Interested to Buy Any Domain ? << Click Here >> for more details...
IS auditors are MOST likely to perform compliance tests of
internal controls if, after their initial evaluation of the
controls, they conclude that:
A. a substantive test would be too costly.
B. the control environment is poor.
C. inherent risk is low.
D. control risks are within the acceptable limits.
- 2 Answers
- 8875 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: D
IS auditors perform tests of controls (compliance testing)
to assess whether control risks are within acceptable
limits. The results of the compliance testing would
influence the IS auditor's decisions as to the extent of
tests of balance (substantive testing). If compliance
testing confirms that the control risks are within an
acceptable level, then the extent of substantive testing
would be reduced. During the testing phase of an audit, an
IS auditor does not know whether the controls identified
operate effectively. Tests of controls, therefore, evaluate
whether specific, material controls are, in fact reliable.
Performing test of controls may conclude that the control
environment is poor, but it is not the objective of
compliance testing. Inherent risks cannot be determined by
performing a test of controls.
| Is This Answer Correct ? | 6 Yes | 3 No |
Answer / guest
D. control risks are within the acceptable limits.
| Is This Answer Correct ? | 3 Yes | 1 No |
A key element in a risk analysis is/are: A. audit planning. B. controls. C. vulnerabilities. D. liabilities.
The window of time recovery of information processing capabilities is based on the: A. criticality of the processes affected. B. quality of the data to be processed. C. nature of the disaster. D. applications that are mainframe based.
The FIRST step in data classification is to: A. establish ownership. B. perform a criticality analysis. C. define access rules. D. create a data dictionary.
An IS auditor performing a telecommunication access control review should be concerned PRIMARILY with the: A. maintenance of access logs of usage of various system resources. B. authorization and authentication of the user prior to granting access to system resources. C. adequate protection of stored data on servers by encryption or other means. D. accountability system and the ability to identify any terminal accessing system resources.
Which of the following types of controls is designed to provide the ability to verify data and record values through the stages of application processing? A. Range checks B. Run-to-run totals C. Limit checks on calculated amounts D. Exception reports
When an organization's network is connected to an external network in an Internet client-server model not under that organization's control, security becomes a concern. In providing adequate security in this environment, which of the following assurance levels is LEAST important? A. Server and client authentication B. Data integrity C. Data recovery D. Data confidentiality
Which of the following types of firewalls provide the GREATEST degree and granularity of control? A. Screening router B. Packet filter C. Application gateway D. Circuit gateway
A large chain of shops with EFT at point-of-sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communications processor? A. Offsite storage of daily backups B. Alternative standby processor onsite C. Installation of duplex communication links D. Alternative standby processor at another network node
A goal of processing controls is to ensure that: A. the data are delivered without compromised confidentiality. B. all transactions are authorized. C. accumulated data are accurate and complete through authorized routines. D. only authorized individuals perform sensitive functions.
The primary role of an IS auditor during the system design phase of an application development project is to: A. advise on specific and detailed control procedures. B. ensure the design accurately reflects the requirement. C. ensure all necessary controls are included in the initial design. D. advise the development manager on adherence to the schedule.
Which of the following BEST determines that complete encryption and authentication protocols exist for protecting information while transmitted? A. A digital signature with RSA has been implemented. B. Work is being done in tunnel mode with the nested services of AH and ESP C. Digital certificates with RSA are being used. D. Work is being done in transport mode, with the nested services of AH and ESP
Which of the following activities should the business continuity manager perform FIRST after the replacement of hardware at the primary information processing facility? A. Verify compatibility with the hot site. B. Review the implementation report. C. Perform a walk-through of the DRP. D. Update the IS assets inventory.
Cisco Certifications 
