An IS auditor discovers evidence of fraud perpetrated with a
manager's user id. The manager had written the password,
allocated by the system administrator, inside his/her desk
drawer. The IS auditor should conclude that the:
A. manager's assistant perpetrated the fraud.
B. perpetrator cannot be established beyond doubt.
C. fraud must have been perpetrated by the manager.
D. system administrator perpetrated the fraud.
Answer / guest
Answer: B
The password control weaknesses means that any of the other
three options could be true. Password security would
normally identify the perpetrator. In this case, it does not
establish guilt beyond doubt.
Is This Answer Correct ? | 3 Yes | 0 No |
Which of the following should be included in an organization's IS security policy? A. A list of key IT resources to be secured B. The basis for access authorization C. Identity of sensitive security features D. Relevant software security features
Which of the following is the operating system mode in which all instructions can be executed? A. Problem B. Interrupt C. Supervisor D. Standard processing
An IS auditor is performing an audit of a network operating system. Which of the following is a user feature the IS auditor should review? A. Availability of online network documentation B. Support of terminal access to remote hosts C. Handling file transfer between hosts and inter-user communications D. Performance management, audit and control
Which of the following would be a compensating control to mitigate risks resulting from an inadequate segregation of duties? A. Sequence check B. Check digit C. Source documentation retention D. Batch control reconciliations
The PRIMARY purpose of undertaking a parallel run of a new system is to: A. verify that the system provides required business functionality. B. validate the operation of the new system against its predecessor. C. resolve any errors in the program and file interfaces. D. verify that the system can process the production load.
Linux is an __________ operating system
During which of the following steps in the business process reengineering should the benchmarking team visit the benchmarking partner? A. Observation B. Planning C. Analysis D. Adaptation
Which of the following LAN physical layouts is subject to total loss if one device fails? A. Star B. Bus C. Ring D. Completely connected
Which of the following is a substantive audit test? A. Verifying that a management check has been performed regularly B. Observing that user IDs and passwords are required to sign on the computer C. Reviewing reports listing short shipments of goods received D. Reviewing an aged trial balance of accounts receivable
Which of the following reports is a measure of telecommunication transmissions and determines whether transmissions are completed accurately? A. Online monitor reports B. Downtime reports C. Help desk reports D. Response time reports
A consulting firm has created a File Transfer Protocol (FTP) site for the purpose of receiving financial data and has communicated the site's address, user ID and password to the financial services company in separate email messages. The company is to transmit its data to the FTP site after manually encrypting the data. The IS auditor's GREATEST concern with this process is that: A. the users may not remember to manually encrypt the data before transmission. B. the site credentials were sent to the financial services company via email. C. personnel at the consulting firm may obtain access to sensitive data. D. the use of a shared user ID to the FTP site does not allow for user accountability.
When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensure that: