Interested to Buy Any Domain ? << Click Here >> for more details...
An IS auditor, performing a review of an application?s
controls, discovers a weakness in system software, which
could materially impact the application. The IS auditor should:
A. Disregard these control weaknesses as a system software
review is beyond the scope of this review.
B. Conduct a detailed system software review and report the
control weaknesses.
C. Include in the report a statement that the audit was
limited to a review of the application?s controls.
D. Review the system software controls as relevant and
recommend a detailed system software review.
- 1 Answers
- 10259 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: D
The IS auditor is not expected to ignore control weaknesses
just because they are outside the scope of a current review.
Further, the conduct of a detailed systems software review
may hamper the audit?s schedule and the IS auditor may not
be technically competent to do such a review at this time.
If there are control weaknesses which have been discovered
by the IS auditor, they should be disclosed. By issuing a
disclaimer, this responsibility would be waived. Hence, the
appropriate option would be to review the systems software
as relevant to the review and recommend a detailed systems
software for which additional resources may be recommended.
| Is This Answer Correct ? | 13 Yes | 1 No |
An IS auditor should be able to identify and evaluate various types of risks and their potential effects. Which of the following risks is associated with authorized program exits (trap doors)? A. Inherent B. Detection C. Audit D. Error
Which of the following represents the MOST pervasive control over application development? A. IS auditors B. Standard development methodologies C. Extensive acceptance testing D. Quality assurance groups
Access rules normally are included in which of the following documentation categories? A. Technical reference documentation B. User manuals C. Functional design specifications D. System development methodology documents
The review of router access control lists should be conducted during a/an: A. environmental review. B. network security review. C. business continuity review. D. data integrity review.
Which of the following access control functions is LEAST likely to be performed by a database management system (DBMS) software package? A. User access to field data B. User sign-on at the network level C. User authentication at the program level D. User authentication at the transaction level
Which of the following is the MOST secure and economical method for connecting a private network over the Internet in a small- to medium-sized organization? A. Virtual private network B. Dedicated line C. Leased line D. Integrated services digital network
Requiring passwords to be changed on a regular basis, assigning a new one-time password when a user forgets his/hers, and requiring users not to write down their passwords are all examples of: A. audit objectives. B. audit procedures. C. controls objectives. D. control procedures.
The phases and deliverables of a systems development life cycle (SDLC) project should be determined: A. during the initial planning stages of the project. B. after early planning has been completed, but before work has begun. C. through out the work stages based on risks and exposures. D. only after all risks and exposures have been identified and the IS auditor has recommended appropriate controls.
Which of the following is the BEST way to handle obsolete magnetic tapes before disposing of them? A. Overwriting the tapes B. Initializing the tape labels C. Degaussing the tapes D. Erasing the tapes
A hub is a device that connects: A. two LANs using different protocols. B. a LAN with a WAN. C. a LAN with a metropolitan area network (MAN). D. two segments of a single LAN.
In a TCP/IP-based network, an IP address specifies a: A. network connection. B. router/gateway. C. computer in the network. D. device on the network.
IT governance ensures that an organization aligns its IT strategy with: A. Enterprise objectives. B. IT objectives. C. Audit objectives. D. Finance objectives.
Cisco Certifications 
