New Semester
Started
Get
50% OFF
Study Help!
--h --m --s
Claim Now
Question Answers
Textbooks
Find textbooks, questions and answers
Oops, something went wrong!
Change your search query and then try again
S
Books
FREE
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Tutors
Online Tutors
Find a Tutor
Hire a Tutor
Become a Tutor
AI Tutor
AI Study Planner
NEW
Sell Books
Search
Search
Sign In
Register
study help
business
fraud examination
The Complete Guide For Cisa Examination Preparation 1st Edition Richard E. Cascarino - Solutions
Robust approaches to logical information security include the use of all of the following except:a) Use of biometrics.b) One-time passwords.c) Compartmentalization of accesses and privileges.d) Hardening of operating systems.
Hacker threats in the cloud environment can arise in any cloud service except:a) SaaS.b) QaaS.c) DaaS.d) IaaS.
Known password weaknesses include:a) No password required.b) Poor change control.c) Poor personnel policies.d) All of the above.
In order to function effectively, EDI requires all of the following except:a) A standard format of a common language used between trading partners.b) Symmetrical encryption.c) Translation software performing file conversions to and from standard formats.d) A data communication link.
Corruption of data within an e-commerce system could result in:a) Destruction of the audit trail.b) Loss of confidentiality.c) Disclosure of cost structures.d) Disclosure of conditions and services offered to other customers.
Anticipated benefits of EDI include:a) Improved control of data.b) Decreased administrative costs.c) All of the above.d) None of the above.
For e-commerce to be successful, information must be available to other participants in the trading community. This can put information at risk including all of the following except:a) Cost structures.b) Individuals’ private information.c) Information on discounts offered.d) Products and services
Benefits of successful E-commerce implementation include all of the following except:a) Reduced transaction costs and greater productivity.b) Service availability 24 hours a day, 7 days a week.c) Reduced transportation costs.d) Opportunities for local business to grow and compete in the global
Fraud within e-commerce may involve:a) Invalid contracts.b) Suppliers not being paid for goods and services delivered.c) Agencies not receiving services/goods already paid for.d) All of the above.
In EDI contracts, terms and conditions typically include all of the following except:a) Quality of goods to be supplied.b) Which laws will govern.c) When is a contract ‘received’.d) What is the definition of a signature.
In terms of risk management, risks are usually divided into:a) Those risks that are appropriate to control.b) Those risks that cannot be avoided and must be accepted.c) Those risks which remain unacceptable and can be transferred to third parties.d) All of the above.
Typical external attacks on Computer Systems may include all of the following except:a) Outside penetration of secured systems.b) Insider financial fraud.c) Data Network sabotage.d) Denial of service attacks.
Where unauthorized access to an organization’s Computer Systems has resulted in a breach of privacy legislation, civil or criminal action against the organization can involve:a) Fines.b) Penalties.c) Consequential damages.d) All of the above.
Risks specific to portable computers include all of the following except:a) Accidental damage in transit.b) Ease of theft.c) Unauthorized access.d) Lost in transit.
Insurance can be sought for all of the following except:a) Maintenance costs.b) Mechanical breakdown.c) Fraud and dishonesty.d) Civil unrest.
Should disruption occur, the consequences could include any or all of the following except:a) Increased efficiency.b) Loss of revenues.c) Incurred costs.d) Loss of discounts.
In satisfying himself that the contingency plan will be kept up to date and appropriate, the auditor will typically ensure all of the following except:a) The master plan is kept secure.b) Executive management is involved in the maintenance of the plan.c) Distributed copies of kept up to date and
In conducting an audit of the contingency plan, the auditor will seek evidence of all of the following except:a) The adequacy of the plan.b) The effectiveness of the implementation of the plan.c) The input of Audit in developing the plan.d) The existence of a mechanism for keeping the plan up to
A ‘hot’ site is seen to be one in which instant availability exists for all of the following except:a) Hardware.b) Communications capability.c) Systems software.d) Current data.
The business continuity plan will require elements addressing the organizational risks and will typically include sections on all of the following except:a) Contracting with vendors.b) Email.c) Fire.d) Acceptable use.
Threats which could trigger the use of the disaster recovery plan include:a) Industrial action.b) Viruses.c) Terrorism.d) All of the above.
A commonly omitted consideration in the development of a recovery plan is a provision of alternatives for:a) Hardware.b) Communications.c) Stationery supplies.d) Air conditioning.
In classifying systems recovery by degrees of priority, priorities may include all of the following except:a) Importance to the Board of Directors.b) Alternative service level required.c) Business lost rating.d) Maximum tolerable downtime.
Where a disaster would result in conspicuous interruption of IT Services, potentially result in loss of business, disaster preparedness would typically be classified as:a) Poor.b) Weak.c) Adequate.d) Good.
Physical security encompasses control measures to mitigate the risks of natural events including all of the following except:a) Flood.b) Earthquake.c) Fire.d) Tsunami.
Controls over physical access may include all of the following except:a) Fences and walls.b) Encryption.c) Locks on doors.d) Formal identification cards.
Shredders may be used to ensure confidential scrap is not made available to unauthorized sources including the shredding of:a) DVDs.b) Microfiche.c) Paper.d) All of the above.
Physical risks include all of the following except:a) Unauthorized use of passwords.b) Theft of equipment.c) Loss of data confidentiality.d) Destruction of hardware.
For fire to catch hold it requires a plentiful supply of:a) Oxygen.b) Heat.c) Fuel source.d) All of the above.
Structural collapse of office buildings containing Computer Centers can be caused by:a) Earth tremors.b) Poorly built structures.c) Impacts at ground level.d) All of the above.
Common risks organizations may face from failures of Network Security include all except:a) Loss of staff.b) Loss of reputation.c) Loss of confidentiality.d) System unavailability.
Network areas containing information resources which are open to a restricted number of authorized users who are identified and authenticated would be seen as:a) Untrusted zones.b) Trusted zones.c) Semi-trusted zones.d) Hostile zones.
Networks are genetically seen as vulnerable in the area of:a) The interception of data.b) Unauthorized access.c) Availability of communications.d) All of the above.
The distribution of functionality in client-server systems causes the vulnerability of the systems to viruses, fraud, and misuse to:a) Decrease.b) Increase.c) Double.d) Stay the same.
A firewall provides an organization with:a) A mechanism for implementing and enforcing network access security policies.b) A transformation of directive of discretionary controls into preventative controls.c) Control over access to and from a given network.d) All of the above.
A digital signature uses similar technology to:a) Symmetric encryption.b) MACing.c) Asymmetric encryption.d) None of the above.
Client server is an architecture in which the functionality and processing of a system are split between:a) The client workstation and a database server.b) The client workstation and a mainframe.c) The client workstation and the internet.d) The client workstation and the rest of the network.
In auditing that computing operational environment, the auditor can still look for normal controls such as:a) Segregation duties.b) Organization work.c) Appropriate supervision.d) All of the above.
Common operating environment security parameters include all of the following except:a) Password rules.b) The event logging parameters.c) Encryption.d) Login time restrictions.
Systems specifically designed as Security Software include all except:a) LIBRARIAN.b) RACF.c) Top Secret.d) ACF2.
Top Secrets nodes include all of the following except:a) Dormant.b) Abort.c) Warn.d) Fail.
Passwords should be all of the following except:a) Hard to guess.b) Easy to remember.c) Written down.d) Frequently changed.
The scope of Computer Security includes all of the following except:a) Systems software security.b) Telecommunications availability.c) Vital records retention.d) IS insurance.
The integrity of transmitted messages can be assisted by all of the following except:a) Steganography.b) Message if integration codes.c) Public key cryptography.d) Double public key cryptography.
Encryption does not prevent:a) Message destruction.b) Message inaccuracy.c) Lack of timeliness of message delivery.d) All of the above.
The business impact of a failure of Computer Security may include:a) Authorized employees proving to be risk agents.b) Computer facilities may be subject to damage by disgruntled employees.c) Accounting and financial records may be falsified.d) All of the above.
Data integrity being undermined by inadequacy some security is an example of:a) A technical concern.b) A business concern.c) Both the technical and business concern.d) Neither a technical nor a business concern.
Computer Security myths include:a) Computer Security is a technical problem.b) Computer Security is the responsibility of all the employees.c) Computer Security cannot be attained.d) Computer Security takes considerable corporate effort and resources.
An adequate security architecture would include elements of:a) Workstation security.b) Encryption.c) Segregation of duties.d) All of the above.
Evaluating systems availability includes evaluating all of the following except:a) System resilience.b) Ability to withstand security breaches.c) Cost of system non-availability.d) Ease of system recovery.
Changes within the service center can be:a) Triggered by failure of infrastructure.b) Triggered by the desire to maintain infrastructure.c) Hardware-based only.d) Software-based only.
Service center problems commonly occur when:a) Changes are not regularly made.b) System components are upgraded.c) Failure occurs only in a single component.d) Versions of operating systems never change.
Service Level Agreements are the formal document specifying:a) The performance criteria.b) Security levels agreed.c) Cost structures to be applied in delivery of service.d) All of the above.
Cost aspects within the Service Center include:a) Cost of quality.b) Appraisal costs.c) Internal failure costs.d) All of the above.
Continuous monitoring would normally be used to ensure all of the following except:a) No system offers full access permissions to anonymous Logins.b) Online availability is appropriately maintained.c) No changes are made to individuals authorized to have specific levels of access into live
Conducting a security review in today’s environment is a complex operation involving all of the following except:a) The SDLC.b) Firewall rules.c) Server privilege settings.d) Authentication procedures.
In reviewing the IT infrastructure, the IT auditor would review all of the following aspects except:a) Corporate technology standards.b) User access controls.c) Overall IT architecture governance.d) IT infrastructure investment management.
Network components include all of the following except:a) Communications equipment.b) Services rendered to provide networks.c) Utility software.d) Network-related software.
Key controls around the risks inherent in the changing of the IT infrastructure due to ongoing development or maintenance would include:a) Employment of only IT continuity plans in order to ensure that critical operations continue to be available during any period of disruption.b) Implementation of
Effective configuration management requires knowledge of all of the following except:a) Location and identification of all components.b) Status and release levels of all software.c) Accuracy and completeness of all component information.d) Proper authorization procedures for acquisition.
In the absence of continuous auditing, the auditor can still gain satisfaction as to the adequacy of controls over the infrastructure by ensuring that management:a) Enforces the use of standardized administrator passwords.b) Maintains an activity audit trail with real-time monitoring.c) Bans all
Characteristics of good systems include all of the following attributes except:a) Relevance.b) Simplicity.c) Frequency.d) Timeliness.
Common problems the auditor will encounter in running CAATs include all of the following except:a) Getting the wrong files.b) Getting the wrong layout.c) Documentation is out of date.d) Working with printouts.
Appropriate controls over processing may include:a) Data validation.b) Activity logging.c) Document scanning.d) Programmed balancing.
Appropriate controls over inputs may include:a) Data validation.b) Control totals.c) Programmed balancing.d) Restricted access.
Input control objectives at the input stage would include all of the following except:a) All transactions are initially and completely recorded.b) All transactions are completely and accurately entered into the system.c) All rejected transactions are reported, corrected, and re-input.d) All
Processing the auditor’s transactions along with live data to transact against a dummy department is a technique known as:a) Test data.b) Integrated test facility.c) Source code review.d) Snapshot technique.
A technique used to determine the accuracy and completeness of processing by reprocessing live data through a program which is not the live program is an audit technique known as:a) Parallel simulation.b) Integrated test facility.c) Test data.d) Snapshot technique.
The technique of taking a known transaction and following through the processing cycle in order to check the processing logic of a program is a technique known as:a) Sampling.b) Integrated test facility.c) Test data.d) Snapshot technique.
One of the common problems in using source code review is:a) The difficulty of ensuring that the program reviewed is the live program.b) The auditor may be biased in the selection of the coding to be reviewed.c) The live system may be corrupted.d) Disclosure of data may occur.
Data conversion and acquisition must ensure:a) Programs to convert data from old systems have been developed appropriately.b) Valid date has been converted accurately and completely.c) Conversion routines have been fully tested.d) All data has been re-loaded from scratch.
Where an in-house developed solution is decided upon, the feasibility study should include sections on:a) Analysis of the costs and benefits associated with each alternative.b) Operational, security, and control risks associated with each alternative together with the control structures considered
Included within the feasibility study should be a section on:a) The use of the ‘waterfall’ methodology for the SDLC.b) The availability of resources to carry out the appropriate development or implementation.c) The detailed system specification.d) The access controls required for the new system.
In order that ongoing monitoring and project control can be effected, budgets must be complete and structured in detail for:a) Management.b) Hardware.c) Cost.d) Planning.
Where an in-house developed solution is decided upon, the feasibility study should include sections on:a) Overview of the proposed system in business functionality terms.b) Technological alternatives considered together with the cost benefit analysis of each.c) Analysis of the alternative courses
Factors to be considered in conducting a feasibility study include:a) The programming language the new system.b) The likelihood of successful implementation.c) The extent of documentation required.d) The number of sites running a package.
The typical structure of a feasibility study would normally include:a) The service delivery requirements and impacts on existing IT processing as well as other user functional areas.b) Business disruptions anticipated as a result of the development, conversion, and implementation process including
Where inadequate details have been included regarding the planning, control, and project management of the system, the auditor must:a) Draw this to management’s attention.b) Report this in an interim report.c) Report this in the final report.d) All of the above.
A finding of the feasibility study not to proceed with any systems development or acquisition may be seen as:a) An acceptable finding.b) An unacceptable finding.c) An expected finding.d) An unexpected finding.
Which of these situations may require the development of new systems?a) Acquisition of a new organization.b) New government reporting requirements.c) Improved departmental efficiency.d) All of the above.
The make-or-buy decision for systems acquisition is made depending on a variety of criteria including:a) Time constraints.b) User knowledge.c) Supplier relationship.d) Supplier support.
Systems acquisition may require purchasing, leasing, or renting computer resources from an IT vendor, which could include:a) Computer dealers and distributors.b) Leasing companies.c) Time-sharing companies.d) All of the above.
Disadvantages of acquiring purchased packages include:a) Higher initial costs.b) Less risk.c) Low quality.d) More time.
Major causes of program maintenance include:a) Changes to procedures.b) Reliability.c) Corporate mergers and acquisitions.d) Response time.
The SAS 70 reports which cover both the description and opinion as well as the results of the independent service auditor’s tests to measure effectiveness of the control structures is a:a) Type 1 Report.b) Type 2 Report.c) None of the above.d) All of the above.
Sanitization of input data is a common requirement within:a) Installation.b) Testing.c) Conversion activities.d) Change control.
Factors to be considered in conducting systems reviews include:a) Mission.b) Goals and objectives.c) Procedures.d) All of the above.
The conversion phase of the SDLC typically involves:a) Documentation.b) Parallel running.c) User training.d) Sanitization of input data.
Change control involves ensuring:a) All changes are authorized.b) All authorized changes are made.c) Only authorized changes are made.d) All of the above.
Reasons for systems failure may include:a) Poor staff attitude.b) Management over-controlling.c) Too many business objectives.d) Too many user requirements specified.
SDLC consists of a finite and predefined number of tasks, which include all except:a) Audit.b) Interpret.c) Code.d) Test.
In the SDLC, Implementation typically involves:a) Prototyping.b) Operational constraints.c) Assignments of responsibility.d) Access rules.
In the SDLC, user specifications include:a) File and record layouts.b) Operational constraints.c) Assignments of responsibility.d) Access rules.
Major causes of program maintenance may include all except:a) Bugs or errors in the program.b) The age of the system.c) Corporate mergers and acquisitions.d) Governmental regulations that require changes in the program.
The Continuous Monitoring process includes all except:a) Categorization of Information System.b) Increasing of Security Controls.c) Assessment of Security Controls.d) Authorization of Information Systems.
CCM contributes value to risk management and compliance initiatives in ways including:a) Improving operational performance.b) Reducing financial governance.c) Increasing manual sampling.d) Reducing the availability of working capital.
Benefits of e-business include all of the following except:a) A more effective delivery of existing goods and services.b) Providing products and services that did not exist prior to the advent of the internet.c) The creation of new business ideas involving the generation of a new set of services.d)
The primary causes of development exposures include:a) Violation of legal statutes.b) Excessive operating cost.c) Poor communications.d) Inflexibility.
A prerequisite for an effective operational audit is the existence of:a) Measurable standards.b) Strong internal controls.c) Implementation of COSO.d) All of the above.
Performance measurement systems are designed to:a) Prove compliance with COBIT®.b) Provide a balanced, methodical method of assessing the effectiveness of an organization’s operations.c) Provide feedback on costs.d) Ensure best practice is implemented.
Showing 5600 - 5700
of 8740
First
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
Last
Step by Step Answers
Get 50% OFF
Claim Now
