Question { 13453 }

A malicious code that changes itself with each file it
infects is called a:

A. logic bomb.

B. stealth virus.

C. trojan horse.

D. polymorphic virus.

Answer

Question { 11133 }

A company has contracted with an external consulting firm to
implement a commercial financial system to replace its
existing in-house developed system. In reviewing the
proposed development approach, which of the following would
be of GREATEST concern?

A. Acceptance testing is to be managed by users.

B. A quality plan is not part of the contracted deliverables.

C. Not all business functions will be available on initial
implementation.

D. Prototyping is being used to confirm that the system
meets business requirements.

Answer

Question { 4534 }

A company performs full backup of data and programs on a
regular basis. The primary purpose of this practice is to:

A. maintain data integrity in the applications.

B. restore application processing after a disruption.

C. prevent unauthorized changes to programs and data.

D. ensure recovery of data processing in case of a disaster.

Answer

Question { 8488 }

Data edits are an example of:

A. preventive controls.

B. detective controls.

C. corrective controls.

D. compensating controls.

Answer

Question { 3939 }

When an organization's network is connected to an external
network in an Internet client-server model not under that
organization's control, security becomes a concern. In
providing adequate security in this environment, which of
the following assurance levels is LEAST important?

A. Server and client authentication

B. Data integrity

C. Data recovery

D. Data confidentiality

Answer

Question { 5191 }

A data warehouse is:

A. object orientated.

B. subject orientated.

C. departmental specific.

D. a volatile databases.

Answer

Question { 6760 }

The responsibility for designing, implementing and
maintaining a system of internal control lies with:

A. the IS auditor.

B. management.

C. the external auditor.

D. the programming staff.

Answer

Question { 3726 }

Which of the following would be the LEAST helpful in
restoring service from an incident currently underway?

A. Developing a database repository of past incidents and
actions to facilitate future corrective actions

B. Declaring the incident, which not only helps to carry out
corrective measures, but also improves the awareness level

C. Developing a detailed operations plan that outlines
specific actions to be taken to recover from an incident

D. Establishing multidisciplinary teams consisting of
executive management, security staff, information systems
staff, legal counsel, public relations, etc., to carry out
the response.

Answer

Question { 3990 }

Which of the following concerns associated with the World
Wide Web would be addressed by a firewall?

A. Unauthorized access from outside the organization

B. Unauthorized access from within the organization

C. A delay in Internet connectivity

D. A delay in downloading using file transfer protocol (FTP)

Answer

Question { 5178 }

If a database is restored using before-image dumps, where
should the process be restarted following an interruption?

A. Before the last transaction

B. After the last transaction

C. The first transaction after the latest checkpoint

D. The last transaction before the latest checkpoint

Answer

Question { 8060 }

The PRIMARY objective of a business continuity and disaster
recovery plan should be to:

A. safeguard critical IS assets.

B. provide for continuity of operations.

C. minimize the loss to an organization.

D. protect human life.

Answer

Question { 7125 }

Once an organization has finished the business process
reengineering (BPR) of all its critical operations, the IS
auditor would MOST likely focus on a review of:

A. pre-BPR process flowcharts.

B. post-BPR process flowcharts.

C. BPR project plans.

D. continuous improvement and monitoring plans.

Answer

Question { 5478 }

Utilizing audit software to compare the object code of two
programs is an audit technique used to test program:

A. logic.

B. changes.

C. efficiency.

D. computations.

Answer

Question { 4631 }

Which of the following testing methods is MOST effective
during the initial phases of prototyping?

A. System

B. Parallel

C. Volume

D. Top-down

Answer

Question { 6714 }

A request for a change to a report format in a module
(subsystem) was made. After making the required changes, the
programmer should carry out:

A. unit testing.

B. unit and module testing.

C. unit, module and regression testing.

D. module testing.

Answer