Which of the following pairs of functions should not be
combined to provide proper segregation of duties?

A. Tape librarian and computer operator

B. Application programming and data entry

C. Systems analyst and database administrator

D. Security administrator and quality assurance

Answers were Sorted based on User's Feedback



Which of the following pairs of functions should not be combined to provide proper segregation of d..

Answer / guest

Answer: B

The role of application programming and data entry should
not be combined since no compensating controls exist that
can mitigate the segregation of duties risk. All other
combined pairs of functions are acceptable.

Is This Answer Correct ?    4 Yes 2 No

Which of the following pairs of functions should not be combined to provide proper segregation of d..

Answer / sankar

B. Application programming and data entry

Is This Answer Correct ?    1 Yes 0 No

Which of the following pairs of functions should not be combined to provide proper segregation of d..

Answer / guest

B. Application programming and data entry

Is This Answer Correct ?    1 Yes 0 No

Post New Answer

More CISA Certification Interview Questions

Which of the following will help detect changes made by an intruder to the system log of a server? A. Mirroring of the system log on another server B. Simultaneously duplicating the system log on a write-once disk C. Write protecting the directory containing the system log D. Storing the backup of the system log offsite

1 Answers   Orange,


Which of the following would an IS auditor consider the MOST relevant to short-term planning for the IS department? A. Allocating resources B. Keeping current with technology advances C. Conducting control self-assessment D. Evaluating hardware needs

1 Answers  


Which of the following physical access controls would provide the highest degree of security over unauthorized access? A. Bolting door lock B. Cipher lock C. Electronic door lock D. Fingerprint scanner

1 Answers  


When evaluating the collective effect of preventive, detective or corrective controls within a process an IS auditor should be aware: A. of the point at which controls are exercised as data flows through the system. B. that only preventive and detective controls are relevant. C. that corrective controls can only be regarded as compensating. D. that classification allows an IS auditor to determine which controls are missing.

1 Answers  


When two or more systems are integrated, input/output controls must be reviewed by the IS auditor in the: A. systems receiving the output of other systems. B. systems sending output to other systems. C. systems sending and receiving data. D. interfaces between the two systems.

1 Answers  






Which of the following user profiles should be of MOST concern to the IS auditor, when performing an audit of an EFT system? A. Three users with the ability to capture and verifiy their own messages B. Five users with the ability to capturr and send their own messages C. Five users with the ability to verificy other users and to send of their own messages D. Three users with the ability to capture and verifiy the messages of other users and to send their own messages

1 Answers  


Which of the following access control functions is LEAST likely to be performed by a database management system (DBMS) software package? A. User access to field data B. User sign-on at the network level C. User authentication at the program level D. User authentication at the transaction level

1 Answers  


Which of the following is a measure of the size of an information system based on the number and complexity of a system's inputs, outputs and files? A. Program evaluation review technique (PERT) B. Rapid application development (RAD) C. Function point analysis (FPA) D. Critical path method (CPM)

1 Answers  


Which of the following functions, if performed by scheduling and operations personnel, would be in conflict with a policy requiring a proper segregation of duties? A. Job submission B. Resource management C. Code correction D. Output distribution

1 Answers  


Which of the following are data file controls? A. Internal and external labeling B. Limit check and logical relationship checks C. Total items and hash totals D. Report distribution procedures

2 Answers  


The PRIMARY advantage of a continuous audit approach is that it: A. does not require an IS auditor to collect evidence on system reliability while processing is taking place. B. requires the IS auditor to review and follow up immediately on all information collected. C. can improve system security when used in time-sharing environments that process a large number of transactions. D. does not depend on the complexity of an organization's computer systems.

3 Answers  


A MAJOR risk of using single sign-on (SSO) is that it: A. has a single authentication point. B. represents a single point of failure. C. causes an administrative bottleneck. D. leads to a lockout of valid users.

1 Answers  


Categories
  • Cisco Certifications Interview Questions Cisco Certifications (2321)
  • Microsoft Certifications Interview Questions Microsoft Certifications (171)
  • Sun Certifications Interview Questions Sun Certifications (45)
  • CISA Certification Interview Questions CISA Certification (744)
  • Oracle Certifications Interview Questions Oracle Certifications (64)
  • ISTQB Certification Interview Questions ISTQB Certification (109)
  • Certifications AllOther Interview Questions Certifications AllOther (295)