Answer / guest

Answer: D

The most effective and necessary control that has to be in
place first when a partnering arrangement is used is the
contract. The other answers are all good techniques used to
minimize/mitigate controls. However, these may not be
enforceable unless detailed in the contractual arrangement.

Answer / guest

D. Adequate definition in contractual relationship

Answer / guest

Network defense program

An IS auditor is performing an audit of a network operating system. Which of the following is a user feature the IS auditor should review? A. Availability of online network documentation B. Support of terminal access to remote hosts C. Handling file transfer between hosts and inter-user communications D. Performance management, audit and control

1 Answers  

---

The feature of a digital signature that ensures the sender cannot later deny generating and sending the message is: A. data integrity. B. authentication. C. nonrepudiation. D. replay protection.

1 Answers  

---

In a risk-based audit approach, an IS auditor, in addition to risk, would be influenced by: A. the availability of CAATs. B. management's representation. C. organizational structure and job responsibilities. D. the existence of internal and operational controls

2 Answers  

---

Which of the following can consume valuable network bandwidth? A. Trojan horses B. Trap doors C. Worms D. Vaccines

1 Answers  

---

A number of system failures are occurring when corrections to previously detected errors are resubmitted for acceptance testing. This would indicate that the maintenance team is probably not adequately performing which of the following types of testing? A. Unit testing B. Integration testing C. Design walk-throughs D. Configuration management

1 Answers  

---

An IS auditor should be involved in: A. observing tests of the disaster recovery plan. B. developing the disaster recovery plan. C. maintaining the disaster recovery plan. D. reviewing the disaster recovery requirements of supplier contracts.

1 Answers  

---

An IS auditor performing an independent classification of systems should consider a situation where functions could be performed manually at a tolerable cost for an extended period of time as: A. critical. B. vital. C. sensitive. D. noncritical.

1 Answers  

---

The management of an organization has decided to establish a security awareness program. Which of the following would MOST likely be a part of the program? A. Utilization of an intrusion detection system to report incidents. B. Mandating the use of passwords to access all software. C. Installing an efficient user log system to track the actions of each user D. Provide training on a regular basis to all current and new employees.

1 Answers  

---

An integrated test facility is considered a useful audit tool because it: A. is a cost-efficient approach to auditing application controls. B. enables the financial and IS auditors to integrate their audit tests. C. compares processing output with independently calculated data. D. provides the IS auditor with a tool to analyze a large range of information.

2 Answers  

---

An IS auditor auditing hardware monitoring procedures should review A. system availability reports. B. cost-benefit reports. C. response time reports. D. database utilization reports.

1 Answers  

---

An organization having a number of offices across a wide geographical area has developed a disaster recovery plan (DRP). Using actual resources, which of the following is the MOST cost-effective test of the DRP? A. Full operational test B. Preparedness test C. Paper test D. Regression test

2 Answers  

---

An IS auditor evaluating data integrity in a transaction driven system environment should review atomicity, to determine whether: A. the database survives failures (hardware or software). B. each transaction is separated from other transactions. C. integrity conditions are maintained. D. a transaction is completed or not, or a database is updated or not.

1 Answers  

---