Interested to Buy Any Domain ? << Click Here >> for more details...
When evaluating the collective effect of preventive,
detective or corrective controls within a process an IS
auditor should be aware:
A. of the point at which controls are exercised as data
flows through the system.
B. that only preventive and detective controls are relevant.
C. that corrective controls can only be regarded as
compensating.
D. that classification allows an IS auditor to determine
which controls are missing.
- 1 Answers
- 10233 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
An IS auditor should focus on when controls are exercised as
data flows through a computer system. Choice B is incorrect
since corrective controls may also be relevant. Choice C is
incorrect since corrective controls remove or reduce the
effects of errors or irregularities and are exclusively
regarded as compensating controls. Choice D is incorrect and
irrelevant since the existence and function of controls is
important, not the classification.
| Is This Answer Correct ? | 6 Yes | 0 No |
The BEST defense against network eavesdropping is: A. encryption. B. moving the defense perimeter outward. C. reducing the amplitude of the communication signal. D. masking the signal with noise.
The IS department of an organization wants to ensure that the computer files, used in the information processing facility, are backed up adequately to allow for proper recovery. This is a/an: A. control procedure. B. control objective. C. corrective control. D. operational control.
In addition to the backup considerations for all systems, which of the following is an important consideration in providing backup for online systems? A. Maintaining system software parameters B. Ensuring periodic dumps of transaction logs C. Ensuring grandfather-father-son file backups D. Maintaining important data at an off-site location
For an online transaction processing system, transactions per second is a measure of: A. throughput. B. response time. C. turnaround time. D. uptime.
To meet pre-defined criteria, which of the following continuous audit techniques would BEST identify transactions to audit? A. Systems Control Audit Review File and Embedded Audit Modules (SCARF/EAM) B. Continuous and Intermittent Simulation (CIS) C. Integrated Test Facilities (ITF) D. Audit hooks
The document used by the top management of organizations to delegate authority to the IS audit function is the: A. long-term audit plan. B. audit charter. C. audit planning methodology. D. steering committee minutes.
Which of the following would be considered an essential feature of a network management system? A. A graphical interface to map the network topology B. Capacity to interact with the Internet to solve the problems C. Connectivity to a help desk for advice on difficult issues D. An export facility for piping data to spreadsheets
When auditing the proposed acquisition of a new computer system, the IS auditor should FIRST establish that: A. a clear business case has been approved by management. B. corporate security standards will be met. C. users will be involved in the implementation plan. D. the new system will meet all required user functionality.
A manufacturing firm wants to automate its invoice payment system. Objectives state that the system should require considerably less time for review and authorization and the system should be capable of identifying errors that require follow up. Which of the following would BEST meet these objectives? A. Establishing an inter-networked system of client servers with suppliers for increased efficiencies B. Outsourcing the function to a firm specializing in automated payments and accounts receivable/invoice processing C. Establishing an EDI system of electronic business documents and transactions with key suppliers, computer to computer, in a standard format D. Reengineering the existing processing and redesigning the existing system
Which of the following is a data validation edit and control? A. Hash totals B. Reasonableness checks C. Online access controls D. Before and after image reporting
The PRIMARY advantage of a continuous audit approach is that it: A. does not require an IS auditor to collect evidence on system reliability while processing is taking place. B. requires the IS auditor to review and follow up immediately on all information collected. C. can improve system security when used in time-sharing environments that process a large number of transactions. D. does not depend on the complexity of an organization's computer systems.
A TCP/IP-based environment is exposed to the Internet. Which of the following BEST ensures that complete encryption and authentication protocols exist for protecting information while transmitted? A. Work is completed in tunnel mode with IP security using the nested services of authentication header (AH) and encapsulating security payload (ESP). B. A digital signature with RSA has been implemented. C. Digital certificates with RSA are being used. D. Work is being completed in TCP services.
Cisco Certifications 
