An IS auditor has recently discovered that because of a
shortage of skilled operations personnel, the security
administrator has agreed to work one late-night shift a
month as the senior computer operator. The MOST appropriate
course of action for the IS auditor is to:
A. advise senior management of the risk involved.
B. agree to work with the security officer on these shifts
as a form of preventative control.
C. develop a computer-assisted audit technique to detect
instances of abuses of this arrangement.
D. review the system log for each of the late-night shifts
to determine whether any irregular actions occurred.
- 1 Answers
- 4278 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
The IS auditor's first and foremost responsibility is to
advise senior management of the risk involved in having the
security administrator perform an operations function. This
is a violation of separation of duties. The IS auditor
should not get involved in processing.
| Is This Answer Correct ? | 5 Yes | 0 No |
An IS auditor is reviewing the risk management process. Which of the following is the MOST important consideration during this review? A. Controls are implemented based on cost-benefit analysis. B. The risk management framework is based on global standards. C. The approval process for risk response is in place. D. IT risk is presented in business terms.
A tax calculation program maintains several hundred tax rates. The BEST control to ensure that tax rates entered into the program are accurate is: A. an independent review of the transaction listing. B. a programmed edit check to prevent entry of invalid data. C. programmed reasonableness checks with 20 percent data entry range. D. a visual verification of data entered by the processing department.
The editing/validation of data entered at a remote site would be performed MOST effectively at the: A. central processing site after running the application system. B. central processing site during the running of the application system. C. remote processing site after transmission to the central processing site. D. remote processing site prior to transmission of the data to the central processing site.
Which of the following would help to ensure the portability of an application connected to a database? The: A. verification of database import and export procedures. B. usage of a structured query language (SQL). C. analysis of stored procedures/triggers. D. synchronization of the entity-relation model with the database physical schema.
When auditing the proposed acquisition of a new computer system, the IS auditor should FIRST establish that: A. a clear business case has been approved by management. B. corporate security standards will be met. C. users will be involved in the implementation plan. D. the new system will meet all required user functionality.
Which of the following procedures can a biometric system perform? A. Measure airborne contamination. B. Provide security over physical access. C. Monitor temperature and humidity levels. D. Detect hazardous electromagnetic fields in an area.
An advantage of the use of hot sites as a backup alternative is that: A. the costs associated with hot sites are low. B. hot sites can be used for an extended amount of time. C. hot sites can be made ready for operation within a short period of time. D. they do not require that equipment and systems software be compatible with the primary site.
Which of the following represents the GREATEST risk created by a reciprocal agreement for disaster recovery made between two companies? A. Developments may result in hardware and software incompatibility. B. Resources may not be available when needed. C. The recovery plan cannot be tested. D. The security infrastructures in each company may be different.
The PRIMARY reason for separating the test and development environments is to: A. restrict access to systems under test. B. segregate user and development staff. C. control the stability of the test environment. D. secure access to systems under development.
Disaster recovery planning for a company's computer system usually focuses on: A. operations turnover procedures. B. strategic long-range planning. C. the probability that a disaster will occur. D. alternative procedures to process transactions.
During the review of a biometrics system operation, the IS auditor should FIRST review the stage of: A. enrollment. B. identification. C. verification. D. storage.
Which of the following would be considered an essential feature of a network management system? A. A graphical interface to map the network topology B. Capacity to interact with the Internet to solve the problems C. Connectivity to a help desk for advice on difficult issues D. An export facility for piping data to spreadsheets
Cisco Certifications 
