Interested to Buy Any Domain ? << Click Here >> for more details...
To meet pre-defined criteria, which of the following
continuous audit techniques would BEST identify transactions
to audit?
A. Systems Control Audit Review File and Embedded Audit
Modules (SCARF/EAM)
B. Continuous and Intermittent Simulation (CIS)
C. Integrated Test Facilities (ITF)
D. Audit hooks
- 2 Answers
- 9080 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / guest
Answer: B
Continuous and Intermittent Simulation (CIS) is a moderately
complex set of programs that during a process run of a
transaction, simulates the instruction execution of its
application. As each transaction is entered, the simulator
decides whether the transaction meets certain predetermined
criteria and if so, audits the transaction. If not, the
simulator waits until it encounters the next transaction
that meets the criteria. Audits hooks which are of low
complexity focus on specific conditions instead of detailed
criteria in identifying transactions for review. ITF is
incorrect because its focus is on test versus live data. And
SCARF/EAM focus is on controls versus data.
| Is This Answer Correct ? | 6 Yes | 3 No |
Answer / antoine
B. Continuous and Intermittent Simulation (CIS)
| Is This Answer Correct ? | 4 Yes | 2 No |
Which of the following is a strength of a client-server security system? A. Change control and change management procedures are inherently strong. B. Users can manipulate data without controlling resources on the mainframe. C. Network components seldom become obsolete. D. Access to confidential data or data manipulation is controlled tightly.
A programmer included a routine into a payroll application to search for his/her own payroll number. As a result, if this payroll number does not appear during the payroll run, a routine will generate and place random numbers onto every paycheck. This routine is known as: A. scavenging. B. data leakage. C. piggybacking. D. a trojan horse.
Of the following who is MOST likely to be responsible for network security operations? A. Users B. Security administrators C. Line managers D. Security officers
Which of the following would be included in an IS strategic plan?
Peer reviews to detect software errors during a program development activity are called: A. emulation techniques. B. structured walk-throughs. C. modular program techniques. D. top-down program construction.
An internal audit department, that organizationally reports exclusively to the chief financial officer (CFO) rather than to an audit committee, is MOST likely to: A. have its audit independence questioned. B. report more business-oriented and relevant findings. C. enhance the implementation of the auditor's recommendations. D. result in more effective action being taken on the recommendations.
Programs that can run independently and travel from machine to machine across network connections, with the ability to destroy data or utilize tremendous computer and communication resources, are referred to as: A. trojan horses. B. viruses. C. worms. D. logic bombs.
Which of the following would contribute MOST to an effective business continuity plan (BCP)? The BCP: A. document was circulated to all interested parties. B. planning involved all user departments. C. was approved by senior management. D. was audited by an external IS auditor.
An organization wants to enforce data integrity principles and achieve faster performance/execution in a database application. Which of the following design principles should be applied? A. User (customized) triggers B. Data validation at the front end C. Data validation at the back end D. Referential integrity
Antivirus software should be used as a: A. detective control. B. preventive control. C. corrective control. D. compensating control.
The responsibilities of a disaster recovery relocation team include: A. obtaining, packaging and shipping media and records to the recovery facilities, as well as establishing and overseeing an offsite storage schedule. B. locating a recovery site if one has not been predetermined and coordinating the transport of company employees to the recovery site. C. managing the relocation project and conducting a more detailed assessment of the damage to the facilities and equipment. D. coordinating the process of moving from the hot site to a new location or to the restored original location.
An IS auditor involved as a team member in the detailed system design phase of a system under development would be MOST concerned with: A. internal control procedures. B. user acceptance test schedules. C. adequacy of the user training program. D. clerical processes for resubmission of rejected items.
Cisco Certifications 
