Certified Information Systems Auditor
Question: 38
Company.com has contracted with an external consulting firm to implement a commercial financial system to replace its existing in-house developed system. In reviewing the proposed development approach, which of the following would be of GREATEST concern?
A. Acceptance testing is to be managed by users.
B. A quality plan is not part of the contracted deliverables.
C. Not all business functions will be available on initial implementation.
D. Prototyping is being used to confirm that the system meets business requirements.
Answer: B
Question: 39
In a public key infrastructure (PKI), the authority responsible for the identification and authentication of an applicant for a digital certificate (i.e., certificate subjects) is the:
A. registration authority (RA).
B. issuing certification authority (CA).
C. subject CA.
D. policy management authority.
JN0-330 JN0-330-Enhanced Services, Specialist(JNCIS-ES)
JN0-304 Juniper Networks Certified Internet Specialist (JNCIS-M)
JN0-532 Juniper Networks Certified Internet Specialist, FWV (JNCIS-FWV)
LE0-406 Certified Availability Administrator
1Z0-007 ineroduction to oracle9l:sql
1Z0-030 orcacle9i database:new features for administrators
1Z0-031 orcacle9i database:fundamentals i
1Z0-033 Oracle9i Database:Performance Tuning
1Z0-032 orcacle9l database:fundamentals ii
1Z0-035 orcacle9i dba new features for oracle7.3 and oracle9 ocps
1Z0-040 oracle database 10g:new features for adminsitrators
1Z0-043 oracle database 10g:administration ii
1Z0-042 oracle database 10g:administration i
1Z0-041 Oracle Database 10g 2 Day DBA Assessment Exam
1Z0-045 oracle database 10g:new features for oracle8i ocps
1Z0-046 Oracle Database 10g: Managing Oracle on Linux for DBAs
1Z0-047 Oracle Database SQL Expert
1Z0-048 Oracle Database 10g R2: Administering RAC
1Z0-050 Oracle Database 11g: New Features for Administrators
1Z0-051 Oracle Database: SQL Fundamentals I
1Z0-052 Oracle Database 11g: Administration I
1Z0-053 Oracle Database 11g: Administration II
1Z0-054 Oracle Database 11g: Performance Tuning
1Z0-055 Oracle Database 11g: New Features for 9i OCPs
1Z1-052 Oracle Database 11g: Administrator I
1Z1-051 Oracle Database 11g: SQL Fundamentals I
1Z1-050 Oracle Database 11g: New Features for Administrators
1Z1-047 Orcale database SQL Expert
1Z0-095 Oracle 9i and 10g OCM Course Attendance Exam
1Z0-007 ineroduction to oracle9l:sql
Answer: A
Question: 40
Which of the following is a data validation edit and control?
A. Hash totals
B. Reasonableness checks
C. Online access controls
D. Before and after image reporting
Answer: B
Question: 41
A control that detects transmission errors by appending calculated bits onto the end of each segment of data is known as a:
A. reasonableness check.
B. parity check.
C. redundancy check.
D. check digits.
Answer: C
Question: 42
What is the primary objective of a control self-assessment (CSA) program?
A. Enhancement of the audit responsibility
B. Elimination of the audit responsibility
C. Replacement of the audit responsibility
D. Integrity of the audit responsibility
Answer: A
Question: 43
IS auditors are MOST likely to perform compliance tests of internal controls if, after their initial evaluation of the controls, they conclude that control risks are within the acceptable limits. True or false?
A. True
B. False
Answer: A
Question: 44
As compared to understanding an organization’s IT process from evidence directly collected, how valuable are prior audit reports as evidence?
A. The same value.
B. Greater value.
C. Lesser value.
D. Prior audit reports are not relevant.
Answer: C
Question: 45
What is the PRIMARY purpose of audit trails?
A. To document auditing efforts
B. To correct data integrity errors
C. To establish accountability and responsibility for processed transactions
D. To prevent unauthorized access to data
Answer: C
Question: 46
How does the process of systems auditing benefit from using a risk-based approach to audit planning?
A. Controls testing starts earlier.
B. Auditing resources are allocated to the areas of highest concern.
C. Auditing risk is reduced.
D. Controls testing is more thorough.
Answer: B
Question: 47
After an IS auditor has identified threats and potential impacts, the auditor should:
A. Identify and evaluate the existing controls
B. Conduct a business impact analysis (BIA)
C. Report on existing controls
D. Propose new controls
Answer: A
Question: 48
The use of statistical sampling procedures helps minimize:
A. Detection risk
B. Business risk
C. Controls risk
D. Compliance risk
Answer: A
Question: 49
What type of risk results when an IS auditor uses an inadequate test procedure and concludes that material errors do not exist when errors actually exist?
A. Business risk
B. Detection risk
C. Residual risk
D. Inherent risk
Answer: B
Question: 50
A primary benefit derived from an organization employing control self-assessment (CSA) techniques is that it can:
A. Identify high-risk areas that might need a detailed review later
B. Reduce audit costs
C. Reduce audit time
D. Increase audit accuracy
Answer: C
Question: 51
What type of approach to the development of organizational policies is often driven by risk assessment?
A. Bottom-up
B. Top-down
C. Comprehensive
D. Integrated
Answer: B
Q&A V3.20
Related posts: