501. An IS auditor discovers evidence of fraud perpetrated with a manager's
user id. The manager had written the password, allocated by the system
administrator, inside his/her desk drawer. The IS auditor should conclude
that the:
A. manager's assistant perpetrated the fraud.
B. perpetrator cannot be established beyond doubt.
C. fraud must have been perpetrated by the manager.
D. system administrator perpetrated the fraud.
Answer: B
The password control weaknesses means that any of the other three options
could be true. Password security would normally identify the perpetrator.
In this case, it does not establish guilt beyond doubt.
502. The PRIMARY reason for replacing checks (cheques) with EFT systems in
the accounts payable area is to:
A. make the payment process more efficient.
B. comply with international EFT banking standards.
C. decrease the number of paper-based payment forms.
D. reduce the risk of unauthorized changes to payment transactions.
Answer: A
The payment process is more efficient because it involves virtually no
manual intervention. This reduces the chance that transcription errors will
occur as the information is entered into the accounts payable system.
International EFT banking standards do not dictate the form that
transactions should take. The decrease in the number of paper-based payment
forms makes processing easier, but most companies will accept payment in
whichever form the customer is willing to use. The reduction of
unauthorized changes to payment transactions is not a major reason for
going to EFT.
503. At the end of a simulation of an operational contingency test, the IS
auditor performed a review of the recovery process. The IS auditor
concluded that the recovery took more than the critical time frame allows.
Which of the following actions should the auditor recommend?
A. Widen the physical capacity to accomplish better mobility in a shorter
time.
B. Shorten the distance to reach the hot site.
C. Perform an integral review of the recovery tasks.
D. Increase the number of human resources involved in the recovery process.
Answer: C
The performance of an exhaustive review of the recovery tasks would be
appropriate to determine time invested in each task and the way each was
conducted. This would allow the individual responsible for the test to
adjust the time assigned for the recovery tasks. The other choices could be
conclusions, once the first analysis was made.
504. Which of the following procedures would MOST effectively detect the
loading of illegal software packages onto a network?
A. The use of diskless workstations
B. Periodic checking of hard drives
C. The use of current antivirus software
D. Policies that result in instant dismissal if violated
Answer: B
The periodic checking of hard drives would be the most effective method of
identifying illegal software packages loaded to the network. Antivirus
software will not necessarily identify illegal software unless the software
contains a virus. Diskless workstations act as a preventative control and
You've reached the end of your free preview.
Want to read all 181 pages?
- Summer '14
- Accounting, Data element
