An advantage of using sanitized live transactions in test
data is that:
A. all transaction types will be included.
B. every error condition is likely to be tested.
C. no special routines are required to assess the results.
D. test transactions are representative of live processing.
Answer / guest
Answer: D
"Test date will be representative of live processing
however, it is unlikely that all transaction types or error
conditions will be tested in this way."
Is This Answer Correct ? | 21 Yes | 0 No |
A digital signature contains a message digest to: A. show if the message has been altered after transmission. B. define the encryption algorithm. C. confirm the identity of the originator. D. enable message transmission in a digital format.
Which of the following would BEST support 24/7 availability? A. Daily backup B. Offsite storage C. Mirroring D. Periodic testing
A PRIMARY benefit derived from an organization employing control self-assessment (CSA) techniques is that it: A. can identify high-risk areas that might need a detailed review later. B. allows IS auditors to independently assess risk. C. can be used as a replacement for traditional audits. D. allows management to relinquish responsibility for control.
Which of the following procedures would BEST determine whether adequate recovery/restart procedures exist? A. Reviewing program code B. Reviewing operations documentation C. Turning off the UPS, then the power D. Reviewing program documentation
Which of the following logical access exposures involves changing data before, or as it is entered into the computer? A. Data diddling B. Trojan horse C. Worm D. Salami technique
Which of the following is necessary to have FIRST in the development of a business continuity plan? A. Risk-based classification of systems B. Inventory of all assets C. Complete documentation of all disasters D. Availability of hardware and software
The most common problem in the operation of an intrusion detection system (IDS) is: A. the detection of false positives. B. receiving trap messages. C. reject error rates. D. denial-of-service attacks.
Without causing a conflict of interest, a duty compatible with those of a security administrator would be: A. quality assurance. B. application programming. C. systems programming. D. data entry.
An independent software program that connects two otherwise separate applications sharing computing resources across heterogeneous technologies is known as: A. middleware. B. firmware. C. application software. D. embedded systems.
The act that describes a computer intruder capturing a stream of data packets and inserting these packets into the network as if it were another genuine message stream is called: A. eavesdropping. B. message modification. C. a brute-force attack. D. packet replay.
Business continuity/disaster recovery is PRIMARILY the responsibility of: A. IS management. B. business unit managers. C. the security administrator. D. the board of directors.
Which of the following IS functions may be performed by the same individual, without compromising on control or violating segregation of duties? A. Job control analyst and applications programmer B. Mainframe operator and system programmer C. Change/problem and quality control administrator D. Applications and system programmer