Interested to Buy Any Domain ? << Click Here >> for more details...
Which of the following exposures associated with the
spooling of sensitive reports for offline printing would an
IS auditor consider to be the MOST serious?
A. Sensitive data can be read by operators.
B. Data can be amended without authorization.
C. Unauthorized report copies can be printed.
D. Output can be lost in the event of system failure.
- 1 Answers
- 4433 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
Unless controlled, spooling for offline printing may enable
additional copies to be printed. Print files are unlikely to
be available for online reading by operators. Data on spool
files are no easier to amend without authority than any
other file. There is usually a lesser threat of unauthorized
access to sensitive reports in the event of a system failure.
| Is This Answer Correct ? | 4 Yes | 0 No |
Responsibility and reporting lines cannot always be established when auditing automated systems since: A. diversified control makes ownership irrelevant. B. staff traditionally change jobs with greater frequency. C. ownership is difficult to establish where resources are shared. D. duties change frequently in the rapid development of technology.
The PRIMARY objective of conducting a post-implementation review is to assess whether the system A) achieved the desired objectives B) provides for backup and recovery C) provides for information security D) documentation is clear and understandable
While developing a risk-based audit program, which of the following would the IS auditor MOST likely focus on? A. Business processes B. Critical IT applications C. Corporate objectives D. Business strategies
Which of the following types of controls is designed to provide the ability to verify data and record values through the stages of application processing? A. Range checks B. Run-to-run totals C. Limit checks on calculated amounts D. Exception reports
The FIRST step in developing a business continuity plan (BCP) is to: A. classify the importance of systems. B. establish a disaster recovery strategy. C. determine the critical recovery time period. D. perform a risk ranking.
Which of the following controls would be MOST effective in ensuring that production source code and object code are synchronized? A. Release-to-release source and object comparison reports B. Library control software restricting changes to source code C. Restricted access to source code and object code D. Date and time-stamp reviews of source and object code
An IS auditor doing penetration testing during an audit of Internet connections would: A. evaluate configurations. B. examine security settings. C. ensure virus-scanning software is in use. D. use tools and techniques that are available to a hacker.
Which of the following BEST describes an IT department?s strategic planning process? A. The IT department will have either short-range or long-range plans depending on the organization?s broader plans and objectives. B. The IT department?s strategic plan must be time and project oriented, but not so detailed as to address and help determine priorities to meet business needs. C. Long-range planning for the IT department should recognize organizational goals, technological advances and regulatory requirements. D. Short-range planning for the IT department does not need to be integrated into the short-range plans of the organization since technological advances will drive the IT department plans much quicker than organizational plans.
Which of the following statements relating to packet switching networks is CORRECT? A. Packets for a given message travel the same route. B. Passwords cannot be embedded within the packet. C. Packet lengths are variable and each packet contains the same amount of information. D. The cost charged for transmission is based on packet, not distance or route traveled.
1 Answers Karura Community Chapel,
Which of the following controls would provide the GREATEST assurance of database integrity? A. Audit log procedures B. Table link/reference checks C. Query/table access time checks D. Rollback and rollforward database features
The difference between a vulnerability assessment and a penetration test is that a vulnerability assessment: A. searches and checks the infrastructure to detect vulnerabilities, whereas penetration testing intends to exploit the vulnerabilities to probe the damage that could result from the vulnerabilities. B. and penetration tests are different names for the same activity. C. is executed by automated tools, whereas penetration testing is a totally manual process. D. is executed by commercial tools, whereas penetration testing is executed by public processes.
A programmer managed to gain access to the production library, modified a program that was then used to update a sensitive table in the payroll database and restored the original program. Which of the following methods would MOST effectively detect this type of unauthorized changes? A. Source code comparison B. Executable code comparison C. Integrated test facilities (ITF) D. Review of transaction log files
Cisco Certifications 
