Answer / guest

Answer: A

A data security officer?s prime responsibility is
recommending and monitoring data security policies.
Promoting security awareness within the organization is one
of the responsibilities of a data security officer. But, it
is not as important as recommending and monitoring data
security policies. The IT department, not the data security
officer, is responsible for establishing procedures for IT
security policies recommended by the data security officer
and for the administration of physical and logical access
controls.

Requiring passwords to be changed on a regular basis, assigning a new one-time password when a user forgets his/hers, and requiring users not to write down their passwords are all examples of: A. audit objectives. B. audit procedures. C. controls objectives. D. control procedures.

1 Answers  

---

When an IS auditor obtains a list of current users with access to a WAN/LAN and verifies that those listed are active associates, the IS auditor is performing a: A. compliance test. B. substantive test. C. statistical sample. D. risk assessment.

1 Answers  

---

Which of the following would contribute MOST to an effective business continuity plan (BCP)? The BCP: A. document was circulated to all interested parties. B. planning involved all user departments. C. was approved by senior management. D. was audited by an external IS auditor.

1 Answers  

---

Responsibility and reporting lines cannot always be established when auditing automated systems since: A. diversified control makes ownership irrelevant. B. staff traditionally change jobs with greater frequency. C. ownership is difficult to establish where resources are shared. D. duties change frequently in the rapid development of technology.

1 Answers  

---

During which of the following phases in systems development would user acceptance test plans normally be prepared? A. Feasibility study B. Requirements definition C. Implementation planning D. Post-implementation review

1 Answers  

---

Which of the following information valuation methods is LEAST likely to be used during a security review? A. Processing cost B. Replacement cost C. Unavailability cost D. Disclosure cost

1 Answers  

---

An IS auditor should use statistical sampling and not judgmental (nonstatistical) sampling, when: A. the probability of error must be objectively quantified. B. the auditor wants to avoid sampling risk. C. generalized audit software is unavailable. D. the tolerable error rate cannot be determined.

1 Answers  

---

An organization is introducing a single sign-on (SSO) system. Under the SSO system, users will be required to enter only one user ID and password for access to all application systems. Under the SSO system, unauthorized access: A. is less likely. B. is more likely. C. will have a greater impact. D. will have a smaller impact.

1 Answers  

---

E-mail message authenticity and confidentiality is BEST achieved by signing the message using the:

1 Answers  

---

Which of the following is an objective of a control self-assessment (CSA) program? A. Concentration on areas of high risk B. Replacement of audit responsibilities C. Completion of control questionnaires D. Collaborative facilitative workshops

1 Answers  

---

Neural networks are effective in detecting fraud because they can: A. discover new trends since they are inherently linear. B. solve problems where large and general sets of training data are not obtainable. C. attack problems that require consideration of a large number of input variables. D. make assumptions about the shape of any curve relating variables to the output.

1 Answers  

---

Which of the following statements relating to packet switching networks is CORRECT? A. Packets for a given message travel the same route. B. Passwords cannot be embedded within the packet. C. Packet lengths are variable and each packet contains the same amount of information. D. The cost charged for transmission is based on packet, not distance or route traveled.

1 Answers   Karura Community Chapel,

---