Answer / guest

Answer: A

As a member of the project team, the IS auditor's primary
role is to ensure that adequate and appropriate control
procedures are designed and programmed into the system. At
this stage, it is too early for user acceptance schedules,
training programs and user procedures to be the primary
concern of the IS auditor.

An organization wants to enforce data integrity principles and achieve faster performance/execution in a database application. Which of the following design principles should be applied? A. User (customized) triggers B. Data validation at the front end C. Data validation at the back end D. Referential integrity

1 Answers  

---

An IS auditor observed that some data entry operators leave their computers in the midst of data entry without logging off. Which of the following controls should be suggested to prevent unauthorized access? A. Encryption B. Switch off the computer when leaving C. Password control D. Screen saver password

1 Answers  

---

The objective of IT governance is to ensure that the IT strategy is aligned with the objectives of (the): A. enterprise. B. IT. C. audit. D. finance.

1 Answers  

---

A hardware control that helps to detect errors when data are communicated from one computer to another is known as a: A. duplicate check. B. table lookup. C. validity check. D. parity check.

2 Answers  

---

Without causing a conflict of interest, a duty compatible with those of a security administrator would be: A. quality assurance. B. application programming. C. systems programming. D. data entry.

1 Answers  

---

During an audit, an IS auditor learns that lengthy and complex passwords are required to reach the network via modem. These passwords were established by an outside provider. The communications software allows users to select a ?remember password? option. What should the IS auditor's PRIMARY recommendation be? A. Disable the save password option and have users record them elsewhere. B. Request that the provider change the dial-in password to a group password. C. Establish and enforce a process to have users change their passwords. D. Allow users to change their passwords to something less complex.

1 Answers  

---

An IS auditor should be able to identify and evaluate various types of risks and their potential effects. Which of the following risks is associated with authorized program exits (trap doors)? A. Inherent B. Detection C. Audit D. Error

2 Answers  

---

The PRIMARY objective of an IS audit function is to: A. determine whether everyone uses IS resources according to their job description. B. determine whether information systems safeguard assets, and maintain data integrity. C. examine books of accounts and relative documentary evidence for the computerized system. D. determine the ability of the organization to detect fraud.

1 Answers  

---

In the ISO/OSI model, which of the following protocols is the FIRST to establish security for the user application? A. Session layer. B. Transport layer C. Network layer D. Presentation layer

1 Answers  

---

IS auditors reviewing access control should review data classification to ensure that encryption parameters are classified as: A. sensitive. B. confidential. C. critical. D. private.

1 Answers  

---

An enterprisewide network security architecture of public key infrastructure (PKI) would be comprised of: A. A public key cryptosystem, private key cryptosystem and digital certificate B. A public key cryptosystem, symmetric encryption and certificate authorities C. A symmetric encryption, digital certificate and kerberos authentication D. A public key cryptosystem, digital certificate and certificate authorities

1 Answers  

---

Which of the following duties would be a concern if performed along with systems administration? A. Maintenance of access rules B. Review of system audit trail C. Data librarian D. Performance monitoring

1 Answers  

---