Which of the following is the BEST way to minimize sampling risk?
Correct Answer: B
Explanation Sampling risk is the risk that the auditor's conclusion based on a sample may be different from the conclusion that would be reached if the entire population was tested using the same audit procedure. Sampling risk can lead to either incorrect rejection or incorrect acceptance of the audit objective. The best way to minimize sampling risk is to perform statistical sampling. Statistical sampling is a method of selecting and evaluating a sample using probability theory and mathematical calculations. Statistical sampling allows auditors to measure and control the sampling risk by determining the appropriate sample size and selection method, and evaluating the results using confidence levels and precision intervals. Statistical sampling can also provide more objective and consistent results than judgmental sampling, which relies on the auditor's professional judgment and experience. References: 6: Sampling Risks: Definition, Example, and Explanation - Wikiaccounting 7: Sampling Risk in Audit | Sampling vs non sampling risk - Accountinguide 9: Audit sampling | ACCA Qualification | Students | ACCA Global
Question 832
Which of the following refers to the act of creating and using an invented scenario to persuade a target to perform an action?
Correct Answer: A
Pretexting is the act of creating and using an invented scenario to persuade a target to release information or perform an action and is usually done over the telephone. It is more than a simple lie as it most often involves some prior research or set up and the use of pieces of known information.
Question 833
A perpetrator looking to gain access to and gather information about encrypted data being transmitted over the network would use:
Correct Answer: C
In traffic analysis, which is a passive attack, an intruder determines the nature of the traffic flow between defined hosts and through an analysis of session length, frequency and message length, and the intruder is able to guess the type of communication taking place. This typically is used when messages are encrypted and eavesdropping would not yield any meaningful results, in eavesdropping, which also is a passive attack, the intruder gathers the information flowing through the network withthe intent of acquiring and releasing message contents for personal analysis or for third parties. Spoofing and masquerading are active attacks, in spoofing, a user receives an e-mail that appears to have originated from one source when it actually was sent from another source. In masquerading, the intruder presents an identity other than the original identity.
Question 834
Which of the following is the BEST reason for an organization to use clustering?
Correct Answer: A
Question 835
Which of the following ensures the availability of transactions in the event of a disaster?
Correct Answer: D
Section: Protection of Information Assets Explanation: The only way to ensure availability of all transactions is to perform a real-time transmission to an offsite facility. Choices A and B are not in real time and, therefore, would not include all the transactions. Choice C does not ensure availability at an offsite location.
