When assessing the portability of a database application,
the IS auditor should verify that:
A. a structured query language (SQL) is used.
B. information import and export procedures with other
systems exist.
C. indexes are used.
D. all entities have a significant name and identified
primary and foreign keys.
Answer / guest
Answer: A
The use of a structured query language (SQL) is a key
element for database portability. Import and export of
information with other systems is an objective of a database
interfaces review. The use of an index is an objective of a
database access review, and the fact that all entities have
a significant name and identified primary and foreign keys
is an objective of a database design review.
Is This Answer Correct ? | 2 Yes | 0 No |
The objective of IT governance is to ensure that the IT strategy is aligned with the objectives of (the): A. enterprise. B. IT. C. audit. D. finance.
Which of the following audit procedures would an IS auditor normally perform FIRST when reviewing an organization's systems development methodology? A. Determine procedural adequacy. B. Analyze procedural effectiveness. C. Evaluate level of compliance with procedures. D. Compare established standards to observed procedures.
The difference between whitebox testing and blackbox testing is that whitebox testing: A. involves the IS auditor. B. is performed by an independent programmer team. C. examines a program's internal logical structure. D. uses the bottom-up approach.
A data warehouse is: A. object orientated. B. subject orientated. C. departmental specific. D. a volatile databases.
A data administrator is responsible for: A. maintaining database system software. B. defining data elements, data names and their relationship. C. developing physical database structures. D. developing data dictionary system software.
An organization is developing a new business system. Which of the following will provide the MOST assurance that the system provides the required functionality? A. Unit testing B. Regression testing C. Acceptance testing D. Integration testing
An IS auditor reviewing an organization's IS disaster recovery plan should verify that it is: A. tested every 6 months. B. regularly reviewed and updated. C. approved by the chief executive officer (CEO). D. communicated to every departmental head in the organization.
The MAJOR concern for an IS auditor when reviewing an organization's business process reengineering (BRP) efforts is: A. cost overrun of the project. B. employees resistance to change. C. key controls may be removed from a business process. D. lack of documentation of new processes.
Which of the following encrypt/decrypt steps provides the GREATEST assurance in achieving confidentiality, message integrity and nonrepudiation by either sender or recipient? A. The recipient uses his/her private key to decrypt the secret key. B. The encrypted pre-hash code and the message are encrypted using a secret key. C. The encrypted pre-hash code is derived mathematically from the message to be sent. D. The recipient uses the sender's public key, verified with a certificate authority, to decrypt the pre-hash code.
The reliability of an application system's audit trail may be questionable if: A. user IDs are recorded in the audit trail. B. the security administrator has read-only rights to the audit file. C. date time stamps record when an action occurs. D. users can amend audit trail records when correcting system errors.
Which of the following BEST describes the objectives of following a standard system development methodology? A. To ensure that appropriate staffing is assigned and to provide a method of controlling costs and schedules B. To provide a method of controlling costs and schedules and to ensure communication among users, IS auditors, management and IS personnel C. To provide a method of controlling costs and schedules and an effective means of auditing project development D. To ensure communication among users, IS auditors, management and personnel and to ensure that appropriate staffing is assigned
Which of the following activities should the business continuity manager perform FIRST after the replacement of hardware at the primary information processing facility? A. Verify compatibility with the hot site. B. Review the implementation report. C. Perform a walk-through of the DRP. D. Update the IS assets inventory.