Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following audit procedures would MOST likely be
used in an audit of a systems development project?
A. Develop test transactions
B. Use code comparison utilities
C. Develop audit software programs
D. Review functional requirements documentation
- 1 Answers
- 4910 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: D
"The most likely audit procedure in systems development is
the review of the functional requirements, since this will
indicate what the new system is supposed to provide and how.
Based on this documentation other testing may be performed
to confirm that the necessary controls and functionality are
in place. The development of test transactions also may be
performed if necessary
however, this would be to assist functional requirements
testing. The use of code comparison utilities compares two
copies of the source code to identify differences and would
normally be used for system maintenance. Audit software
programs are normally used to integrate production data,
thus it would not be appropriate for a system under
development."
| Is This Answer Correct ? | 3 Yes | 0 No |
Which of the following should be in place to protect the purchaser of an application package in the event that the vendor ceases to trade? A. Source code held in escrow. B. Object code held by a trusted third party. C. Contractual obligation for software maintenance. D. Adequate training for internal programming staff.
The MOST appropriate person to chair the steering committee for a system development project with significant impact on a business area would be the: A. business analyst. B. chief information officer. C. project manager. D. executive level manager.
Which of the following security techniques is the BEST method for authenticating a user's identity? A. Smart card B. Biometrics C. Challenge-response token D. User ID and password
An organization has outsourced network and desktop support. Although the relationship has been reasonably successful, risks remain due to connectivity issues. Which of the following controls should FIRST be performed to assure the organization reasonably mitigates these possible risks? A. Network defense program B. Encryption/Authentication C. Adequate reporting between organizations D. Adequate definition in contractual relationship
IS management has recently informed the IS auditor of its decision to disable certain referential integrity controls in the payroll system to provide users with a faster report generator. This will MOST likely increase the risk of: A. data entry by unauthorized users. B. a nonexistent employee being paid. C. an employee receiving an unauthorized raise. D. duplicate data entry by authorized users.
Using test data as part of a comprehensive test of program controls in a continuous online manner is called a/an: A. test data/deck. B. base case system evaluation. C. integrated test facility (ITF). D. parallel simulation.
Naming conventions for system resources are important for access control because they: A. ensure that resource names are not ambiguous. B. reduce the number of rules required to adequately protect resources. C. ensure that user access to resources is clearly and uniquely identified. D. ensure that internationally recognized names are used to protect resources.
Which of the following processes describes risk assessment? Risk assessment is: A. subjective. B. objective. C. mathematical. D. statistical.
Authentication is the process by which the: A. system verifies that the user is entitled to input the transaction requested. B. system verifies the identity of the user. C. user identifies himself to the system. D. user indicates to the system that the transaction was processed correctly.
A goal of processing controls is to ensure that: A. the data are delivered without compromised confidentiality. B. all transactions are authorized. C. accumulated data are accurate and complete through authorized routines. D. only authorized individuals perform sensitive functions.
A utility is available to update critical tables in case of data inconsistency. This utility can be executed at the OS prompt or as one of menu options in an application. The BEST control to mitigate the risk of unauthorized manipulation of data is to: A. delete the utility software and install it as and when required. B. provide access to utility on a need-to-use basis. C. provide access to utility to user management D. define access so that the utility can be only executed in menu option.
Which of the following BEST describes the early stages of an IS audit? A. Observing key organizational facilities. B. Assessing the IS environment. C. Understanding business process and environment applicable to the review. D. Reviewing prior IS audit reports.
Cisco Certifications 
