Interested to Buy Any Domain ? << Click Here >> for more details...
When auditing a mainframe operating system, what would the
IS auditor do to establish which control features are in
operation?
A. Examine the parameters used when the system was generated
B. Discuss system parameter options with the vendor
C. Evaluate the systems documentation and installation guide
D. Consult the systems programmers
- 1 Answers
- 5818 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
The only way to establish which controls are functioning in
a current operating system is to determine what the
parameter settings were at the time the system was generated
or created (often referred to as the initial program load or
IPL). Although the findings of this exercise may well be
further evaluated by discussion with the vendor, evaluating
the documentation and consulting the systems programmers,
these actions would not, by themselves, establish specific
control features.
| Is This Answer Correct ? | 6 Yes | 1 No |
An IS auditor reviewing database controls discovered that changes to the database during normal working hours were handled through a standard set of procedures. However, changes made after normal hours required only an abbreviated number of steps. In this situation, which of the following would be considered an adequate set of compensating controls? A. Allow changes to be made only with the DBA user account. B. Make changes to the database after granting access to a normal user account C. Use the DBA user account to make changes, log the changes and review the change log the following day. D. Use the normal user account to make changes, log the changes and review the change log the following day.
An IS auditor performing an access controls review should be LEAST concerned if: A. audit trails were not enabled. B. programmers have access to the live environment. C. group logons are being used for critical functions. D. the same user can initiate transactions and also change related parameters.
Involvement of senior management is MOST important in the development of: A. strategic plans. B. IS policies. C. IS procedures. D. standards and guidelines.
Which of the following is an objective of a control self-assessment (CSA) program? A. Audit responsibility enhancement B. Problem identification C. Solution brainstorming D. Substitution for an audit
Large-scale systems development efforts: A. are not affected by the use of prototyping tools. B. can be carried out independent of other organizational practices. C. require that business requirements be defined before the project begins. D. require that project phases and deliverables be defined during the duration of the project.
Use of asymmetric encryption in an Internet e-commerce site, where there is one private key for the hosting server and the public key is widely distributed to the customers, is MOST likely to provide comfort to the: A. customer over the authenticity of the hosting organization. B. hosting organization over the authenticity of the customer. C. customer over the confidentiality of messages from the hosting organization. D. hosting organization over the confidentiality of messages passed to the customer.
The MOST effective method for limiting the damage of an attack by a software virus is: A. software controls. B. policies, standards and procedures. C. logical access controls. D. data communication standards.
A long-term IS employee with a strong technical background and broad managerial experience has applied for a vacant position in the IS audit department. Determining whether to hire this individual for this position should be based on the individual's experience and: A. the length of service since this will help ensure technical competence. B. age as training in audit techniques may be impractical. C. IS knowledge since this will bring enhanced credibility to the audit function. D. ability, as an IS auditor, to be independent of existing IS relationships.
Which of the following is the BEST form of transaction validation? A. Use of key field verification techniques in data entry B. Use of programs to check the transaction against criteria set by management C. Authorization of the transaction by supervisory personnel in an adjacent department D. Authorization of the transaction by a department supervisor prior to the batch process
Which of the following issues should be included in the business continuity plan? A. The staff required to maintain critical business functions in the short, medium and long term B. The potential for a natural disaster to occur, such as an earthquake C. Disastrous events impacting information systems processing and end-user functions D. A risk analysis that considers systems malfunctions, accidental file deletions or other failures
An enterprisewide network security architecture of public key infrastructure (PKI) would be comprised of: A. A public key cryptosystem, private key cryptosystem and digital certificate B. A public key cryptosystem, symmetric encryption and certificate authorities C. A symmetric encryption, digital certificate and kerberos authentication D. A public key cryptosystem, digital certificate and certificate authorities
The technique used to ensure security in virtual private networks (VPNs) is: A. encapsulation. B. wrapping. C. transform. D. encryption.
Cisco Certifications 
