Answer / chatter

the correct answer is A

A. If the data is not encrypted, an unauthorized external party may download sensitive company data.

B. Even though the possibility exists that the logon information was captured from the emails, data should be encrypted, so the theft of the data would not allow the attacker to read it.

C. Some of the employees at the consulting firm will have access to the sensitive data and the consulting firm must have procedures in place to protect the data.

D. Tracing accountability is of minimal concern compared to the compromise of sensitive data.

Question #: 802 CISA Job Practice Task Statement: 5.3

Which of the following facilitates program maintenance? A. More cohesive and loosely coupled programs B. Less cohesive and loosely coupled programs C. More cohesive and strongly coupled programs D. Less cohesive and strongly coupled programs

1 Answers  

---

IS auditors reviewing access control should review data classification to ensure that encryption parameters are classified as: A. sensitive. B. confidential. C. critical. D. private.

1 Answers  

---

The general ledger setup function in an enterprise resource package (ERP) allows for setting accounting periods. Access to this function has been permitted to users in finance, the warehouse and order entry. The MOST likely reason for such broad access is the: A. need to change accounting periods on a regular basis.. B. requirement to post entries for a closed accounting period. C. lack of policies and procedures for the proper segregation of duties. D. need to create/modify the chart of accounts and its allocations.

1 Answers  

---

In a public key infrastructure (PKI), the authority responsible for the identification and authentication of an applicant for a digital certificate (i.e., certificate subjects) is the: A. registration authority (RA). B. issuing certification authority (CA). C. subject CA. D. policy management authority.

1 Answers  

---

Functional acknowledgements are used: A. as an audit trail for EDI transactions. B. to functionally describe the IS department. C. to document user roles and responsibilities. D. as a functional description of application software.

1 Answers   CISA,

---

---

When auditing the requirements phase of a system development project, an IS auditor would: A. assess the adequacy of audit trails. B. identify and determine the criticality of the need. C. verify cost justifications and anticipated benefits. D. ensure that control specifications have been defined.

1 Answers  

---

The feature of a digital signature that ensures the sender cannot later deny generating and sending the message is: A. data integrity. B. authentication. C. nonrepudiation. D. replay protection.

1 Answers  

---

When a complete segregation of duties cannot be achieved in an online system environment, which of the following functions should be separated from the others? A. Origination B. Authorization C. Recording D. Correction

1 Answers  

---

While developing a risk-based audit program, which of the following would the IS auditor MOST likely focus on? A. Business processes B. Critical IT applications C. Corporate objectives D. Business strategies

3 Answers   CISA,

---

Which of the following is a detective control? A. Physical access controls B. Segregation of duties C. Backup procedures D. Audit trails

1 Answers  

---

Which of the following is the MOST effective type of antivirus software to detect an infected application? A. Scanners B. Active monitors C. Integrity checkers D. Vaccines

1 Answers  

---

Applying a retention date on a file will ensure that: A. data cannot be read until the date is set. B. data will not be deleted before that date. C. backup copies are not retained after that date. D. datasets having the same name are differentiated.

2 Answers  

---