Interested to Buy Any Domain ? << Click Here >> for more details...
An IS auditor recommends that an initial validation control
be programmed into a credit card transaction capture
application. The initial validation process would MOST likely:
A. check to ensure the type of transaction is valid for that
card type.
B. verify the format of the number entered then locate it on
the database.
C. ensure that the transaction entered is within the
cardholder's credit limit.
D. confirm that the card is not shown as lost or stolen on
the master file.
- 1 Answers
- 9618 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
The initial validation should confirm whether the card is
valid. This validity is established through the card number
and PIN entered by the user. Based on this initial
validation, all other validations will proceed. A validation
control in data capture will ensure that the data entered is
valid (i.e., it can be processed by the system). If the data
captured in the initial validation is not valid (if the card
number or PIN do not match with the database), then the card
will be rejected or captured per the controls in place. Once
initial validation is completed, then other validations
specific to the card and cardholder would be performed.
| Is This Answer Correct ? | 8 Yes | 0 No |
Which of the following tasks is performed by the same person in a well-controlled information processing facility/computer center? A. Security administration and management B. Computer operations and system development C. System development and change management D. System development and systems maintenance
Which of the following is the BEST audit procedure to determine if a firewall is configured in compliance with an organization's security policy? A. Review the parameter settings B. Interview the firewall administrator C. Review the actual procedures D. Review the device's log file for recent attacks
Which of the following is the PRIMARY reason for involving an IS auditor in the definition of a system's requirements? A. Post-application reviews do not need to be performed. B. Total budgeted system development costs can be reduced. C. It is costly to institute controls after a system becomes operational. D. The extent of user involvement in design activities is reduced.
Using test data as part of a comprehensive test of program controls in a continuous online manner is called a/an: A. test data/deck. B. base case system evaluation. C. integrated test facility (ITF). D. parallel simulation.
A tax calculation program maintains several hundred tax rates. The BEST control to ensure that tax rates entered into the program are accurate is: A. an independent review of the transaction listing. B. a programmed edit check to prevent entry of invalid data. C. programmed reasonableness checks with 20 percent data entry range. D. a visual verification of data entered by the processing department.
Which of the following development methods uses a prototype that can be updated continually to meet changing user or business requirements? A. Data-oriented development (DOD) B. Object-oriented development (OOD) C. Business process reengineering (BPR) D. Rapid application development (RAD)
Which of the following groups should assume ownership of a systems development project and the resulting system? A. User management B. Senior management C. Project steering committee D. Systems development management
Passwords should be: A. assigned by the security administrator. B. changed every 30 days at the discretion of the user. C. reused often to ensure the user does not forget the password. D. displayed on the screen so that the user can ensure that it has been entered properly.
In an audit of a business continuity plan, which of the following findings is of MOST concern? A. There is no insurance for the addition of assets during the year. B. BCP manual is not updated on a regular basis. C. Testing of the backup of data has not been done regularly. D. Records for maintenance of access system have not been maintained.
During an implementation review of a multiuser distributed application, the IS auditor finds minor weaknesses in three areas-the initial setting of parameters is improperly installed, weak passwords are being used and some vital reports are not being checked properly. While preparing the audit report, the IS auditor should: A. record the observations separately with the impact of each of them marked against each respective finding. B. advise the manager of probable risks without recording the observations, as the control weaknesses are minor ones. C. record the observations and the risk arising from the collective weaknesses. D. apprise the departmental heads concerned with each observation and properly document it in the report.
Which of the following would an IS auditor consider the MOST relevant to short-term planning for the IS department? A. Allocating resources B. Keeping current with technology advances C. Conducting control self-assessment D. Evaluating hardware needs
Which of the following is a telecommunication device that translates data from digital form to analog form and back to digital? A. Multiplexer B. Modem C. Protocol converter D. Concentrator
Cisco Certifications 
