New Semester
Started
Get
50% OFF
Study Help!
--h --m --s
Claim Now
Question Answers
Textbooks
Find textbooks, questions and answers
Oops, something went wrong!
Change your search query and then try again
S
Books
FREE
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Tutors
Online Tutors
Find a Tutor
Hire a Tutor
Become a Tutor
AI Tutor
AI Study Planner
NEW
Sell Books
Search
Search
Sign In
Register
study help
business
fraud examination
The Complete Guide For Cisa Examination Preparation 1st Edition Richard E. Cascarino - Solutions
Sprinkler systems are:a. A bad idea because of the water damage.b. A good idea because the limit the spread of a fire.c. A bad idea because the fire must have started before they take effect.d. A good idea because they remove the fuel source.
Fire requires:a. Heat, fuel source, ignition.b. Fuel source, oxygen, ignition.c. Heat, oxygen, ignition.d. Heat, fuel source, oxygen.
Card locks are more vulnerable to:a. Sharing of cards between multiple individuals.b. Physical security of the card.c. Observation of the unlocking process.d. One person opening the door and three people entering.
Handing over malfunctioning equipment to outside experts could result in:a. Theft of equipment.b. Loss of confidentiality.c. Physical damage and destruction.d. All of the above.
Accidental physical damage could be a result of:a. Malicious destruction.b. A fire.c. A hacker.d. All of the above.
IDSs may detect intrusions based on:a. Statistical anomaly detection.b. A database of common attack patterns.c. Deviations from expected behavior.d. All of the above.
Digital certificates are used to certify:a. An organization’s or individual’s private key.b. An organization’s or individual’s public key.c. An organization’s or individual’s private and public keys.d. An organization’s or individual’s privileges within any system.
Digital signatures are used to:a. Conceal the contents of a message.b. Confirm the authenticity of the sender of a message.c. Confirm the authenticity of the receiver of a message.d. All of the above.
A security drawback of a solitary firewall access route is that:a. It may become overloaded.b. It may be difficult to administer.c. In may block a service that, sooner or later, the user will wish to use.d. There may be no protection from the insider threats behind a firewall.
A firewall can be used as:a. A preventative control.b. A detective control.c. A directive control.d. All of the above.
Client-server systems are different from ordinary systems in that:a. Functionality and processing of a system are split between the workstation and the database server.b. Functionality and processing of this system are duplicated on both the workstation and database server.c. The client and server
Access rights should be granted:a. To everyone.b. To anyone who asks for it.c. To anyone who needs to have it.d. To anyone whose manager asks for it.
Default system accounts and passwords should be:a. Left alone.b. Removed if not in use.c. Removed whenever possible.d. Removed only if the corporate security policy requires it.
Sniffer software can result in:a. Loss of reputation.b. User authentication failure.c. Loss of confidentiality.d. All of the above.
A network area containing information resources opened to the public but requiring user identification and authentication is:a. A hostile zone.b. An untrusted zone.c. A semi-trusted zone.d. A trusted zone.
Network security breaches can lead to:a. Loss of reputation.b. User authentication failure.c. System unavailability.d. All of the above.
A major problem of a peripheral defense over a network is:a. The presumption that once inside the network a user has that right to be there.b. Peripheral defenses only address the internal threats.c. The large number of entry points into a network.d. All of the above.
Backdoors are:a. Useful for the systems programmer to issue operator commands without going through security.b. Software loopholes accidentally left in systems to permit entry in an unauthorized manner.c. Useful for the systems programmer to modify the operating system without restarting the
One disadvantage of biometric authentication is that:a. The user may not be able to change it if it is compromised.b. No authentication method is foolproof.c. They do not protect privacy or prevent the taking over of a session.d. All of the above.
Passwords suffer from which major drawback when:a. They’re hard to guess.b. They’re frequently changed.c. Users must remember their password.d. Users must write the password down.
User authentication can be accomplished by:a. Something the user is.b. Something the user has.c. Something the user knows.d. All of the above.
RACF, ACF2, and Top Secret are examples of:a. Librarian systems.b. Security systems.c. Network operating systems.d. Standard utilities.
Information systems security is designed to provide support for:a. Management.b. Users.c. External auditors.d. All of the above.
Auditing the operating system will normally involve:a. Examining the coding of the operating system.b. Ensuring the internal controls within the operating environment function as intended.c. Browsing the operating environment with CAATs.d. Examining the log files going back for the preceding year.
The IS auditor should ensure that the operating system:a. Operates in an efficient manner.b. Is controlled only by the operators.c. Does not use default accounts and passwords.d. Is tailored only by IT management.
Operating systems are tailored by selecting among potential alternatives using:a. The registry.b. Parameters.c. User appendages.d. Utilities.
An operating system intended to serve the requests of client computers on the network is:a. A mainframe operating system.b. An embedded operating system.c. A server operating system.d. A PC operating system.
Operating systems are intended to:a. Facilitate the operation of a computer on an ongoing basis from application program to application program with minimal operator intervention.b. Permit each computer to be operated as a unique machine under the direct control of the systems designers and
An information security policy providing the fundamental guidelines used in assessing the value of information assets must spell out in detail:a. Access is granted to individuals only to perform their business function.b. Employees must keep the organization’s information assets secure even if it
Steganography can work to the organization’s advantage by:a. Concealing an electronic ‘watermark’ on copyrighted material.b. Concealing pirate copies of software.c. Concealing unauthorized images.d. Concealing illegal transactions.
The concealing of information within another file is known as:a. Symmetrical encryption.b. Asymmetrical encryption.c. DES.d. Steganography.
Double public key cryptography is used to achieve:a. Security of information.b. Authentication of transmitter.c. Authentication of receiver.d. End-to-end message authentication.
A message authentication code can be derived from:a. Key fields only.b. All transmitted data.c. Either key fields or all transmitted data.d. Neither key fields nor all transmitted data.
One disadvantage to symmetric encryption is the fact that:a. Both ends of communication must know the same key.b. It is more expensive than asymmetric encryption.c. It is more difficult to reverse than asymmetric encryption.d. It is easier to use than asymmetric encryption.
An encryption technique using two keys is known as:a. Symmetrical encryption.b. Asymmetrical encryption.c. DES.d. Steganography.
A technique using mathematical algorithms to transform data is known as:a. Steganography.b. Cryptanalysis.c. Encryption.d. Steganalysis.
Logical security is involved in determining:a. The identity of users.b. Users’ right of access.c. The authenticity of users.d. All of the above.
Selection of the appropriate control techniques is dependent upon:a. Cost.b. Availability of resources.c. Management’s perception of vulnerabilities and threats.d. Quality of the IS auditor.
A computer virus causing changes to information held within computer systems would be a failure of:a. Integrity.b. Confidentiality.c. Availability.d. Integrity, confidentiality. and availability.
The three basic principles governing computer security are:a. Integrity, confidentiality, and completeness.b. Confidentiality, security, and completeness.c. Confidentiality, security, and availability.d. Integrity, confidentiality, and availability.
A breakdown in information system security could result in:a. Employees selling confidential data to competitors or others.b. Self-insurance proving too expensive.c. IT department’s security goals being incompatible with the organization’s.d. The gap between computer technology and computer
Possibly one of the most significant aspects of computer security is its capacity to protect us from the effects of:a. Breakdowns of physical security.b. Our own mistakes.c. Computer disasters.d. Computer fraud.
Describe how to evaluate the testing, maintenance, and revision of the plan.
Define the extent of management support and commitment to the process.
Describe the testing procedures for the contingency plan (CP).
Describe the attributes of a cohesive and comprehensive plan.
Describe a methodology in order to identify those systems and key personnel which are crucial to the ongoing survival of the organization.
Define the factors affecting the quality of the Business Impact Analysis.
Describe the steps required to establish the risk profile of the organization.
Explain management’s relation with suppliers and customer liaison utilizing service level management.
Describe the issues in management of the distribution of automated systems.
Describe IS management’s role in capacity planning and prognosis.
Explain how security management relates to resource/configuration management via compliance with organization/IT operating standards, policies and procedures, problem, and incident management.
Explain how change management/implementation of new and changed systems occurs including the organization of the tools used to control the introduction of new and changed products into the service center environment including the administration of release and versions of automated systems.
Describe service center management and operations in terms of standards and guidelines.
Explain how such operations departments can be audited.
Describe the role and tasks of the operations department and discuss the risks inherent in such an environment together with the control opportunities.
Discuss the issues and considerations of service center vs. proprietary technical infrastructures.
Describe the service center management and operations standards/guidelines contained within COBIT®, ITIL, and ISO17799.
Explain the management of information resources and information infrastructure and discuss the use of enterprise management software.
Explain the need for IT control monitoring and evaluation tools, such as access control systems monitoring.
Describe the effects of the integration of Hardware, Software, and Networks.
Effective supplier management is based on:a. SLAs with contract penalties.b. Clearly defined requirements in the RFP.c. Measurable service levels and regular monitoring.d. Strong negotiation skills of the procurement team.
In a service center context, a service level agreement may be a contract between:a. IT and its user areas.b. IT audit and IT user areas.c. Hardware and software suppliers and IT.d. All of the above.
Prevention cost is part of:a. Direct costs.b. Fixed costs.c. Variable costs.d. Cost of quality.
A cost which is related to specific function that cannot be attributed to it in a feasible way is:a. An indirect cost.b. A direct cost.c. A fixed cost.d. A variable cost.
Ensuring systems availability includes evaluating:a. Effectiveness of the disaster recovery plan.b. The existence of the disaster recovery plan.c. The resilience of the system.d. The capacity of the system.
Capacity planning involves:a. Ensuring information processing resources have sufficient capacity to handle peak loads.b. Ensuring information processing resources have sufficient capacity to handle agreed loads.c. Ensuring information processing resources have sufficient capacity to handle average
The purpose of a Business Impact Analysis is to:a. Identify the critical information systems.b. Identify which systems to recover first.c. Identify the critical processes within the organization and support structures provided by information systems.d. Identify the components used in supporting
In the event of a computer disaster without an effective contingency plan being in place, the likelihood of business collapse is primarily dependent upon:a. Criticality of IT services provided.b. Size of the organization.c. Experience of service center management.d. Whether a hot site is available.
Continuity management within a service center can be seen as:a. A technical problem.b. Responsibility of IT.c. A business problem with a technical solution.d. Too critical a component to rely on reactive measures.
In an organization where a complete separation of duties cannot be achieved in an online system, which of the following transaction functions should NOT be performed by the operations personnel?a. Origination.b. Authorization.c. Recording.d. All of the above.
Which of the following pairs of job functions/duties would an organization MOST likely keep separate?a. Operations and programming.b. Systems analyst and applications programmer.c. Database administrator and IS manager.d. Tape librarian and program librarian.
Operations exposures include:a. Predefined run schedules.b. Systems performance statistics.c. Human error.d. Adequate supervision.
Continuous auditing on a high volume, transaction-based system in real-time may be:a. Implemented at minimal cost.b. Implemented using generalized audit software.c. Detrimental to normal business processing.d. Implemented manually.
An IS auditor has discovered a weakness in access controls to program and data files.However, management feels that its daily review of activity audit trails provides a compensating control. Which of the following would be LEAST important in evaluating the adequacy of this control?a. The type of
A clear architecture covering the technical infrastructure assists systems development by:a. Enforcing standardization.b. Minimizing systems destruction in the event of a failure.c. Maintaining an asset register.d. Permitting the modularization of application systems.
Effective configuration management requires:a. Identification, control, status, and verification.b. Identification, status, implementation, and verification.c. Identification, control, maintenance, and implementation.d. Control, implementation, status, and verification.
The technical infrastructure includes everything below except :a. Routers.b. Application software.c. Operating system utilities.d. Networks.
Describe the types of computer assisted audit techniques and their role in systems auditing.
Identify the control objectives of specific Business Systems.
Explain the risks and roles in the conversion process.
Explain the auditor’s role in the feasibility study process.
Explain the user’s role and the training required.
Describe the role of the feasibility study within the systems development process.
Systems may be acquired from the outsourcing decision and the factors around it.
Explain the need for maintenance reviews and describe their types.
Describe the user’s role and the training required.
Define the phases of the systems development process for purchased packages.
Explain what goes into the decision taken to make or buy software.
User involvement is a common control over:a. Input.b. Processing.c. Output.d. Programs.
Programmed balancing is a common control over:a. Input.b. Processing.c. Output.d. Programs.
Document scanning is a common control over:a. Input.b. Processing.c. Output.d. Programs.
Programmed balancing is a common control over:a. Input.b. Processing.c. Output.d. Programs.
All transactions are initially and completely recorded is a control objective of:a. Input.b. Processing.c. Output.d. Programs.
General control objectives for information processing include:a. Compliance, confidentiality, and integrity.b. Accuracy, usefulness, and confidentiality.c. Low maintenance, accuracy, and completeness.d. Accuracy, completeness, and usefulness.
The fundamental of information resource management which addresses the value of knowledge to the organization is:a. Technology management.b. Strategic management.c. Functional management.d. Information management.
System models include:a. Transaction processing systems.b. Management information systems.c. Decision support systems.d. All of the above.
Major control stages in systems development include:a. System design, system development, and system maintenance.b. System design, systems development, and system utilization.c. System design, system maintenance, and system operation.d. System maintenance, system operation, and system utilization.
Data conversion and acquisition must ensure:a. Programs to convert data from old systems have been developed appropriately.b. Valid data has been converted accurately and completely.c. Conversion routines have been fully tested.d. All data has been re-loaded from scratch.
Showing 5800 - 5900
of 8740
First
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
Last
Step by Step Answers
Get 50% OFF
Claim Now
