The document used by the top management of organizations to
delegate authority to the IS audit function is the:
A. long-term audit plan.
B. audit charter.
C. audit planning methodology.
D. steering committee minutes.
- 1 Answers
- 6561 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: B
The audit charter outlines the overall authority, scope and
responsibilities of the audit function to achieve the audit
objectives stated in it. This document serves as an
instrument for the delegation of authority to the IS audit
function. Long-term audit planning relates to those aspects
of the audit plan that are impacted by the organization?s IT
strategy and environment. Audit planning commences only
after the audit charter has been approved by the highest
level of management. The audit planning methodologies are
decided upon based on the analysis of both long- and
short-term audit issues. The steering committee minutes
should address the approval of the audit charter but is not
the driver that delegates authority.
| Is This Answer Correct ? | 3 Yes | 0 No |
In the ISO/OSI model, which of the following protocols is the FIRST to establish security for the user application? A. Session layer. B. Transport layer C. Network layer D. Presentation layer
Applying a retention date on a file will ensure that: A. data cannot be read until the date is set. B. data will not be deleted before that date. C. backup copies are not retained after that date. D. datasets having the same name are differentiated.
Which of the following controls would be the MOST comprehensive in a remote access network with multiple and diverse subsystems? A. Proxy server B. Firewall installation C. Network administrator D. Password implementation and administration
Which of the following is the MOST critical for the successful implementation and maintenance of a security policy? A. Assimilation of the framework and intent of a written security policy by all appropriate parties B. Management support and approval for the implementation and maintenance of a security policy C. Enforcement of security rules by providing punitive actions for any violation of security rules D. Stringent implementation, monitoring and enforcing of rules by the security officer through access control software
Where adequate segregation of duties between operations and programming are not achievable, the IS auditor should look for: A. compensating controls. B. administrative controls. C. corrective controls. D. access controls.
In a small organization, where segregation of duties is not practical, an employee performs the function of computer operator and application programmer. Which of the following controls should the IS auditor recommend? A. Automated logging of changes to development libraries B. Additional staff to provide segregation of duties C. Procedures that verify that only approved program changes are implemented D. Access controls to prevent the operator from making program modifications
E-mail message authenticity and confidentiality is BEST achieved by signing the message using the: A. sender's private key and encrypting the message using the receiver's public key. B. sender's public key and encrypting the message using the receiver's private key. C. the receiver's private key and encrypting the message using the sender's public key. D. the receiver's public key and encrypting the message using the sender's private key.
Which of the following steps would an IS auditor normally perform FIRST in a data center security review? A. Evaluate physical access test results. B. Determine the risks/threats to the data center site. C. Review business continuity procedures. D. Test for evidence of physical access at suspect locations.
In a data warehouse, data quality is achieved by: A. cleansing. B. restructuring. C. source data credibility. D. transformation.
Which of the following should be of MOST concern to an IS auditor? A. Lack of reporting of a successful attack on the network B. Failure to notify police of an attempted intrusion C. Lack of periodic examination of access rights D. Lack of notification to the public of an intrusion
Which of the following audit procedures would MOST likely be used in an audit of a systems development project? A. Develop test transactions B. Use code comparison utilities C. Develop audit software programs D. Review functional requirements documentation
Which of the following data validation edits is effective in detecting transposition and transcription errors? A. Range check B. Check digit C. Validity check D. Duplicate check
Cisco Certifications 
