Interested to Buy Any Domain ? << Click Here >> for more details...
When developing a risk-based audit strategy, an IS auditor
should conduct a risk assessment to ensure that:
- 6 Answers
- 16393 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / saulat
B. vulnerabilities and threats are identified.
the purpose of risk based audit is to identify the
vulnerability and risks in the process
| Is This Answer Correct ? | 34 Yes | 3 No |
Answer / bbb
A. controls needed to mitigate risks are in place.
B. vulnerabilities and threats are identified.
C. audit risks are considered.
D. a gap analysis is appropriate.
| Is This Answer Correct ? | 17 Yes | 3 No |
Answer / guest
Vulnerabilities and threat are identified,their effects on
the assets are being audited,and projected loss frequency
and severity are determined
| Is This Answer Correct ? | 6 Yes | 0 No |
Answer / vijayakumari
The risk assessment will help to determine whether the
audit will yield meaningful information and add value.
| Is This Answer Correct ? | 0 Yes | 3 No |
Following the development of an application system, it is determined that several design objectives have not been achieved. This is MOST likely to have been caused by: A. insufficient user involvement. B. early dismissal of the project manager. C. inadequate quality assurance (QA) tools. D. noncompliance with defined approval points.
Which of the following imaging technologies captures handwriting from a preprinted form and converts it into an electronic format? A. Magnetic ink character recognition (MICR) B. Intelligent voice recognition (IVR) C. Bar code recognition (BCR) D. Optical character recognition (OCR)
During which phase of a system development process should an IS auditor first raise the issue of application controls? A. Construction B. System design C. Acceptance testing D. Functional specification
Assumptions while planning an IS project involve a high degree of risk because they are: A. based on known constraints. B. based on objective past data. C. a result of lack of information. D. often made by unqualified people.
The IS department of an organization wants to ensure that the computer files, used in the information processing facility, are backed up adequately to allow for proper recovery. This is a/an: A. control procedure. B. control objective. C. corrective control. D. operational control.
Which of the following would be a MAJOR disadvantage of using prototyping as a systems development methodology? A. User expectations of project timescales may be overly optimistic. B. Effective change control and management is impossible to implement. C. User participation in day-to-day project management may be too extensive. D. Users usually are not sufficiently knowledgeable to assist in system development.
A database administrator is responsible for: A. maintaining the access security of data residing on the computers. B. implementing database definition controls. C. granting access rights to users. D. defining system's data structure.
Which of the following BEST describes an integrated test facility? A. A technique that enables the IS auditor to test a computer application for the purpose of verifying correct processing B. The utilization of hardware and/or software to review and test the functioning of a computer system C. A method of using special programming options to permit printout of the path through a computer program taken to process a specific transaction D. A procedure for tagging and extending transactions and master records that are used by an IS auditor for tests
Linux is an __________ operating system
During the review of a biometrics system operation, the IS auditor should FIRST review the stage of: A. enrollment. B. identification. C. verification. D. storage.
The FIRST step in developing a business continuity plan (BCP) is to: A. classify the importance of systems. B. establish a disaster recovery strategy. C. determine the critical recovery time period. D. perform a risk ranking.
An IS auditor has recently discovered that because of a shortage of skilled operations personnel, the security administrator has agreed to work one late-night shift a month as the senior computer operator. The MOST appropriate course of action for the IS auditor is to: A. advise senior management of the risk involved. B. agree to work with the security officer on these shifts as a form of preventative control. C. develop a computer-assisted audit technique to detect instances of abuses of this arrangement. D. review the system log for each of the late-night shifts to determine whether any irregular actions occurred.
Cisco Certifications 
