Answer / guest

Answer: C

For the purpose of data security in a client-server
environment, an IS auditor should be concerned with the
users ability to access and modify a database directly. This
could affect the integrity of the data in the database. Data
protected by encryption aids in securing the data. Diskless
workstations prevent copying of data into local disks and
thus helps to maintain the integrity and confidentiality of
data. Disabling floppy drives is a physical access control,
which helps to maintain the confidentiality of data by
preventing it from being copied onto a disk.

Which of the following is the BEST way to handle obsolete magnetic tapes before disposing of them? A. Overwriting the tapes B. Initializing the tape labels C. Degaussing the tapes D. Erasing the tapes

1 Answers  

---

Which of the following would an IS auditor place LEAST reliance on when determining management's effectiveness in communicating information systems policies to appropriate personnel? A. Interviews with user and IS personnel B. Minutes of IS steering committee meetings C. User department systems and procedures manuals D.Information processing facilities operations and procedures manuals

1 Answers  

---

The PRIMARY advantage of a continuous audit approach is that it: A. does not require an IS auditor to collect evidence on system reliability while processing is taking place. B. requires the IS auditor to review and follow up immediately on all information collected. C. can improve system security when used in time-sharing environments that process a large number of transactions. D. does not depend on the complexity of an organization's computer systems.

1 Answers  

---

In large corporate networks having supply partners across the globe, network traffic may continue to rise. The infrastructure components in such environments should be scalable. Which of the following firewall architectures limits future scalability? A. Appliances B. Operating system based C. Host based D. Demilitarized

1 Answers  

---

Which of the following line media would provide the BEST security for a telecommunication network? A. Broad band network digital transmission B. Baseband network C. Dial-up D. Dedicated lines

1 Answers  

---

The MOST effective method for limiting the damage of an attack by a software virus is: A. software controls. B. policies, standards and procedures. C. logical access controls. D. data communication standards.

1 Answers  

---

An IS auditor is reviewing the risk management process. Which of the following is the MOST important consideration during this review? A. Controls are implemented based on cost-benefit analysis. B. The risk management framework is based on global standards. C. The approval process for risk response is in place. D. IT risk is presented in business terms.

1 Answers  

---

The PRIMARY reason for separating the test and development environments is to: A. restrict access to systems under test. B. segregate user and development staff. C. control the stability of the test environment. D. secure access to systems under development.

1 Answers  

---

Which of the following is a substantive test?

3 Answers  

---

Once an organization has finished the business process reengineering (BPR) of all its critical operations, the IS auditor would MOST likely focus on a review of: A. pre-BPR process flowcharts. B. post-BPR process flowcharts. C. BPR project plans. D. continuous improvement and monitoring plans.

2 Answers  

---

The PRIMARY objective of conducting a post-implementation review is to assess whether the system A) achieved the desired objectives B) provides for backup and recovery C) provides for information security D) documentation is clear and understandable

2 Answers  

---

The risk of an IS auditor using an inadequate test procedure and concluding that material errors do not exist when, in fact, they exist is:

6 Answers  

---