IS auditors reviewing access control should review data
classification to ensure that encryption parameters are
classified as:
A. sensitive.
B. confidential.
C. critical.
D. private.
Sales orders are automatically numbered sequentially at each
of a retailer's multiple outlets. Small orders are processed
directly at the outlets, with large orders sent to a central
production facility. The MOST appropriate control to ensure
that all orders transmitted to production are received and
processed would be to:
A. send and reconcile transaction counts and totals.
B. have data transmitted back to the local site for comparison.
C. compare data communications protocols with parity checking.
D. track and account for the numerical sequence of sales
orders at the production facility.
Of the following who is MOST likely to be responsible for
network security operations?
A. Users
B. Security administrators
C. Line managers
D. Security officers
Following a reorganization of a company's legacy database,
it was discovered that records were accidentally deleted.
Which of the following controls would have MOST effectively
detected this occurrence?
A. Range check
B. Table lookups
C. Run-to-run totals
D. One-for-one checking
Which of the following types of controls is designed to
provide the ability to verify data and record values through
the stages of application processing?
A. Range checks
B. Run-to-run totals
C. Limit checks on calculated amounts
D. Exception reports
Which of the following is a control to detect an
unauthorized change in a production environment?
A. Denying programmers access to production data.
B. Requiring change request to include benefits and costs.
C. Periodically comparing control and current object and
source programs.
D. Establishing procedures for emergency changes.
To prevent an organization's computer systems from becoming
part of a distributed denial-of-service attack, IP packets
containing addresses that are listed as unroutable can be
isolated by:
A. establishing outbound traffic filtering.
B. enabling broadcast blocking.
C. limiting allowable services.
D. network performance monitoring.
When performing a general controls review, an IS auditor
checks the relative location of the computer room inside the
building. What potential threat is the IS auditor trying to
identify?
A. Social engineering
B. Windstorm
C. Earthquake
D. Flooding
Which of the following audit procedures would an IS auditor
be LEAST likely to include in a security audit?
A. Review the effectiveness and utilization of assets.
B. Test to determine that access to assets is adequate.
C. Validate physical, environmental and logical access
policies per job profiles.
D. Evaluate asset safeguards and procedures that prevent
unauthorized access to the assets.
During a post-implementation review of an enterprise
resource management system, an IS auditor would MOST likely:
A. review access control configuration.
B. evaluate interface testing.
C. review detailed design documentation.
D. evaluate system testing.
To determine which users can gain access to the privileged
supervisory state, which of the following should an IS
auditor review?
A. System access log files
B. Enabled access control software parameters
C. Logs of access control violations
D. System configuration files for control options used
Which of the following MUST exist to ensure the viability of
a duplicate information processing facility?
A. The site is near the primary site to ensure quick and
efficient recovery.
B. The site contains the most advanced hardware available.
C. The workload of the primary site is monitored to ensure
adequate backup is available.
D. The hardware is tested when it is installed to ensure it
is working properly.
During an audit, an IS auditor learns that lengthy and
complex passwords are required to reach the network via
modem. These passwords were established by an outside
provider. The communications software allows users to select
a ?remember password? option. What should the IS auditor's
PRIMARY recommendation be?
A. Disable the save password option and have users record
them elsewhere.
B. Request that the provider change the dial-in password to
a group password.
C. Establish and enforce a process to have users change
their passwords.
D. Allow users to change their passwords to something less
complex.
Many organizations require an employee to take a mandatory
vacation (holiday) of a week or more to:
A. ensure the employee maintains a quality of life, which
will lead to greater productivity.
B. reduce the opportunity for an employee to commit an
improper or illegal act.
C. provide proper cross training for another employee.
D. eliminate the potential disruption caused when an
employee takes vacation one day at a time.
What is NOT a valid functional area type?
a) LDB
b) Sequential Data Set
c) Program
d) Search Help
e) Joined Tables
note: Please answer only if you are very sure. Else pls ignore.
I am willing to go for General Ledger certification. Could
any one guide me what are the prerequisites..? am i need to
any exam before take this GL exam..?
13
please give us the detail about the company HESS
CORPORATION , 1-11 Jhon street London
168
Can anyone pass on the certification dump for informatica
8.x to prshri@gmail.com ? I appreciate your help
380
Hi I want to do certification on security trading.Any idea ?
90
I am currently into Telecom Testing doing some Protocol-
level testing(SIP,SS7,CAP protocols) and some Black-Box
testing.Is there any certifications which I can do related
to this?
is there use of doing CEIS certification by karRox for
other industry rather than IBM? if yes name the company's
who approve for such certifications?
164
tell the function of Source record of DNS server. why we
create Stub zone? Tell Round Robing also?
209
What is needed to ensure a check field is verified against
the referenced key field of the check table?
a) same data element is required for check field and
referenced field
b) same domain is required for check field and referenced field
c) same data type only is required for check field and
referenced field
d) all key fields MUST have domain equality between check
table and foreign key table
Note: I am confused between A or C ? Please answer only if
you are very sure. Else pls ignore.
What is the Effect of not Typing Formal parameters in a Form?
a) Conversion always occurs
b) Conversion never occurs
c) Forms are more flexible but prone to a short dump if
conversion does not work
d) No effect
e) Forms are less flexible and are guaranteed no chance of a
run time error
Note: Please answer only if you are very sure. Else pls ignore.
Hi. I wish to appear for OCA exam. Can anyone pls guide me
on the syllabus n fee structure of the exam. I know that
there are 2 tracks : developer and dba. What is the
difference between the two? All suggestions are welcome.
Thanks.
22
What technique would you use to fix the 10 leftmost columns
on a list when scrolling to the right?
a) Set Left Scroll-Boundary Column 10
b) Set Right Scroll-Boundary Column 10
c) Scroll List PS+<10>
d) Scroll List Left
Note: My answer for this question is A. But if you think
different then pls give link or explain how.
Can any one please suggest me about certification in
Mainframe.I have two year experience in Mainframe though i
want to purse standard mainframe certification like Oracle
certification...
213
What is deferent between Windows 2003 server and Windows
server2008
Ask Questions on ANYTHING, that arise in your Daily Life at 
Site Map
