Answer / guest

Answer: C

Prior audit reports would be of least value because they
provide historical and therefore not current information
about areas of control weaknesses. Each of the other choices
provides information useful for gaining an understanding of
the process.

An IS auditor is conducting substantive audit tests of a new accounts receivable module. The IS auditor has a tight schedule and limited computer expertise. Which would be the BEST audit technique to use in this situation? A. Test data B. Parallel simulation C. Integrated test facility D. Embedded audit module

1 Answers  

---

An organization is considering installing a LAN in a site under construction. If system availability is the main concern, which of the following topologies is MOST appropriate? A. Ring B. Line C. Star D. Bus

1 Answers  

---

A validation which ensures that input data are matched to predetermined reasonable limits or occurrence rates, is known as: A. Reasonableness check. B. Validity check. C. Existence check. D. Limit check.

2 Answers  

---

An enterprisewide network security architecture of public key infrastructure (PKI) would be comprised of: A. A public key cryptosystem, private key cryptosystem and digital certificate B. A public key cryptosystem, symmetric encryption and certificate authorities C. A symmetric encryption, digital certificate and kerberos authentication D. A public key cryptosystem, digital certificate and certificate authorities

1 Answers  

---

Which of the following would be the BEST population to take a sample from when testing program changes? A. Test library listings B. Source program listings C. Program change requests D. Production library listings

1 Answers  

---

Which of the following can consume valuable network bandwidth? A. Trojan horses B. Trap doors C. Worms D. Vaccines

1 Answers  

---

During an IS audit of the disaster recovery plan (DRP) of a global enterprise, the auditor observes that some remote offices have very limited local IT resources. Which of the following observations would be the MOST critical for the IS auditor? A. A test has not been made to ensure that local resources could maintain security and service standards when recovering from a disaster or incident. B. The corporate business continuity plan (BCP) does not accurately document the systems that exist at remote offices. C. Corporate security measures have not been incorporated into the test plan. D. A test has not been made to ensure that tape backups from the remote offices are usable.

1 Answers  

---

Which of the following types of controls is designed to provide the ability to verify data and record values through the stages of application processing? A. Range checks B. Run-to-run totals C. Limit checks on calculated amounts D. Exception reports

3 Answers  

---

Which of the following ensures completeness and accuracy of accumulated data? A. Processing control procedures B. Data file control procedures C. Output controls D. Application controls

1 Answers  

---

Which of the following controls would BEST detect intrusion? A. User ids and user privileges are granted through authorized procedures. B. Automatic logoff is used when a workstation is inactive for a particular period of time. C. Automatic logoff of the system after a specified number of unsuccessful attempts. D. Unsuccessful logon attempts are monitored by the security administrator.

2 Answers  

---

Which of the following is the MOST important function to be performed by IT management within an outsourced environment? A. Ensuring that invoices are paid to the provider B. Participating in systems design with the provider C. Renegotiating the provider's fees D. Monitoring the outsourcing provider's performance

4 Answers  

---

Which of the following physical access controls would provide the highest degree of security over unauthorized access? A. Bolting door lock B. Cipher lock C. Electronic door lock D. Fingerprint scanner

1 Answers  

---