31.
Which of the following statements is true concerning a software worm?
- A.Uses authentication defects to freely travel to infect other systems
- B.Is a synonym for a malicious virus appending itself to data files
- C.Must be executed by opening a file
- D.Attaches itself to programs and data by the opening and closing of files
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| Unlike a virus, a worm can freely travel across network connections to infect other systems. Worms exploit authentication failures in other programs to copy themselves between systems. Worms can infect fi les without the fi le being opened or closed by the user. |
32.
What are three of the four key perspectives on the IT balanced scorecard?
- A.Business justification, service-level agreements, budget
- B.Organizational staffing, cost reduction, employee training
- C.Cost reduction, business process, growth
- D.Service level, critical success factors, vendor selection
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| The four perspectives on the IT balanced scorecard are the customer perspective, business process perspective, fi nancial perspective, and the growth perspective. Each of these seeks to defi ne the highest return by IT. |
33.
Which sampling method is used when the likelihood of finding evidence is low?
- A.Discovery
- B.Cell
- C.Random
- D.Stop and go
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| Discovery sampling is known as the 100 percent sample. All available sources are investigated to fi nd any evidence that may exist. Discovery sampling is commonly used in criminal investigations. It’s also the best way to fi nd possible correlations when an event cannot be explained. |
34.
Which of the following would represent the greatest concern to an auditor investigating
roles and responsibilities of the IT personnel?
- A.An IT member is reviewing current server workload requirements and forecasts future needs.
- B.An IT member monitors system performance, making necessary program changes and tracking any resulting problems.
- C.An IT member tests and assesses the effectiveness of current procedures and recommends specific improvements.
- D.An IT member works directly with the user to improve response times and performance across the network.
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| The separation of duties is intended to prevent an individual from monitoring their own work or authorizing their own changes. Self-monitoring and self-authorization would be a problem warranting serious concern because it violates the intention of IT governance. The auditor would want to investigate whether changes were formally reviewed and approved by the change control board prior to implementation. |
35.
When auditing the use of encryption, which of the following would be the primary concern
of the auditor?
- A.Management’s level of control over the use of encryption/li>
- B.Strength of encryption algorithm in use
- C.Key sizes used in the encryption and decryption process
- D.Using the correct encryption method for compliance
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| The most important concern is how management controls the use of encryption. Is the encryption managed under a complete life cycle from creation to destruction? The management of keys should govern creation storage, proper authorization, correct use with the appropriate algorithm, tracking, archiving or reissuing, retiring, and ultimately the destruction of the encryption keys after all legal obligations have been met. |
|
|
||||||||||||||||||||||||||||
