When reviewing the IT strategic planning process, an IS auditor should ensure that the plan:
A. incorporates state of the art technology.
B. addresses the required operational controls.
C. articulates the IT mission and vision.
D. specifies project management practices.
- 1 Answers
- 2770 Views
- I also Faced
- E-Mail Answers
The correct answer is C.
A. The plan does not need to address state of the art technology; the decision to implement new technology is dependent on the approach to risk and management strategy.
B. The plan does not need to address operational controls because those are too granular for strategic planning.
C. The IT strategic plan must include a clear articulation of the IT mission and vision.
D. The plan should be implemented with proper project management, but the plan does not need to address project management practices.
Question #: 147 CISA Job Practice Task Statement: 2.1
| Is This Answer Correct ? | 6 Yes | 0 No |
IS management has decided to rewrite a legacy customer relations system using fourth-generation languages (4GLs). Which of the following risks is MOST often associated with system development using 4GLs? A. Inadequate screen/report design facilities B. Complex programming language subsets C. Lack of portability across operating systems D. Inability to perform data intensive operations
Which of the following concerns about the security of an electronic message would be addressed by digital signatures? A. Unauthorized reading B. Theft C. Unauthorized copying D. Alteration
The Primary purpose of audit trails is to
To help mitigate the effects of a denial of service attack, which mechanism can an Internet service provider (ISP) use to identify Internet protocol (IP) packets from unauthorized sources? A. Inbound traffic filtering B. Rate limiting C. Reverse address lookup D. Network performance monitoring
A programmer managed to gain access to the production library, modified a program that was then used to update a sensitive table in the payroll database and restored the original program. Which of the following methods would MOST effectively detect this type of unauthorized changes? A. Source code comparison B. Executable code comparison C. Integrated test facilities (ITF) D. Review of transaction log files
Which of the following fire suppressant systems would an IS auditor expect to find when conducting an audit of an unmanned computer center? A. Carbon dioxide B. Halon C. Dry-pipe sprinkler D. Wet-pipe sprinkler
Which of the following BEST describes an IT department?s strategic planning process? A. The IT department will have either short-range or long-range plans depending on the organization?s broader plans and objectives. B. The IT department?s strategic plan must be time and project oriented, but not so detailed as to address and help determine priorities to meet business needs. C. Long-range planning for the IT department should recognize organizational goals, technological advances and regulatory requirements. D. Short-range planning for the IT department does not need to be integrated into the short-range plans of the organization since technological advances will drive the IT department plans much quicker than organizational plans.
Which of the following statements relating to packet switching networks is CORRECT? A. Packets for a given message travel the same route. B. Passwords cannot be embedded within the packet. C. Packet lengths are variable and each packet contains the same amount of information. D. The cost charged for transmission is based on packet, not distance or route traveled.
1 Answers Karura Community Chapel,
The secure socket layer (SSL) protocol addresses the confidentiality of a message through: A. symmetric encryption. B. message authentication code. C. hash function. D. digital signature certificates.
Which of the following is a disadvantage of image processing? A. Verifies signatures B. Improves service C. Relatively inexpensive to use D. Reduces deterioration due to handling
Which of the following is a check (control) for completeness? A. Check digits B. Parity bits C. One-for-one checking D. Prerecorded input
IS auditors reviewing access control should review data classification to ensure that encryption parameters are classified as: A. sensitive. B. confidential. C. critical. D. private.
Cisco Certifications 
