Answer / guest

Answer: C

By observing the IS staff performing their tasks, the IS
auditor can identify whether they are performing any
noncompatible operations and by interviewing the IS staff
the auditor can get an overview of the tasks performed.
Based on the observations and interviews the auditor can
evaluate the segregation of duties. Management may not be
aware of the detailed functions of each employee in the IS
department, therefore discussion with the management would
provide only limited information regarding segregation of
duties. An organization chart would not provide details of
the functions of the employees and testing of user rights
would provide information about the rights they have within
the IS systems, but would not provide complete information
about the functions they perform.

Which of the following can identify attacks and penetration attempts to a network? A. Firewall B. Packet filters C. Stateful inspection D. Intrusion detection system (IDs)

1 Answers  

---

Transmitting redundant information with each character or frame to facilitate detection and correction of errors is called: A. feedback error control. B. block sum check. C. forward error control. D. cyclic redundancy check.

1 Answers  

---

A control log basic to a real-time application system is a(n): A. audit log. B. console log. C. terminal log. D. transaction log.

1 Answers  

---

Which of the following environmental controls is appropriate to protect computer equipment against short-term reductions in electrical power? A. Power line conditioners B. A surge protective device C. An alternative power supply D. An interruptible power supply

1 Answers  

---

Which of the following independent duties is traditionally performed by the data control group? A. Access to data B. Authorization tables C. Custody of assets D. Reconciliation

1 Answers  

---

---

When a complete segregation of duties cannot be achieved in an online system environment, which of the following functions should be separated from the others? A. Origination B. Authorization C. Recording D. Correction

1 Answers  

---

Following a reorganization of a company's legacy database, it was discovered that records were accidentally deleted. Which of the following controls would have MOST effectively detected this occurrence? A. Range check B. Table lookups C. Run-to-run totals D. One-for-one checking

1 Answers  

---

At the end of a simulation of an operational contingency test, the IS auditor performed a review of the recovery process. The IS auditor concluded that the recovery took more than the critical time frame allows. Which of the following actions should the auditor recommend? A. Widen the physical capacity to accomplish better mobility in a shorter time. B. Shorten the distance to reach the hot site. C. Perform an integral review of the recovery tasks. D. Increase the number of human resources involved in the recovery process.

1 Answers  

---

To check the performance of flow and error control, an IS auditor should focus the use of a protocol analyzer on which of the following layers? A. Network B. Transport C. Data link D. Application

2 Answers  

---

Which of the following is the primary purpose for conducting parallel testing? A. To determine if the system is cost-effective. B. To enable comprehensive unit and system testing. C. To highlight errors in the program interfaces with files. D. To ensure the new system meets user requirements.

1 Answers  

---

The feature of a digital signature that ensures the sender cannot later deny generating and sending the message is: A. data integrity. B. authentication. C. nonrepudiation. D. replay protection.

1 Answers  

---

Which of the following would help to ensure the portability of an application connected to a database? The: A. verification of database import and export procedures. B. usage of a structured query language (SQL). C. analysis of stored procedures/triggers. D. synchronization of the entity-relation model with the database physical schema.

1 Answers  

---