Interested to Buy Any Domain ? << Click Here >> for more details...
In a small organization, an employee performs computer
operations and, when the situation demands, program
modifications. Which of the following should the IS auditor
recommend?
A. Automated logging of changes to development libraries
B. Additional staff to provide separation of duties
C. Procedures that verify that only approved program changes
are implemented
D. Access controls to prevent the operator from making
program modifications
- 1 Answers
- 9213 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
While it would be preferred that strict separation of duties
be adhered to and that additional staff is recruited, as
suggested in choice B, this practice is not always possible
in small organizations. The IS auditor must look at
recommended alternative processes. Of the choices, C is the
only practical one that has an impact. The IS auditor should
recommend processes that detect changes to production source
and object code, such as code comparisons, so the changes
can be reviewed by a third party on a regular basis. This
would be a compensating control process. Choice A, involving
logging of changes to development libraries, would not
detect changes to production libraries. Choice D is in
effect requiring a third party to do the changes, which may
not be practical in a small organization.
| Is This Answer Correct ? | 2 Yes | 1 No |
A hub is a device that connects: A. two LANs using different protocols. B. a LAN with a WAN. C. a LAN with a metropolitan area network (MAN). D. two segments of a single LAN.
The IS auditor learns that when equipment was brought into the data center by a vendor, the emergency power shutoff switch was accidentally pressed and the UPS was engaged. Which of the following audit recommendations should the IS auditor suggest? A. Relocate the shut off switch. B. Install protective covers. C. Escort visitors. D. Log environmental failures.
An IS auditor should be able to identify and evaluate various types of risks and their potential effects. Which of the following risks is associated with authorized program exits (trap doors)? A. Inherent B. Detection C. Audit D. Error
Linux is an __________ operating system
An IS auditor has just completed a review of an organization that has a mainframe and a client-server environment where all production data reside. Which of the following weaknesses would be considered the MOST serious? A. The security officer also serves as the database administrator (DBA.) B. Password controls are not administered over the client/server environment. C. There is no business continuity plan for the mainframe system?s non-critical applications. D. Most LANs do not back up file server fixed disks regularly.
Applying a retention date on a file will ensure that: A. data cannot be read until the date is set. B. data will not be deleted before that date. C. backup copies are not retained after that date. D. datasets having the same name are differentiated.
A team conducting a risk analysis is having difficulty projecting the financial losses that could result from a risk. To evaluate the potential losses the team should: A. compute the amortization of the related assets. B. calculate a return on investment (ROI). C. apply a qualitative approach. D. spend the time needed to define exactly the loss amount.
Which of the following concerns associated with the World Wide Web would be addressed by a firewall? A. Unauthorized access from outside the organization B. Unauthorized access from within the organization C. A delay in Internet connectivity D. A delay in downloading using file transfer protocol (FTP)
A malicious code that changes itself with each file it infects is called a: A. logic bomb. B. stealth virus. C. trojan horse. D. polymorphic virus.
A digital signature contains a message digest to: A. show if the message has been altered after transmission. B. define the encryption algorithm. C. confirm the identity of the originator. D. enable message transmission in a digital format.
Which of the following data entry controls provides the GREATEST assurance that the data is entered correctly? A. Using key verification B. Segregating the data entry function from data entry verification C. Maintaining a log/record detailing the time, date, employee's initials/user id and progress of various data preparation and verification tasks D. Adding check digits
A request for a change to a report format in a module (subsystem) was made. After making the required changes, the programmer should carry out: A. unit testing. B. unit and module testing. C. unit, module and regression testing. D. module testing.
Cisco Certifications 
