CISA

1. shadow file processing.

2. electronic vaulting.

3. hard-disk mirroring.

4. hot-site provisioning.

Answer: 1

1. The previous day's backup file and the current transaction tape

2. The previous day's transaction file and the current transaction tape

3. The current transaction tape and the current hard copy transaction log

4. The current hard copy transaction log and the previous day's transaction file

Answer: 1

1. Black box test

2. Desk checking

3. Structured walk-through

4. Design and code

Answer: 1

1. Deactivation

2. Monitoring

3. Authorization

4. Resetting

Answer: 4

1. Scope creep

2. Sign-off delays

3. Software integrity violations

4. Inadequate controls

Answer: 1

1. Parallel testing

2. Pilot testing

3. Interface/integration testing

4. Sociability testing

Answer: 4

1. desired result or purpose of implementing specific control procedures.

2. best IT security control practices relevant to a specific entity.

3. techniques for securing information.

4. security policy.

Answer: A

1. the availability of CAATs.

2. management's representation.

3. organizational structure and job responsibilities.

4. the existence of internal and operational controls

Answer: D

1. User management coordination does not exist.

2. Specific user accountability cannot be established.

3. Unauthorized users may have access to originate, modify or delete data.

4. Audit recommendations may not be implemented.

Answer: C

1. Vendor access corresponds to the service level agreement (SLA).

2. User accounts are created with expiration dates and are based on services provided.

3. Administrator access is provided for a limited period.

4. User IDs are deleted when the work is completed.

Answer: B

1. The encryption is symmetric rather than asymmetric.

2. A long asymmetric encryption key is used.

3. The hash is encrypted rather than the message.

4. A secret key is used.

Answer: B

1. Honeypots

2. Firewalls

3. Trapdoors

4. Traffic analysis

Answer: A

1. Business recovery strategy

2. Detailed plan development

3. Business impact analysis (BIA)

4. Testing and maintenance

Answer: C

1. does not require an IS auditor to collect evidence on system reliability while processing is taking place.

2. requires the IS auditor to review and follow up immediately on all information collected.

3. can improve system security when used in time-sharing environments that process a large number of transactions.

4. does not depend on the complexity of an organization's computer systems.

Answer: C

1. Transaction authorization

2. Loss or duplication of EDI transmissions

3. Transmission delay

4. Deletion or manipulation of transactions prior to or after establishment of application controls

Answer: 1

1. include the finding in the final report because the IS auditor is responsible for an accurate report of all findings.

2. not include the finding in the final report because the audit report should include only unresolved findings.

3. not include the finding in the final report because corrective action can be verified by the IS auditor during the audit.

4. include the finding in the closing meeting for discussion purposes only.

Answer: A

1. Allow changes to be made only with the DBA user account.

2. Make changes to the database after granting access to a normal user account

3. Use the DBA user account to make changes, log the changes and review the change log the following day.

4. Use the normal user account to make changes, log the changes and review the change log the following day.

Answer: 3

1. Data availability

2. Data completeness

3. Data redundancy

4. Data inaccuracy

Answer: 2

1. database integrity checks.

2. validation checks.

3. input controls.

4. database commits and rollbacks.

Answer: 4

1. compromised the wireless application protocol (WAP) gateway.

2. installed a sniffing program in front of the server.

3. stole a customer's PDA.

4. listened to the wireless transmission.

Answer: A