When reviewing an organization's logical access security,
which of the following would be of the MOST concern to an IS
auditor?
A. Passwords are not shared.
B. Password files are encrypted.
C. Redundant logon IDs are deleted.
D. The allocation of logon IDs is controlled.
Answer / guest
Answer: B
When evaluating the technical aspects of logical security,
unencrypted files represent the greatest risk. The sharing
of passwords, checking for the redundancy of logon ids, and
proper logon ID procedures are essential, but they are less
important than ensuring that the password files are encrypted.
Is This Answer Correct ? | 5 Yes | 1 No |
Which of the following is the MOST reasonable option for recovering a noncritical system? A. Warm site B. Mobile site C. Hot site D. Cold site
Which of the following is the MOST critical element of an effective disaster recovery plan (DRP)? A. Offsite storage of backup data B. Up-to-date list of key disaster recovery contacts C. Availability of a replacement data center D. Clearly defined recovery time objective (RTO)
Which of the following would an IS auditor expect to find in a console log? A. Names of system users B. Shift supervisor identification C. System errors D. Data edit errors
Which of the following types of data validation editing checks is used to determine if a field contains data, and not zeros or blanks? A. Check digit B. Existence check C. Completeness check D. Reasonableness check
To identify the value of inventory that has been kept for more than eight weeks, an IS auditor would MOST likely use: A. test data. B. statistical sampling. C. an integrated test facility. D. generalized audit software.
Which of the following is a detective control? A. Physical access controls B. Segregation of duties C. Backup procedures D. Audit trails
Which of the following is the MOST important function to be performed by IT management within an outsourced environment? A. Ensuring that invoices are paid to the provider B. Participating in systems design with the provider C. Renegotiating the provider's fees D. Monitoring the outsourcing provider's performance
Which of the following should be the FIRST step of an IS audit? A. Create a flowchart of the decision branches. B. Gain an understanding of the environment under review. C. Perform a risk assessment. D. Develop the audit plan.
An IS auditor's primary concern when application developers wish to use a copy of yesterday's production transaction file for volume tests is that: A. users may prefer to use contrived data for testing. B. unauthorized access to sensitive data may result. C. error handling and credibility checks may not be fully proven. D. full functionality of the new process is not necessarily tested.
Which of the following procedures would MOST effectively detect the loading of illegal software packages onto a network? A. The use of diskless workstations B. Periodic checking of hard drives C. The use of current antivirus software D. Policies that result in instant dismissal if violated
A primary reason for an IS auditor's involvement in the development of a new application system is to ensure that: A. adequate controls are built into the system. B. user requirements are satisfied by the system. C. sufficient hardware is available to process the system. D. data are being developed for pre-implementation testing of the system.
An IS auditor reviewing an outsourcing contract of IT facilities would expect it to define the: A. hardware configuration. B. access control software. C. ownership of intellectual property. D. application development methodology.