Answer / chatter

A. Emergency changes are acceptable as long as they are properly documented as part of the process.

B. Instances of jobs not being completed on time is a potential issue and should be investigated, but it is not the greatest concern.

C. The overriding of computer processing jobs by computer operators could lead to unauthorized changes to data or programs. This is a control concern; thus, it is always critical.

D. The audit should find that all scheduled jobs were run and that any exceptions were documented. This would not be a violation.

Question #: 72 CISA Job Practice Task Statement: 1.2

An IS auditor reviewing an organization's IT strategic plan should FIRST review: A. the existing IT environment. B. the business plan. C. the present IT budget. D. current technology trends.

1 Answers  

---

Which of the following is a control over database administration activities? A. A database checkpoint to restart processing after a system failure B. Database compression to reduce unused space C. Supervisory review of access logs D. Backup and recovery procedures to ensure database availability

1 Answers  

---

In a risk-based audit approach an IS auditor should FIRST complete a/an: A. inherent risk assessment. B. control risk assessment. C. test of control assessment. D. substantive test assessment.

1 Answers  

---

Which of the following BEST describes the objectives of following a standard system development methodology? A. To ensure that appropriate staffing is assigned and to provide a method of controlling costs and schedules B. To provide a method of controlling costs and schedules and to ensure communication among users, IS auditors, management and IS personnel C. To provide a method of controlling costs and schedules and an effective means of auditing project development D. To ensure communication among users, IS auditors, management and personnel and to ensure that appropriate staffing is assigned

1 Answers  

---

An offsite information processing facility having electrical wiring, air conditioning and flooring, but no computer or communications equipment is a: A. cold site. B. warm site. C. dial-up site. D. duplicate processing facility.

2 Answers  

---

Which of the following types of firewalls provide the GREATEST degree and granularity of control? A. Screening router B. Packet filter C. Application gateway D. Circuit gateway

1 Answers  

---

Which of the following Internet security threats could compromise integrity? A. Theft of data from the client B. Exposure of network configuration information C. A trojan horse browser D. Eavesdropping on the net

2 Answers  

---

A debugging tool, which reports on the sequence of steps executed by a program, is called a/an: A. output analyzer. B. memory dump. C. compiler. D. logic path monitor.

2 Answers  

---

Which of the following security techniques is the BEST method for authenticating a user's identity? A. Smart card B. Biometrics C. Challenge-response token D. User ID and password

1 Answers  

---

In large corporate networks having supply partners across the globe, network traffic may continue to rise. The infrastructure components in such environments should be scalable. Which of the following firewall architectures limits future scalability? A. Appliances B. Operating system based C. Host based D. Demilitarized

1 Answers  

---

Using test data as part of a comprehensive test of program controls in a continuous online manner is called a/an: A. test data/deck. B. base case system evaluation. C. integrated test facility (ITF). D. parallel simulation.

1 Answers  

---

IT governance ensures that an organization aligns its IT strategy with: A. Enterprise objectives. B. IT objectives. C. Audit objectives. D. Finance objectives.

2 Answers  

---