During an audit of the tape management system at a data
center, an IS auditor discovered that parameters are set to
bypass or ignore the labels written on tape header records.
The IS auditor also determined that effective staging and
job setup procedures were in place. In this situation, the
IS auditor should conclude that the:
A. tape headers should be manually logged and checked by the
operators.
B. staging and job setup procedures are not appropriate
compensating controls.
C. staging and job setup procedures compensate for the tape
label control weakness.
D. tape management system parameters must be set to check
all labels.
- 1 Answers
- 20738 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
Compensating controls are an important part of a control
structure. They are considered adequate if they help to
achieve the control objective and are cost-effective. In
this situation the IS auditor is most likely to conclude
that staging and job setup procedures compensate for the
tape label control weakness.
| Is This Answer Correct ? | 42 Yes | 0 No |
The risk that an IS auditor uses an inadequate test procedure and concludes that material errors do not exist when, in fact, they do, is an example of: A. inherent risk. B.control risk. C. detection risk. D. audit risk.
Which of the following user profiles should be of MOST concern to the IS auditor, when performing an audit of an EFT system? A. Three users with the ability to capture and verifiy their own messages B. Five users with the ability to capturr and send their own messages C. Five users with the ability to verificy other users and to send of their own messages D. Three users with the ability to capture and verifiy the messages of other users and to send their own messages
The PRIMARY objective of conducting a post-implementation review is to assess whether the system A) achieved the desired objectives B) provides for backup and recovery C) provides for information security D) documentation is clear and understandable
Which of the following would allow a company to extend it?s enterprise?s intranet across the Internet to it?s business partners? A. Virtual private network B. Client-Server C. Dial-Up access D. Network service provider
After implementation of a disaster recovery plan (DRP), pre-disaster and post-disaster operational cost for an organization will: A. decrease. B. not change (remain the same). C. increase. D. increase or decrease depending upon nature of the business.
A web-based bookstore has included the customer relationship management (CRM) system in its operations. An IS auditor has been assigned to perform a call center review. Which of the following is the MOST appropriate first step for the IS auditor to take? A. Review the company's performance since the CRM was implemented. B. Review the IT strategy. C. Understand the business focus of the bookstore. D. Interview salespeople and supervisors.
An existing system is being extensively enhanced by extracting and reusing design and program components. This is an example of: A. reverse engineering. B. prototyping. C. software reuse. D. reengineering.
Applying a retention date on a file will ensure that: A. data cannot be read until the date is set. B. data will not be deleted before that date. C. backup copies are not retained after that date. D. datasets having the same name are differentiated.
Which of the following encrypt/decrypt steps provides the GREATEST assurance in achieving confidentiality, message integrity and nonrepudiation by either sender or recipient? A. The recipient uses his/her private key to decrypt the secret key. B. The encrypted pre-hash code and the message are encrypted using a secret key. C. The encrypted pre-hash code is derived mathematically from the message to be sent. D. The recipient uses the sender's public key, verified with a certificate authority, to decrypt the pre-hash code.
Which of the following controls will detect MOST effectively the presence of bursts of errors in network transmissions? A. Parity check B. Echo check C. Block sum check D. Cyclic redundancy check
Once an organization has finished the business process reengineering (BPR) of all its critical operations, the IS auditor would MOST likely focus on a review of: A. pre-BPR process flowcharts. B. post-BPR process flowcharts. C. BPR project plans. D. continuous improvement and monitoring plans.
Java applets and ActiveX controls are distributed executable programs that execute in the background of a web browser client. This practice is considered reasonable when: A. a firewall exists. B. a secure web connection is used. C. the source of the executable is certain. D. the host website is part of your organization.
Cisco Certifications 
