Interested to Buy Any Domain ? << Click Here >> for more details...
The role of IT auditor in complying with the Management
Assessment of Internal Controls (Section 404 of the
Sarbanes-Oxley Act) is:
A. planning internal controls
B. documenting internal controls
C. designing internal controls
D. implementing internal controls
- 1 Answers
- 5260 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
Choice (B) is the correct answer. The role of the IT auditor
is to document, understand, and test the internal controls
in computer systems. Planning, designing, and implementing
internal controls is part of operating management's
responsibility. This responsibility does not change whether
complying with Sarbanes-Oxley Act or not. Compliance efforts
are ongoing and include documenting internal controls on a
quarterly basis. Organizations need to identify and document
all electronic and manual processes related to the financial
reporting process.
| Is This Answer Correct ? | 7 Yes | 0 No |
Which of the following hardware devices relieves the central computer from performing network control, format conversion and message handling tasks? A. Spool B. Cluster controller C. Protocol converter D. Front end processor
Which of the following provides the GREATEST assurance of message authenticity? A. The pre-hash code is derived mathematically from the message being sent. B. The pre-hash code is encrypted using the sender's private key. C. Encryption of the pre-hash code and the message using the secret key. D. Sender attains the recipient's public key and verifies the authenticity of its digital certificate with a certificate authority.
An enterprisewide network security architecture of public key infrastructure (PKI) would be comprised of: A. A public key cryptosystem, private key cryptosystem and digital certificate B. A public key cryptosystem, symmetric encryption and certificate authorities C. A symmetric encryption, digital certificate and kerberos authentication D. A public key cryptosystem, digital certificate and certificate authorities
Many IT projects experience problems because the development time and/or resource requirements are underestimated. Which of the following techniques would provide the GREATEST assistance in developing an estimate of project duration? A. Function point analysis B. PERT chart C. Rapid application development D. Object-oriented system development
When reviewing a system development project at the project initiation stage, an IS auditor finds that the project team is following the organization's quality manual. To meet critical deadlines the project team proposes to fast track the validation and verification processes, commencing some elements before the previous deliverable is signed off. Under these circumstances, the IS auditor would MOST likely: A. report this as a critical finding to senior management. B. accept that different quality processes can be adopted for each project. C. report to IS management the team's failure to follow quality procedures. D. report the risks associated with fast tracking to the project steering committee.
A primary benefit derived from an organization employing control self-assessment (CSA) techniques is that it:
Disaster recovery planning addresses the: A. technological aspect of business continuity planning. B. operational piece of business continuity planning. C. functional aspect of business continuity planning. D. overall coordination of business continuity planning.
A validation which ensures that input data are matched to predetermined reasonable limits or occurrence rates, is known as: A. Reasonableness check. B. Validity check. C. Existence check. D. Limit check.
Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost-effectively obtain evidence about the plan's effectiveness? A. Paper test B. Post test C. Preparedness test D. Walk-through
An organization provides information to its supply-chain partners and customers through an extranet infrastructure. Which of the following should be the GREATEST concern to an IS auditor reviewing the firewall security architecture? A. A secure socket layer (SSL) has been implemented for user authentication and remote administration of the firewall. B. On the basis of changing requirements, firewall policies are updated. C. Inbound traffic is blocked unless the traffic type and connections have been specifically permitted. D. The firewall is placed on top of the commercial operating system with all installation options.
Connection-oriented protocols in the TCP/IP suite are implemented in the: A. transport layer. B. application layer. C. physical layer. D. network layer.
Which of the following would be the LEAST important aspect of a business continuity plan? A. Redundant facilities B. Relocation procedures C. Adequate insurance coverage D. Current and available business continuity manual
Cisco Certifications 
