Answer / guest

Answer: A

Assimilation of the framework and intent of a written
security policy by the users of the systems is critical to
the successful implementation and maintenance of security
policy. You may have a good password system, but if the
users of the system keep passwords written on his/her table,
the password system is of little value. Management support
and commitment is no doubt important, but for successful
implementation and maintenance of security policy, education
of the users on the importance on security is of paramount
importance. The stringent implementation, monitoring and
enforcing of rules by the security officer through access
control software and provision for punitive actions for
violation of security rules also are required along with the
user's education on the importance of security.

Which of the following IT governance best practices improves strategic alignment? A. Supplier and partner risks are managed. B. A knowledge base on customers, products, markets and processes is in place C. A structure is provided that facilitates the creation and sharing of business information. D. Top management mediate between the imperatives of business and technology

2 Answers  

---

The secure socket layer (SSL) protocol addresses the confidentiality of a message through: A. symmetric encryption. B. message authentication code. C. hash function. D. digital signature certificates.

2 Answers  

---

In a risk-based audit approach, an IS auditor, in addition to risk, would be influenced by: A. the availability of CAATs. B. management's representation. C. organizational structure and job responsibilities. D. the existence of internal and operational controls

1 Answers  

---

While designing the business continuity plan (BCP) for an airline reservation system, the MOST appropriate method of data transfer/back up at an offsite location would be: A. shadow file processing. B. electronic vaulting. C. hard-disk mirroring. D. hot-site provisioning.

2 Answers  

---

Which of the following techniques or tools would assist an IS auditor when performing a statistical sampling of financial transactions maintained in a financial management information system? A. Spreadsheets B. Parallel simulation C. Generalized audit software D. Regression testing

1 Answers  

---

---

The device that connects two networks at the highest level of the ISO-OSI framework ( i.e., application layer) is a A. Gateway B. Router C. Bridge D. Brouter

1 Answers  

---

When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensure that:

6 Answers  

---

Which of the following steps would an IS auditor normally perform FIRST in a data center security review? A. Evaluate physical access test results. B. Determine the risks/threats to the data center site. C. Review business continuity procedures. D. Test for evidence of physical access at suspect locations.

1 Answers  

---

An enterprise has established a steering committee to oversee its e-business program. The steering committee would MOST likely be involved in the: A. documentation of requirements. B. escalation of project issues. C. design of interface controls. D. specification of reports.

1 Answers  

---

Testing the connection of two or more system components that pass information from one area to another is: A. pilot testing. B. parallel testing C. interface testing. D. regression testing.

2 Answers  

---

An independent software program that connects two otherwise separate applications sharing computing resources across heterogeneous technologies is known as: A. middleware. B. firmware. C. application software. D. embedded systems.

1 Answers  

---

The implementation of cost-effective controls in an automated system is ultimately the responsibility of the: A. system administrator. B. quality assurance function. C. business unit management. D. chief of internal audit.

1 Answers  

---