Interested to Buy Any Domain ? << Click Here >> for more details...
The MOST significant level of effort for business continuity
planning (BCP) generally is required during the:
A. testing stage.
B. evaluation stage.
C. maintenance stage.
D. early stages of planning.
- 2 Answers
- 10513 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: D
A company in the early stages of a BCP will incur the most
significant level of program development effort, which will
level out as the BCP moves into maintenance, testing and
evaluation stages. It is during the planning stage that an
IS auditor will play an important role in obtaining senior
management's commitment to resources and assignment of BCP
responsibilities.
| Is This Answer Correct ? | 10 Yes | 0 No |
An IS auditor doing penetration testing during an audit of Internet connections would: A. evaluate configurations. B. examine security settings. C. ensure virus-scanning software is in use. D. use tools and techniques that are available to a hacker.
In regard to moving an application program from the test environment to the production environment, the BEST control would be provided by having the: A. application programmer copy the source program and compiled object module to the production libraries. B. as paul says, C. production control group compile the object module to the production libraries using the source program in the test environment. D. production control group copy the source program to the production libraries and then compile the program.
The knowledge base of an expert system that uses questionnaires to lead the user through a series of choices before a conclusion is reached is known as: A. rules. B. decision trees. C. semantic nets. D. data flow diagrams.
Which of the following is a technique that could be used to capture network user passwords? A. Encryption B. Sniffing C. Spoofing D. A signed document cannot be altered.
Which of the following is a control to compensate for a programmer having access to accounts payable production data? A. Processing controls such as range checks and logic edits B. Reviewing accounts payable output reports by data entry C. Reviewing system-produced reports for checks (cheques) over a stated amount D. Having the accounts payable supervisor match all checks (cheques) to approved invoices
To affix a digital signature to a message, the sender must first create a message digest by applying a cryptographic hashing algorithm against: A. the entire message and thereafter enciphering the message digest using the sender's private key. B. any arbitrary part of the message and thereafter enciphering the message digest using the sender's private key. C. the entire message and thereafter enciphering the message using the sender's private key. D. the entire message and thereafter enciphering the message along with the message digest using the sender's private key.
Which of the following manages the digital certificate life cycle to ensure adequate security and controls exist in digital signature applications related to e-commerce? A. Registration authority B. Certification authority C. Certification relocation list D. Certification practice statement
Sign-on procedures include the creation of a unique user ID and password. However, an IS auditor discovers that in many cases the user name and password are the same. The BEST control to mitigate this risk is to: A. change the company's security policy. B. educate users about the risk of weak passwords. C. build in validations to prevent this during user creation and password change. D. require a periodic review of matching user ID and passwords for detection and correction.
A company has contracted with an external consulting firm to implement a commercial financial system to replace its existing in-house developed system. In reviewing the proposed development approach, which of the following would be of GREATEST concern? A. Acceptance testing is to be managed by users. B. A quality plan is not part of the contracted deliverables. C. Not all business functions will be available on initial implementation. D. Prototyping is being used to confirm that the system meets business requirements.
A single digitally signed instruction was given to a financial institution to credit a customer's account. The financial institution received the instruction three times and credited the account three times. Which of the following would be the MOST appropriate control against such multiple credits? A. Encrypting the hash of the payment instruction with the public key of the financial institution. B. Affixing a time stamp to the instruction and using it to check for duplicate payments. C. Encrypting the hash of the payment instruction with the private key of the instructor. D. Affixing a time stamp to the hash of the instruction before being digitally signed by the instructor.
Which of the following database administrator (DBA) activities is unlikely to be recorded on detective control logs? A. Deletion of a record B. Change of a password C. Disclosure of a password D. Changes to access rights
A probable advantage to an organization that has outsourced its data processing services is that: A. needed IS expertise can be obtained from the outside. B. greater control can be exercised over processing. C. processing priorities can be established and enforced internally. D. greater user involvement is required to communicate user needs.
Cisco Certifications 
