Interested to Buy Any Domain ? << Click Here >> for more details...
At the end of the testing phase of software development, an
IS auditor observes that an intermittent software error has
not been corrected. No action has been taken to resolve the
error. The IS auditor should:
A. report the error as a finding and leave further
exploration to the auditee's discretion.
B. attempt to resolve the error.
C. recommend that problem resolution be escalated.
D. ignore the error, as it is not possible to get objective
evidence for the software error.
- 1 Answers
- 6300 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
When an auditor observes such conditions, it is best to
fully apprise the auditee and suggest that further problem
resolutions be attempted. Recording it as a minor error and
leaving it to auditee's discretion would be inappropriate,
and neglecting the error would indicate that the auditor has
not taken steps to further probe the issue to its logical end.
| Is This Answer Correct ? | 4 Yes | 0 No |
An IS auditor has just completed a review of an organization that has a mainframe and a client-server environment where all production data reside. Which of the following weaknesses would be considered the MOST serious? A. The security officer also serves as the database administrator (DBA.) B. Password controls are not administered over the client/server environment. C. There is no business continuity plan for the mainframe system?s non-critical applications. D. Most LANs do not back up file server fixed disks regularly.
An IS auditor reviewing operating system access discovers that the system is not secured properly. In this situation, the IS auditor is LEAST likely to be concerned that the user might: A. create new users. B. delete database and log files. C. access the system utility tools. D. access the system writeable directories.
The BEST defense against network eavesdropping is: A. encryption. B. moving the defense perimeter outward. C. reducing the amplitude of the communication signal. D. masking the signal with noise.
Which of the following can identify attacks and penetration attempts to a network? A. Firewall B. Packet filters C. Stateful inspection D. Intrusion detection system (IDs)
A MAJOR risk of using single sign-on (SSO) is that it: A. has a single authentication point. B. represents a single point of failure. C. causes an administrative bottleneck. D. leads to a lockout of valid users.
A strength of an implemented quality system based on ISO 9001 is that it: A. guarantees quality solutions to business problems. B. results in improved software life cycle activities. C. provides clear answers to questions concerning cost-effectiveness. D. does not depend on the maturity of the implemented quality system.
Which of the following is LEAST likely to be contained in a digital certificate for the purposes of verification by a trusted third party (TTP)/certification authority (CA)? A. Name of the TTP/CA B. Public key of the sender C. Name of the public key holder D. Time period for which the key is valid
Requiring passwords to be changed on a regular basis, assigning a new one-time password when a user forgets his/hers, and requiring users not to write down their passwords are all examples of: A. audit objectives. B. audit procedures. C. controls objectives. D. control procedures.
Without compensating controls, which of the following functions would represent a risk if combined with that of a system analyst? A. Application programming B. Data entry C. Quality assurance D. Database administrator
Prices are charged on the basis of a standard master file rate that changes as volume increases. Any exceptions must be manually approved. What is the MOST effective automated control to help ensure that all price exceptions are approved? A. All amounts are displayed back to the data entry clerk, who must verify them visually. B. Prices outside the normal range should be entered twice to verify data entry accuracy. C. The system beeps when price exceptions are entered and prints such occurrences on a report. D. A second-level password must be entered before a price exception can be processed.
Which of the following is a practice that should be incorporated into the plan for testing disaster recovery procedures? A. Invite client participation. B. Involve all technical staff. C. Rotate recovery managers. D. Install locally stored backup.
A control for a company that wants to prevent virus-infected programs (or other type of unauthorized modified programs) would be to: A. utilize integrity checkers. B. verify program's lengths. C. backup the source and object code. D. implement segregation of duties.
Cisco Certifications 
