Which of the following would be the BEST population to take
a sample from when testing program changes?
A. Test library listings
B. Source program listings
C. Program change requests
D. Production library listings
- 1 Answers
- 6138 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: D
The best source from which to draw any sample or test of
system information is the automated system. The production
libraries represent executables that are approved and
authorized to process organizational data. Source program
listings would be time intensive. Program change requests
are the documents used to initiate change. There is no
guarantee that the request has been completed for all
changes. Test library listings do not represent the approved
and authorized executables.
| Is This Answer Correct ? | 7 Yes | 0 No |
An IS auditor reviewing an organization's IS disaster recovery plan should verify that it is: A. tested every 6 months. B. regularly reviewed and updated. C. approved by the chief executive officer (CEO). D. communicated to every departmental head in the organization.
Which of the following choices BEST ensures the effectiveness of controls related to interest calculation inside an accounting system? A. Re-performance B. Process walk-through C. Observation D. Documentation review
An IS auditor performing a telecommunication access control review should be concerned PRIMARILY with the: A. maintenance of access logs of usage of various system resources. B. authorization and authentication of the user prior to granting access to system resources. C. adequate protection of stored data on servers by encryption or other means. D. accountability system and the ability to identify any terminal accessing system resources.
Sales orders are automatically numbered sequentially at each of a retailer's multiple outlets. Small orders are processed directly at the outlets, with large orders sent to a central production facility. The MOST appropriate control to ensure that all orders transmitted to production are received and processed would be to: A. send and reconcile transaction counts and totals. B. have data transmitted back to the local site for comparison. C. compare data communications protocols with parity checking. D. track and account for the numerical sequence of sales orders at the production facility.
The BEST method of proving the accuracy of a system tax calculation is by: A. detailed visual review and analysis of the source code of the calculation programs. B. recreating program logic using generalized audit software to calculate monthly totals. C. preparing simulated transactions for processing and comparing the results to predetermined results. D. automatic flowcharting and analysis of the source code of the calculation programs.
When reviewing the implementation of a LAN the IS auditor should FIRST review the: A. node list. B. acceptance test report. C. network diagram. D. user's list.
An IS auditor performing an access controls review should be LEAST concerned if: A. audit trails were not enabled. B. programmers have access to the live environment. C. group logons are being used for critical functions. D. the same user can initiate transactions and also change related parameters.
Which of the following is a substantive test?
A digital signature contains a message digest to: A. show if the message has been altered after transmission. B. define the encryption algorithm. C. confirm the identity of the originator. D. enable message transmission in a digital format.
During the course of an audit, the IS auditor discovers that the human resources (HR) department uses a cloud-based application to manage employee records. The HR department engaged in a contract outside of the normal vendor management process and manages the application on its own. Which of the following choices is of MOST concern? A. Maximum acceptable downtime metrics have not been defined in the contract. B. The IT department does not manage the relationship with the cloud vendor. C. The help desk call center is in a different country, with different privacy requirements. D. Company-defined security policies are not applied to the cloud application.
Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly? A. Field checks B. Control totals C. Reasonableness checks D. A before-and-after maintenance report
Which of the following methods of suppressing a fire in a data center is the MOST effective and environmentally friendly? A. Halon gas B. Wet-pipe sprinklers C. Dry-pipe sprinklers D. Carbon dioxide gas
Cisco Certifications 
