Antivirus software should be used as a:
A. detective control.
B. preventive control.
C. corrective control.
D. compensating control.
Answer / guest
Answer: B
Antivirus software should be used as a preventive control.
It may be too late to correct a problem if the problem is
not prevented in the first place.
Is This Answer Correct ? | 18 Yes | 6 No |
An IS auditor recommends that an initial validation control be programmed into a credit card transaction capture application. The initial validation process would MOST likely: A. check to ensure the type of transaction is valid for that card type. B. verify the format of the number entered then locate it on the database. C. ensure that the transaction entered is within the cardholder's credit limit. D. confirm that the card is not shown as lost or stolen on the master file.
The rate of change of technology increases the importance of: A. outsourcing the IS function. B. implementing and enforcing good processes. C. hiring personnel willing to make a career within the organization. D. meeting user requirements.
When an organization's network is connected to an external network in an Internet client-server model not under that organization's control, security becomes a concern. In providing adequate security in this environment, which of the following assurance levels is LEAST important? A. Server and client authentication B. Data integrity C. Data recovery D. Data confidentiality
When reviewing a business process reengineering (BPR) project, which of the following is the MOST important for an IS auditor to evaluate? A. The impact of removed controls. B. The cost of new controls. C. The BPR project plans. D. The continuous improvement and monitoring plans.
Which of the following provides the framework for designing and developing logical access controls? A. Information systems security policy B. Access control lists C. Password management D. System configuration files
Which of the following procedures can a biometric system perform? A. Measure airborne contamination. B. Provide security over physical access. C. Monitor temperature and humidity levels. D. Detect hazardous electromagnetic fields in an area.
Which of the following is the MOST reasonable option for recovering a noncritical system? A. Warm site B. Mobile site C. Hot site D. Cold site
The BEST method of proving the accuracy of a system tax calculation is by: A. detailed visual review and analysis of the source code of the calculation programs. B. recreating program logic using generalized audit software to calculate monthly totals. C. preparing simulated transactions for processing and comparing the results to predetermined results. D. automatic flowcharting and analysis of the source code of the calculation programs.
To check the performance of flow and error control, an IS auditor should focus the use of a protocol analyzer on which of the following layers? A. Network B. Transport C. Data link D. Application
Which of the following is an implementation risk within the process of decision support systems? A. Management control B. Semistructured dimensions C. Inability to specify purpose and usage patterns D. Changes in decision processes
Which of the following would BEST ensure continuity of a wide area network (WAN) across the organization? A. Built-in alternative routing B. Full system backup taken daily C. A repair contract with a service provider D. A duplicate machine alongside each server
When a systems development life cycle (SDLC) methodology is inadequate, the MOST serious immediate risk is that the new system will: A. be completed late. B. exceed the cost estimates. C. not meet business and user needs. D. be incompatible with existing systems.