Compensating controls are intended to:
A. reduce the risk of an existing or potential control weakness.
B. predict potential problems before they occur.
C. remedy problems discovered by detective controls.
D. report errors or omissions.
- 1 Answers
- 6139 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
Compensating controls are intended to reduce the risk of an
existing or potential control weakness. Choices B, C and D
are characteristics of preventive, corrective and detective
controls respectively.
| Is This Answer Correct ? | 6 Yes | 0 No |
Which of the following independent duties is traditionally performed by the data control group? A. Access to data B. Authorization tables C. Custody of assets D. Reconciliation
To prevent an organization's computer systems from becoming part of a distributed denial-of-service attack, IP packets containing addresses that are listed as unroutable can be isolated by: A. establishing outbound traffic filtering. B. enabling broadcast blocking. C. limiting allowable services. D. network performance monitoring.
Which of the following network configuration options contains a direct link between any two host machines? A. Bus B. Ring C. Star D. Completely connected (mesh)
Which of the following procedures would MOST effectively detect the loading of illegal software packages onto a network? A. The use of diskless workstations B. Periodic checking of hard drives C. The use of current antivirus software D. Policies that result in instant dismissal if violated
Which of the following is the BEST audit procedure to determine if a firewall is configured in compliance with an organization's security policy? A. Review the parameter settings B. Interview the firewall administrator C. Review the actual procedures D. Review the device's log file for recent attacks
Which of the following types of data validation editing checks is used to determine if a field contains data, and not zeros or blanks? A. Check digit B. Existence check C. Completeness check D. Reasonableness check
When an organization's network is connected to an external network in an Internet client-server model not under that organization's control, security becomes a concern. In providing adequate security in this environment, which of the following assurance levels is LEAST important? A. Server and client authentication B. Data integrity C. Data recovery D. Data confidentiality
The use of object-oriented design and development techniques would MOST likely: A. facilitate the ability to reuse modules. B. improve system performance. C. enhance control effectiveness. D. speed up the system development life cycle.
An IS auditor when reviewing a network used for Internet communications, will FIRST examine the: A. validity of passwords change occurrences. B. architecture of the client-server application. C. network architecture and design. D. firewall protection and proxy servers.
An IS auditor's primary concern when application developers wish to use a copy of yesterday's production transaction file for volume tests is that: A. users may prefer to use contrived data for testing. B. unauthorized access to sensitive data may result. C. error handling and credibility checks may not be fully proven. D. full functionality of the new process is not necessarily tested.
In a risk-based audit approach, an IS auditor, in addition to risk, would be influenced by: A. the availability of CAATs. B. management's representation. C. organizational structure and job responsibilities. D. the existence of internal and operational controls
Which of the following is the MOST effective type of antivirus software? A. Scanners B. Active monitors C. Integrity checkers D. Vaccines
Cisco Certifications 
