Without compensating controls, which of the following
functions would represent a risk if combined with that of a
system analyst?
A. Application programming
B. Data entry
C. Quality assurance
D. Database administrator
- 1 Answers
- 5150 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
A system analyst should not perform quality assurance (QA)
duties as independence would be impaired, since the systems
analyst is part of the team developing/designing the
software. A system analyst can perform the other functions.
The best example is a citizen programmer. A citizen (name
related to citizen, since they have the right to do all or
anything) programmer who has access to development tools can
do all aspects while developing software (design,
development, testing, implementation). Only good
compensatory controls would be able to monitor/control these
activities. Compensating controls will ensure these
functions have been effectively performed. If an analyst
compromises on functions in these roles, it can be detected
immediately with the help of compensating controls. However,
a system analyst should be discouraged from performing the
role of QA, since quality assurance levels could be
compromised if it does not meet the agreed standards.
| Is This Answer Correct ? | 8 Yes | 0 No |
E-cash is a form of electronic money that: A. can be used over any computer network. B. utilizes reusable e-cash coins to make payments. C. does not require the use of an Internet digital bank. D. contains unique serial numbering to track the identity of the buyer.
The use of coding standards is encouraged by IS auditors because they: A. define access control tables. B. detail program documentation. C. standardize dataflow diagram methodology. D. ensure compliance with field naming conventions.
An IS auditor is reviewing the risk management process. Which of the following is the MOST important consideration during this review? A. Controls are implemented based on cost-benefit analysis. B. The risk management framework is based on global standards. C. The approval process for risk response is in place. D. IT risk is presented in business terms.
The knowledge base of an expert system that uses questionnaires to lead the user through a series of choices before a conclusion is reached is known as: A. rules. B. decision trees. C. semantic nets. D. data flow diagrams.
Which of the following is the MOST important function to be performed by IT management within an outsourced environment? A. Ensuring that invoices are paid to the provider B. Participating in systems design with the provider C. Renegotiating the provider's fees D. Monitoring the outsourcing provider's performance
In a risk-based audit approach, an IS auditor, in addition to risk, would be influenced by: A. the availability of CAATs. B. management's representation. C. organizational structure and job responsibilities. D. the existence of internal and operational controls
Which of the following provides the framework for designing and developing logical access controls? A. Information systems security policy B. Access control lists C. Password management D. System configuration files
Which of the following is an example of a passive attack, initiated through the Internet? A. Traffic analysis B. Masquerading C. Denial of service D. E-mail spoofing
Which of the following is a benefit of a risk-based approach to audit planning? Audit: A. scheduling may be performed months in advance. B. budgets are more likely to be met by the IS audit staff. C. staff will be exposed to a variety of technologies. D. resources are allocated to the areas of highest concern.
An offsite information processing facility having electrical wiring, air conditioning and flooring, but no computer or communications equipment is a: A. cold site. B. warm site. C. dial-up site. D. duplicate processing facility.
Which of the following message services provides the strongest protection that a specific action has occurred? A. Proof of delivery B. Nonrepudiation C. Proof of submission D. Message origin authentication
Which of the following can consume valuable network bandwidth? A. Trojan horses B. Trap doors C. Worms D. Vaccines
Cisco Certifications 
