An organization has outsourced network and desktop support.
Although the relationship has been reasonably successful,
risks remain due to connectivity issues. Which of the
following controls should FIRST be performed to assure the
organization reasonably mitigates these possible risks?
A. Network defense program
B. Encryption/Authentication
C. Adequate reporting between organizations
D. Adequate definition in contractual relationship
Answers were Sorted based on User's Feedback
Answer / guest
Answer: D
The most effective and necessary control that has to be in
place first when a partnering arrangement is used is the
contract. The other answers are all good techniques used to
minimize/mitigate controls. However, these may not be
enforceable unless detailed in the contractual arrangement.
Is This Answer Correct ? | 11 Yes | 1 No |
Answer / guest
D. Adequate definition in contractual relationship
Is This Answer Correct ? | 3 Yes | 2 No |
An IS auditor, performing a review of an application?s controls, discovers a weakness in system software, which could materially impact the application. The IS auditor should: A. Disregard these control weaknesses as a system software review is beyond the scope of this review. B. Conduct a detailed system software review and report the control weaknesses. C. Include in the report a statement that the audit was limited to a review of the application?s controls. D. Review the system software controls as relevant and recommend a detailed system software review.
An organization's disaster recovery plan should address early recovery of: A. all information systems processes. B. all financial processing applications. C. only those applications designated by the IS manager. D. processing in priority order, as defined by business management.
The difference between whitebox testing and blackbox testing is that whitebox testing: A. involves the IS auditor. B. is performed by an independent programmer team. C. examines a program's internal logical structure. D. uses the bottom-up approach.
The knowledge base of an expert system that uses questionnaires to lead the user through a series of choices before a conclusion is reached is known as: A. rules. B. decision trees. C. semantic nets. D. data flow diagrams.
When a complete segregation of duties cannot be achieved in an online system environment, which of the following functions should be separated from the others? A. Origination B. Authorization C. Recording D. Correction
Information for detecting unauthorized input from a terminal would be BEST provided by the: A. console log printout. B. transaction journal. C. automated suspense file listing. D. user error report.
In a system that records all receivables for a company, the receivables are posted on a daily basis. Which of the following would ensure that receivables balances are unaltered between postings? A. Range checks B. Record counts C. Sequence checking D. Run-to-run control totals
Which of the following controls is LEAST likely to detect changes made online to master records? A. Update access to master file is restricted to a supervisor independent of data entry. B. Clerks enter updates online and are finalized by an independent supervisor. C. An edit listing of all updates is produced daily and reviewed by an independent supervisor. D. An update authorization form must be approved by an independent supervisor before entry.
The MOST likely explanation for the use of applets in an Internet application is that: A. it is sent over the network from the server. B. the server does not run the program and the output is not sent over the network. C. they improve the performance of both the web server and network. D. it is a JAVA program downloaded through the web browser and executed by the web server of the client machine.
The MAIN reason for requiring that all computer clocks across an organization be synchronized is to: A. prevent omission or duplication of transactions. B. ensure smooth data transition from client machines to servers. C. ensure that email messages have accurate time stamps. D. support the incident investigation process.
An IS auditor should use statistical sampling and not judgmental (nonstatistical) sampling, when: A. the probability of error must be objectively quantified. B. the auditor wants to avoid sampling risk. C. generalized audit software is unavailable. D. the tolerable error rate cannot be determined.
Utility programs that assemble software modules needed to execute a machine instruction application program version are: A. text editors. B. program library managers. C. linkage editors and loaders. D. debuggers and development aids.