Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following functions would be acceptable for the
security administrator to perform in addition to his/her
normal functions?
A. Systems analyst
B. Quality assurance
C. Computer operator
D. Systems programmer
- 1 Answers
- 4443 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Quality assurance duties could be performed by the security
administrator and not cause a conflict with respect to
segregation of duties. They deal in different aspects of IS
with little overlap. The systems analyst function could
potentially allow the security administrator to obtain
knowledge, which in turn could be used to bypass security
procedures. The computer operations function could allow the
security administrator to bypass or deactivate security
procedures. The systems programmer function could allow the
security administrator to bypass or deactivate security
procedures for their own benefit.
| Is This Answer Correct ? | 2 Yes | 0 No |
Which of the following is the MOST important function to be performed by IS management when a service has been outsource? A. Ensuring that invoices are paid to the provider B. Participating in systems design with the provider C. Renegotiating the provider's fees D. Monitoring the outsourcing provider's performance
During a review of a business continuity plan, an IS auditor noticed that the point at which a situation is declared to be a crisis has not been defined. The MAJOR risk associated with this is that: A. assessment of the situation may be delayed. B. execution of the disaster recovery plan could be impacted. C. notification of the teams might not occur. D. potential crisis recognition might be delayed.
Which of the following is a practice that should be incorporated into the plan for testing disaster recovery procedures? A. Invite client participation. B. Involve all technical staff. C. Rotate recovery managers. D. Install locally stored backup.
An IS auditor discovers that programmers have update access to the live environment. In this situation, the IS auditor is LEAST likely to be concerned that programmers can: A. authorize transactions. B. add transactions directly to the database. C. make modifications to programs directly. D. access data from live environment and provide faster maintenance.
For which of the following applications would rapid recovery be MOST crucial? A. Point-of-sale system B. Corporate planning C. Regulatory reporting D. Departmental chargeback
Compensating controls are intended to: A. reduce the risk of an existing or potential control weakness. B. predict potential problems before they occur. C. remedy problems discovered by detective controls. D. report errors or omissions.
Which of the following would an IS auditor expect to find in a console log? A. Names of system users B. Shift supervisor identification C. System errors D. Data edit errors
When reviewing an organization's logical access security, which of the following would be of the MOST concern to an IS auditor? A. Passwords are not shared. B. Password files are encrypted. C. Redundant logon IDs are deleted. D. The allocation of logon IDs is controlled.
An IS auditor who has discovered unauthorized transactions during a review of EDI transactions is likely to recommend improving the: A. EDI trading partner agreements. B. physical controls for terminals. C. authentication techniques for sending and receiving messages. D. program change control procedures.
Antivirus software should be used as a: A. detective control. B. preventive control. C. corrective control. D. compensating control.
During a post-implementation review of an enterprise resource management system, an IS auditor would MOST likely: A. review access control configuration. B. evaluate interface testing. C. review detailed design documentation. D. evaluate system testing.
In a TCP/IP-based network, an IP address specifies a: A. network connection. B. router/gateway. C. computer in the network. D. device on the network.
Cisco Certifications 
