Which of the following pairs of functions should not be
combined to provide proper segregation of duties?
A. Tape librarian and computer operator
B. Application programming and data entry
C. Systems analyst and database administrator
D. Security administrator and quality assurance
Answers were Sorted based on User's Feedback
Answer / guest
Answer: B
The role of application programming and data entry should
not be combined since no compensating controls exist that
can mitigate the segregation of duties risk. All other
combined pairs of functions are acceptable.
Is This Answer Correct ? | 4 Yes | 2 No |
Which of the following will help detect changes made by an intruder to the system log of a server? A. Mirroring of the system log on another server B. Simultaneously duplicating the system log on a write-once disk C. Write protecting the directory containing the system log D. Storing the backup of the system log offsite
Which of the following would an IS auditor consider the MOST relevant to short-term planning for the IS department? A. Allocating resources B. Keeping current with technology advances C. Conducting control self-assessment D. Evaluating hardware needs
Which of the following physical access controls would provide the highest degree of security over unauthorized access? A. Bolting door lock B. Cipher lock C. Electronic door lock D. Fingerprint scanner
When evaluating the collective effect of preventive, detective or corrective controls within a process an IS auditor should be aware: A. of the point at which controls are exercised as data flows through the system. B. that only preventive and detective controls are relevant. C. that corrective controls can only be regarded as compensating. D. that classification allows an IS auditor to determine which controls are missing.
When two or more systems are integrated, input/output controls must be reviewed by the IS auditor in the: A. systems receiving the output of other systems. B. systems sending output to other systems. C. systems sending and receiving data. D. interfaces between the two systems.
Which of the following user profiles should be of MOST concern to the IS auditor, when performing an audit of an EFT system? A. Three users with the ability to capture and verifiy their own messages B. Five users with the ability to capturr and send their own messages C. Five users with the ability to verificy other users and to send of their own messages D. Three users with the ability to capture and verifiy the messages of other users and to send their own messages
Which of the following access control functions is LEAST likely to be performed by a database management system (DBMS) software package? A. User access to field data B. User sign-on at the network level C. User authentication at the program level D. User authentication at the transaction level
Which of the following is a measure of the size of an information system based on the number and complexity of a system's inputs, outputs and files? A. Program evaluation review technique (PERT) B. Rapid application development (RAD) C. Function point analysis (FPA) D. Critical path method (CPM)
Which of the following functions, if performed by scheduling and operations personnel, would be in conflict with a policy requiring a proper segregation of duties? A. Job submission B. Resource management C. Code correction D. Output distribution
Which of the following are data file controls? A. Internal and external labeling B. Limit check and logical relationship checks C. Total items and hash totals D. Report distribution procedures
The PRIMARY advantage of a continuous audit approach is that it: A. does not require an IS auditor to collect evidence on system reliability while processing is taking place. B. requires the IS auditor to review and follow up immediately on all information collected. C. can improve system security when used in time-sharing environments that process a large number of transactions. D. does not depend on the complexity of an organization's computer systems.
A MAJOR risk of using single sign-on (SSO) is that it: A. has a single authentication point. B. represents a single point of failure. C. causes an administrative bottleneck. D. leads to a lockout of valid users.