit approach. Although
organizational structure and job responsibilities need to be
considered, they are not directly considered unless they
impact internal and operational controls.
| Is This Answer Correct ? | 9 Yes | 0 No |
Answer / antoine
D. the existence of internal and operational controls
| Is This Answer Correct ? | 2 Yes | 0 No |
Naming conventions for system resources are important for access control because they: A. ensure that resource names are not ambiguous. B. reduce the number of rules required to adequately protect resources. C. ensure that user access to resources is clearly and uniquely identified. D. ensure that internationally recognized names are used to protect resources.
Which of the following is the initial step in creating a firewall policy? A. A cost-benefits analysis of methods for securing the applications B. Identification of network applications to be externally accessed C. Identification of vulnerabilities associated with network applications to be externally accessed D. Creation of an applications traffic matrix showing protection methods
A decision support system (DSS): A. is aimed at solving highly structured problems. B. combines the use of models with nontraditional data access and retrieval functions. C. emphasizes flexibility in the decision making approach of users. D. supports only structured decision-making tasks.
Which of the following hardware devices relieves the central computer from performing network control, format conversion and message handling tasks? A. Spool B. Cluster controller C. Protocol converter D. Front end processor
An IS auditor is assigned to perform a post implementation review of an application system. Which of the following situations may have impaired the independence of the IS auditor? The IS auditor: A. implemented a specific control during the development of the application system. B. designed an embedded audit module exclusively for auditing the application system. C. participated as a member of the application system project team, but did not have operational responsibilities. D.provided consulting advice concerning application system best practices.
A dry-pipe fire extinguisher system is a system that uses: A. water, but in which water does not enter the pipes until a fire has been detected. B. water, but in which the pipes are coated with special watertight sealants. C. carbon dioxide instead of water. D. halon instead of water.
To prevent an organization's computer systems from becoming part of a distributed denial-of-service attack, IP packets containing addresses that are listed as unroutable can be isolated by: A. establishing outbound traffic filtering. B. enabling broadcast blocking. C. limiting allowable services. D. network performance monitoring.
Which of the following provisions in a contract for external information systems services would an IS auditor consider to be LEAST significant? A. Ownership of program and files B. Statement of due care and confidentiality C. Continued service of outsourcer in the event of a disaster D. Detailed description of computer hardware used by the vendor
Which of the following is the MOST effective technique for providing security during data transmission? A. Communication log B. Systems software log C. Encryption D. Standard protocol
An IS auditor has just completed a review of an organization that has a mainframe and a client-server environment where all production data reside. Which of the following weaknesses would be considered the MOST serious? A. The security officer also serves as the database administrator (DBA.) B. Password controls are not administered over the client/server environment. C. There is no business continuity plan for the mainframe system?s non-critical applications. D. Most LANs do not back up file server fixed disks regularly.
Which of the following procedures can a biometric system perform? A. Measure airborne contamination. B. Provide security over physical access. C. Monitor temperature and humidity levels. D. Detect hazardous electromagnetic fields in an area.
To share data in a multivendor network environment, it is essential to implement program-to-program communication. With respect to program-to-program communication features that can be implemented in this environment, which of the following makes implementation and maintenance difficult? A. User isolation B. Controlled remote access C. Transparent remote access D. The network environments
Cisco Certifications 
