Answer / guest

Answer: A

"The IS auditing guideline on planning the IS audit states, "

As assessment of risk should be made to provide reasonable
assurance that material items will be adequately covered
during the audit work. This assessment should identify areas
with relatively high risk of existence of material problems."

Definite assurance that material items will be covered
during the audit work is an impractical proposition.
Reasonable assurance that all items will be covered during
the audit work is not the correct answer as material items
need to be covered, not all items."

In the ISO/OSI model, which of the following protocols is the FIRST to establish security for the user application? A. Session layer. B. Transport layer C. Network layer D. Presentation layer

1 Answers  

---

The PRIMARY reason for using digital signatures is to ensure data: A. confidentiality. B. integrity. C. availability. D. timeliness.

1 Answers  

---

Without causing a conflict of interest, a duty compatible with those of a security administrator would be: A. quality assurance. B. application programming. C. systems programming. D. data entry.

1 Answers  

---

Which of the following is a technique that could be used to capture network user passwords? A. Encryption B. Sniffing C. Spoofing D. A signed document cannot be altered.

1 Answers  

---

During which phase of a system development process should an IS auditor first raise the issue of application controls? A. Construction B. System design C. Acceptance testing D. Functional specification

1 Answers  

---

A referential integrity constraint consists of: A. ensuring the integrity of transaction processing. B. ensuring that data are updated through triggers. C. ensuring controlled user updates to database. D. rules for designing tables and queries.

1 Answers  

---

Which of the following is a detective control? A. Physical access controls B. Segregation of duties C. Backup procedures D. Audit trails

1 Answers  

---

Which of the following is a concern when data is transmitted through secure socket layer (SSL) encryption implemented on a trading partner's server? A. Organization does not have control over encryption. B. Messages are subjected to wire tapping. C. Data might not reach the intended recipient. D. The communication may not be secure.

2 Answers  

---

Sales orders are automatically numbered sequentially at each of a retailer's multiple outlets. Small orders are processed directly at the outlets, with large orders sent to a central production facility. The MOST appropriate control to ensure that all orders transmitted to production are received and processed would be to: A. send and reconcile transaction counts and totals. B. have data transmitted back to the local site for comparison. C. compare data communications protocols with parity checking. D. track and account for the numerical sequence of sales orders at the production facility.

1 Answers  

---

Which of the following is a control to detect an unauthorized change in a production environment? A. Denying programmers access to production data. B. Requiring change request to include benefits and costs. C. Periodically comparing control and current object and source programs. D. Establishing procedures for emergency changes.

1 Answers  

---

Where adequate segregation of duties between operations and programming are not achievable, the IS auditor should look for: A. compensating controls. B. administrative controls. C. corrective controls. D. access controls.

1 Answers  

---

Which of the following processes is the FIRST step in developing a business continuity and disaster recovery plan for an organization? A. Alternate site selection B. Business impact analysis C. Test procedures and frequency D. Information classification

1 Answers  

---