Which of the following audit procedures would an IS auditor
be LEAST likely to include in a security audit?
A. Review the effectiveness and utilization of assets.
B. Test to determine that access to assets is adequate.
C. Validate physical, environmental and logical access
policies per job profiles.
D. Evaluate asset safeguards and procedures that prevent
unauthorized access to the assets.
- 1 Answers
- 5333 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
Reviewing the effectiveness and utilization of assets is not
within the purview of a security audit. Security audits
primarily focus on the evaluation of the policies and
procedures that ensure the confidentiality, integrity and
availability of data. During an audit of security the IS
auditor would normally review access to assets, and validate
the physical and environmental controls to the extent
necessary to satisfy the audit requirements. The IS auditor
would also review logical access policies and compare them
to job profiles to ensure that excessive access has not been
granted. The review also would include an evaluation of
asset safeguards and procedures to prevent unauthorized
access to assets.
| Is This Answer Correct ? | 5 Yes | 0 No |
During the review of a biometrics system operation, the IS auditor should FIRST review the stage of: A. enrollment. B. identification. C. verification. D. storage.
An organization has been an Internet user for several years and the business plan now calls for initiating e-commerce via web-based transactions. Which of the following will LEAST impact transactions in e-commerce? A. Encryption is required B. Timed authentication is required C. Firewall architecture hides the internal network D. Traffic is exchanged through the firewall at the application layer only
Which of the following data entry controls provides the GREATEST assurance that the data is entered correctly? A. Using key verification B. Segregating the data entry function from data entry verification C. Maintaining a log/record detailing the time, date, employee's initials/user id and progress of various data preparation and verification tasks D. Adding check digits
LANs: A. protect against virus infection. B. protect against improper disclosure of data. C. provide program integrity from unauthorized changes. D. provide central storage for a group of users.
The extent to which data will be collected during an IS audit should be determined, based on the: A. availability of critical and required information. B. auditor's familiarity with the circumstances. C. auditee's ability to find relevant evidence. D. purpose and scope of the audit being done.
A data administrator is responsible for: A. maintaining database system software. B. defining data elements, data names and their relationship. C. developing physical database structures. D. developing data dictionary system software.
Sign-on procedures include the creation of a unique user ID and password. However, an IS auditor discovers that in many cases the user name and password are the same. The BEST control to mitigate this risk is to: A. change the company's security policy. B. educate users about the risk of weak passwords. C. build in validations to prevent this during user creation and password change. D. require a periodic review of matching user ID and passwords for detection and correction.
The FIRST task an IS auditor should complete when performing an audit in an unfamiliar area is to: A. design the audit programs for each system or function involved. B. develop a set of compliance tests and substantive tests. C. gather background information pertinent to the new audit. D. assign human and economical resources.
IS auditors are MOST likely to perform compliance tests of internal controls if, after their initial evaluation of the controls, they conclude that: A. a substantive test would be too costly. B. the control environment is poor. C. inherent risk is low. D. control risks are within the acceptable limits.
Which of the following is the MOST effective type of antivirus software to detect an infected application? A. Scanners B. Active monitors C. Integrity checkers D. Vaccines
Structured programming is BEST described as a technique that: A. provides knowledge of program functions to other programmers via peer reviews. B. reduces the maintenance time of programs by the use of small-scale program modules. C. makes the readable coding reflect as closely as possible the dynamic execution of the program. D. controls the coding and testing of the high-level functions of the program in the development process.
The MAIN reason for requiring that all computer clocks across an organization be synchronized is to: A. prevent omission or duplication of transactions. B. ensure smooth data transition from client machines to servers. C. ensure that email messages have accurate time stamps. D. support the incident investigation process.
Cisco Certifications 
