Area: 4 273. An IS auditor performing an access controls review should be LEAST concerned if: A. audit trails were not enabled.B. programmers have access to the live environment.C. group logons are being used for critical functions.D. the same user can initiate transactions and also change related parameters. The correct answer is: A. audit trails were not enabled. Explanation: Audit trails not being enabled is of least concern, as it will not result in an exposure. Programmers having access to the live environment could result in unauthorized transactions. Group logons used for critical functions is a major concern. The same user who has access to and can initiate transactions, as well as change the related parameters, is an area of high concern. Area: 4 274. Which of the following audit procedures would an IS auditor be LEAST likely to include in a security audit?
A. Review the effectiveness and utilization of assets. Area: 4 275. Programs that can run independently and travel from machine to machine across network connections, with the ability to destroy data or utilize tremendous computer and communication resources, are referred toas: The correct answer is: C. worms. Explanation: Worms are nonreplicating programs that can run independently and travel from machine to machine. A trojan horse resembles a commonly used authorized program that does something unrelated to its stated or intended purpose causing a malicious or fraudulent action or event to occur. Viruses are malicious program code inserted into other executable code that can self-replicate and spread from computer to computer. Logic bombs are programmed threats that lie dormant in commonly used software for an extended period of time until they are triggered.
- Summer '17