Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following functions, if combined, would be the
GREATEST risk to an organization?
A. Systems analyst and database administrator
B. Quality assurance and computer operator
C. Tape librarian and data entry clerk
D. Application programmer and tape librarian
- 2 Answers
- 5646 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: D
Application programmers should not have access to system
program libraries. All other combinations, although not
preferred, would normally include some type of compensating
control to mitigate the lack of separation of duties.
| Is This Answer Correct ? | 2 Yes | 1 No |
Which of the following types of controls is designed to provide the ability to verify data and record values through the stages of application processing? A. Range checks B. Run-to-run totals C. Limit checks on calculated amounts D. Exception reports
Which of the following manages the digital certificate life cycle to ensure adequate security and controls exist in digital signature applications related to e-commerce? A. Registration authority B. Certification authority C. Certification relocation list D. Certification practice statement
Once an organization has finished the business process reengineering (BPR) of all its critical operations, the IS auditor would MOST likely focus on a review of: A. pre-BPR process flowcharts. B. post-BPR process flowcharts. C. BPR project plans. D. continuous improvement and monitoring plans.
Which of the following issues should be included in the business continuity plan? A. The staff required to maintain critical business functions in the short, medium and long term B. The potential for a natural disaster to occur, such as an earthquake C. Disastrous events impacting information systems processing and end-user functions D. A risk analysis that considers systems malfunctions, accidental file deletions or other failures
Which of the following is the operating system mode in which all instructions can be executed? A. Problem B. Interrupt C. Supervisor D. Standard processing
Which of the following should be in place to protect the purchaser of an application package in the event that the vendor ceases to trade? A. Source code held in escrow. B. Object code held by a trusted third party. C. Contractual obligation for software maintenance. D. Adequate training for internal programming staff.
Which of the following would help to ensure the portability of an application connected to a database? The: A. verification of database import and export procedures. B. usage of a structured query language (SQL). C. analysis of stored procedures/triggers. D. synchronization of the entity-relation model with the database physical schema.
Utilizing audit software to compare the object code of two programs is an audit technique used to test program: A. logic. B. changes. C. efficiency. D. computations.
The method of routing traffic through split cable facilities or duplicate cable facilities is called: A. alternative routing. B. diverse routing. C. redundancy. D. circular routing.
An IS auditor conducting a review of disaster recovery planning at a financial processing organization has discovered the following: * The existing disaster recovery plan was compiled two years ago by a systems analyst in the organization's IT department using transaction flow projections from the operations department. * The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his attention. * The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for their area in the event of a disruptive incident. The IS auditor's report should recommend that: A. the deputy CEO be censured for his failure to approve the plan. B. a board of senior managers be set up to review the existing plan. C. the existing plan be approved and circulated to all key management and staff. D. a manager coordinate the creation of a new or revised plan within a defined time limit.
An organization's disaster recovery plan should address early recovery of: A. all information systems processes. B. all financial processing applications. C. only those applications designated by the IS manager. D. processing in priority order, as defined by business management.
Which of the following concerns associated with the World Wide Web would be addressed by a firewall? A. Unauthorized access from outside the organization B. Unauthorized access from within the organization C. A delay in Internet connectivity D. A delay in downloading using file transfer protocol (FTP)
Cisco Certifications 
