Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following audit procedures would an IS auditor
be LEAST likely to include in a security audit?
A. Review the effectiveness and utilization of assets.
B. Test to determine that access to assets is adequate.
C. Validate physical, environmental and logical access
policies per job profiles.
D. Evaluate asset safeguards and procedures that prevent
unauthorized access to the assets.
- 1 Answers
- 6167 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
Reviewing the effectiveness and utilization of assets is not
within the purview of a security audit. Security audits
primarily focus on the evaluation of the policies and
procedures that ensure the confidentiality, integrity and
availability of data. During an audit of security the IS
auditor would normally review access to assets, and validate
the physical and environmental controls to the extent
necessary to satisfy the audit requirements. The IS auditor
would also review logical access policies and compare them
to job profiles to ensure that excessive access has not been
granted. The review also would include an evaluation of
asset safeguards and procedures to prevent unauthorized
access to assets.
| Is This Answer Correct ? | 5 Yes | 0 No |
The secure socket layer (SSL) protocol addresses the confidentiality of a message through: A. symmetric encryption. B. message authentication code. C. hash function. D. digital signature certificates.
Which of the following audit procedures would an IS auditor normally perform FIRST when reviewing an organization's systems development methodology? A. Determine procedural adequacy. B. Analyze procedural effectiveness. C. Evaluate level of compliance with procedures. D. Compare established standards to observed procedures.
Which of the following activities should the business continuity manager perform FIRST after the replacement of hardware at the primary information processing facility? A. Verify compatibility with the hot site. B. Review the implementation report. C. Perform a walk-through of the DRP. D. Update the IS assets inventory.
Which of the following is a disadvantage of image processing? A. Verifies signatures B. Improves service C. Relatively inexpensive to use D. Reduces deterioration due to handling
An IS auditor reviewing an organization's IS disaster recovery plan should verify that it is: A. tested every 6 months. B. regularly reviewed and updated. C. approved by the chief executive officer (CEO). D. communicated to every departmental head in the organization.
Which of the following forms of evidence for the auditor would be considered the MOST reliable? A. An oral statement from the auditee B. The results of a test performed by an IS auditor C. An internally generated computer accounting report D. A confirmation letter received from an outside source
Which of the following would an IS auditor expect to find in a console log? A. Names of system users B. Shift supervisor identification C. System errors D. Data edit errors
A referential integrity constraint consists of: A. ensuring the integrity of transaction processing. B. ensuring that data are updated through triggers. C. ensuring controlled user updates to database. D. rules for designing tables and queries.
Assumptions while planning an IS project involve a high degree of risk because they are: A. based on known constraints. B. based on objective past data. C. a result of lack of information. D. often made by unqualified people.
In a data warehouse, data quality is achieved by: A. cleansing. B. restructuring. C. source data credibility. D. transformation.
A consulting firm has created a File Transfer Protocol (FTP) site for the purpose of receiving financial data and has communicated the site's address, user ID and password to the financial services company in separate email messages. The company is to transmit its data to the FTP site after manually encrypting the data. The IS auditor's GREATEST concern with this process is that: A. the users may not remember to manually encrypt the data before transmission. B. the site credentials were sent to the financial services company via email. C. personnel at the consulting firm may obtain access to sensitive data. D. the use of a shared user ID to the FTP site does not allow for user accountability.
An organization has an integrated development environment (IDE), where the program libraries reside on the server, but modification/development and testing are done from PC workstations. Which of the following would be a strength of an integrated development environment? A. Controls the proliferation of multiple versions of programs B. Expands the programming resources and aids available C. Increases program and processing integrity D. Prevents valid changes from being overwritten by other changes
Cisco Certifications 
