Which of the following controls would an IS auditor look for in an environment where duties cannot be appropriately segregated?

• A.Overlapping controls
• B.Boundary controls
• C.Access controls
• D.Compensating controls

Comment: *

Name: *

Email: *

Verification: *

A recent audit concluded that an organization's information security system was weak and that monitoring would likely fail to detect penetration. Which of the following would be the MOST appropriate recommendation?

• A.Encrypt sensitive data while strengthening the system
• B.Establish a clear policy related to security and the handling of sensitive data
• C.Identify and periodically remove sensitive data that is no longer needed
• D.Look continually for new criminal behavior and attacks on sensitive data

Comment: *

Name: *

Email: *

Verification: *

The purpose of a checksum on an amount field in an electronic data interchange (EDI) communication of
financial transactions is to ensure:

• A.integrity.
• B.authenticity.
• C.authorization.
• D.nonrepudiation.

Comment: *

Name: *

Email: *

Verification: *

In an environment that automatically reports all program changes, which of the following is the MOST efficient way to detect unauthorized changes to production programs?

• A.Verifying user management approval of modifications
• B.Reviewing the last compile date of production programs
• C.Manually comparing code in production programs to controlled copies
• D.Periodically running and reviewing test data against production programs

Comment: *

Name: *

Email: *

Verification: *

The drives of a tile server are backed up at a hot site. Which of the following is the BEST way to duplicate the files stored on the server for forensic analysis?

• A.Capture a bit-by-bit image of the file server's drives.
• B.Run forensic analysis software on the backup drive.
• C.Create a logical copy of the file server's drives.
• D.Replicate the server's volatile data to another drive.

Comment: *

Name: *

Email: *

Verification: *