Exam 5

Question 1

When performing an audit of an organization’s systems, the auditor’s first step should be to:

A. Develop a strategic audit plan
B. Gain an understanding of the focus of the business of the organization
C. Perform an initial risk assessment to provide the foundation for a risk-based audit
D. Determine and define audit scope and materiality

Answer 1

B. Gain an understanding of the focus of the business of the organization

Question 2

Allowing applications programmers to access live production applications for patching and security maintenance breaches proper segregation of duties. True or false?

A. True
B. False

Answer 2

A. True

Question 3

These are steps included in business process re- engineering: a) Gain an understanding of the business process to be reviewed, b) Establish a continuous improvement process, c) Redesign and streamline the process, d) Define the areas to be reviewed, e) Implement and monitor the new process, f) Develop a project plan. What is the proper sequence of these steps?

A. d, f, a, c, e, b
B. a, f, d, c, e, b
C. f, a, d, c, e, b
D. d, a, f, c, e, b

Answer 3

A. d, f, a, c, e, b

Question 4

Authorization is BEST characterized as:

A. Providing access to a resource according to the principle of least privilege
B. A user providing an identity and a password
C. Authenticating a user’s identity with a password
D. Certifying a user’s authority

Answer 4

A. Providing access to a resource according to the principle of least privilege

Question 5

A bottom-up approach to the development of organizational policies is driven by:

A. A review of corporate goals and objectives.
B. A structured approach that maps policy objectives to corporate strategy.
C. A risk assessment of asset vulnerabilities.
D. A business impact analysis of known threats.

Answer 5

C. A risk assessment of asset vulnerabilities.

Question 6

A company is backing up its transactional database to an offsite location. Which of the following is the MOST important issue if the backups are not kept up-to-date and fully synchronized with the live transaction- processing databases?

A. The capability of the primary data to survive disruptive events without losing accuracy
B. The capability of the primary data to survive disruptive events without losing completeness
C. The capability of the primary data to survive disruptive events without losing availability
D. The capability of the primary data to survive disruptive events without losing confidentiality

Answer 6

B. The capability of the primary data to survive disruptive events without losing completeness

Question 7

Critical real-time data such as that associated with transaction processing requires special backup procedures. Which of the following is recommended for backing up transaction- processing files?

A. Duplicate logging of transactions
B. Time stamping of transactions and communications data
C. Use of before-and-after images of master records
D. All of the above

Answer 7

D. All of the above

Question 8

“Dangling tuples” within a database represent a breach in which of the following?

A. Attribute integrity
B. Referential integrity
C. Relational integrity
D. Interface integrity

Answer 8

B. Referential integrity

Question 9

Data classification must begin with:

A. Determining specific data sensitivity according to organizational and legal requirements for data confidentiality and integrity
B. Determining data ownership
C. A review of organizational security policies
D. A review of logical access controls

Answer 9

B. Determining data ownership

Question 10

Data mining is a technique that BEST detects which of the following?

A. Fraudulent transactions
B. Password compromise
C. Malicious network traffic
D. Malicious code

Answer 10

A. Fraudulent transactions