Interested to Buy Any Domain ? << Click Here >> for more details...
An IS auditor is reviewing the change management process for an enterprise resource planning (ERP) application. Which of the following is the BEST method for testing program changes?
A. Select a sample of change tickets and review them for authorization.
B. Perform a walk-through by tracing a program change from start to finish.
C. Trace a sample of modified programs to supporting change tickets.
D. Use query software to analyze all change tickets for missing fields.
- 2 Answers
- 6783 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / heather chatterjee
The correct answer is C
A. Selecting a sample of change tickets and reviewing them for authorization helps test for authorization controls; however, it does not identify program changes that were made without supporting change tickets.
B. Performing a walk-through assists the IS auditor in understanding the process, but does not ensure that all changes adhere to the normal process.
C. Tracing a sample of modified programs to supporting change tickets is the best way to test change management controls. This method is most likely to identify instances in which a change was made without supporting documentation.
D. Using query software to analyze all change tickets for missing fields does not identify program changes that were made without supporting change tickets.
Question #: 559 CISA Job Practice Task Statement: 4.8
| Is This Answer Correct ? | 1 Yes | 0 No |
The correct answer is C
A. Selecting a sample of change tickets and reviewing them for authorization helps test for authorization controls; however, it does not identify program changes that were made without supporting change tickets.
B. Performing a walk-through assists the IS auditor in understanding the process, but does not ensure that all changes adhere to the normal process.
C. Tracing a sample of modified programs to supporting change tickets is the best way to test change management controls. This method is most likely to identify instances in which a change was made without supporting documentation.
D. Using query software to analyze all change tickets for missing fields does not identify program changes that were made without supporting change tickets.
Question #: 559 CISA Job Practice Task Statement: 4.8
| Is This Answer Correct ? | 0 Yes | 0 No |
Which of the following is a data validation edit and control? A. Hash totals B. Reasonableness checks C. Online access controls D. Before and after image reporting
A company has recently upgraded its purchase system to incorporate EDI transmissions. Which of the following controls should be implemented in the EDI interface in order to provide for efficient data mapping? A. Key verification B. One-for-one checking C. Manual recalculations D. Functional acknowledgements
Which of the following would an IS auditor expect to find in a console log? A. Names of system users B. Shift supervisor identification C. System errors D. Data edit errors
A digital signature contains a message digest to: A. show if the message has been altered after transmission. B. define the encryption algorithm. C. confirm the identity of the originator. D. enable message transmission in a digital format.
What is a risk associated with attempting to control physical access to sensitive areas, such as computer rooms, through card keys, locks, etc.? A. Unauthorized individuals wait for controlled doors to open and walk in behind those authorized. B. The contingency plan for the organization cannot effectively test controlled access practices. C. Access cards, keys, and pads can be easily duplicated allowing easy compromise of the control. D. Removing access for people no longer authorized is complex.
Which of the following is an object-oriented technology characteristic that permits an enhanced degree of security over data? A. Inheritance B. Dynamic warehousing C. Encapsulation D. Polymorphism
When implementing continuous monitoring systems an IS auditor's first step is to identify: A. reasonable target thresholds. B. high-risk areas within the organization. C. the location and format of output files. D. applications that provide the highest potential payback.
Applying a digital signature to data traveling in a network provides: A. confidentiality and integrity. B. security and nonrepudiation. C. integrity and nonrepudiation. D. confidentiality and nonrepudiation.
Which of the following is an objective of a control self-assessment (CSA) program? A. Audit responsibility enhancement B. Problem identification C. Solution brainstorming D. Substitution for an audit
An enterprisewide network security architecture of public key infrastructure (PKI) would be comprised of: A. A public key cryptosystem, private key cryptosystem and digital certificate B. A public key cryptosystem, symmetric encryption and certificate authorities C. A symmetric encryption, digital certificate and kerberos authentication D. A public key cryptosystem, digital certificate and certificate authorities
While reviewing the business continuity plan of an organization, the IS auditor observed that the organization's data and software files are backed up on a periodic basis. Which characteristic of an effective plan does this demonstrate? A. Deterrence B. Mitigation C. Recovery D. Response
Which of the following is the BEST way to handle obsolete magnetic tapes before disposing of them? A. Overwriting the tapes B. Initializing the tape labels C. Degaussing the tapes D. Erasing the tapes
Cisco Certifications 
