36.
Which of the following represents the hierarchy of controls from highest level to lowest
level?
- A.General, pervasive, detailed, application
- B.Pervasive, general, application, detailed
- C.Detailed, pervasive, application, detailed
- D.Application, general, detailed, pervasive
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| General controls represent the highest class of controls that apply to everyone within the organization. Pervasive controls represent the protection necessary when using particular technology (e.g., mobile device or hazardous substance). IS controls are pervasive in all departments using computers. No matter who is in charge, the IS controls must be used to ensure integrity and availability. Detailed controls specify exactly how a procedure will be executed and when. Application controls are the lowest-level controls and are usually built into the software or govern its use. Application controls will be compromised if the higher-level controls are not present. |
37.
What is the primary objective in the third phase of incident response?
- A.Containment
- B.Lessons learned
- C.Eradication
- D.Analysis
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| The phases in incident handling are (1) preparation, (2) detection and analysis, (3) containment eradication and recovery, and (4) post-incident activity, including lessons learned. |
38.
What is the purpose of using the ACID principle with database applications?
- A.To write the entire transaction to the master file or discard without making any changes
- B.To provide environmental protection to safeguard the server to ensure maximum uptime
- C.To step-link each data transaction to ensure consistency
- D.To remove unnecessary data from the database for better performance
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| The ACID principle says to write the entire transaction or back it completely out. A stands for atomicity (all or nothing), C for consistency (restore data if the write fails), I for isolation (separation between transactions), and D for durability (retain the data). |
39.
What is the first priority of management upon the possible detection of an irregular or
illegal act?
- A.Shut down access to the system.
- B.Aid the process of investigation and inquiry.
- C.Notify appropriate law enforcement.
- D.Contact auditors to schedule an audit of the situation.
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| Management is required to aid and participate in the investigation and inquiry of suspected irregular or illegal activity. A predesignated, pretrained incident response team will investigate and may receive special access directly to management for advice on how to handle the issue. |
40.
What is the principle purpose of using function point analysis?
- A.Verify the integrity of financial transaction algorithms in a program
- B.Estimate the complexity involved in software development
- C.Review the results of automated transactions meeting criteria for the audit
- D.Provide system boundary data during the Requirements Definition phase
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| Function point analysis is used by highly experienced programmers to estimate the complexity involved in writing new software. It starts by counting the inputs, outputs, inquiries (searches), data structure, and external interfaces. |
|
|
||||||||||||||||||||||||||||
