Question 1

A programmer has made unauthorized changes to key fields in a payroll system report. Which of the following control weaknesses would have contributed MOST to this problem?

Options :

A : The programmer has access to the production programs.

B : The user requirements were not documented

C : Payroll files were not under the control of a librarian.

D : The programmer did not involve the user in testing.

Answer: A

Question 2

How does a switched network reduce the risk of network sniffing?

Options :

A : Switches can detect active packet sniffing devices in their subnet.

B : Packets are not broadcasted throughout the whole subnet.

C : Network traffic is generally reduced.

D : Source and destination addresses are encrypted.

Answer: B

Question 3

Which of the following is the BEST way to determine whether a test of a disaster recovery plan (DRP) was successful?

Options :

A : Analyze whether predetermined test objectives were met.

B : Perform testing at the backup data center.

C : Test offsite backup files.

D : Evaluate participation by key personnel.

Answer: A

Question 4

When reviewing an IT strategic plan, the GREATEST concern would be that:

Options :

A : the plan was not formally approved by the board of directors.

B : there are no key performance indicators (KPIs).

C : an IT strategy committee has not been created.

D : the plan does not support relevant organizational goals.

Answer: D

Question 5

An IS auditor is providing input to an RFP to acquire a financial application system. Which of the following is MOST important for the auditor to recommend?

Options :

A : The application should meet the organization-s requirements.

B : Vendor employee background checks should be conducted regularly.

C : Audit trails should be included in the design.

D : Potential suppliers should have experience in the relevant area.

Answer: C

Higher Test Marks with Free Online CISA Exam Practice

Buying Options: