Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following would provide a mechanism whereby IS
management can determine if the activities of the
organization have deviated from the planned or expected levels?
A. Quality management
B. IS assessment methods
C. Management principles
D. Industry standards/benchmarking
- 1 Answers
- 6572 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Assessment methods provide a mechanism, whereby IS
management can determine if the activities of the
organization have deviated from planned or expected levels.
These methods include IS budgets, capacity and growth
planning, industry standards/benchmarking, financial
management practices and goal accomplishment. Quality
management is the means by which the IS department processes
are controlled, measured and improved. Management principles
focus on areas such as people, change, processes, security.
Industry standards/benchmarking provide a means of
determining the level of performance provided by similar
information processing facility environments.
| Is This Answer Correct ? | 3 Yes | 0 No |
Security administration procedures require read-only access to: A. access control tables. B. security log files. C. logging options. D. user profiles.
The extent to which data will be collected during an IS audit should be determined, based on the: A. availability of critical and required information. B. auditor's familiarity with the circumstances. C. auditee's ability to find relevant evidence. D. purpose and scope of the audit being done.
Which of the following is a technique that could be used to capture network user passwords? A. Encryption B. Sniffing C. Spoofing D. A signed document cannot be altered.
Which of the following IT governance best practices improves strategic alignment? A. Supplier and partner risks are managed. B. A knowledge base on customers, products, markets and processes is in place C. A structure is provided that facilitates the creation and sharing of business information. D. Top management mediate between the imperatives of business and technology
Which of the following is an implementation risk within the process of decision support systems? A. Management control B. Semistructured dimensions C. Inability to specify purpose and usage patterns D. Changes in decision processes
During a post-implementation review of an enterprise resource management system, an IS auditor would MOST likely: A. review access control configuration. B. evaluate interface testing. C. review detailed design documentation. D. evaluate system testing.
Which of the ISO/OSI model layers provides for routing packets between nodes? A. Data link B. Network C. Transport D. Session
Which of the following types of risks assumes an absence of compensating controls in the area being reviewed? A. Control risk B. Detection risk C. Inherent risk D. Sampling risk
During an audit of an enterprise that is dedicated to e-commerce, the IS manager states that digital signatures are used in the establishment of its commercial relations. To substantiate this, the IS auditor must prove that which of the following is used? A. A biometric, digitalized and encrypted parameter with the customer's public key B. A hash of the data that is transmitted and encrypted with the customer's private key C. A hash of the data that is transmitted and encrypted with the customer's public key D. The customer's scanned signature, encrypted with the customer's public key
An IS auditor has just completed a review of an organization that has a mainframe and a client-server environment where all production data reside. Which of the following weaknesses would be considered the MOST serious? A. The security officer also serves as the database administrator (DBA.) B. Password controls are not administered over the client/server environment. C. There is no business continuity plan for the mainframe system?s non-critical applications. D. Most LANs do not back up file server fixed disks regularly.
Passwords should be: A. assigned by the security administrator. B. changed every 30 days at the discretion of the user. C. reused often to ensure the user does not forget the password. D. displayed on the screen so that the user can ensure that it has been entered properly.
An IS auditor recommends that an initial validation control be programmed into a credit card transaction capture application. The initial validation process would MOST likely: A. check to ensure the type of transaction is valid for that card type. B. verify the format of the number entered then locate it on the database. C. ensure that the transaction entered is within the cardholder's credit limit. D. confirm that the card is not shown as lost or stolen on the master file.
Cisco Certifications 
