Main Questions Flashcards
Above almost all other concerns, what often results in the greatest negative impact on the implementation of new application software?
A. Failing to perform user acceptance testing
B. Lack of user training for the new system
C. Lack of software documentation and run manuals
D. Insufficient unit, module, and systems testing
A. Failure to perform user acceptance testing.
An advantage of a continuous audit approach is that it can improve system security when
used in time-sharing environments that process a large number of transactions. True or false?
A. True
B. False
A. True.
After an IS auditor has identified threats and potential impacts, the auditor should:
A. Identify and evaluate the existing controls
B. Conduct a business impact analysis (BIA)
C. Report on existing controls
D. Propose new controls
A. Identify and evaluate the exisiting controls.
After identifying potential security vulnerabilities, what should be the IS auditor’s next step?
A. To evaluate potential countermeasures and compensatory controls
B. To implement effective countermeasures and compensatory controls
C. To perform a business impact analysis of the threats that would exploit the
vulnerabilities
D. To immediately advise senior management of the findings
C. To perform a business impact analysis of the threats that would exploit the vulnerablitiies.
Allowing application programmers to directly patch or change code in production programs increases risk of fraud. True or false?
A. True
B. False
A. True
Although BCP and DRP are often implemented and tested by middle management and end
users, the ultimate responsibility and accountability for the plans remain with executive management, such as the _______________. (fill-in-the-blank)
A. Security administrator
B. Systems auditor
C. Board of directors
D. Financial auditor
C. Board of directors
Any changes in systems assets, such as replacement of hardware, should be immediately recorded within the assets inventory of which of the following? Choose the BEST answer.
A. IT strategic plan
B. Business continuity plan
C. Business impact analysis
D. Incident response plan
B. Business continuity plan
As compared to understanding an organization’s IT process from evidence directly collected, how valuable are prior audit reports as evidence?
A. The same value.
B. Greater value.
C. Lesser value.
D. Prior audit reports are not relevant.
C. Lesser Value
Atomicity enforces data integrity by ensuring that a transaction is either completed in its entirely or not at all. Atomicity is part of the ACID test reference for transaction processing. True or false?
A. True
B. False
A. True
Authentication techniques for sending and receiving data between EDI systems is crucial to prevent which of the following? Choose the BEST answer.
A. Unsynchronized transactions
B. Unauthorized transactions
C. Inaccurate transactions
D. Incomplete transactions
B. Unauthorized transactions.