Prince Convertedcomplete

Sheet1
Question No.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
Page 1
Sheet1
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
Page 2
Sheet1
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
Page 3
Sheet1
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
Page 4
Sheet1
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
Page 5
Sheet1
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
Page 6
Sheet1
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
Page 7
Sheet1
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
Page 8
Sheet1
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
Page 9
Sheet1
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
Page 10
Sheet1
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
Page 11
Sheet1
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
Page 12
Sheet1
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
Page 13
Sheet1
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
Page 14
Sheet1
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
Page 15
Sheet1
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
Page 16
Sheet1
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
Page 17
Sheet1
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
Page 18
Sheet1
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
Page 19
Sheet1
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
Page 20
Sheet1
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
Page 21
Sheet1
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
Page 22
Sheet1
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
Page 23
Sheet1
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
Page 24
Sheet1
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
Page 25
Sheet1
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
Page 26
Sheet1
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
Page 27
Sheet1
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
Page 28
Sheet1
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
Page 29
Sheet1
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
Page 30
Sheet1
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
Page 31
Sheet1
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
Page 32
Sheet1
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
Page 33
Sheet1
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
Page 34
Sheet1
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
Page 35
Sheet1
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
Page 36
Sheet1
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
Page 37
Sheet1
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
Page 38
Sheet1
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
Page 39
Sheet1
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
Page 40
Sheet1
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
Page 41
Sheet1
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
Page 42
Sheet1
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
Page 43
Sheet1
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
Page 44
Sheet1
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
Page 45
Sheet1
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
Page 46
Sheet1
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
Page 47
Sheet1
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
Page 48
Sheet1
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
2742
2743
Page 49
Sheet1
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799
Page 50
Sheet1
2800
2801
2802
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
2827
2828
2829
2830
2831
2832
2833
2834
2835
2836
2837
2838
2839
2840
2841
2842
2843
2844
2845
2846
2847
2848
2849
2850
2851
2852
2853
2854
2855
Page 51
Sheet1
2856
2857
2858
2859
2860
2861
2862
2863
2864
2865
2866
2867
2868
2869
2870
2871
2872
2873
2874
2875
2876
2877
2878
2879
2880
2881
2882
2883
2884
2885
2886
2887
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
Page 52
Sheet1
2912
2913
2914
2915
2916
2917
2918
2919
2920
2921
2922
2923
2924
2925
2926
2927
2928
2929
2930
2931
2932
2933
2934
2935
2936
2937
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947
2948
2949
2950
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964
2965
2966
2967
Page 53
Sheet1
2968
2969
2970
2971
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998
2999
3000
3001
3002
3003
3004
3005
3006
3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
Page 54
Sheet1
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
3071
3072
3073
3074
3075
3076
3077
3078
3079
Page 55
Sheet1
3080
3081
3082
3083
3084
3085
3086
3087
3088
3089
3090
Page 56
Sheet1
Question
All of the following assumptions about legacy application systems are correct except
For a high security installation the most effective physical access control devices is
In switching over to an Electronic Fund Transfer (EFT) environment, which of the following risks DOES NOT occur?
The most appropriate concurrent audit tool whose complexity is very high and useful when regular processing cannot be i
Which of the following applet intrusion issues poses the GREATEST risk of disruption to an organisation?
Which of the following is NOT TRUE about a database management system application environment?
Which one of the following network architectures is designed to provide data services using physical networks that are mo
Which of the following is not a function of operations management:
Which of the following tests would be used to ensure whether a software product fails or not?
Symbolic evaluation is an error detection method. Where would you handle this? 'An error detection technique "symbolic
Which of the following decisions most likely cannot be made on the basis of performance monitoring statistics that are ca
Control over data preparation is important because:
The difference between SCARF and Continuous and Intermittence Simulation (CIS) is :
Computer viruses could be detected by which one of the following actions?
Concentration technique in a communication network DOES NOT
System Auditor primarily uses, the information provided by a detailed understanding of the Information system controls an
The advantage tagging live transactions in an Integrated Test Facility (ITF) as against designing new test data is that:
For an effective implementation of a continuous monitoring system, which of the following is identified as the FIRST and F
Before disposing off the PC used for storing confidential data the most important precautionary measure to be taken is Internet was established NOT for
OSI model of ISO presents a model of seven layers through which data communication across computers passes. Encry
All of the following should be in place prior to programming except:
The biggest benefit of prototyping is:
In determining good preventive and detective security measures practised by an employee, the IS auditor places the HIG
The DISADVANTAGE in cross training employees is that:
The following is an advantage of using link encryption
An electronic device that combines data from several low speed communication lines into a single high-speed line is a :
To determine the authorized sign on in an EDI transaction, the EDI system uses the following method
The test of access control, over a distributed database, can be carried out by The most appropriate audit strategy for a large organisation which relies on comprehensive user controls over the micro c
In data processing, which of the following causes the maximum losses
Mr. R. sends a signed message to Mr. S. If Public Key cryptosystem is used for sending the messages, then Mr. R. encryp
Network performance monitoring tools will MOST affect which of the following?
The Digital Signature system uses the services of an Arbitrator to prevent
The initial validation control for a credit card transaction capture application would MOST like be to:
Which of the following statement is FALSE for Equipment mean-time-between-failure (MTBF)?
The following estimates the probability of a computer system being destroyed in a natural disaster and the corresponding
The software test objective of operating in different platforms is achieved by conducting:
An apparent error in input data describing an inventory item was detected and the issue was referred back to the originatin
Networks are growing day-by-day. Which one of the following component of such growth is most difficult to predict?
. After you enter a purchase order in an on-line system, you get the message, The request could not be processed due to
Which one of the following audit techniques would likely provide an Systems Auditor assurance about the effectiveness a
The risk that the conclusion based on a sample might be different from the conclusion based on examination of the entire
The communication of signals is subjected to noise MOST LIKELY because of
Which of the following activities should not be permitted when operators use a communications network control terminal:
An auditor performing a statistical sampling of the financial transactions in a financial MIS would BEST use :
The Duties of a Database administrator does NOT comprise of :
The duty of the Quality Assurance Group is
Rollforward and rollback are two important techniques for backup. Which among the following should be logged for facilita
The residual dump technique in backup has the disadvantage of
Rollback is easily accomplished with differential file backup technique for which of the following reasons?
Which of the following is not true in respect of Expert systems?
What makes Rapid prototyping technique portable?
Identify the EARLIEST software development model
Page 57
Sheet1
For consideration of outsourcing of computer operations which is the factor that would LEAST indicate the same.
The programmed check that ensures that required fields on a data entry screen are NOT left blank is
End-to-end encryption provides only limited protection against a subversive attack that uses:
Which of the following is not an audit objective in the review of hardware acquisition?
In Information Technology projects, which of the following factors is most crucial?
Out of the following pairs of services, which provides an access control over a network of computers
The major risk in prototyping model is :
Prototyping approach to system design is resorted to when
There are various techniques for telecommunication controls. Confidentiality of data is BEST maintained by
When users of an information system are dispersed over a wide area and are authorized to use dial-up lines for getting ac
A majority of defects are attributed to a few number of causes. Which of the 'following basic tools would BETTER depict th
. The internal auditor's first job while trying to identify the components of a telecommunication system posing the GREATE
. Which of the following activities would not be performed by control section personnel when they collect the output of a b
Which of the following risks is not greater in an electronic funds transfer (EFT) environment than in a manual system usin
Which of the following data base environment controls enforces access rules in addition to maintaining standardized defin
An insurance company is planning to implement new standard software in all its local offices. The new software has a fas
A company has entered into a contract with a service provider to outsource network and desktop support, and the relation
Control over data preparation is important for :
The quantification of the sample size depends on which of the following criteria.
A procedure to have an overall environmental review which is NOT performed by an IS auditor during pre audit planning i
The application run manual would normally comprise of :
Which of the following controls would address the concern that data uploaded from a microcomputer to the company s m
An IS Auditor, concerned that application controls are not adequate to prevent duplicate payment of invoices, decided to r
. An IS auditor carrying out review of logical access control, shall have the PRIMARY OBJECTIVE of
Incorrect initialization occurs on account of which of the following faults ?
The comment which is NOT true regarding ISO 9000 is
Auditors of IS face an acute problem of evaluating the general authorization methods in a computerized accounting syste
A detective control designed to establish the validity and appropriateness or numeric data elements, and to guard against
The complete information about all data in a database is found in :
Use of public key infrastructure by an eCommerce site, where public key is widely distributed and the private key is for the
Which of the following is NOT a proper responsibility of functional users.
Which one of the following is NOT an essential component of a distributed computing environment?
Which one of the following is NOT true relating to the use of fiber optics:
Which one of the following pairs ,when performed simultaneously, would pose a major Risk?
Which of the following represents a typical prototype of an interactive application?
A large organization with numerous applications running on its mainframe system is experiencing a growing backlog of un
The following message service provides the strongest protection about the occurrence of a specific action:
Which one of the following techniques is represented by structured analysis 'and design?
Which would ensure that IS organizations do not take more resources for less output?
Which of the following controls would prevent unauthorized access to specific data elements in a database management
When constructing the communications infrastructure for moving data over a local area network, the major implementatio
User interface prototyping may NOT focus on :
Personal Computers and Notebook computers have both a floppy disk drive and a hard disk drive. The major difference b
Due Professional Care requires an IS auditor to possess which of the following quality
A company has policy to purchase microcomputer software only from recognized vendors and prohibit employees from in
Page 58
Sheet1
Which of the following systems are MOST important for business resumption following a disaster?
Most important risk to be addressed in an electronic data interchange (EDI) transaction is:
Prototyping approach does not assume the existence of
The requirements specification phase needs a lot of operational viewpoint input in the early stage of a system developme
Which one of the following transmission media is unsuitable for handling intrabuilding data or voice communications?
The technical support personnel should have unlimited access to all data and program files to do their job. Which of the f
The public audit trail of a Digital Signature system will not contain which of the following?
The class of control used to overcome problems before they acquire gigantic proportions is :
The DES is an example of a:
The MOST secured access control mechanism is
The class of control used to minimise the impact of a threat is :
Which of the following is FALSE with regard to a public key cryptosystem?
Which of the following can be construed as a COMPREHENSIVE preventive method 'in locating a bug?
Which one of the following is not an operating control:
The Duties of a Computer operations does NOT comprise of :
System Auditor primarily uses, the information provided by a detailed, understanding of the Information system controls a
The snapshot technique involves:
The validity of a program recalculation could be audited by the following techniques except:
In a data processing environment, where the data is centrally stored at a database and data entry is carried out from rem
Where access control mechanism is implemented in an open environment, the users are allowed to access a resource:
During the review of logical access controls over a company s various application systems, an auditor found that access c
An IS auditor reviewing an organisation s Business Continuity Plan discovered that the software backups are not stored in
In which phase of SDLC Desk Checking is practiced?
In the system development life cycle approach, which of the following is MOST likely to be constant?
In order to achieve the requirements of the user, the BEST option in acquiring an off-the-shelf applications software packa
Which of the comments about Business Process Re-engineering (BPR) is NOT false?
While valuing the assets, an information systems(IS) auditor is likely to value MOST
A company s management wants to implement a computerised system to facilitate communications among auditors, who
Personal Computers and Laptops have both a floppy disk drive and a hard disk drive. The major difference between the t
Electronic methods of data transfer are involved in all of the following except:
The database administrator is not responsible for which one of the following functions?
The major reason why quality metrics need to be chosen for a specific information systems project is:
Which of the following is most unlikely to be a reason for having QA personnel responsible for formulating, promulgating,
It would not be possible to use the Checkpoint/restart facilities when:
An IS auditor performing a telecommunication access control review would focus the MOST attention on the:
During the detailed design phase of SDLC, which one of the following tasks performed?
Implementing a large distributed system involves a number of unique risks arising from both technical and management is
With respect to AI, a heuristic refers to :
A PIN if stored for reference purposes, must be stored in:
In monitoring and controlling a system development life cycle project what is NOT formal and documented?
Which of the following functions cannot be performed using a communications network control terminal:
When using message switching in a communication network, the following is not a desirable control?
Which of the following utilities can be used to directly examine the quality of data in the database:
Evaluation of which of the following functional areas CANNOT be carried out by risk assessment techniques.
A control is NOT designed and implemented to:
The work schedule of a clerk in a Control Group is of
Page 59
Sheet1
To protect computer systems from short term power fluctuations, the best environmental control is A main advantage of a standard access control software implemented properly is Which of the following is not a major benefit of applications software prototyping ?
Identify the factor that is not part of an expert system architrcture.
what is the major risk that is faced by a user organization during system integration projects?
In segregation of duties, the organisation will exposed to a very HIGH risk if the duties of
The least commonly used medium for local area network (LAN) environment is:
In an online processing system, to reconstruct correctly the interrupted transactions on a failure, the system should have
Which of the following terms best describes the purpose of control practice over the input Output control is best described by which of the following ?
Access to a computer system is conditional upon success of the authentication process. The best methodology of authen
Electronic card access system is used to control access to a data centre. The documentation for this system should be up
Identify the non-cost factor while analysing feasible system alternatives for an organisation.
Passwords belong to the following class of authentication information:
Which of the following instruments is used to measure atmospheric humidity in Data Centres?
Which of the following is a responsibility of computer operations department?
The most important factor while creating test data for checking a system, is :
When a store uses a point of sale device to record the sale of an item, which of the following sequences of activities best
Which one of the following uses a modem technology as a common means of communicating between computers?
Analyzing data protection requirements for installing a local area network (LAN) does not include:
PC-based analysis and design tools are used alongwith mainframe computer-based tools.
Which one of the following is not a substantive test?
Testing of the accuracy of the interest collected on lending by a financial institution is a/an
The control procedure of installing the anti-virus software in the system is called Interference is resisted MOST by
Ring topologies have an edge over bus topologies. Which of the following statements is FALSE?
Which one of the following is performed FIRST in a system development life cycle project?
Which one of the following graphical user interface (GUI) development approaches would create more user-friendly intera
Which of the following system life factors is most difficult to control by a user organization?
Which of the following statements about national and international information systems standard is true?
The following is not a desirable property of a cipher system:
The person responsible for providing access rights to each of the user and access profile for each data element stored in
In a manufacturing company, which of the following computer files is MOST critical?
A major design consideration for local area networks that replaces stand alone computing in an organisation include:
Confidentiality and data integrity services are provided in a network in which of the following layers of the ISO/OSI model?
Many automated tools are designed for testing and evaluating computer systems. Which one of the following such tools im
The estimate of time which has the MOST important relevance in evaluation of the activities in a Program Evaluation Revi
Which one of the following statements is False?
Which of the following would not be considered a characteristic of a private key cryptosystem?
Improper segregation of duties amongst programmers and computer operators may lead to the threat of :
The duties of a Data Security Officer does NOT comprise of :
Page 60
Sheet1
During the audit of automated Information systems, responsibility and reporting lines CANNOT be established since :
Compliance auditing is used to do?
The reason for the IS auditor NOT preparing a formal audit program is :
While reviewing the telecommunication access control, the primary concern of the IS Auditor will be on the An IS Auditor carrying out security review for verification of the implementation of certain security measures, will be LEAS
Which of the following is NOT relevant in the case of a Business Continuity Plan Testing?
Which of the following statements about digital signatures is NOT true?
Operations audit trail rather than the accounting audit trail is likely to show
In the case of a bank teller the access control policy is an example of:
While preparing a cost benefit analysis of a security objective for an electronic data interchange (EDI) transaction, which
The use of programming aids, data and instructions that are prepared for one computer and can be used on another com
Which one of the following is NOT false:
Most computer systems have hardware controls that are built in by the computer manufacturer. Common hardware contro
Which of the following principles should guide the ways in which QA personnel monitor compliance with information syste
In general, output controls over reports of batch systems would be more compared with that of online systems because:
Confidentiality of sensitive data transmitted over public communication lines could best be protected by
When a new system is envisaged to replace a legacy application system, the next step that requires a detailed analysis is
Which of the following is NOT an advantage of continuous auditing approach ?
Which of the following statements about automated operations facility parameters is not true?
Which one of the following maintenance aspects would greatly ensure the currency of the plan as time passes?
Which one of the following will be included in the application software testing phase for effective controls?
To which one of the following issues that an information systems (IS) auditor participating 'in a system development life cy
To provide the management with appropriate information about the process being used 'by the software development pro
Can an IS auditor of a company outsourcing its operations insist to review the vendor s Business Continuity plan docume
In a central computer system users specify where their output is printed, but some users give the wrong destination code
Which of the following is NOT True as a mode of network reliability enhancement:
Which of the following is NOT an input control objective?
Which of the following activities needs to be undertaken first to identify those components of a telecommunications syste
Which of the following is not a desirable control feature in a modem:
When encryption is used in the communication subsystem, the primary purpose of an error propagation code is to protec
A modem is NOT intended to
A main advantage of a standard access control software implemented properly is Which of the following electronic commerce systems handle non-monetary documents?
Use of a local area network has its own restrictions when compared to a wide area network. Which one of the following is
After you enter a purchase order in an on-line system, you get the message, The request could not be processed due to l
Which of the following is NOT included in the digital certficate:
Symbolic evaluation is an error detection method. Where would you handle this? 'An error detection technique "symbolic e
While reviewing the outsourcing agreement with an external agency, the IS auditor would be LEAST interested in verifying
Page 61
Sheet1
Which of the following is likely to be a benefit of electronic data interchange (EDI)
Which of the following conditions lead to increase in white noise:
Link encryption in communication of signals
Incompatible functions may be performed by the same individual either in the Information System department or in the Us
The first step the IS Internal Audit manager should take, when preparing the Annual audit plan is to:
The inherent risk in an applicable system is NOT likely to be influenced by
Which of the following network risk apply to EDI transactions irrespective of the type of network involved?
Identify the test-case design techniques that is used in unit and integration testing of applications software.
In the case of Business Process re-engineering which of the following is NOT true ?
Which of the following areas would an IS auditor NOT do while conducting a review of an organisation s IS Strategies.
Which of the following is not a desirable property of a cipher system:
The general control that concern the proper segregation of duties and responsibilities is called Because of the sensitivity of its data, a database system for business forecasting was implemented with access control a
An upper CASE tool is used in :
Identify the cost that does NOT form part of software package installation or implementation cost?
In a situation where a public key cryptosystem is in use, the message sent by the sender is signed by the:
The following is NOT a desirable property of a cipher system:
You as an IS Auditor observed that technical support personnel have unlimited access to all data and program files in the
Echo Check belongs to hardware controls, which usually are those built into the equipment. Echo Check is best described
Can an IS auditor of a company outsourcing its operations insist to review the vendor s Business Continuity plan documen
The IS Manager of a small company senses that unrestricted access to production library results in the risk of untested p
System Auditor primarily uses the information provided by a detailed understanding of the Information system controls an
When the results of production data files processing with a generalized audit software do not agree with the total balance
Which among the following hacking techniques DOES NOT facilitate impersonation?
Which of the following does NOT need to be considered in determining statistical sample sizes?
Intentional Standards Organisation (ISO) has defined risk as the potential that a given threat will exploit vulnerability of an
Introduction of computer-based information system has affected auditing. Which of the following is NOT an effect of IS on
Accuracy of data is important most likely to a
A main advantage of a standard access control software implemented properly is Which of the following is TRUE about Electronic Data Interchange (EDI) application system?
In the case of electronic funds transfer (EFT), which one of the following is MOST vulnerable to fraud and physical attack
Which among the following is NOT true of start topologies?
Which phase of SDLC uses "Program slicing" technique?
Information system is broken into various subsystems. Which among the following is NOT a component of the managem
Mr. R. sends a signed message to Mr. S. If Public Key cryptosystem is used for sending the messages, then Mr. R. encry
Which of the following terms best describes the purpose of control practice over the input
An online banking system permitted withdrawals from inactive customer accounts. Which of the following controls would p
An access control review conducted by an IS auditor, highlighted the following control weaknesses in the system. Which o
An Information System Auditor observed that technical support personnel have unlimited access to all data and program f
Machine maintenance engineers pose some difficult control programs because:
Page 62
Sheet1

For assessing process variations in software development and maintenance projects which one of the following will be use
Which of the following is not a function of the control section:
In determining the sample size for a test of control using attribute sampling , a System Auditor would be least concern wit
Which of the following is not a substantive test:
Interference is resisted MOST by
In residual dumping technique for backup, the records that are backed up are those that have not undergone any change
A decision table is used for testing the test data. The purpose of the results stub in the decision table:
The activity of detective control in detecting virus relates to
A computerized system should contain an audit trail of information to facilitate detection of certain events. In an audit trail
The duties and role of an IS Steering Committee is:
A company uses a wide area network (WAN) to allow salesmen in the field to remotely log onto to the office server using
Which of the following statements regarding security concerns for lap top computers is NOT false?
Output control is best described by which of the following ?
Access to an online system running an application program, requires users to validate themselves with a user ID and pas
The following statement about controls over computer operators is true:
When sending a signed message under a public key infrastructure, the message is encrypted using the:
Which of the following activities would NOT be performed by control section personnel when they collect the output of a b
Conditioning of the transmission lines is LEAST effective against
Which of the following activities would not be performed by control section personnel when they collect the output of a ba
Packet switching is an example of:
Which one of the following is not a compliance test ?
The definition of expected loss from a threat is:
Active attack on communication network DOES NOT include
Logging of transaction is an important means of backup. Which purpose among the following is not served by logging the
Which one of the following errors will occur because of overflow conditions?
Which phase of SDLC uses Data Flow Diagram?
The main focus of the graphical user interface (GUI) environments is:
Which of the following principles should not guide the way in which QA personnel report to management?
Retention date on magnetic tape files would:
Page 63
Sheet1
Which of the following events is recorded on a public audit trail in a digital signature system?
The manager of the information systems QA function should report to the:
An example for a concurrent audit tool whose complexity is low is :
Which of the following statements is (are) correct regarding the Internet as a commercially viable network
You would NOT use stubs or drivers in which of the following testing approaches?
In an accounts payable system, clerks who enter invoices for payment also maintain the file containing valid vendor code
Which of the following should find a place in a disaster recovery plan
The risk in auditing an information system is dependent on various other risks. Which of the following results in decrease
The FIRST and preliminary step in the process of information security program establishment is :
With respect to expert systems, a heuristic is not a:
Identify the technique that mostly prevents a system failure from occurring or facilitates quick recovery from failures.
An IS auditor came across an instance of a security administrator working occasionally as a senior computer operator. Th
In preventing unauthorised access to a computer file from a remote terminal, which of the following controls can be used
The main objective of separation of duties is to ensure that:
The purpose of electronic signature is
Which of the following is considered potential benefits of Electronic Data Interchange (EDI)?
Which one of the following local area network devices functions as a data regenerator?
During an audit of the tape management system at a data center, an IS auditor discovered that some parameters are set
In order to achieve more perfection of an already working software system, what method will be adopted?
The internal auditor's first job while trying to identify the components of a telecommunication system posing the GREATES
The primary consideration for a System Auditor , regarding internal control policies, procedures, and standards available
To properly control access to accounting data held in a Database Management System, the database administrator shou
Which of the following actions should be undertaken when plastic debit/credit cards are issued:
If fraud or errors are suspected in the population , the auditor would use:
Which among the following statements about information systems personnel is NOT true?
The MOST likely characteristic of an informational systems OPERATIONAL plan is:
The following resources are protected by Logical access controls
Which of the following electronic commerce systems handle non-monetary documents?
Which of the following approach is ideal in order to test the electronic data interchange (EDI system for a value added ne
Which one of the following design approaches would address data sharing and system access problems in legacy applica
Computer manufacturers generally install software programs permanently inside the computers as part of its main memo
Page 64
Sheet1
Which of the following is NOT true about a database management system application environment?
Overall responsibility to protect and control the database and monitor and improve the efficiency of the database are the
The test of access control, over a distributed database, can be carried out by In a Bank, the updating programme for bank account balances calculates check digit for account numbers. This procedur
Which of the following controls would address the concern that data uploaded from a microcomputer to the company's ma
Which of the following statements about computer is correct?
An MIS Manager has only enough resources to install either a new payroll system or a new data security system, but not b
Which one of the following criteria shall NOT be considered for choosing an appropriate Computer platform to suit a give
Which of the following is not an important control step of the input/output control group?
Rollforward and rollback are two important techniques for backup. Which among the following should be logged for facilit
Which one of the following design approaches would address data sharing and system access problems in legacy applic
Which of the following is an upper CASE tool?
A document-driven approach is used in :
Customer details like address changes etc are being used in too many mainframe application systems calling for a great
Which of the following terms is commonly used for the agreement about packaging and interpreting both data and contro
Uninterruptible power supplies are used in computer centers to reduce the likelihood of :
The following method of PIN validation seems to result in the fewest control problems?
As an IS auditor, which would you consider the MOST CRITICAL CONTROL over an employee performing a function.
In an IPF (Information processing facility) is typically a large computer centre, which of the following has the primary cons
Network downtime is very costly and should be kept to minimum as much as possible. Which one of the following networ
Which of the following techniques ensure an e-mail message's, authenticity, confidentiality, integrity and non-repudiation?
Which of the following usually is a purpose of a modem:
Identify the document which is LEAST effective during the acceptance test of applications software.
Removing sequences of extraneous zeros or spaces in a file is an application of:
You would NOT use stubs or drivers in which of the following testing approaches?
When the Auditor uses generalised audit software to access a data maintained by a database management system, whi
Rollforward and rollback are two important techniques for backup. Which among the following should be logged for facilit
Which of the following statistical selection technique is least desirable for use by the IS auditor.
Notebook computers are portable and used to access the company s database while the executives are on travel. Which
Which of the following statement is TRUE about an offsite information processing facility?
The MAIN purpose of having Compensating Controls are to
Page 65
Sheet1
The advantage of an ISO 9001 quality system implementation is:

Auditors of IS face an acute problem of evaluating the general authorization methods in a computerized accounting syste
Which of the following is not advantage of distributed computing vis- -vis centralised computing?
Which of the following terms best describes the purpose of control practice over the input The most appropriate audit strategy for a large organisation which relies on comprehensive user controls over the micro
Identify the one that is NOT a key concept of object-oriented technology.
The basic purpose of an IS audit is :
What would you use to enforce integration rules so as to integrate one component with another?
Which of the following pairs of items perform similar functions?
The presence of an arbitrator in a digital signature system will prevent:
Where would you handle finite state machines in SDLC?
Which phase of SDLC uses 'Program slicing' technique?
While reviewing the telecommunication access control, the primary concern of the IS Auditor will be on the Which one of the following is a control weakness in the treatment of user messages in electronic mail system?
Which one of the following documents would be least effective in performing unit testing of an applications software?
Which one of the following statements is true?
As compared with other Information Systems, Executive Information Systems does NOT have the characteristic of
In an audit of the outsourcing process, the IS auditor would LAST perform the task of:
A normally expected outcome of a business process re-engineering is that:
Ability to operate on multiple computer types from different vendors is envisaged by
After the system is developed, the auditor's objective in conducting a general review is to
What is a MAJOR benefit of switching over to the electronic data interchange (EDI) system?
The science of cryptography provides all of the following safeguards except
Software quality assurance process does NOT undertake:
When the Auditor uses generalised audit software to access a data maintained by a database management system, whi
Which of the following utilities can be used to directly examine the ability of the program to maintain data integrity?
Control of employee activities in a computerized environment is, vis- -vis manual systems,
One of the production supervisors who has got access to the corporate database sold sensitive product pricing informati
Which of the following is not part of an emergency plan?
Which of the following is NOT true about Pretty good privacy (PGP) and privacy enhanced mail (PEM)?
Transaction logs generally consist of successful transactions. Rejected transactions are printed to a separate log. This se
Page 66
Sheet1
Employees are compulsorily asked to proceed on a week long vacation in many organisations to
A Systems Analyst s duties and roles comprises of:
Because of the sensitivity of its data, a database system for business forecasting was implemented with access control a
A competitor would gain by accessing sensitive operating information stored on computer files. Which of the following con
Which of the following would greatly affect the project estimate if any changes made to it while developing a project?
An online banking system permitted withdrawals from inactive customer accounts. Which of the following controls would
Which of the following decisions most likely could not be made on the basis of reports prepared from the maintenance lo
Which of the following is deemed as good system design practice?
To conduct a System audit the IS auditor should:
Which among the following is NOT a serious problem in a ring topology based LAN?
Which of the following alternate facilities has the GREATEST chance of failure due to change in systems and personnel?
A lower cost software product metric that is used for data collection :
Which of the following would not normally be considered a typical file structure for a database management system:
The technical support personnel should have unlimited access to all data and program files to do their job. Which of the
Which of the following decisions most likely CANNOT BE made on the basis of performance monitoring statistics that are
The best way to delete a highly confidential file from a microcomputer would be by using which of the following:
In general, mainframe computer production programs and data are adequately protected against unauthorized access. C
When an accounting application is processed by computer, an auditor cannot verify the reliable operation of programmed
Page 67
Sheet1
Which among the following components is of PRIMARY concern for evolving a recovery plan after a communication failur
Which of the below is a TRUE statement concerning Test Data Techniques.
One of the advantages of using naming convention for access control is that Processing control procedures include
In which phase of a system development life cycle would you perform Mutation analysis?
Access may be filtered by a firewall access control list based on each of the following EXCEPT:
The following method of obtaining customer selected PINs does not require the cryptographic generation of a reference n
As organisations move to implement EDI, more of them are turning to the use of value added networks (VANs). Which of
Which of the following network architecture is most reliable?
Which is the primary reason for replacing cheques with Electronic Funds Transfer (EFT) systems in the accounts payable
In determining the sample size for a test of control using attribute sampling , a System Auditor would be least concern wi
Which of the following would not be appropriate to consider in the physical design of a data centre?
The following measures will protect the computer systems from virus attack EXCEPT:
Which of the following features is least likely to be found in a real time application?
The installation of a database management system (DBMS) does not have any direct impact on :
Simple Software has just purchased a minicomputer. The make and module selected will allow the company to attach ad
Which of the following statements about personnel training in QA standards and procedures is false?
The following statement applies to a capability based approach to authorisation?
The control to provide security against accidental destruction of records and to ensure continuous operations is called Determining what components to include in the network configuration is called a:
The media that is rarely used in present day LANs is:
Which of the following functions SHOULD NOT BE combined with Systems Analyst
The class of control used to monitor inputs and operation is :
Which one of the following network architectures is designed to provide data services using physical networks that are m
Page 68
Sheet1
When the account number is entered into an online banking system, the computer responds with a message that reads:
Which one would be a material irregularity?
Which of the following encryption algorithms or schemes is MOST difficult to break?
Which one of the following is a control weakness in the treatment of user messages in electronic mail system?
Which of the following lines prevents tapping?
A public key cryptosystem uses:
An audit technique used to select items from a population for audit testing purposes based on the characteristics is terme
Which one of the following statements is correct with regard to reciprocal processing agreement?
A function NOT possible of being accomplished using CAATs is :
Rollback is an effective means of recovering data. In which of the following situations after an error has occurred but man
A less formal review technique is:
Which one of the following is not an essential component of a distributed computing environment?
Network designers must be able to predict network performance if they are to optimise a network. The probability of a los
Information system crimes and abuses in comparison to those of the general category are likely to be
Identify the contractual provision that is objective and enforceable among the parties involved in a system development lif
In a Bank, the updating programme for bank account balances calculates check digit for account numbers. This procedure
Page 69
Sheet1
Formal change control mechanism would start after which of the following in an overall system development project?
Which of the following is addressed by software configuration management as part of 'Software quality assurance?
Internal controls are not designed to provide reasonable assurance that:
The independence of an IS auditor who was involved in the development of an appliction system shall be impaired when
The auditor of an IS can exercise control over
The basic control requirement in a real time application system is :
In an IS environment, routing all links to external systems via a firewall, scanning all diskettes and CDs brought in from o
The first step in the installation of an information security program is the The technique employed in packet switching mode of transmission is:
Replacing the manual system with a computerized system is MORE likely to result in the assets and records
Which of the following software metrics would refer to function points?
Which one of the following pair of items is a primary cause of signal distortion in data communications?
The auditor plans to select a sample of transactions to assess the extent that purchase cash discounts may have been lo
To provide the management with appropriate information about the process being used 'by the software development pro
To ensure proper separation of duties, the function NOT to be performed by the Scheduling and Operations personnel is
In selecting the applications to be audited, which criteria is LEAST likely to be used:
When the Auditor uses generalised audit software to access a data maintained by a database management system, whic
Which of the following would be of great concern to an auditor reviewing a policy about selling a company s used microco
Which of the following statements about encryption is NOT correct?
Dual protection or mirroring of servers mitigates the exposures from
Which one of the following is not part of a computer capacity management function?
The general control that concern the proper segregation of duties and responsibilities is called An access control policy for a Customer Service Representative in a banking application is an example of the implementa
dentify the factor that is not part of an expert system architecture.
Page 70
Sheet1
The best control to ensure that a customer uses a debit/credit card carefully is:
The information technology pilot projects envisages which of the following concepts?
In evaluating and reviewing the effectiveness of the management s communication of IS policies to concerned personnel
Modems do enhance the quality of transmission. Which among the following is NOT a control feature that enhances the q
Which of the following is TRUE about Electronic Data Interchange (EDI) application system?
Which one of the following methodologies require efficient system requirements analysis?
In order to trace data through several application programs, an auditor needs to know what programs use the data, which
The requirements specification phase needs a lot of operational viewpoint input in the early stage of a system developmen
Which of the following is considered potential benefits of Electronic Data Interchange (EDI)?
Which one of the following protocols is used by the Internet?
Wiretapping CANNOT easily be done without detection in
Which of the following Technical specifications will NOT be included in a functional
The BEST and the most reliable form of evidence that an IS auditor would look for in audit of an IS environment is
Segregation of duties is TRUE in which of the following cases ?
The IS Control Group is NOT responsible for performing
The following statement is true about a mandatory access control policy?
. The test of access control, over a distributed database, can be carried out by The most appropriate audit strategy for a large organisation which relies on comprehensive user controls over the micro c
Page 71
Sheet1
A Data Base Management System locks out a record used by one user, when it is simultaneously accessed by another us
Hardware controls are important to IS auditors for they:
The functions of operations management relating to the microcomputers in organisations where microcomputers are used
Uninterrupted Power Supply (UPS) systems are used in computers to reduce the likelihood of :
Which of the following decisions most likely CANNOT BE made on the basis of reports prepared from the maintenance lo
The comment which is a DISADVANTAGE concerning prototyping is:
Which of the following best describes feature of statistical sampling?
The objective of using System Control Audit Review File (SCARF) within the application is for collecting following informa
Which of the following activities is undertaken during data preparation:
The control procedure of installing the anti-virus software in the system is called An IS auditor reviewing an organisation s Business Continuity Plan discovered that the software backups are not stored in
Staffing the QA function is often difficult because:
The presence of a Quality Assurance (QA) function has an effect of the auditors function. Which of the following stateme
A major advantage of associating passwords with users in the access control mechanism, over associating the password
Identify the wrong statement with respect to structured programming concepts and program modularity.
Which of the following functions SHOULD NOT BE combined with Control Group.
Which of the following techniques ensure an e-mail message's, authenticity, confidentiality, integrity and non-repudiation?'
Which one of the following network types will play an important role in implementing E-commerce?
Which one of the following controls would protect the production libraries without compromising the efficiency of open acc
The primary objective of security software is to:
Which of the following actions provides the IS Auditor with the greatest assurance that certain weaknesses in internal con
The basic character / purpose of an audit charter is best described by which of the following.
Reciprocal Agreements are normally entered between two or more organisations:
Most computer systems have hardware controls that are built in by the computer manufacturer. Common hardware contro
Page 72
Sheet1
Which type of cipher has the highest work factor?

To which of the following resource type are the most complex action privileges assigned?
IS Auditor performing a security review will perform all the following steps. However he will begin with A major drawback of a remote dial up network communication system is
. Which of the following physical access control devices would be most effective for a high security installation?
Identify the factor that is not part of an expert system architecture.
In which phase Rapid prototyping is used in Waterfall life cycle development model?
Software piracy is a common threat to an organization and so while choosing an application software package what shou
The media that is rarely used in present day LANs is:
Which of the following is not a major benefit of applications software prototyping ?
. The following is NOT a desirable property of a cipher system:
In software maintenance, the NON technical tool is: 'maintenance?
The password administration procedure should follow the following principle in implementing the access control :
In which of the following phases of a system development life cycle decision 'tables being used?
An on line bookseller decides to accept online payment from customers after implementing agreements with major credit
Due to an important work, the senior computer operator has gone on a leave for ten days. In his place, the security officer
In an automated processing system of records, processing control total reconciliation is a type of In an IPF (Information processing facility) is typically a large computer centre, which of the following has the primary consi
To effectively prevent intrusion, usually the following controls are established. Of this, which control BEST detects intrusion
Which of the following is not a database model :
Software metric that deals with measurement of lines of code is:
Which of the following network architecture is most reliable?
Transmission of electronic signals is not free of impairments. Which of the following statements is true?
A compensating control for the weakness in access controls is the daily review of log files. The IS Auditor reviewing the ad
Page 73
Sheet1
Logging of authorised and unauthorised attempts to access the computer systems and Disconnection of a terminal after i
Which of the following is a dynamic analysis to detect software errors?
Which of the following decisions most likely could not be made on the basis of reports prepared from the maintenance log
As against link encryption, end-to-end encryption cannot protect against
Which of the following should find a place in a disaster recovery plan
Application's access control will be seriously jeopardised if Business continuity plan of an organisation should address early recovery of which of the following?
Which one of the following reasons is the most important to retain a legacy application system?
A well written and concise job description is IRRELEVANT to
A brokerage firm is moving into new office premises already equipped with extensive telephone wiring. The firm is plannin
What is the major risk that is faced by a user organization during system integration projects?
The IS Manager of a small company senses that unrestricted access to production library results in the risk of untested pr
To examine the existence of the entities described by the data , which of the functional capabilities in the generilise audit
Access to the work area restricted through a swipe card or only through otherwise authorised process and when visitors e
IS security policy of an organisation will not contain details about the following:
A newly released virus was enabled into LAN, from a floppy drive in one of the workstations connected to the LAN. The e
Page 74
Sheet1
One of the main tasks performed by a Security Administrator is Which of the following alternate facilities has the GREATEST chance of failure due to change in systems and personnel?
Information system is broken into various subsystems. Which among the following is NOT a component of the application
Personal Computers and Laptops have both a floppy disk drive and a hard disk drive. The major difference between the t
Which of the following characteristics is not associated with a public key cryptosystem?
Which of the following feature may seriously affect or nullify the utility of audit trails for an application system ?
Which of the following is TRUE about Automated Teller Machines (ATMs)?
The most appropriate audit strategy for a large organisation which relies on comprehensive user controls over the micro c
System Auditor primarily uses, the information provided by a detailed, understanding of the Information system controls an
Page 75
Sheet1
To conduct a System audit the IS auditor should:

For reviewing the physical security of the IPF facility, the necessity of the following document is the LEAST Which of the following is an advantage of the use of hot sites as a backup alternative?
While classifying controls on the basis of the operations involved, input control can be classified as Identify the wrong statement with respect to structured programming concepts and program modularity.
Internet was established NOT for
Before disposing off the PC used for storing confidential data the most important precautionary measure to be taken is The following measures will protect the computer systems from virus attack EXCEPT:
The technique employed in packet switching mode of transmission is:
Page 76
Sheet1
Accounts Receivable Section personnel for a manufacturer frequently access computer data on customer and product sa
Due Professional Care requires an IS auditor to possess which of the following quality
In order to trace data through several application programs, an auditor needs to know what programs use the data, which
Which of the following physical access control devices would be most effective for a high security installation?
During a fire in a data centre, an automatic fire suppression system would first:
he best control to ensure that a customer uses a debit/credit card carefully is:
The primary advantage of a derived Personal Identification Number (PIN) is that :
. Which of the following is NOT TRUE with regard to network reliability enhancement:
The main difference in terms of control between a manual system and a computer system is:
Access to the work area restricted through a swipe card or only through otherwise authorised process and when visitors e
. For reviewing the physical security of the IPF facility, the necessity of the following document is the LEAST Logging of transaction is an important means of backup. Which purpose among the following is not served by logging the
Which of the following is the most difficult to manage in a SDLC project?
While classifying controls on the basis of the operations involved, input control can be classified as Which of the following physical access control devices would be most effective for a high security installation?
Page 77
Sheet1

Which of the following techniques ensure an e-mail message's, authenticity, confidentiality, integrity and non-repudiation?
In evaluation of an organisation s IS strategy, which of the following would an IS auditor consider to be the MOST importa
IS security policy of an organisation will not contain details about the following:
Which of the following access rights if allotted to a computer operator, will violate a standard access control rules :
n order to prevent the loss of data during the processing cycle, the First point at which control totals should be implemente
Which of the following would greatly affect the project estimate if any changes made to it while developing a project?
Which one of the following statements is FALSE?
MAC or message authentication code prevents
Which of the following security control is MOST effective to prevent fraud and abuse in the case of electronic fund transfe
Which of the following cryptographic algorithm does both encryption and digital signature?
What is the most important factor to be considered when comparing system alternatives before making the final selection
In the development life cycle model, the place to start software quality process is:
All computers have a central processing unit (CPU) that works in conjunction with peripheral devices. The function of the
During a review of system access rules, an IS Auditor noted that the System Administrator has unlimited access to all dat
In order to prevent the loss of data during the processing cycle, the First point at which control totals should be implement
Page 78
Sheet1
When the account number is entered into an online banking system, the computer responds with a message that reads: A
Which of the following feature may seriously affect or nullify the utility of audit trails for an application system ?
Which of the following is TRUE about Automated Teller Machines (ATMs)?
Fuzzy logic is most effective when :
Which of the following testing approaches will test the system s ability to withstand misuse by inexperienced users?
Which one of the following statements concerning microcomputer systems NOT true?
. It would not be possible to use the Checkpoint/restart facilities when:
In an automated processing system of records, processing control total reconciliation is a type of In switching over to an Electronic Fund Transfer (EFT) environment, which of the following risks DOES NOT occur?
Which one of the following transmission media is unsuitable for handling intra-building data or voice communications?
What is the control that should have been in vogue so as to enable detection of a change made in a payroll program by a
. Which one of the following is not an essential component of a distributed computing environment?
The internet is made up of a series of networks that include
A computerized system should contain an audit trail of information to facilitate detection of certain events. In an audit trai
To prevent virus attack effectively in an IS environment, the first and the foremost step to be taken is In an IS environment, routing all links to external systems via a firewall, scanning all diskettes and CDs brought in from ou
Identify the item that is not a part of performance guarantees in software contract negotiations.
Page 79
Sheet1
The test of access control, over a distributed database, can be carried out by A major drawback of a remote dial up network communication system is
Which of the following is a common security practice in a LAN.
Which of the following statement is true about a mandatory access control policy?
The objective of compliance testing is to find :
For reviewing the physical security of the IPF facility, the necessity of the following document is the LEAST Which of the following cryptographic algorithm does both encryption and digital signature?
Which one of the following network configurations used by electronic data interchange (EDI) trading partners does not ha
For a stand alone system, the best security control is to have A Data Base Management System locks out a record used by one user, when it is simultaneously accessed by another us
he main objective of separation of duties is to ensure that:
When implementing local area networks, the major implementation choices involve decisions about all of the following exc
Which one of the following testing order is correct?
. Where would you handle finite state machines in SDLC?
One of the production supervisors who has got access to the corporate database sold sensitive product pricing informati
The control procedure of installing the anti-virus software in the system is called An IS auditor reviewing an organisation s Business Continuity Plan discovered that the plan provides for an alternate site
Incorrect initialization occurs on account of which of the following faults ?
Page 80
Sheet1

he following message service provides the strongest protection about the occurrence of a specific action:
Which of the following would NOT be a reason for IS Audit involvement in information systems contractual negotiations?
The BEST method to verify the data values through the various stages of processing
Requirement specification errors lead to:
Due to an important work, the senior computer operator has gone on a leave for ten days. In his place, the security officer
dentify the factor that is not part of an expert system architecture.
n electronic device that combines data from several low speed communication lines into a single high-speed line is a :
. Which one of the following network types will play an important role in implementing E-commerce?
. In unit testing, which one of the following can be mechanised?
The main difference between manual and computerized systems in so far as separation of duties is concerned is :
Page 81
Sheet1
To effectively prevent intrusion, usually the following controls are established. Of this which control BEST detects intrusion
Password control procedures incorporate all the following features EXCEPT Which of the following is TRUE about Electronic Data Interchange (EDI) application system?
In the case of message encryption, which of the following is more secure?
A major drawback of a remote dial up network communication system is
Which of the following incidents can seriously damage a digital signature system?
Which of the following types of subversive attacks on a communication network is not an active attack:
Which one of the following poses a major threat in using remote workstations?
The BEST and reliable form of evidence that assists the IS auditor to develop audit conclusions is :
One of the production supervisors who has got access to the corporate database sold sensitive product pricing informatio
The primary advantage of the list-oriented approach to authorisation is:
Which one of the following poses a major threat in using remote workstations?
A software metric will NOT define which one of the following?
A company has policy to purchase microcomputer software only from recognized vendors and prohibit employees from ins
Page 82
Sheet1
When a compliance failure occurs, QA personnel should:
Within an EDI system which of the following is used to determine non-repudiation?, Only Digital signautres can ensure no
In preventing unauthorised access to a computer file from a remote terminal, which of the following controls can be used w
ne main reason for using Redundant Array of Inexpensive Disks (RAID) is :
The basic purpose of an IS audit is :
After you enter a purchase order in an on-line system, you get the message, The request could not be processed due to
Implementation and maintenance of new and existing systems with the aid of programmers and analysts is the responsib
For electronic-Commerce deals through web-based transactions involving acceptance of payment through credit cards, in
One main reason for using Redundant Array of Inexpensive Disks (RAID) is :
Page 83
Sheet1
Substantive Testing and Compliance Testing can be best differentiated as :
An IS auditor carrying out review of logical access control, shall have the PRIMARY OBJECTIVE of
The IS security policy of a company usually incorporates all of the following features EXCEPT Which of the following access rights if allotted to a computer operator, will violate a standard access control rules :
Which of the following should be verified by an IS auditor reviewing a Business Continuity Plan?
An IS Auditor carrying out security review for verification of the implementation of certain security measures, will be LEAS
Which of the following computer technologies is a major shift in the develpoment and maintenance of application systems
IS Auditor performing a security review will perform all the following steps. However he will begin with Abuse of information system (IS) is BEST described as :
A majority of defects are attributed to a few number of causes. Which of the 'following basic tools would BETTER depict t
What is the control that should have been in vogue so as to enable detection of a change made in a payroll program by a
In an IS environment, routing all links to external systems via a firewall, scanning all diskettes and CDs brought in from ou
In today s business environment one can hardly find a company without a computer. But an IPF (Information processing f
In an automated processing system of records, processing control total reconciliation is a type of In Information Technology projects, which of the following factors is most crucial?
Page 84
Sheet1

A main advantage of a standard access control software implemented properly is Which of the following is TRUE about Automated Teller Machines (ATMs)?
In an IS based on computerized environment, the audit trail is
An access control policy for a Customer Service Representative in a banking application is an example of the implementa
For electronic-Commerce deals through web-based transactions involving acceptance of payment through credit cards, in
Which one of the following is the most essential activity for effective computer capacity planning:
Which of the following factors would bring down the risks most in Joint Application Design (JAD) meetings?
The effectiveness of an information system shall normally be measured in terms of
Replacing the manual system with a computerized system is MORE likely to result in the assets and records
A computer can call into primary storage only that portion of a program and data needed immediately while storing the rem
To effectively implement the principle of least privilege, it is necessary to have:
Page 85
Sheet1

Several risk are inherent in the evaluation of evidence that has been obtained through the use of statistical sampling .A b
Generalised Audit Software (GAS) are NOT used for:
The first step in the installation of an information security program is the Wiretapping CANNOT easily be done without detection in
"Availability of computer time" is taken care of in which part of the Project Planning and scheduling ?
Which of the following statements relating to packet switching networks is True?
Which of the following converts digital pulses from the computer into frequencies within the audio signals
To which one of the following issues that an information systems (IS) auditor participating 'in a system development life cy
Where a transaction processing application is very complex, involving many sources of data capture and many routes for
For reviewing the physical security of the IPF facility, the necessity of the following document is the LEAST Which of the following is not part of an emergency plan?
Duplication of submitting corrections to errors could be prevented by:
Page 86
Sheet1
An access control policy for a Customer Service Representative in a banking application is an example of the implementa
Hardware controls are important to IS auditors for they:
Of the following, the most critical component in a LAN is likely to be the:
The principle of least privilege is a important concept in access controls of a network. Among the four enumerated here, w
Which of the following converts digital pulses from the computer into frequencies within the audio signals
Availability of computer time is taken care of in which part of the Project Planning and scheduling ?
Which of the following tests address the interaction and consistency issues of successfully tested 'Parts of a system?
An IS auditor carrying out review of logical access control, shall have the PRIMARY OBJECTIVE of
Errors in an information system based on computers are less tolerable than in a manual system primarily because:
Which one of the following transmission media is unsuitable for handling intra-building data or voice communications?
The major difference between a client/server and a mainframe-based application 'may NOT likely to occur with regard to
The following is NOT a pre-requisite for installing a new anti-virus software
Page 87
Sheet1

While down sizing a material inventory system, data center personnel considered redundant array of inexpensive disks (R
hich of the following is not a function of operations management:
A company has policy to purchase microcomputer software only from recognized vendors and prohibit employees from ins
Exposure that could have been caused by the line - grabbing technique is In residual dumping technique for backup, the records that are backed up are those that have not undergone any change
Identify the contractual provision that is objective and enforceable among the parties involved in a system development li
Which one of the following metrics deal with "number of entries/exits per module" ?
Can an IS auditor of a company outsourcing its operations insist to review the vendor s Business Continuity plan documen
Page 88
Sheet1
In an automated processing system of records, processing control total reconciliation is a type of Which of the following control objectives is violated when the theft of proprietary software or corporate data is stolen:
Which of the following steps provide the highest assurance in achieving confidentiality, message integrity and non-repudia
Which one of the following is ideally suited for multimedia applications?
An advantage of outsourcing data processing activities in a company is obtained by:
Which of the following control objectives is violated when the theft of proprietary software or corporate data is stolen:
Which of the following incidents can seriously damage a digital signature system?
How the control in a loan processing edit program which ensures a logical relationship between the amount advanced, the
In which phase of SDLC would you use software sneak circuit analysis?
In evaluating and reviewing the effectiveness of the management s communication of IS policies to concerned personnel,
To disable easy detection of password, it should be arranged in the following convention as shown below:
Page 89
Sheet1
A main advantage of a standard access control software implemented properly is Rollback is an effective means of recovering data. In which of the following situations after an error has occurred but man
The objective of software quality assurance is not:
Maintenance of adequate security measures over IS assets and accountability for the same rests with the:
The designer of a cryptosystem is called a:
Abuse of information system (IS) is BEST described as :
A sampling technique that estimates the amount of overstatement in an account balance is termed as :
In an automated processing system of records, processing control total reconciliation is a type of In switching over to an Electronic Fund Transfer (EFT) environment, which of the following risks DOES NOT occur?
Which of the following is NOT a desirable property of a cipher system:
The major difference between a client/server and a mainframe-based application 'may NOT likely to occur with regard to w
While down sizing a material inventory system, data center personnel considered redundant array of inexpensive disks (R
. Which of the following is not a function of operations management:
Which of the following terms best describes the purpose of control practice over the input A document-driven approach is used in :
When constructing the communications infrastructure for moving data over a local area network, the major implementation
Page 90
Sheet1
Which of the following actions provides the IS Auditor with the greatest assurance that certain weaknesses in internal con
The logical access exposure involving data changing before and/or while being entered into the computer is called Which of the following systems are MOST important for business resumption following a disaster?
Rollback is an effective means of recovering data. In which of the following situations after an error has occurred but many
Which of the following terms is commonly used for the agreement about packaging and interpreting both data and control
Where a transaction processing application is very complex, involving many sources of data capture and many routes for
An IS Auditor carrying out security review for verification of the implementation of certain security measures, will be LEAS
For a stand alone system, the best security control is to have Access to an online system running an application program, requires users to validate themselves with a user ID and pas
dentify the document which is LEAST effective during the acceptance test of applications software.
Software piracy is a common threat to an organization and so while choosing an application software package what shoul
Page 91
Sheet1
Before disposing off the PC used for storing confidential data the most important precautionary measure to be taken is A main advantage of a standard access control software implemented properly is . MAC or message authentication code prevents
Requirement specification errors lead to:
An Information System Auditor observed that technical support personnel have unlimited access to all data and program
The auditor plans to select a sample of transactions to assess the extent that purchase cash discounts may have been los
To ensure proper separation of duties, the function NOT to be performed by the Scheduling and Operations personnel is :
Before disposing off the PC used for storing confidential data the most important precautionary measure to be taken is Which among the following is NOT a serious problem in a ring topology based LAN?
Software piracy is a common threat to an organization and so while choosing an application software package what shou
Select the BEST control to mitigate the risk of creation of duplicate user name and Password during sign on procedures, i
The MOST secured access control mechanism is
Page 92
Sheet1
Hardware controls usually are those built into the equipment by the manufacturer. One such control, an echo check , is be
he complete information about all data in a database is found in :
. Which one of the following protocols is used by the Internet?
The test approach that includes ALL of the systems requirement, system design, and 'systems development documents i
Access control list of a firewall can have the following parameters, on the basis of which it may filter access, EXCEPT one
The following is NOT a pre-requisite for installing a new anti-virus software
Maximum reliability is available in
Page 93
Sheet1
here access control mechanism is implemented in an open environment, the users are allowed to access a resource:
Which of the following BEST describes a warm site?
Which of the following is least likely to be a reason for making QA personnel responsible for identifying areas where quali
For effective implementaion of a software quality program the MOST important prerequisite is:
Intentional Standards Organisation (ISO) has defined risk as the potential that a given threat will exploit vulnerability of a
The first step in the installation of an information security program is the Which of the following cryptographic algorithm does both encryption and digital signature?
Page 94
Sheet1

fter you enter a purchase order in an on-line system, you get the message, The request could not be processed due to la
computerized system should contain an audit trail of information to facilitate detection of certain events. In an audit trail lo
To disable easy detection of password, it should be arranged in the following convention as shown below:
An on line bookseller decides to accept online payment from customers after implementing agreements with major credit c
Determining what components to include in the network configuration is called a:
hich of the following is NOT a proper responsibility of functional users.
Page 95
Sheet1
Which of the following is NOT TRUE with regard to network reliability enhancement:
The estimate of time which has the MOST important relevance in evaluation of the activities in a Program Evaluation Rev
. Which of the following activities should not be permitted when operators use a communications network control terminal:
The control procedure of installing the anti-virus software in the system is called Logging of authorised and unauthorised attempts to access the computer systems and Disconnection of a terminal after i
Which one of the following criteria shall NOT be considered for choosing an appropriate Computer platform to suit a given
The test approach that includes ALL of the systems requirement, system design, and 'systems development documents is
Page 96
Sheet1
To protect computer systems from short term power fluctuations, the best environmental control is Which one of the following network configurations used by electronic data interchange (EDI) trading partners does not ha
In preventing unauthorised access to a computer file from a remote terminal, which of the following controls can be used w
What is the major risk that is faced by a user organization during system integration projects?
Which one of the following network architectures is designed to provide data services using physical networks that are m
A ring network
Page 97
Sheet1
An interest calculation program of a Bank has several schemes and several interest rates. The MOST APPROPRIATE co
hich of the following techniques ensure an e-mail message's, authenticity, confidentiality, integrity and non-repudiation?'
Business continuity plan of an organisation should address early recovery of which of the following?
The Job responsibilities and rights of an application programmer does NOT include
How the control in a loan processing edit program which ensures a logical relationship between the amount advanced, th
The principle of least privilege is a important concept in access controls of a network. Among the four enumerated here, w
The longest phase in SDLC is :
Page 98
Sheet1

. If fraud or errors are suspected in the population , the auditor would use:
The first step in the installation of an information security program is the Which of the following cryptographic algorithm does both encryption and digital signature?
Which of the following techniques ensure an e-mail message's, authenticity, confidentiality, integrity and non-repudiation?'
The objective of using System Control Audit Review File (SCARF) within the application is for collecting following informat
Compliance auditing is used to do?
Exposure that could have been caused by the line - grabbing technique is The logical access exposure involving data changing before and/or while being entered into the computer is called Which of the following encryption algorithms or schemes is MOST difficult to break?
Which of the following is a common security practice in a LAN.
ormal change control mechanism would start after which of the following in an overall system development project?
The estimate of time which has the MOST important relevance in evaluation of the activities in a Program Evaluation Revi
Page 99
Sheet1

The IS security policy of a company usually incorporates all of the following features EXCEPT Which of the following is NOT true about Pretty good privacy (PGP) and privacy enhanced mail (PEM)?
A ring network
The control to provide security against accidental destruction of records and to ensure continuous operations is called An upper CASE tool is used in :
hich one of the following is not an operating control:
While reviewing the telecommunication access control, the primary concern of the IS Auditor will be on the The control procedure of installing the anti-virus software in the system is called Which of the following should be verified by an IS auditor reviewing a Business Continuity Plan?
Which of the following is an advantage of the use of hot sites as a backup alternative?
Most computer systems have hardware controls that are built in by the computer manufacturer. Typical hardware controls
Page 100
Sheet1
The technical support personnel should have unlimited access to all data and program files to do their job. Which of the fo
ith respect to AI, a heuristic refers to :
A reasonably controlled practice in the distributed executable programs that execute in background of a web browser clie
The unauthorised use of data files can be best prevented by using IS security policy of an organisation will not contain details about the following:
Which of the following is NOT true about Pretty good privacy (PGP) and privacy enhanced mail (PEM)?
Which of the following statements about encryption is NOT correct?
While reviewing an organisation that has a mainframe and a client/server environment where all production data reside, t
Which of the following terms best describes the purpose of control practice over the input Software piracy is a common threat to an organization and so while choosing an application software package what shou
he biggest benefit of prototyping is:
Which of the following computer technologies is a major shift in the development and maintenance of application systems
The auditor of an IS can exercise control over
Password control procedures incorporate all the following features EXCEPT Reciprocal Agreements are normally entered between two or more organisations:
. The control to provide security against accidental destruction of records and to ensure continuous operations is called Retention date on magnetic tape files would:
Page 101
Sheet1
etworks are growing day-by-day. Which one of the following component of such growth is most difficult to predict?
Which of the following is FALSE with regard to a symmetric key cryptosystem?
When an accounting application is processed by computer, an auditor cannot verify the reliable operation of programmed
Which of the below is a TRUE statement concerning Test Data Techniques.
Which of the following is the LEAST important in the case of backup and recovery plan?
Whenever there is a modification made to an existing software, which of the following testing approaches should be used?
Availability of computer time is taken care of in which part of the Project Planning and scheduling ?
An auditor performing a statistical sampling of the financial transactions in a financial MIS would BEST use :
Exposure that could have been caused by the line - grabbing technique is IS security policy of an organisation will not contain details about the following:
Password control procedures incorporate all the following features EXCEPT . The technique employed in packet switching mode of transmission is:
Prototyping approach does not assume the existence of
Page 102
Sheet1
Before disposing off the PC used for storing confidential data the most important precautionary measure to be taken is Which of the following systems are MOST important for business resumption following a disaster?
Which one of the following errors cannot be detected during an inspection activiy?
The primary advantage of a derived Personal Identification Number (PIN) is that :
Which of the following steps provide the highest assurance in achieving confidentiality, message integrity and non-repudia
To protect computer systems from short term power fluctuations, the best environmental control is The control procedure of installing the anti-virus software in the system is called -
Page 103
Sheet1

dentify the wrong statement with respect to structured programming concepts and program modularity.
majority of defects are attributed to a few number of causes. Which of the 'following basic tools would BETTER depict thi
o which one of the following issues that an information systems (IS) auditor participating 'in a system development life cyc
The System Development Tool which gives the BEST results in an application maintenance function is:
The control procedure of installing the anti-virus software in the system is called In the case of message encryption, which of the following is more secure?
The test of access control, over a distributed database, can be carried out by The IS Manager of a small company senses that unrestricted access to production library results in the risk of untested p
he class of control used to minimise the impact of a threat is :
cho Check belongs to hardware controls, which usually are those built into the equipment. Echo Check is best described a
. A company s management wants to implement a computerised system to facilitate communications among auditors, who
The main activity of the input/output control function is In residual dumping technique for backup, the records that are backed up are those that have not undergone any change
Page 104
Sheet1
Which of the following computer technologies is a major shift in the develpoment and maintenance of application systems
All computers have a central processing unit (CPU) that works in conjunction with peripheral devices. The function of the
A remote dial up order entry system using portable computers for sales man to place order should have the following con
An apparent error in input data describing an inventory item was detected and the issue was referred back to the originati
Which of the following is TRUE about Electronic Data Interchange (EDI) application system?
Overall responsibility to protect and control the database and monitor and improve the efficiency of the database are the
To effectively prevent intrusion, usually the following controls are established. Of this, which control BEST detects intrusion
Page 105
Sheet1
Each of the following is a general control concern EXCEPT:
Before disposing off the PC used for storing confidential data the most important precautionary measure to be taken is The unauthorised use of data files can be best prevented by using An IS auditor reviewing an organisation s Business Continuity Plan discovered that the plan provides for an alternate site
Which phase of SDLC uses "Program slicing" technique?
In SDLC, in which phase would you perform Boundary value analysis?
. Which one would be a material irregularity?
One of the advantages of using naming convention for access control is that Rollback is easily accomplished with differential file backup technique for which of the following reasons?
In which phase Rapid prototyping is used in Waterfall life cycle development model?
Page 106
Sheet1

For effective implementaion of a software quality program the MOST important prerequisite is:
Which of the following systems are MOST important for business resumption following a disaster?
Errors in an information system based on computers are less tolerable than in a manual system primarily because:
Determining what components to include in the network configuration is called a:
Maximum reliability is available in
Which of the following network risk apply to EDI transactions irrespective of the type of network involved?
Select the BEST control to mitigate the risk of creation of duplicate user name and Password during sign on procedures,
Page 107
Sheet1
A ring network
Which of the following threats, vulnerabilities, or risks do not arise in an in-house system development project?
Which of the following is FALSE with regard to a symmetric key cryptosystem?
Each of the following is a general control concern EXCEPT:
Page 108
Sheet1
An Integrated Test Facility (ITF) is BEST described as:
Which of the following statements about digital signatures is NOT true?
Select the BEST control to mitigate the risk of creation of duplicate user name and Password during sign on procedures, i
Whenever there is a modification made to an existing software, which of the following testing approaches should be used?
. OSI model of ISO presents a model of seven layers through which data communication across computers passes. Encry
Before disposing off the PC used for storing confidential data the most important precautionary measure to be taken is Exposure that could have been caused by the line - grabbing technique is The following measures will protect the computer systems from virus attack EXCEPT:
Which of the following is the LEAST important in the case of backup and recovery plan?
Page 109
Sheet1
The internet is made up of a series of networks that include

Whenever there is a modification made to an existing software, which of the following testing approaches should be used
document-driven approach is used in :
Symbolic evaluation is an error detection method. Where would you handle this? 'An error detection technique "symbolic e
he estimate of time which has the MOST important relevance in evaluation of the activities in a Program Evaluation Revie
In a Bank, the updating programme for bank account balances calculates check digit for account numbers. This procedur
n data processing, which of the following causes the maximum losses
ut of the following pairs of services, which provides an access control over a network of computers
In software maintenance, the NON technical tool is: 'maintenance?
A main advantage of a standard access control software implemented properly is The residual dump technique in backup has the disadvantage of
Error seeding should be done in which of the following phases of a system development life cycle?
Which one of the following statements is true?
Page 110
Sheet1

For a stand alone system, the best security control is to have Information system crimes and abuses in comparison to those of the general category are likely to be
In an IPF (Information processing facility) is typically a large computer centre, which of the following has the primary consi
Many automated tools are designed for testing and evaluating computer systems. Which one of the following such tools im
Use of public key infrastructure by an eCommerce site, where public key is widely distributed and the private key is for the
Which of the following statements relating to packet switching networks is True?
Which among the following hacking techniques DOES NOT facilitate impersonation?
In general, mainframe computer production programs and data are adequately protected against unauthorized access. Ce
Page 111
Sheet1

Spooling software can be subject to one of the following control problem:
Page 112
Sheet1
Option A
A legacy system is a mainframe computer-based application system
User ID and password
Increased access violations
SCARF/EAM
applets damaging machines on the network by opening connections from the client machine
Multiple users use data concurrently
Transmission control protocol/Internet Protocol (TCP/IP)
performance monitoring
Quality assurance test
Requirements
whether new hardware/system software resources are needed
it is often a major cost area taking about 50% of the data processing budget
CIS can not collect data for performance monitoring purposes
Maintain backups of program and data.
route the message over alternate path if the normal path fails
Substantive tests
Special audit routines do not have to be embedded
The input and output process of data entry and reports generated.
mid-level formatting of hard disk
minimizing the high risk protocol conversion functions that the gateways perform
Presentation
User manual
Better version control
Compliance Testing
Succession planning is not provided for.
it protects messages against traffic analysis
modem
User ID and Password
Reconciliation of batch control totals
Tests of user controls
poor computer centre design
Mr. R.'s private key.
accuracy
the complaint of non-receipt of message by the receiver
check that the transaction is not invalid for that card type
It is the average length of time the hardware is functional
System A - Likelihood 10%, Losses(in$) 6 million
Recovery test
Input edit checks
Modifications to physical and facilities
Detection
Interviewing the system operator
Confidence risk
Defective switching equipment
Monitoring network activity levels
Generalised Audit Software
Monitoring database usage
Ensuring completeness of the output on processing.
Afterimages
complexity of recovery more than a physical dump
Beforeimages of the modified records have been kept in the differential file
Expert system's knowledge is represented declaratively
User friendliness
The Waterfall model
Page 113
Sheet1
There is a delay of more than 36 months in application development.

detective control
message duplication
ensuring that adequate information for sound management decision making is available prior to contracting for the purch
Adhering to the project schedule
Identification and authentication
The prototype becomes the finished system
the SDLC method is chosen
parallel simulation technique
forced change of password after every day
A scatter diagram
Identify the business objectives of the network
Requirements
checking basic control totals
higher cost per transaction
Active data dictionary system
Increased workloads
adequate reporting between the company and the service provider
The sample size decreases as the precision amount decreases.
Understanding of business risks by interviewing management s key personnel.
Change records for the application source code.
The mainframe computer should be backed-up on a regular basis.
An integrated test facility.
ensuring that access is given in accordance with the organisation's authorities
Data fault
Documentation of activities is the main focus of the standard.
authorizations have been replaced by system software controls
Sequence check
Database schema
customer over the confidentiality of messages received from the hosting site
Establishing data ownership guidelines
Distributed computing infrastructure
Data is transmitted rapidly
Systems analysis and design
Screens and process programs
Data Control
delivery proof
Function-oriented techniques
Requirements
Full-scale projects
Sign-on verification security at the physical terminals.
Repeaters
Screen layouts
Has much larger storage capacity than a floppy disk and can also access information much more quickly
Good amount of programming skills in the required software.
Restore infected systems with authorized versions.
Page 114
Sheet1
Vital systems
Delay in transmission of the data
Reusable software
Waterfall model
Unshielded Twisted pair
Such access authority is appropriate, if they are logged completely.
Public Key registrations
Preventive
long-key cipher system
encryption
Preventive
the encryption key can be known to all communication users
Formal inspections
Library security and use of proper file labels
Trouble shooting teleprocessing problems.
Substantive tests
Selecting transaction that must pass through input program
Use of Generalized Audit software
Remote processing site after transmission to the central processing site.
only if authorisation information specifies users can access the resource
Consider the use of access control software.
Software backup should be kept in an offsite location in a fireproof safe.
Requirements
Allocation of resources for purchase of software platforms and hardware
Build or buy
Lesser accountability and Weaker Organisational structures are the outcome of a BPR.
Data files and backup
electronic bulletin board system
remote batch processing
Physical design of a database
to alleviate conflict between stakeholders
QA personnel should have the most knowledge about the impact of national and international
quality standards on the
A Power loss occurred
whether access logs are maintained of use of various system resources
Defining control, security, and audit requirements
Error detection and correction
Data Control
Rule of thumb
plain text form in the eventuality that it has to be reissued at a later stage, if the customer forget their PIN
Change management forms
Repeaters
resetting message queue lengths
store-and-forward capability
Pointer validation utility
Time and cost involved and resources utilised in conducting an audit.
reduce the enormity of the loss when a threat materializes
Authorising all the transactions.
Page 115
Sheet1
an alternative source of power

use of security guards can be dispensed with
Reduction in development costs
Knowledge base
Recovery test
The Waterfall model
Isolated islands of information
Computer Operator and Quality Assurance are combined.
Fiber optics cable
Authorisation of access to data files
the controls that are designed to provide reasonable assurance that data received for processing have been properly au
identifying who the user is
Procedures for annual review of the security reports.
Conversion
physical attributes
Hydrometer
analysing system degradation
Recovery test
Have a sufficient quantity of data for each test case
data preparation, data capture, data input
Packet-switched networks
Uninterruptible power source
Substantive tests
Diagramming tools
Determining program changes are approved
test of controls
Preventive control
transmission by radio frequency
In ring topology, nodes are connected on a point to point basis whereas it is a multipoint connection in a bus network
Developing program flow chart
Object-oriented user interfaces
The length of time the system will satisfy the needs ofthe initial user
the adoption of national and international information systems standards will increase the cost of the QA function
high work factor
Data Custodian
Debtor s file
Ensuring sophisticated and state-of-the-art recovery mechanism
Physical layer
Test data generators
SCARF/EAM
Most Likely time
With a concentrator, the total bandwidth entering the device is normally different from the bandwidth leaving it
the encryption key can be transmitted through the system over the normal communication path
short key cipher system
Unauthorised program changes.
Monitoring whether security of data is adequate and effective.
modem
Page 116
Sheet1
In sharing of resources, ownership is difficult to be established.

Increased workloads
Complete audit under accepted auditing standards
To structure the IS auditor s own planning.
access logs on usage of various system resources
the timely and efficient delivery of information by the EDP department
Involvement of key business continuity team members
It prevents non-repudiation by the receiver
message sequence number
User directed policy
Cost of preventive action
Modularity
Conversion to a database system is inexpensive
duplicate circuitry, echo checks, tape file protection and internal header labels
QA personnel should use automated tools to ensure compliance with information systems standards
Batch output is more detailed than online output.
Cable Modems
Input edit checks
The Business Plan of the organization
Cumulative effects for the year is tested.
operating system will identify an inaccuracy
Incorporate into hardware upgrades
Test cases, test documentation
Technical issues
Software quality assurance management
No, since the BCP is a personal document of the vendor.
Centrally monitor the print queues for correct destinations
Redundant switching equipment
Maintenance of accurate batch registers
determine the business purpose of the network
attenuation amplification
release of message contents
reduce the noise level in the transmission
Society for Worldwide Interbank Financial Telecommunication (SWIFT)
ensuring that adequate information for sound management decision making is available prior to contracting for the purch
The number of workstations that can be connected to a network
Detection
Preventive
The private key of the sender
Requirements
Continuity of service by the agency in case of a happening of a disaster.
Page 117
Sheet1
Repeaters
the transmission speed of actual documents increases
faulty switching gear
controls the exposures from traffic analysis
A log
Meet the audit committee members to discuss the IS audit plan
the criticality of the application
Failure to detect the recipient
White-box, code-based, logic-driven technique
Development of a project plan and defining the key areas to be reviewed is a key factor for
Interviewing concerned Corporate Management personnel.
simplicity
An output control
Integrated Test Facility
modem
Design
Cost of hardware
sender's private key
high work factor
appropriate, but all access should be logged
User friendliness
a component that signals the control unit that an operation has been performed
Reasonableness test
Substantive tests
Tell data processing that the inventory application has a bug in it.
Forging the signature
Desired precision
Vulnerabilities of assets
To identify a control weakness and trace its effects has become harder
Decision Support System (DSS)
Transmits transactions using sophisticated formats and file definitions
Point-of-sale system
Ring topologies are more reliable than start topologies
Requirements
audit trail subsystem
Mr. R. 's private key.
Check-digit verification
Audit trails are not enabled
they possess very high level of computing skills
Page 118
the success of a BPR.
Sheet1

A control chart
dispatching input to the computer room
Expected rate of occurrence
Confirmation of data with outside sources
Diagramming tools
the last full dump
Exhibits the expected and actual results
Daily scanning of the entire file server and moving to a safer area all the doubtful files
The terminal used to make the attempt
Performance review of the system department.
end to end data encryption
Decentralised controls over the selection and acquisition of hardware and software is a major concern
the controls that are designed to provide reasonable assurance that data received for
processing have been properl
context-dependent security
Database schema
segregation of operator duties is not a very effective control
receiver's private key
Attenuation
multiplexing technique
Reconciling accounts
the anticipated loss from the failure of the system to meet its functional, efficiency and effectiveness objectives
Maintain backups of program and data)
Flooding the network with spurious messages
Afterimages
Both rollforward and rollbackward of transactions after a disaster is rendered easier
Requirement errors
Requirements
Portability guidelines
the recommendation that QA personnel make should be backed up by concrete facts
Enable files with the same generation number to be distinguished
Page 119
Sheet1
registration of public keys
managing director of the organisation
SCARF/EAM
A scatter diagram
companies must apply to the Internet to gain permission to create a home page to engage in electronic commerce
A top-down approach
The vendor table will not contain current information.
Program coding standards for the organization
A log
A decrease in desired audit risk
test of controls
Acquisition of a software for the purpose of controlling the security access.
Rule of thumb
Component isolation
Continue to work along with the Security Officer on such occasions as a precautionary preventive control.
high work factor
User ID and passwords
The workload in the organisation is shared
to establish the authenticity of the message
improving a vendor's response time to buyer orders
Network interface card
tape header should be manually logged and checked by the operators
Program changes due to changes in rules, laws, and regulations
Approved
Read-only access to the database files.
mail the cards in an envelope that identifies the name of the issuing institution
Attribute sampling
IS personnel have always lacked ethics
assessing the strengths and limitations of the hardware to be installed and software platform to be used
All the nodes in a LAN
Test mailbox
Develop a shareware application
Compliance Testing
detective control
File integrity
Page 120
Sheet1

Security administrator
File management control
Notebook computers usually cost more than Personal Computers but less than mainframes
Giving priority to the security system
Database size
verifying input authorisation
Afterimages
Desired precision
User manual
Debugging tool
Knowledge base
The prototyping model
Develop "seamless" processes
Asynchronous communication
failing to control concurrent access to data
allow the customer to make a small number of PIN entry attempts, close the account after the limit has been reached, and
Supervisory Control
minimise the distance that data control personnel must travel to deliver data and reports
Line monitor
Preventive
encrypt the message with the sender's public key, and sign the message with the receiver's private key
increase line errors caused by noise
Program source code
Disk striping
A top-down approach
A tree structure
Afterimages
Systematic sampling selection technique
Encryption of data files on the notebook computer.
Should be located near to the originating site so that it can quickly be made operational
Report the errors and omissions noticed.
Page 121
Sheet1
All business problems are assured of quality solutions.
authorizations have been replaced by system software controls
Lower communication costs
Disk striping
Encapsulation
To identify control objectives
A data flow diagram
The Web server and the Web browser
the senders from reneging on the contract by making their private key public and claiming that the message was forged
Requirements
Requirements
Attribute sampling
Retransmission of the corrupted messages
Presentation
Program source code
Testing follows debugging
Ease to use compared with other systems.
Control Risk assessment.
Information technologies will remain unaltered.
message duplication
modem
Data Custodian
Integrity
determine whether a critical application system needs modification due to a recent change in the statute
Improving of business relationship with trading partners
system availability
Reviewing library controls
Approved
A tree structure
Data dictionary
more difficult as the IS personnel resent being supervised at every step
Software configuration management is established and enforced
Disaster notification to personnel
They are both based on public-key cryptography
both rollforward and rollback to be effected in case of a disater
Requirements
Page 122
Sheet1
Remove possible disruption caused when going on leave for a day at a time.
Scheduling of computer resources.
File integrity
Controlled disposal of documents
Program source code
physical attributes
Time
whether to move files from one storage medium to another to reduce read/write errors
High cohesion of modules, low coupling of modules, and high modularity of programs
Be technically at par with client's technical staff
Corruption of tokens during transmission may occur
Reciprocal agreement
Requirements tracing
File integrity
Hierarchical structure
The Waterfall model
Preventive
Security card
Preventing privileged software from being installed on the mainframe.
modem
Screen layouts
Manually comparing detail transaction files used by an edit program with the program's generated error listings to determ
Page 123
Sheet1
Software
Requires the usage of a Test Data Generator.
ambiguity in the resource name is avoided
Authorisation and authentication of users
The Waterfall model
Component isolation
Requirements
the controls that are designed to provide reasonable assurance that data received for processing have been properly aut
network interface card(NIC)
Physical layer
Component isolation
Preventive
entry via phone
User friendliness
Rule of thumb
store electronic purchase orders of one organisation to be accessed by another organisation
star network
to ensure compliance with international EFT standard
Evaluation of potential risks from air flight paths.
once the diskettes are checked for virus and cleaned, write protect them
Requirement errors
User manuals
Data redundancy within files
Emulation
a personal development plan with respect to QA training should exist for each employee in the information systems functi
a list of users who can access the resource is associated with each resource together with each user s action privileges w
A processing control
Configuration control
high work factor
Fibre optics cable
SCARF/EAM
Control Group
Preventive
Page 124
Sheet1
Existence check
Programmers forgot to indicate file retention periods
Requirements
International data encryption algorithm (IDEA)
Retransmission of the corrupted messages
Program source code
an optical fiber line
File integrity
two private keys
Component isolation
Preventive
Continuous Sampling
Requirements
It should be documented in writing and signed by both parties.
Calculating the age-wise outstandings of Receivables and Payables.
the last full dump
Rollback may not be too useful if many users have updated the corrupt database before the discovery of the corruption
Inspections
Build or buy
Unix platform
Interactivity
Of less serious nature
Commitment to quality
high work factor
Page 125
Sheet1
Completing the system planning document
At what point was the first baseline established?
Irregularities will be eliminated
Actively involves himself while designing and implementing the application system.
Desired audit risk
Logging of all transactions
Corrective controls
Installation of a security control software
modulation technique
Test mailbox
getting concentrated more in a single location
modem
Input edit checks
User friendliness
Requirements metrics
Sudden change in weather and temperature
Open purchase orders
Software quality assurance management
Code Correction
Technological complexity
A tree structure
Whether deleted files on the hard disk have been completely erased.
Encryption protect data in transit from unauthorised interception and manipulation
a power loss
Service management
An output control
User-directed policy
Knowledge base
Page 126
Sheet1
to make the customer liable if the careless use of a card leads to a fraud,
entry via phone
To test a new idea
system availability
Full-scale projects
Systems and procedure manuals of the user department.
multiple transmission speeds
Substantive tests
Reverse engineering
Recovery test
Database schema
Integrity
physical attributes
Waterfall model
Recovery test
improving a vendor's response time to buyer orders
DNA
Data Control
optical fibre transmission
Confidence risk
System design
The IS auditor s test results
Improvement of an organistion s efficiency and communication can be achieved through a restrictive separation of duties
Logging of data input
File integrity
it is not possible for users to change their classification level, though they can change their clearance levels
Page 127
Sheet1
Duplicate processing of transactions

Ensure correct programming of operating system functions
formulated by the person who develops the application system for the microcomputers
physical attributes
Development through standard system development approach is faster than Prototyping.
It allows the auditors to have the same degree of confidence as with judgement sampling
Statistical sampling
errors identified during the input validation phase are corrected
Preventive control
simplicity
high levels of interpersonal conflict often arise among QA personnel
the extent of substantive testing to be carried out by the auditors can be decreased substantially when QA function is wor
Processing time saved is substantial.
Physical layer
Modules should perform only one principal function
Systems Analyst
Local area network
Restrict updating and read access to one position
Control access to information system resources.
Discussing with the management the corrective procedures that were implemented to strengthen the internal controls.
Outlines the overall authority scope and responsibilities of the audit function.
Within same geographical location
Emulation
Repeaters
Disk striping
QA personnel should have the most knowledge about the impact of national and international quality standards on their o
Page 128
Sheet1
substitution cipher
hardware
Test of evidence of physical access at suspected locations
absence of logging of attempted sign-on
Proximity sensing card reader
Supervisory Control
Knowledge base
Requirements
Product portability
Fibre optics cable
A data flow diagram
high work factor
Cross referencer
Disk striping
message duplication
Passwords may be changed by the user at his discretion and users at their discretion need not even change the initial pa
Requirements Definition
Conversion
Service management
substitution cipher
Cable Modems
firewall architecture hides the internal network
Inform the top management of the complexities and risks in doing so.
SCARF/EAM
only through authorized procedures, user creation and privileges are granted
modem
star network
Data dictionary
Satellite signals are not easily affected by other electronic transmissions.
the contents of the log file
Page 129
Sheet1
Physical access controls
Program source code
Inspections
Rule of thumb
User manuals
The Waterfall model
Preventive
Requirements
Program source code
Requirements
insertion of a spurious message
Program coding standards for the organization
Passwords are allowed to be shared
All applications designed by the IS Manager
It meets the needs of the organization
Inspections
User friendliness
Providing a little indication of segregation of duties.
the firm would be dependent on others for system maintenance
Fiber optics cable
Physical layer
A scatter diagram
Reasonableness test
A log
File assess capabilities
Data dictionary
Organisational controls
the overall security philosophy of the organisation
ensuring compulsory scanning of all floppy disks before use
Page 130
Sheet1
formulating the data classification methodology

Reciprocal agreement
hardware components
Fiber optics cable
Requirements
Software
User ids are not recorded in the audit trail
Uses protected telecommunication lines for data transmissions
Build or buy
Cost of hardware
Recovery test
Substantive tests
Page 131
Sheet1
Be technically at par with client's technical staff
Security card
Complete details of the IPF floor plans
Hot sites can be used for an extended amount of time.
Integrity
Disk striping
Organisation control
high work factor
Preventive
Continuous Sampling
simplicity
Increased workloads
high work factor
entry via phone
substitution cipher
Continuous Sampling
Page 132
Sheet1
Inappropriate
the last full dump
Increased workloads
Requirements
Good amount of programming skills in the required software.
Debugging tool
Requirements
Database schema
Emulation
Design
Cut power to data processing equipment.
The Waterfall model
Database schema
it is easy to remember
there is a difference in the internal control principles
Organisational controls
Personnel turnover
Conversion
Supervisory Control
Build or buy
Page 133
Sheet1
Preventive
Integrity
Substantive tests
Desired precision
Adequately supporting the business objectives of the organisation.
Right only to read data
Attenuation
Requirements
The Waterfall model
in transit to the computer
Preventive
Hydrometer
Time
system availability
Unix platform
messages getting changed by hackers
Encryption
ROI
Requirements phase
Input, Output and arithmetic-logic
Appropriate, but all access should be logged.
in transit to the computer
Page 134
Sheet1
entry via phone

SCARF/EAM
Existence check
Fiber optics cable
Approved
User ids are not recorded in the audit trail
Used to develop decision support systems
Functional testing
Integrity
Database management systems are available for microcomputer systems
Repeaters
Interactivity
SCARF/EAM
physical attributes
Output of the payroll journal s audit trail.
Cable Modems
Unix platform
bridges to direct messages through the optimum data path
Confidence risk
formulating and adopting a detailed anti-virus policy for the organisation as a whole and appraising all users about the sa
Corrective controls
Afterimages
Terms of payment
Page 135
Sheet1
Knowledge base
Preventive
Matching user ID and name with password
Whether statutory regulations are complied with.
Security card
Use of dedicated network
Functional testing
Rule of thumb
Interactivity
Preventive
Waterfall model
Repeaters
Integration test, unit test, systems test, acceptance test
Requirements
Compliance Testing
Substantive tests
Preventive control
Ensure that the alternate site could process all the critical applications.
Data fault
Page 136
Sheet1

Build or buy
delivery proof
Requirements
Often hardware does not interface in an acceptable manner
Increased workloads
Check digits
Requirements phase
Debugging tool
Function-related bugs
Knowledge base
Fiber optics cable
Inform the top management of the complexities and risks in doing so.
Knowledge base
accuracy
Integrity
modem
Local area network
Syntax checking
Unix platform
Afterimages
separation of duties is essential in manual systems whereas in-built checks and balances take care in computerized syste
Page 137
Sheet1
Security card
Forcing frequent changes of password by the user
Cost of hardware
Cable Modems
Recovery test
compromise of a key server's private key
message modification
Standard software packages
Compliance Testing
Desired precision
Control Self Assessment assurance received on the working of the application from a line management personnel.
detective control
hardware components
simplicity
it introduces run-time efficiency
allow the customer to make a small number of PIN entry attempts, close the account after the limit has been reached, an
Standard software packages
Number of defects per thousand lines of code
Screen layouts
Presentation
Page 138
Sheet1
Desired precision
Design
notify external auditors because it may affect the audit plan
Private key cryptosystem.
all data can still be reconstructed even if one drive fails
To identify control objectives
Program source code
DNA
Detection
Functional testing
Recovery test
Waterfall model
Database administrator.
Emulation
Integrity
Encryption of all transactions
Requirements
Systems Analyst
message duplication
Page 139
Sheet1
Approved
The latter tests details while the former tests procedures.
complete details about the computer hardware and software used
Right only to read data
Approval of the plan by Board of Directors.
User friendliness
RDBMS technology
two private keys
Test of evidence of physical access at suspected locations
Unauthorized modification of pay roll cheque printing program to inflate the amount for the perpetrator.
Physical layer
Systems Analyst
Recovery test
Integrity
A scatter diagram
Output of the payroll journal s audit trail.
Substantive tests
a power loss
A tree structure
Corrective controls
Cost of hardware
Page 140
Sheet1

Preventive
Physical layer
Full-scale projects
Design
becoming redundant as the validations and authorizations are more and more online and real time based
Sequence check
Encryption of all transactions
accuracy
system availability
Control Group
Rule of thumb
Physical layer
Scheduling of documents
Attribute sampling
Presentation
Existence check
The right software
the users satisfaction of meeting their requirements
getting concentrated more in a single location
compiling
Disk striping
Interactivity
a ticket oriented approach to authorisation
Page 141
Sheet1
Requirements
substitution cipher
physical attributes
Full-scale projects
Properly define the population
Selecting unusual data as per the auditor s choice.
the last full dump
Inspections
Milestones
Cost of hardware
passwords cannot be included in the packet
Input edit checks
multiplexor
A scatter diagram
Technical issues
test of controls
controls for validating data
Design
hardware
After errors have been corrected, the error reports should be discarded
Page 142
Sheet1
Ensure correct programming of operating system functions
Component isolation
LAN cables
Privilege based on the time and day
multiplexor
Milestones
high work factor
Unit testing
ROI
Compliance Testing
Fiber optics cable
high work factor
Users have almost a blind faith that any output generated by a computers has to be correct
A data flow diagram
Program source code
The system development environment
test of controls
the machine should have a compatible operating system
Requirement errors
User friendliness
Page 143
Sheet1

Cable Modems
Encapsulation
Cable Modems
Substantive tests
Confidence risk
excessive usage of the hard disk space
the last full dump
Program source code
Personnel turnover
Requirements
Inappropriate
Commitment to quality
Integrity
DNA
A tree structure
Page 144
Sheet1
Terms of payment
detective control
preserving data integrity
Continuous Sampling
the recipient uses his/her private key to decrypt the secret key.
Integrated services digital network (ISDN) and broadband ISDN
Program source code
Data Control
Service management
Requirement of more user involvement in communicating user needs.
preserving data integrity
Preventive
compromise of a key server's private key
A format check
Requirements
Afterimages
A tree structure
RAMA
Page 145
Sheet1

Testing quality into a product
Database administrator
cryptoanalyst
Unauthorized modification of pay roll cheque printing program to inflate the amount for the perpetrator.
Variable Sampling
modem
Recovery test
simplicity
The system development environment
Requirements
Screen layouts
Presentation
Requirements phase
Personnel turnover
ensuring that adequate information for sound management decision making is available prior to contracting for the purcha
physical attributes
To test a new idea
Repeaters
Page 146
Sheet1
Discussing with the management the corrective procedures that were implemented to strengthen the internal controls.
Virus
Vital systems
the last full dump
Functional testing
SCARF/EAM
Conversion
controls for validating data
Requirements
hardware components
Unix platform
Fiber optics cable
Program source code
accuracy
Product portability
DNA
Page 147
Sheet1

Substantive tests
Data dictionary
Function-related bugs
Sequence check
delivery proof
Code Correction
Compliance Testing
Screen layouts
Diagramming tools
Data dictionary
Requirement errors
Product portability
security policy should be modified
entry via phone
encryption
Page 148
Sheet1
Requirements
Development of a project plan and defining the key areas to be reviewed is a key factor for the success of a BPR.
A log
Conversion
Program source code
preventive
Database schema
DNA
Unit testing
A tree structure
Attribute sampling
a power loss
A log
IP address
the machine should have a compatible operating system
Bus topology network
Requirement errors
Cost of hardware
Page 149
Sheet1

Code Correction
Partially equipped site where the computer environment consists of few equipment without the main computer.
The right software
Waterfall model
Disk striping
QA personnel should have the knowledge and experience to make the best recommendations for improvements to inform
modem
Recovery test
Quality metrics
Emulation
Page 150
Sheet1

SCARF/EAM
Local area network
Detection
Service management
Fiber optics cable
Confidence risk
RAMA
Cost of hardware
detective control
User manuals
Interactivity
allow the customer to make a small number of PIN entry attempts, close the account after the limit has been reached, an
Inappropriate
Preventive
system availability
Cost of hardware
Fiber optics cable
Diagramming tools
Inspections
Page 151
Sheet1

Fiber optics cable
Sequence check
Unit testing
Most Likely time
System design
Existence check
Preventive control
Component isolation
Preventive
Database size
A scatter diagram
Unit testing
Afterimages
Attribute sampling
Page 152
Sheet1
Approved
Code Correction
Existence check
LAN cables
User friendliness
Recovery test
Data dictionary
Corrective controls
Compliance Testing
has all computers linked to a host computer, and each linked computer routes all data through the host computer
Data Custodian
DNA
A log
Page 153
Sheet1
test of controls
Interviewing all data entry operators about the method of input entry adopted
Build or buy
Cost of hardware
physical attributes
All applications designed by the IS Manager
Test mailbox
Compliance Testing
Access to system program libraries.
A format check
Mr. R.'s private key.
high work factor
Privilege based on the time and day
system availability
Requirements and analysis
Page 154
Sheet1

Attribute sampling
Check digits
Attenuation
Unix platform
Complete audit under accepted auditing standards
Virus
Afterimages
Personnel turnover
Fiber optics cable
Matching user ID and name with password
Most Likely time
Page 155
Sheet1
Service management
complete details about the computer hardware and software used
Presentation
Unix platform
Design
Database schema
To test a new idea
DNA
Preventive
Repeaters
Data dictionary
Preventive control
Hot sites can be used for an extended amount of time.
User manuals
Preventive
SCARF/EAM
Page 156
Sheet1

Rule of thumb
Unix platform
installation of a firewall
hardware lock
Encryption protect data in transit from unauthorised interception and manipulation
Attenuation
a power loss
ROI
Requirements
Emulation
The database administrator also serves as the Security Officer.
Product portability
DNA
Program source code
Input edit checks
the last full dump
RDBMS technology
Desired audit risk
Corrective controls
Within same geographical location
Debugging tool
User manuals
Page 157
Sheet1
Component isolation
Database schema
the encryption and decryption process is fast
Cost of hardware
Substantive tests
Manually comparing detail transaction files used by an edit program with the program's generated error listings to determ
Requires the usage of a Test Data Generator.
Check digits
Frequency of the backup
User manual
User friendliness
Unit testing
Milestones
Input edit checks
Generalised Audit Software
Reusable software
Waterfall model
Compliance Testing
Page 158
Sheet1

Inappropriate
SCARF/EAM
physical attributes
message duplication
a power loss
Requirements
test of controls
Vital systems
the last full dump
Incomplete requirements errors
Compliance Testing
it is easy to remember
the recipient uses his/her private key to decrypt the secret key.
Systems Analyst
high work factor
Existence check
Inappropriate
Preventive control
Page 159
Sheet1
Cost of hardware
Conversion
Preventive
A scatter diagram
Technical issues
Network control programs
message duplication
Preventive control

Requirements phase
Waterfall model
Preventive
high work factor
Loading and returning of master data tape files
the last full dump
Page 160
Sheet1
Reverse engineering
Personnel turnover
Inspections
RDBMS technology
Input, Output and arithmetic-logic
Modem equalisation
Integrity
accuracy
Build or buy
modem
Input edit checks
Unit testing
message duplication
Security card
Reverse engineering
Rule of thumb
compiling
Waterfall model
A data flow diagram
Hydrometer
User friendliness
Page 161
Sheet1
Security policy
hardware lock
Ensure that the alternate site could process all the critical applications.
Requirements
modem
Cable Modems
Control Group
Hydrometer
Build or buy
Requirements
Existence check
Security card
ambiguity in the resource name is avoided
ROI
Inspections
Unix platform
two private keys
Requirements
Preventive
Database schema
Page 162
Sheet1

Quality metrics
Vital systems
Test mailbox
Requirements
File integrity
compiling
Users have almost a blind faith that any output generated by a computers has to be correct
delivery proof
high work factor
Cable Modems
Bus topology network
Failure to detect the recipient
ROI
Inspections
Milestones
Emulation
Systems Analyst
Page 163
Sheet1

Attenuation
Requirements
System design
Security card
Signing poor contracts
Terms of payment
Program source code
Lap tops usually cost more than Personal Computers but less than mainframes
hardware
LAN cables
Preventive
User friendliness
the encryption and decryption process is fast
Full-scale projects
A log
Increased workloads
Requirements
Software
Security policy
Cost of hardware
Waterfall model
high work factor
Sequence check
Page 164
Sheet1
Knowledge base
Control Group
SCARF/EAM
modem
Data dictionary
Tagging and extending master records.
It prevents non-repudiation by the receiver
Inspections
Terms of payment
Design
Requirements
Fiber optics cable
Database schema
Unit testing
Preventive
Requirements
Presentation
Frequency of the backup
Rule of thumb
Milestones
Build or buy
Page 165
Sheet1
bridges to direct messages through the optimum data path

Unit testing
Input edit checks
Requirements
Most Likely time
Disk striping
Terms of payment
Waterfall model
physical attributes
Cross referencer
Code Correction
Analysis
Testing follows debugging
The right software
User friendliness
Program source code
Page 166
Sheet1

Repeaters
Encapsulation
customer over the confidentiality of messages received from the hosting site
delivery proof
Local area network
passwords cannot be included in the packet
Increased workloads
Forging the signature
Corrective controls
Inspections
hardware components
message duplication
system availability
Systems Analyst
Hydrometer
Preventive
delivery proof
Page 167
Sheet1
Inspections
Build or buy
hardware
It is error-prone because the software is highly complex.
Page 168
Sheet1
Option B
A legacy system is old and hence no longer good
Magnetic Card reader
Increased cost per transaction
ITF
a program that deposits a virus on a client
Data are shared by passing files between programs or systems
File transfer protocol
file library maintenance
Interface test
Design
whether unauthorised use is being made of hardware/system software resources
unauthorised changes to data and program can take place
CIS requires modification of the database management system used by the application
Monitor usage of the device.
reduce the wiretapper s capabilities to tap more data
Attribute sample tests
The limiting the conditions to be tested in the system
The higher the Return on Investment by the application.
deleting all the files in the hard disk
controlling all the networks connected in a better way
Physical
Coding standards
Better communications between developers and users
Risk Assessment
Increases the dependence on a single employee.
Even if an intermediate node in the network is broken into, the traffic passing through that node does not get exposed
multiplexer
Anti-virus and anti-piracy softwares
Examination of logged activity
Edit checks of data entered
theft of machine time
Mr. S 's public key
completeness
the sender from disowning the message
ensure that the transaction amount entered is within the cardholder's credit limit
Low MTBF values imply good reliability
System B - Likelihood 15%, Losses(in$) 5 million
Regression test
missing data validity checks
Network utilization by the existing users
Correction
Reading the operator's manual
Sampling risk
Poor contact points in the wiring
down line loading a program
Regression Testing
Altering physical data definitions for improving performance.
adherence of established standards by programs, program changes and documentation.
Beforeimages
the inability of the backup operation to run in the background while operations are being carried out
Beforeimages of the modified records have been kept in the primary file
Expert system computations are performed through symbolic reasoning
Quality
Prototyping model
Page 169
Sheet1
System maintenance constitutes about 65% of the programming costs.

corrective control
spurious associations
ensuring that the vendors are provided with appropriate and uniform data for submission of bids according to managem
Anticipating problems
Certification and accreditation
User expectations are inflated
the design is for a human resources division of the organization
data encryption technique
end-to-end encryption
A Pareto diagram
Review the network with reference to the ISO/OSI model of seven layers
Design
Checking to see whether any programs terminated abnormally
unauthorised access and activity
Adherence of established standards by programs, program changes and documentation.
Passive data dictionary system
Lengthy retraining
install secured sockets layer (SSL)
The expected population error rate does not affect the sample size.
Determining adherence of regulatory requirements by conducting compliance tests.
Program Logic flow charts and file definition.
Two persons should be present at the microcomputer when it is uploading data.
Statistical sampling.
reviewing the software based access controls
Requirement fault
Quality compliance requirement sets are defined in ISO 9000.
authorizations are more distributed among users
file library
Record check
Data dictionary
hosting site over the confidentiality of message sent to the customer
Establishing data custodianship outlines
Systems management
Fibre optic cable is small and flexible
System design and programming
Screens, interactive edits, and sample reports
Systems Analysis
submission proof
Data-oriented techniques
Design
Pilot projects
Sign-on verification security when logging on to the database management system
File servers
Dialogue styles
is a direct access storage medium whereas a floppy disk is a sequential access storage medium
Arriving at an correct conclusion based on the facts and figures available.
Recompile infected programs from source code backups.
Page 170
Sheet1
Sensitive systems
Duplicated transactions
Formal specification languages
Incremental development model
file library
Microwave transmission
Such access authority is appropriate because they have the full knowledge and understanding
about the entire system
Signature registrations
Detective
user identification with a password of not less than 6 characters
Detective
the processing time required in private key cryptosystem is faster than that of public key
cryptosystem
Programming languages
Halt and error controls
Analysis of degradation of the system.
Capturing the working of an application at a point in time.
Source code review
Central processing site after application program processing.
unless authorisation information specifies users cannot access the resource
Consider the use of utility software
An inventory of backup tapes at the offsite storage location should be maintained.
Design
Certain phases can be dropped
Purchase and tailor
Information protection has a high risk and always deviates from with BPR.
Programs
electronic data interchange
stand alone data processing
Security of a database
to reduce the amount of monitoring of compliance with standards that QA personnel will have to undertake
QA personnel will be best placed to recommend corrective actions when they formulate,
promulgate, and maintain s
The hardware temporarily malfunctioned.
whether data stored on servers are adequately protected by means of encryption or any other means
Developing screen flows with specifications
System response time and system uptime
Systems Analysis
Known fact
ciphertext form produced only from an reversible encryption algorithm
Interface test
Logs
File servers
starting and terminating lines and processes
automatic message purge facility when maximum queue size at the node is exceeded
HIPO charter
Audit programs and audit procedures.
reduce the probability of the threat materializing
Carrying out corrections in the master file.
Page 171
Sheet1
a dedicated power generator

physical access to back up storage devices can be restricted effectively
Faster delivery of the system
Computing environment
Regression test
Prototyping model
Processing and computing power
The work of a Data entry clerk is also done by a Tape Librarian.
Twisted-pair (shielded) cable
Anticipation and hash total
Authorisation of access to program files
the controls that provide reasonable assurance that all transactions are processed as authorised
identifying what the user possesses
Identification of the cardkeys documenting the data centre areas to which they grant access.
Supplies
personal details
Hygrometer
analysing user specifications
Regression test
Keep the test data to a minimum to conserve testing time
data capture, data preparation, data input
Frame relay
Fault tolerance
Simulation tools
Performing aging analysis
analytical review
Compensating control
transmission over coaxial cable
The connectors in a bus topology attenuate the signals and distort them, whereas repeaters in a ring topology are relativ
Determining system inputs and outputs
Application-oriented user interfaces
The rate at which computer technology is expected to advance
QA personnel will perform better when their organisation adopts national and international information systems standard
low work factor
Invoices paid file
Ensuring concurrent access control
Data Link layer
Statistical software packages
ITF
Pessimistic time
Demodulation is the process of converting an analog telecommunications signal into a digital computer signal
two different keys are used for the encryption and decryption
32 bit key system
Loss of data while executing a program.
Suggesting and enforcing security measures (ex. Changes in password)
multiplexer
Page 172
Sheet1
In the rapid development of technology, the duties change very frequently.

Lengthy retraining
Eliminate the need for substantive auditing
Guiding the ^assistants in performing planned procedures.
protection of stored data in the server by encryption or otherwise
existence of adequate controls to minimize the potential for loss due to computer fraud or embezzlement
Test should address all critical components
It provides sender authenticity
queue length at each network node the message traverses before reaching the destination
Role based policy
Cost of implementation of management directives
Interfacing
Data redundancy can be reduced
duplicate circuitry, echo check and internal header labels
QA personnel should seek to understand the reasons for a compliance failure so that they can advise management
There are more intermediaries involved in producing and distributing batch output.
Authentication Techniques
The information systems audit plan
Findings are generally more material to the organisation
they need to be maintained in a secure file
Incorporate into change management procedures
Test summaries, test execution reports
Organizational issues
Software configuration management
Yes, because it helps the IS auditor to evaluate the vendor s financial stability and capacity to abide to the contract.
Create destination defaults for printing based on each employee s departmental affiliation.
Parallel physical circuits
Completeness of batch processing
review the open systems interconnect network model
dynamic equalisation
change of message sequence
encrypt the messages transmitted and decrypt them on reception
Electronic funds transfer system (EFTS)
ensuring that the vendors are provided with appropriate and uniform data for submission of bids according to managem
The length of cable to connect a workstation to the network
Correction
Detective
Name of the TTP/CA
Design
Statement of due care and confidentiality.
Page 173
Sheet1

File servers
liability relating to protection of proprietary business data decreases
temperature increases
ensures that even if compromise of encryption key takes place, the loss is restricted to a single user associated with the
Check digit
Ensure that the audit staff is competent in the areas to audited and wherever required to provide for appropriate training
HIPO charter
the reliability of the controls in the system as perceived by the auditor
Data being transmitted to the wrong recipient
Black-box, code-based, data-driven technique
Implementation and monitoring of the new process is the management s responsibility.
Consideration of external environment likely to benefit / affect the organisation.
small key
An access control
Database authorizations
multiplexer
Code
Cost of file conversion
receiver's public key
low work factor
appropriate, because technical support personnel need to access all data and program files
Quality
two units that provide read-after-write and dual-read capabilities
Validity test
Review the data field definitions and logic in the audit software.
ensures that even if compromise of encryption key takes place, the loss is restricted to a single user associated with the
Packet replay
Size of the population
Probabilities of occurrence of threats
Collection evidence process has been rendered more difficult
Strategic Planning System
Applications, transactions and trading partners supported remain static over time
Home banking system
Star networks are more easily maintained than a bus network
Design
systems development management subsystem
Mr. S 's public key
Master file lookup
Programmers have access to the live environment
they are prone to changing jobs frequently. This may lead to the loss of experience about a
particular machine
Page 174
Sheet1
A run chart
altering source data to correct input errors
Precision limit
A test to access the quality of data.
Simulation tools
the last residual dump
Document the conditions that lead to a particular action.
Linking to external systems thro a firewall
The date and time of access attempt.
Preparation and monitoring of System implementation plans.
dedicated phone lines
The primary methods of controls usually involves general controls
write protect security
Data dictionary
If operators are given access to the system documentation, they may help in tracing the cause of a potential error
Wiretapping
32 bit key system
line conditioning technique
Determining whether security policy is available
the loss likely to occur in the ordinary course of business
Changing the order of the message
Beforeimages
After a disaster, the transactions can be reentered easily, if needed
Design errors
Design
Human-computer interaction guidelines
stakeholders should be informed of the contents of reports before they are released to management
Indicate when the file should be again backed up
Page 175
Sheet1
terminal identifier
project leader
ITF
A Pareto diagram
organisations must use firewalls if they wish to maintain security over internal data
A bottom-up approach
Precision limit
Clerks will enter an incorrect but valid code for payment.
History of updates to the operating system
Check digit
A decrease in detection risk
analytical review
Framing and adherence of a Corporate IS policy statement
Known fact
Component modularity
Inform and advise the Senior Management of the high risks involved in it.
32 bit key system
low work factor
Biometric checks
Controls exist over efficient usage of hardware
to encrypt the message for confidentiality
increasing data integrity by defining standards for retrieving paper based information
Switch
staging and job set-up procedures are not appropriate compensating controls
Systems management
Program changes due to errors discovered
Master file lookup
Fault tolerance
Documented
Updating from privileged utilities.
make the same groups responsible for the mailing of cards and the investigation of returned cards
Discover sampling
There has been a dearth of IS personnel from the initial days
focusing on the strategy for the next three years for the IS division
The entire storage devices in all the servers
System programmer mailbox
Develop a freeware application
Risk Assessment
corrective control
Read Only Memory (ROM)
Page 176
Sheet1

Data owner
Output control
the processing time required in private key cryptosystem is faster than that of public key cryptosystem
Because of the increase in use of distributed system, the need for mainframes will increase in the near future
Leaving the decision to the MIS manager
Data usage
identifying questionable data
Beforeimages
Coding standards
Source code generation tool
The waterfall model
Eliminate mainframe computer processing
Synchronous communication
losing data stored in main memory
allow the customer to make a small number of PIN entry attempts, do not close the account after the limit has been reach
Periodic rotation of duties
provide security
Circular routing
Detective
encrypt the message with the sender's private key and sign the message with the receiver's public key
produce encrypted messages
System requirements definition
Data streaming
A bottom-up approach
A sequential file structure
Beforeimages
Stratified sampling selection technique
Setting up a password for the screensaver program on the notebook computer.
Should have the same amount of physical access restrictions as the primary processing site
Solve the problems encountered by the detective controls.
Page 177
Sheet1
Worries over cost effectiveness are well addressed.
authorizations are more distributed among users
availability of alternate processing sites, in case of a disaster
file library
Data streaming
Idempotence
To suggest the best possible hardware for the company
An entity relationship diagram
Assembler and compiler
the sender from forging a message using the receiver s private key
Design
Design
Discover sampling
Precision limit
Restoration of corrupted message from backups
Physical
Debugging follows testing
User friendly features built in.
Contract reviews with the legal counsel.
It improves the product, service and profitability.
multiplexer
Reliability
conduct a test of controls to ensure that the no necessary control is omitted in the design
Increasing of the transmission speed of documents
data confidentiality
Monitoring and reporting system
Documented
Macro
more difficult because employees access the system remotely and perform duties electronically
User access to the corporate database is controlled by passwords
Equipment shutdown procedures
They both have same uses
recording the time sequence of the successful transactions alone
Design
Page 178
Sheet1

Cross train with another employee of another department.
Testing and evaluating programmer and optimisation tools.
file library
QA personnel will perform better when their organisation adopts national and international information systems standards
Encryption of data files and safe keeping of encryption keys
personal details
Scope
Master file lookup
whether only valid and authorised transactions were processed
HIPO charter
Low cohesion of modules, high coupling of modules, and high modularity of programs
Be able to understand the system that is being audited
Collision of tokens during transmission may occur
Hot site
Defect counts
Batched sequential structure
Fiber optic cable is small and flexible
project leader
Such access authority is appropriate because they have the full knowledge and understanding about the entire system.
Spiral model
Detective
Encryption routine
Restricting privileged access to test versions of applications.
multiplexer
Dialogue styles
Constructing a processing system for accounting applications and processing actual data from throughout the period thro
Page 179
Sheet1
Documentation
Tests only pre-conceived situations
rules for protecting resources can be minimised
Access control for on line data
Prototyping model
Design
Fault tolerance
port
Data Link layer
Biometric checks
Detective
PIN entry at the issuer's premises
Quality
Known fact
32 bit key system
provide translations from clients computer applications to a standard protocol used for EDI communication
mesh network
to decrease the number of paper-based forms
Precision limit
Proximity to earthquake zone.
all new software before loaded should be scanned for viruses and cleaned
Design errors
Preformatted screens
Sharing of common data
Networking
Fault tolerance
training in general QA standards should be provided by QA personnel whereas training in specific QA standards should b
the mechanism associates with each user the resources they can access together with the action privileges they have wit
An operations control
Configuration management
low work factor
ITF
DBA
Detective
Page 180
Sheet1
Dependency check
Operation personnel did not follow a procedure due to an oversight
Design
RC2 and RC4
Restoration of corrupted message from backups
a digital line
a two public keys
port
project leader
Detective
Discrete Sampling
Master file lookup
Design
It provides for parallel processing capability at a hot site and in the production environment.
Checking and reconciling of postings done in the General Ledger.
To set right the situation, all the elements that have been updated after the corruption must be traced and efforts started f
Testing
Purchase and tailor
Availability
Unaffected by stringent legal and/or organizational controls
The waterfall model
Penalties for late delivery
Output control
low work factor
Page 181
Sheet1
Completing the system requirements document
Were the test strategies sufficient to determine whether the 'software is safe and effective?
Frame relay
logical access is permitted only in accordance with authorization
Performs a post-implementation evaluation of the application independently.
Inherent risk
Logging of all terminals
Preventive controls
A detailed review by the IS Auditor of the security controls
Defect counts
getting concentrated as much as in the manual system
multiplexer
Output control
they are prone to changing jobs frequently. This may lead to the loss of experience about a particular machine
Quality
Design metrics
Attenuation and propagation delay
Paid EDI invoices
Software configuration management
Job submission
Inherent Risk
Whether the computer has viruses.
Verify authenticity of a transaction or document
an operating system error
Performance management
An access control
Role-based policy
Page 182
Sheet1
blocking a card if it is not used for a period of 3 months

To prove a new concept
Pilot projects
Interviews with the IS personnel and the end users.
auto-dial features
The connectors in a bus topology attenuate the signals and distort them, whereas repeaters in a ring topology are relative
The Delphi method
Regression test
The waterfall model
Data dictionary
Reliability
personal details
Regression test
increasing data integrity by defining standards for retrieving paper based information
ISO/OSI
Systems Analysis
satellite transmission
Sampling risk
Mean-time-between-failure
The auditee s oral explanation / statement of the evidence
Policies on segregation of duties in IS must highlight the variations between the logical and physical access to assets.
Review and scrutiny of error listing.
it must be enforced by a more complex access control mechanism compared with a discretionary access control policy
Page 183
Sheet1
LAN Server Overload

port
Assure that the vendors support current versions of the software.
performed by the operations manager responsible for the mainframe computer
personal details
Users do not usually know sufficiently about systems to design the system.
It allows the auditor to substitute sampling technique for his judgement.
Policy and procedural variations
captured data are converted into machine readable form
small key
incumbents have little opportunity to exercise high-level information systems skills
QA personnel are likely to check information systems controls more comprehensively than auditors
Control can be exercised to a very fine level of authorisation
port
Data Link layer
Interaction between modules should be minimal
DBA
Name of the TTP/CA
Wireless Local area network
Permit updating and read access for everyone in IS
Restrict access to prevent installation of unauthorized utility software.
Obtaining a letter of representation from management stating that the weakness has been corrected.
State the audit s objective for the delegation of authority for maintenance and review of internal controls.
With different business activities
Networking
File servers
Data streaming
QA personnel will be best placed to recommend corrective actions when they formulate, promulgate, and maintain standa
Page 184
Sheet1
product cipher
software
An overview understanding of the functions being audited and evaluate the audit and business risk
inability to disconnect after invalid access attempts
Retina scanner
Design
Vendor support
low work factor
Change control
Data streaming
Initial password assignment shall be done by the user department incharge
Detailed Design
Supplies
product cipher
encryption is required
Develop a small program that will give a picture of what is happening during the absence of the operator
Output control
provide security
ITF
procedure to ensure that the workstation is logged off automatically when not in use for a particular period of time
multiplexer
Design metrics
mesh network
Macro
Attenuation is the delay in transmission of signals due to difference in frequency
the controls available and implemented for the protection of the log file
Page 185
Sheet1
Terminal access controls
Code reading
Known fact
Spiral model
Detective
Design
Frame relay
Design
History of updates to the operating system
Password files are not encrypted
All information system processes
Changing the computing platform may not improve the legacy system
Code reading
Quality
Assisting in defining the relationship between various job functions.
coaxial cabling would have to be installed throughout the building
Data Link layer
A Pareto diagram
Validity test
Check digit
Analytical review capability
Macro
the authorisation procedure for accessing data
formatting of the network file server
Page 186
Sheet1
supervision of data entry

Hot site
database subsystem
file library
Design
LAN Server Overload
Source code review
Documentation
Security administrator can amend the details in the audit trail
Must provide high levels of logical and physical security
32 bit key system
Purchase and tailor
Regression test
a digital line
ensures that even if compromise of encryption key takes place, the loss is restricted to a single user associated with the c
Page 187
Sheet1
Be able to understand the system that is being audited
Encryption routine
SDLC procedure statement
Hot sites can be made ready for operation within a short period of time.
Reliability
file library
32 bit key system
Data streaming
General control
low work factor
Design metrics
Detective
Discrete Sampling
small key
HIPO charter
Lengthy retraining
Frame relay
low work factor
PIN entry at the issuer s premises
product cipher
Discrete Sampling
Page 188
Sheet1
Use of a Accounts Receivable Section password

Lengthy retraining
Design
Arriving at an correct conclusion based on the facts and figures available.
RC2 and RC4
Design
Data dictionary
Networking
Retina scanner
Code
Disengage the uninterruptible power supply.
Spiral model
Data dictionary
new account numbers must be issued to customers if their PINs are lost or compromised
the methodology for implementing the controls is not the same in both
Changes in hardware
Supplies
General control
Retina scanner
Purchase and tailor
Page 189
Sheet1
Detective
Reliability
Master file lookup
Design metrics
Consistent with the IS department s preliminary budget
Source code review
Right to read and execute program
Wiretapping
Design
Prototyping model
LAN Server Overload
during the return of the data to the user department
Detective
Hygrometer
Scope
traffic analysis by sniffing
Unique password
Digital signature standard (DSS)
IRR
Design phase
Control and Output
Appropriate, because System Administrator has to back up all data and program files.
during the return of the data to the user department
Page 190
Sheet1

ITF
Interface test
Dependency check
Documented
Security administrator can amend the details in the audit trail
Combined with neural network technologies
Unit testing
Reliability
Integrated packages are examples of operating systems for microcomputers
File servers
Availability
Output control
ITF
personal details
Review of the control totals.
repeaters to physically connect separate local area networks (LANs)
Sampling risk
Installing the latest anti-virus software regularly
Preventive controls
Beforeimages
Warranty provisions
Page 191
Sheet1
Retina scanner
Detective
Principle of highest privilege should be implemented to perform the file backup function
Whether assets are properly valued.
The waterfall model
Encryption routine
Inherent Risk
Use of a single value-added network
Unit testing
Known fact
Availability
Detailed logical access control procedures
LAN Server Overload
Detective
project leader
File servers
Design metrics
Unit test, systems test, integration test, acceptance test
Design
Risk Assessment
a digital line
HIPO charter
Recommend that the processing capacity of the alternate site should be increased.
Requirement fault
Page 192
Sheet1

Frame relay
Purchase and tailor
submission proof
Design
Many information systems projects incur additional costs over the contract cost
Fault tolerance
auto-dial features
Lengthy retraining
Hash totals
Design phase
System bugs
Develop a small program that will give a picture of what is happening during the absence of the operator
completeness
Reliability
multiplexer
Desk checking
Beforeimages
separate persons are responsible for initiation and authorization in manual systems whereas execution and maintenance
Page 193
Sheet1
Encryption routine
Ensuring that the passwords are not distributed indiscriminately
Multiple encryption
Retina scanner
Regression test
compromise of a receiver's private key
denial of message services
Response time
32 bit key system
Risk Assessment
Inherent Risk
A Letter of confirmation received from an outsider regarding the account balance.
Role based policy
corrective control
database subsystem
small key
it allows efficient administration of capabilities
Master file lookup
Response time
Number of defects over the life of a software product
file library
Dialogue styles
Physical
Page 194
Sheet1
Code
The waterfall model
implement corrective actions as and when compliance failure occurs
Digital Signatures.
Biometric checks
all data are split evenly across pairs of drives
To suggest the best possible hardware for the company
ISO/OSI
Correction
RC2 and RC4
Unit testing
Regression test
Systems development manager.
Networking
Reliability
Authentication of all transaction in time
Design
DBA
Interface test
Page 195
Sheet1
Documented
The former tests procedures while the latter tests plans.
commitment of the management for the implementation of the policy
Right to read and execute program
Plan is tested once in a year.
Quality
Client/server technology
a two public keys
An overview understanding of the functions being audited and evaluate the audit and business risk
Any incident involving the IS whereby a perpetrator is able to inflict a loss to a would-be victim for his/her personal gain
Data Link layer
DBA
Regression test
Reliability
A Pareto diagram
Logs
Review of the control totals.
Master file lookup
Design metrics
Preventive controls
provide security
Output control
Page 196
Sheet1
Name of the TTP/CA
Detective
Data Link layer
Pilot projects
Code
generated always by the updating routines
Record check
LAN Server Overload
Role-based policy
Authentication of all transaction in time
completeness
DBA
Known fact
Data Link layer
Planning of adequate security and controls in the computer center
Discover sampling
a digital line
Physical
Dependency check
The right people
its asset safeguarding capabilities
getting concentrated as much as in the manual system
multiplexor channeling
Data streaming
Availability
Frame relay
a list oriented approach to authorisation
32 bit key system
Page 197
Sheet1
Design
product cipher
Switch
personal details
Interface test
Pilot projects
Draw a random sample from the population.
Performing intricate and complex calculations
Testing
Deliverables
packet lengths are variable and each packet contains the same amount of information
protocol converter
A Pareto diagram
analytical review
checking of internal credibility
Code
software
Data input validation programs should highlight the situation by showing input controls do not balance
Page 198
Sheet1
Role-based policy
Assure that the vendors support current versions of the software.
parallel port
Privilege based on an application
protocol converter
Deliverables
low work factor
Acceptance testing
IRR
Risk Assessment
low work factor
Computers systems commit errors sporadically and not in a pattern
Output control
Name of the TTP/CA
Logs
The system test deliverables
analytical review
the security policy should be clear about administration of the anti-virus policy
Role based policy
Design errors
Quality
Page 199
Sheet1

Idempotence
Sampling risk
Precision limit
blocking of CPU functions
Changes in hardware
Detailed Design
Design
Penalties for late delivery
Name of the TTP/CA
Reliability
ISO/OSI
Design metrics
file library
Page 200
Sheet1

Warranty provisions
corrective control
Output control
ensuring system efficiency
Discrete Sampling
the recipient uses the sender's public key, verified with a certificate authority, to decrypt the pre-hash code
Broadband ISDN, fiber optics, and ATM
Systems Analysis
LAN Server Overload
a digital line
Establishment and enforcement of processing priorities internally.
ensuring system efficiency
Detective
terminal identifier
compromise of a receiver's private key
An existence check
Design
Beforeimages
TN37D2640
Page 201
Sheet1

Designing quality into the product
Data and System owners
32 bit key system
cryptographer
Any incident involving the IS whereby a perpetrator is able to inflict a loss to a would-be victim for his/her personal gain
Monetary Unit Sampling
multiplexer
Output control
Regression test
small key
The system test deliverables
Design
Dialogue styles
Physical
Design phase
Changes in hardware
ensuring that the vendors are provided with appropriate and uniform data for submission of bids according to manageme
file library
The waterfall model
personal details
Systems management
File servers
Page 202
Sheet1
Obtaining a letter of representation from management stating that the weakness has been corrected.
Logical bombs
Sensitive systems
Home banking system
Unit testing
ITF
Supplies
auto-dial features
Source code review
checking of internal credibility
Design
database subsystem
Output control
completeness
Vendor support
ISO/OSI
Page 203
Sheet1
a digital line
Macro
Source code review
System bugs
Biometric checks
Record check
submission proof
Systems management
Paid EDI invoices
32 bit key system
Job submission
Risk Assessment
Dialogue styles
Simulation tools
Macro
Design errors
Vendor support
users should be educated about weak password
user identification with a password of not less than 6 characters
Page 204
Sheet1
Design
Check digit
Supplies
Detective
Data dictionary
Systems management
ISO/OSI
Integration testing
Discover sampling
Check digit
Activity/service type
the security policy should be clear about administration of the anti-virus policy
Ring topology network
Design errors
Page 205
Sheet1

Switch
Logs
Liability relating to protection of proprietary business data decreases
file library
Job submission
Fully equipped computer centre in a ready state for continuing operations within hours.
The right people
Data streaming
QA personnel are charged with being knowledgeable about and remaining up-to-date with best practice in information sys
multiplexer
Paid EDI invoices
Regression test
Logs
Process improvement
Networking
Page 206
Sheet1

terminal identifier
ITF
Correction
Sampling risk
TN37D2640
corrective control
Availability
Detective
Simulation tools
Testing
Detailed Design
Defect counts
Page 207
Sheet1

Record check
Retina scanner
Name of the TTP/CA
project leader
Acceptance testing
Pessimistic time
Design metrics
Dependency check
Terminal access controls
Frame relay
project leader
Detective
Data usage
A Pareto diagram
Integration testing
Beforeimages
Discover sampling
Page 208
Sheet1
Documented
Job submission
Dependency check
port
Biometric checks
parallel port
Quality
Design metrics
Regression test
Macro
Preventive controls
Risk Assessment
attaches all channel messages along one common line with communication to the appropriate location via direct access
Name of the TTP/CA
ISO/OSI
Check digit
Page 209
Sheet1
analytical review
Physical verification of actual data entry operations
Purchase and tailor
personal details
32 bit key system
All information system processes
Risk Assessment
Defining backup procedures.
An existence check
Mr. S 's public key
low work factor
Privilege based on an application
Design metrics
Switch
Design metrics
Design
Page 210
Sheet1

file library
Discover sampling
Hash totals
Wiretapping
project leader
Eliminate the need for substantive auditing
Logical bombs
RC2 and RC4
Beforeimages
Changes in hardware
Defect counts
Biometric checks
Principle of highest privilege should be implemented to perform the file backup function
Interface test
Pessimistic time
Page 211
Sheet1
Inherent Risk
commitment of the management for the implementation of the policy
Physical
Code
Data dictionary
ISO/OSI
Detective
File servers
Macro
Hot sites can be made ready for operation within a short period of time.
The waterfall model
provide security
Retina scanner
Detective
ITF
Page 212
Sheet1
Known fact
HIPO charter
usage of a secure web connection
library control software
Verify authenticity of a transaction or document
Wiretapping
IRR
Design
Networking
Business continuity plan for the mainframe system's non - critical applications is not proper
Vendor support
Systems management
ISO/OSI
Fault tolerance
Inherent risk
Preventive controls
With different business activities
Page 213
Sheet1
Master file lookup

Data dictionary
HIPO charter
Constructing a processing system for accounting applications and processing actual data from throughout the period thro
Tests only pre-conceived situations
Hash totals
Usage of backup tapes
Coding standards
Quality
Acceptance testing
Deliverables
Regression Testing
Formal specification languages
The waterfall model
Risk Assessment
Page 214
Sheet1

ITF
personal details
Design
analytical review
Sensitive systems
Infeasible requirements errors
Risk Assessment
project leader
new account numbers must be issued to customers if their PINs are lost or compromised
the recipient uses the sender's public key, verified with a certificate authority, to decrypt the pre-hash code
DBA
low work factor
Dependency check
Page 215
Sheet1

auto-dial features
32 bit key system
Master file lookup
Supplies
Detective
A Pareto diagram
Tape Management systems
Multiple encryption
Design phase
Fault tolerance
Biometric checks
Paid EDI invoices
Detective
low work factor
Loading and returning of transaction data tape files
Page 216
Sheet1
The Delphi method

Changes in hardware
Testing
Control and Output
Frame relay
project leader
A call back procedure
Reliability
completeness
Purchase and tailor
multiplexer
Switch
Acceptance testing
Encryption routine
The Delphi method
Known fact
Mr. S 's public key
Data owner
Hygrometer
Quality
Page 217
Sheet1
Environmental control within the IS department.
library control software
Recommend that the processing capacity of the alternate site should be increased.
auto-dial features
Design
multiplexer
Retina scanner
DBA
Hygrometer
Purchase and tailor
Fault tolerance
Design
Dependency check
Encryption routine
rules for protecting resources can be minimised
IRR
Testing
a two public keys
Design
Detective
Data dictionary
Page 218
Sheet1

32 bit key system
Process improvement
Sensitive systems
Design
provide security
Computers systems commit errors sporadically and not in a pattern
submission proof
Design metrics
low work factor
Inherent Risk
Ring topology network
Data being transmitted to the wrong recipient
IRR
Code reading
Deliverables
Networking
Mr. S 's public key
DBA
Page 219
Sheet1

Design metrics
Wiretapping
Design
Encryption routine
Planting Trojan horses
Warranty provisions
software
parallel port
Detective
Quality
Systems management
32 bit key system
Pilot projects
Fault tolerance
file library
Check digit
Lengthy retraining
Design
Documentation
Environmental control within the IS department.
low work factor
Record check
Page 220
Sheet1
DBA
ITF
multiplexer
Macro
Programming options permitting printout of specific transactions.
It provides sender authenticity
Testing
Warranty provisions
Code
Design
Data dictionary
Acceptance testing
Detective
32 bit key system
Logs
Design
Physical
Usage of backup tapes
Known fact
Deliverables
Purchase and tailor
Page 221
Sheet1
repeaters to physically connect separate local area networks (LANs)

Acceptance testing
Switch
The waterfall model
Design
Pessimistic time
Data streaming
HIPO charter
Warranty provisions
Mr. S 's public key
Output control
Paid EDI invoices
project leader
personal details
Change control
Job submission
Design
Debugging follows testing
The right people
Quality
Page 222
Sheet1

a digital line
File servers
Idempotence
provide security
Statistical software packages
hosting site over the confidentiality of message sent to the customer
Paid EDI invoices
submission proof
packet lengths are variable and each packet contains the same amount of information
Lengthy retraining
Packet replay
Preventive controls
Code reading
database subsystem
DBA
Hygrometer
Detective
submission proof
Page 223
Sheet1
Home banking system
Code reading
Purchase and tailor
Frame relay
software
Biometric checks
The output could be redirected to another printer.
Page 224
Sheet1
Option C
A legacy system uses a proprietary programming language
Bio-metric devices
Inadequate backup and recovery procedures
Snapshot
applets recording keystrokes made by the client and, therefore passwords
The physical structure of the data is independent of user needs
Permanent Virtual Circuit (PV(c)
program source code modification
Integration test
Implementation
whether the system being monitored has provided users with a strategic advantage over their competitors
the work is boring so high turnover always occurs
Only targeted transactions can be examined using CIS.
Use write-protect tabs on disks.
send different packets of the same message over different available lines
Variable sample tests
Source documents do not have to be redesigned.
The Organisation s critical and high risk business areas
deleting all the data on the hard disk
improving the overall reliability of the networks
Data Link
Detail design documents
Increased productivity
Observation
Allow individuals to understand all parts of a system.
If an encryption key is compromised the exposure is restricted to a single user to who the key applies
channel
DES Cryptosystem
Prohibition of random access
Tests of general controls
errors and omissions
Mr. R 's public key
secrecy
forging of messages by the receiver
verify the format of the number entered and then locate it on the database
It is the total functioning life of an item divided by the total number of failures during the measurement interval
System C - Likelihood 20%, Losses(in$) 2.5 million
Integration test
transmittal control
Increased business activity and revenue
Prevention
Observing the system operator's work
Humidity increase
transmitting system warning and status messages
Spreadsheets
Designing database applications
Developing and designing standards and procedures to protect data in case of accidental disclosure, modification or des
All valid transactions
duplicity of backup operations more than other techniques
It facilitates identification of the users that have effected changes to the database
Expert system's knowledge is combined into program control
Software independence
Spiral model
Page 225
Sheet1
Concurrent / parallel existence of Duplicate Information system functions.

preventive control
traffic analysis
Ensuring that provisions are made to minimise damage or abuse to hardware and to maintain the hardware in good ope
Testing the system thoroughly
Access control lists and access control privileges
No attention is paid to cosmetic details
the designer is circumspect of the user s cooperation in spelling out their requirements
password encryption technique
dial-disconnect-callback features
A run chart
Identify the various layers of ISO/OSI model to which each component belongs
Implementation
Scanning the output for obvious errors
duplicate transaction processing
Developing and designing standards and procedures to protect data in case of accidental disclosure, modification or destr
Deadlock resolution
More accountability
adequate definition in contractual relationship
The sample size decreases with a decrease in the standard deviation.
Reviewing audit reports of the previous years.
Data base structures and the source codes.
The mainframe computer should subject the data to the same edits and validation routines that on-line data entry would
Generalized audit software.
carrying out personal examination of the existing physical access environment
Output fault
Aspects affecting the customer satisfaction in an organisation are dealt in the ISO 9000 standard.
authorizations are in-built into application systems
Check digit
Data encryptor
hosting site over the authenticity of the customer
Establishing data usage guidelines
Distributed applications or services
They are unaffected by electrical interference
Programming and testing
Interactive edits, process programs and sample reports
Systems Programming
authentication message's origin
Control-oriented techniques
Implementation
Grand design projects
Authorized user access privileges for each data file or element
Routers
Ergonomics
provides an automatic audit trail, whereas a floppy disk does not
Evaluating methodology of the audit test results.
Institute program change control procedures.
Page 226
Sheet1
Critical systems
Invalid transactions
Detail requirements document
Evolutionary development model
Shielded Twisted pair
Such access authority is inappropriate because it violates the principle of "access on need - to - know basis, irrespective
Key compromise notifications
Corrective
31 bit cipher system
plastic cards with magnetic stripe and a PIN
Corrective
the decryption key should be kept a secret
Software compilers
Batch controls
Review and analysis of user specifications.
Taking the afterimages of all data items changed for accuracy and completeness.
Source code comparison
Central processing site during application program processing.
have to authenticate themselves only once, and not after that
Consider the use of Data Base Management System
IS security measures including controls over access to data should be strengthened.
Implementation
Each phase will have to be present
Lease or purchase
Decrease in complexity and volatility in IT leads to considerable decrease in costs.
Personnel like the DBA and systems analysts
fax/modem software
message switching
Coordinate and resolve conflicting needs and desires of users in their diverse application areas
to clarify the basis on which QA personnel will evaluate whether quality goals have been met
QA personnel should have most experience of information systems development, implementation, operations, and main
A wrong tape reel is loaded in a multireel file
accountability system and the ability to properly identify any terminal accessing system resources
Identifying major purpose(s) of the system
Distributed databases and application programs
Systems Programming
Known procedure
ciphertext form produced only from an irreversible encryption algorithm
Integration test
Checklists
Routers
generating a control total for a point-of-sale device
fast transmission of a message once it arrives at a node
Terminal simulator
Recommendations and conclusions based on the findings from the audit.
reduce the expected loss from a threat
Maintaining the error log.
Page 227
Sheet1
an UPS and spike buster

authorized files are logically allowed access to authorized users
Meeting user requirements
Inference engine
Integration test
Spiral model
Maintenance costs
A tape librarian are carried out by an application programmer.
Twisted-pair (unshielded) cable
Concurrency and sequence number
Completeness, accuracy and validity of update
the controls that prevents unauthorised and improper use of data and program
identifying what the user knows or remembers
A list of all cards issued and the individuals to whom they were issued.
Maintenance
possessed objects
Barometer
reviewing software quality
Integration test
Select a random sample of actual data to ensure adequate testing
data preparation, data input
Batch controls
Wireless Local Area Network
Operating systems
Export/import tools
Performing system activity analysis
substantive test
The mainframe computer should subject the data to the same edits and validation routines that on-line data entry would
Detective control
transmission on terrestrial microwave
If a connector in bus topology is malfunctioning, the whole network will not be brought down, whereas malfunctioning rep
Developing design documents
Screen-oriented manipulation user interfaces
The probability of continued availability of system support
widespread acceptance of national and international information systems standards can undermine an organisation s co
small key
Data owner
Materials ordered file
Ensuring seamless integration
Presentation layer
Test drivers
Snapshot
Actual time
With a multiplexer, the total bandwidth entering the device is normally different from the bandwidth leaving it
Data Encyption Standard (DES) is a typical type of private key cryptosystem
long key cipher system
Oversight omissions of data.
Ensuring completeness and correctness of the data
channel
Page 228
Sheet1
The staff change the jobs with high frequency.

More accountability
Verify specific) balance-sheet and Profit and loss account values
Overall risk assessment of operations in the organisation.
ensuring accountability and identifying terminals accessing system resources
installation of proper physical security cover over the data processing installation
Test should simulate actual prime time processing conditions
It facilitates repudiation by the sender
time and date of dispatch of the message
Rule based policy
Cost of recovery action
Sequencing
Multiple occurrences of data items are useful for consistency checking
tape file protection, cryptographic protection and limit checks
QA personnel should alert management on a timely basis when they suspect a compliance deviation has occurred
Only managers typically receive online reports so less misuse is likely.
Call-back techniques
transmittal control
DES Cryptosystem
The organization's information technology architecture
Audit resources are more effectively directed.
standards should be prepared to guide their maintenance
Incorporate into software upgrades
Activity logs, incident reports, software versioning
Behavioral issues
Software requirements management
Yes, since the vendor s plan could be adequately evaluated for preparing a complementary plan for the outsourcing com
Centrally print and distribute the outputs.
Licensed software
Authorisation of file updates
identify the operating costs of the network
automatic dial-up capabilities
convert digital signals to analog signals
Electronic data interchange (EDI)
Ensuring that provisions are made to minimise damage or abuse to hardware and to maintain the hardware in good ope
A single link failure, a repeater failure, or a break in the cable could disable a large part or all of the network.
Prevention
Corrective
Public key of the sender
Implementation
Detailed specifications of the vendor s hardware.
Page 229
Sheet1

Routers
decreased requirements for backup and contingency planning
thunder and lighting
does not require each node through which the message passes to be protected against hacking
Batch control totals
Priorities the audit area by performing risk analysis.
Terminal simulator
the implementation of advanced technology in the application
White-box, specification-based, logic-driven technique
The Success of a BPR is reached when the business and the risk suits the re-engineering process.
Assessing the required Security procedures for the IS environment.
high error propagation
DES Cryptosystem
Application software
channel
Implementation
Cost of computer downtime
sender's public key
small key
inappropriate, since access should be limited to a need-to-know basis, regardless of position
double wiring of the CPU and peripheral equipment to prevent malfunctioning
Yes, since the vendor s plan could be adequately evaluated for preparing a complementary plan for the outsourcing com
Limit test
Rerun the audit software against a backup of the inventory master file.
Interception
Nature of the population
Exposure based on threats and vulnerabilities
Introduction of newer technology by the day has made their understanding a difficult task for the auditor
Expert system
System that performs based on business needs and activities
Automated teller machine system
Malfunctioning in one node will not bring a star network down
Implementation
data management subsystem
Mr. R 's public key
Duplicate record check
Group logons are being used for critical functions
they have available special hardware/software tools that enable them to breach data integrity
Page 230
Sheet1
A bar graph
batch containing errors would be rejected for correction prior to processing
Result of substantive audit procedure
A test to compare data with an output source
Export/import tools
the second-last full dump
Exhibits the rules for different conditional value
Pre-usage scan of all secondary storage media brought from outside.
The user-id used to make the attempt
Initiating computer applications.
call-back features
segregation of duties becomes increasingly important
data security
Data encryptor
a malicious operator can undermine a disaster recovery operation by corrupting backup files progressively over time
Delay distortion
concentration technique
Determining whether access controls are in place
the loss likely to occur if the threat materializes multiplied by the probability of the threat
Traffic analysis
The transactions shall be recorded chronologically as they are put through
Process errors
Implementation
System navigation guidelines
the recipients of project based reports should be agreed upon at the start of a project
Prevent the file from being overwritten before the expiry of the retention date
Page 231
Sheet1
resources provided/denied
manager in charge of the information systems function
Snapshot
A run chart
Developing and designing standards and procedures to protect data in case of accidental disclosure, modification or destr
companies that wish to engage in electronic commerce on the Internet must meet required security standards establishe
A sandwich approach
Vendors not in the table file will be paid.
List of applications under development
An increase in inherent risk
substantive test
Developing and implementing an IS security standards manual
Known procedure
Component redundancy
Develop CAATs in detecting such instances.
call-back features
small key
Frequently changed access controls
a single person do not have the complete control over a transaction from start to finish
to prevent compromises when using a private key
enabling use of a multiplicity of formats and coding standards
Repeater
staging and job set-up procedures compensate for the tape label control weakness
Program changes due to fine tuning of existing systems
Operating systems
Implemented
Access only to authorized logical views.
communicate the PIN to the cardholder over phone
Dollar unit sampling
Generally, the tasks performed by IS personnel are more complex than those in manual systems
documenting the major milestones to be achieved in the system development process
All the back up storage devices and the backed up floppies & disks
Production mailbox
Develop an API application
Observation
preventive control
Firmware
Page 232
Sheet1

Data custodian
Input control
The mainframe computer should subject the data to the same edits and validation routines that on-line data entry would r
PCs and notebook computers must be programmed directly in machine language while mainframes use higher level lang
Increasing MIS staff output in order for both systems to be installed
System development tools
verifying control totals
fax/modem software
Flow-charting tool
Inference engine
The spiral model
Develop a data synchronization software
Maintenance costs
Communication protocol
dropping bits in data transmission
Licensed software
allow a reasonable number of PIN entry attempts, close the account after the limit has been reached, but do not retain the
Keep them motivated
be easily accessible by a majority of company personnel
Protocol analyser
Corrective
encrypt the message with the receiver's public key and sign the message with the sender's private key
increase the speed of data transmission
Software acceptance criteria
Data editing
fax/modem software
A sandwich approach
A random structured
Cluster sampling selection technique
Installing an access control software.
Need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive
Foresee important problems prior to occurring.
Page 233
Sheet1
Software Life Cycle activities are improved.

authorizations are in-built into application systems
investment in hardware is smaller for each site than for a central site
Data editing
Polymorphism
To help the top management in assessing the capabilities of personnel.
A state transition diagram
Bypass Label Processing and Central Processing Unit
an unauthorised person from reading the message
Implementation
Implementation
Editing of corrupted message by the network staff
Data Link
Detailed design documents
Requirements follow design
Focusing on broad problems to a specific view.
Assumptions and analysis of costs and benefits.
Information from clients and customers will not be required.
traffic analysis
channel
Data owner
Maintainability
make an evaluation of the whole process to quantify the substantive test required for the specialized audit of the process
Decreasing of contingency and backup planning efforts
message authentication
Reviewing change controls
Implemented
A random structured
Output analyser
less difficult because audit trails can be looked upon for tracing out unauthorized activities
Data ownership resides with the most appropriate users
Evacuation procedures
They both encrypt messages
avoiding the reappearing of rejection messages when the transactions are resubmitted after a disaster and a restoration o
Implementation
Page 234
Sheet1

Diminish chances of committing improper / illegal acts by the employee.
Ascertaining user needs for application programming.
Firmware
Licensed software
widespread acceptance of national and international information systems standards can undermine an organisation s com
Access control at application system level
possessed objects
Quality
Yes, since the vendor s plan could be adequately evaluated for preparing a complementary plan for the outsourcing comp
whether a storage medium should be retired
Terminal simulator
High cohesion of modules, high coupling of modules, and high modularity of programs
Possess knowledge in the area of current technical words.
Tokens may be captured by a node and before releasing it the node may fail
Warm site
Function points
Firmware
Network structure
Prototyping model
Corrective
Disk utility
Limiting and monitoring the use of privileged software.
channel
Ergonomics
Manually reperforming, as of a moment in time, the processing of input data and comparing the simulated results with the
Page 235
Sheet1
Telecommunication
Requires the minimum computer usage and manual personnel.
naming convention gives a unique identity to the resources
Reporting of before and after images
Spiral model
Implementation
Operating systems
Bio-metric devices
service type
Presentation layer
Corrective
PIN entry via a secure terminal
Known procedure
provide common interfaces across organisations thereby eliminating the need for one organisation to establish direct com
ring network
to increase the efficiency of the payment process
Design of authorization tables for operating system access.
no demonstration packages should be allowed to be run on the company owned machines
Process errors
Maintenance costs
Automatic error correction
The internal control of data accuracy and access and inconsistencies within common data fields
Modularity
Operating systems
the quality of QA training is an important indicator of top management s commitment to the attainment of quality assuranc
into which user s password falls
A development control
Configuration status accounting
small key
Snapshot
Data Entry
Batch controls
Corrective
Permanent Virtual Circuit (PVC)
Page 236
Sheet1
Format check
Librarian forgot to log tape movement
Implementation
One-time pad
Editing of corrupted message by the network staff
a microwave radio system
Firmware
message switching
private key and a public key
service type
Corrective
Attribute Sampling
Implementation
It requires the hardware vendor to provide compatible computer equipment.
Calculation of Foot Totals
If afterimages have been corrupted, rollback is not achievable
Reviews
Lease or purchase
Systems management
Reliability
data security
Of higher volume and of bigger size
The spiral model
Problem support
Input control
small key
Page 237
Sheet1
Completing the system design document
What actions were taken in response to the metrics results?
Segregation of duties is maintained
Suggests the management of control and system enhancements.
Control risk
Logging of console transaction
Detective controls
Preparation of the information security standards manual
Production mailbox
Function points
getting distributed than in a manual system
channel
transmittal control
Input control
DES Cryptosystem
Code metrics
Sudden increase in number of users
Paid non-EDI invoices
Software requirements management
Resource management
Sensitivity of transactions
A random structured
Whether all the software on the computer is properly licensed.
Encryption will solve all problems of industrial espionage
an application program error
Capacity planning
Identity-based policy
Inference engine
Page 238
Sheet1
to educate the customer about the importance of card security

The idea that not every theory tested will work as expected
Working Notes of the IS audit staff of the minutes of the IS Steering committee meetings.
dynamic equalization
If a connector in bus topology is malfunctioning, the whole network will not be brought down, whereas malfunctioning repe
Joint application design (JAD)
Integration test
The spiral model
Data encryptor
message switching
Maintainability
sender's public key
possessed objects
Integration test
enabling use of a multiplicity of formats and coding standards
TCP/IP
Systems Programming
twisted pair wire transmission
Mean-time-to-repair
A confirmation letter received by the IS auditor directly from an outside source
While evaluating an organisation s policy of segregation of duty, the competancy of the employees are of no relevance.
Rectification of errors
Firmware
it is less likely to be used in a business systems environment than a discretionary access control policy
Page 239
Sheet1
Transaction processing delay

service type
Assure the correct execution of machine instructions
determined by and the individuals who use the microcomputers
possessed objects
Active user involvement is more in the system development.
Licensed software
It provides a means for measuring the actual misstatement statement in assertions
Application system errors
economic events that are relevant to the ongoing operations of an organisation are identified and recorded
Detective control
QA personnel require high level of interpersonal skills because of potential conflict between QA personnel and information
the inherent risk associated with an organisation decreases considerably when an organisation has an information system
Users need not remember multiple passwords rather than a single passwords
service type
Presentation layer
Modules should have only one entry and one exit point
sender's public key
Security Administration
Value-added network
Permit updating for everyone in IS but restrict read access to source code to one position
Detect the presence of viruses.
Performing compliance tests and evaluating the adequacy of procedures that were implemented by the management to c
Document the procedures designed to achieve the planned audit objectives.
With compatible equipment and applications
Maintenance costs
Modularity
Routers
Data editing
QA personnel should have most experience of information systems development, implementation, operations, and mainte
Page 240
Sheet1
bit cipher
commodity
Determine the risks/threats to thedata center site
existence of call forwarding devices
Photo identification card
Keep them motivated
Inference engine
Coding
Software licensing
small key
Comparator
Data editing
traffic analysis
The system should display the password to enable the user to enter it correctly
Implementation
Maintenance
Capacity planning
bit cipher
timed authentication is required
Examine the accounting data recorded in the system for any irregularities
Input control
Snapshot
unsuccessful attempts after a specified number of times, should result in the automatic log off of the workstation
Network structure
channel
Code metrics
ring network
Output analyser
Inductive wiretaps can pick up the free space emissions emanating from amplifiers
list of persons authorised to alter the log file contents and the software controlling the log file updating.
Page 241
Sheet1
Processing controls
Testing
Known procedure
Licensed software
Prototyping model
Corrective
Implementation
Implementation
changing the order of the message
List of applications under development
Redundant log-on Ids are removed
Processes in priority order, as defined by the business manager
resistance to change
Testing
Often being used as tool in evaluation of performance.
the system cannot easily handle large volumes of data
Maintenance costs
Presentation layer
A run chart
Limit test
Stratification and frequency analysis capability
Output analyser
Logical access controls
security awareness programme
regular scanning of all network drives as per the established routines
Page 242
Sheet1
error correction in the data entry

Warm site
boundary controls
Implementation
Licensed software
companies that wish to engage in electronic commerce on the Internet must meet required security standards established
Deadlock resolution
Telecommunication
Date and time stamps are not recorded automatically but only with manual interferance
Are usually located in populous areas to prevent theft or vandalism
Lease or purchase
Integration test
Page 243
Sheet1
Possess knowledge in the area of current technical words.
Disk utility
List of all authorised users of IPF
Costs associated with the hot sites are low.
Maintainability
message switching
Data editing
Processing control
small key
Code metrics
Corrective
Attribute Sampling
Terminal simulator
More accountability
Line conditioning technique
small key
Network structure
bit cipher
Attribute Sampling
Batch controls
Page 244
Sheet1
Use of individual passwords

More accountability
Implementation
Evaluating methodology of the audit test results.
One-time pad
Flow-charting tool
Implementation
Data encryptor
Modularity
Implementation
Sound an alarm and begin a timed countdown.
Prototyping model
sender's public key
Data encryptor
it does not have to be stored. Hence preserving privacy is easier
Batch controls
Licensed software
there is a perceptible difference in the basic control objectives
Logical access controls
Creeping functions
Maintenance
Processing control
Keep them motivated
Lease or purchase
Page 245
Sheet1
Corrective
Maintainability
Code metrics
Procurement procedures are complied with.
Access to Job control languages/script files
Humidity increase
Delay distortion
Implementation
Spiral model
during the data preparation
Corrective
Barometer
Quality
Systems management
violating the confidentiality of the message
Unique user ID and password
Rivest, Shamir, Adleman (RSA)
Traffic analysis
User satisfaction
Coding phase
Control and arithmetic-logic
Inappropriate, since access should be limited to a need-to-know basis, regardless of position.
during the data preparation
Page 246
Sheet1

Snapshot
Integration test
Format check
Deadlock resolution
Implemented
Date and time stamps are not recorded automatically but only with manual interferance
Used to build hard disk controllers
Resiliency testing
Maintainability
An operating system program is a critical software package for microcomputers
Routers
Reliability
Input control
Snapshot
possessed objects
Review of the payroll by the payroll department on a regular basis.
Systems management
gateways to allow personal computers to connect to mainframe computers
Traffic analysis
Prohibiting the usage of disk drives in workstations
Detective controls
Package fixes
Page 247
Sheet1

Inference engine
Corrective
Limiting access to local drives and directories
Whether appropriate controls have been incorporated.
The spiral model
Disk utility
Use of two VANs
Resiliency testing
Known procedure
Reliability
Restricted physical access
Corrective
Routers
Code metrics
Acceptance test, unit test, integration test, systems test
Implementation
Observation
Terminal simulator
Detective control
Under normal circumstances only about 25% of the processing is critical to an organisation. Hence, there is no need to ta
Output fault
Page 248
Sheet1
data security
Lease or purchase
Implementation
Vendors may go out of business and discontinue service support on their products
Operating systems
More accountability
Run-to-run totals
Traffic analysis
Coding phase
Flow-charting tool
Design bugs
Inference engine
Examine the accounting data recorded in the system for any irregularities
Inference engine
secrecy
Maintainability
channel
Value-added network
Quality assurance audit
Systems management
separation of duties is easy to achieve in manual systems and impossible in computerized systems
Page 249
Sheet1
Disk utility
Disabling all the redundant passwords
Encrypting once with the same key
Integration test
compromise of a sender's private key
traffic analysis
Data transfer speed
Observation
An analytical review of the ratios by the IS auditor from the information received from the internal line management.
Rule based policy
preventive control
boundary controls
Batch controls
access control lists are stored on a fast memory device to facilitate easy access to the list
allow a reasonable number of PIN entry attempts, close the account after the limit has been reached, but do not retain th
Data transfer speed
Number of customer problems reported to the size of the product
Ergonomics
Deadlock resolution
Data Link
Page 250
Sheet1

Implementation
The spiral model
take action to mitigate the effects of the compliance failure on shareholders
Spoofing.
snap shots of all transactions are taken
To help the top management in assessing the capabilities of personnel.
TCP/IP
Prevention
call-back features
One-time pad
Resiliency testing
Integration test
Operations Manager.
Modularity
Maintainability
Architecture of the firewall hiding the internal network
Implementation
Integration test
Developing and designing standards and procedures to protect data in case of accidental disclosure, modification or dest
traffic analysis
Page 251
Sheet1
fax/modem software
Implemented
Substantive testing tests validation while compliance testing tests for regulatory requirements.
procedure for authorising access to computer resources
Access to Job control languages/script files
Plan is reviewed and updated regularly.
Object-oriented technology
Operations Manager.
Determine the risks/threats to thedata center site
Breaching in the security of the IS resulting in destruction of hardware or software
Presentation layer
Integration test
Maintainability
A run chart
Checklists
Review of the payroll by the payroll department on a regular basis.
Code metrics
A random structured
Detective controls
Bio-metric devices
Input control
Page 252
Sheet1
Corrective
Presentation layer
Implementation
generated as a printer output necessarily
Check digit
Architecture of the firewall hiding the internal network
secrecy
Data Entry
Known procedure
Presentation layer
Estimating electrical load
Dollar - unit sampling
Data Link
Format check
The right training
the maintenance of data integrity
getting distributed than in a manual system
virtual storage
Data editing
Reliability
small protection domains
Page 253
Sheet1
Implementation
bit cipher
Repeater
possessed objects
Integration test
Reject the statistical hypothesis that value is not misstated when the true value is materially misstated.
Preparation of multiple reports and output files.
Reviews
Baseline
Maintenance costs
Transmission cost is not charged by packet
DES Cryptosystem
transmittal control
modem
A run chart
Behavioral issues
substantive test
manual control procedures
Implementation
commodity
Corrected errors should be initialed by the person correcting the error
Page 254
Sheet1

Assure the correct execution of machine instructions
file server
Either allow access to all resources or none
modem
Baseline
small key
Integration testing
User satisfaction
Observation
small key
data security
If a program is erroneously coded, it commits errors at a very high speed resulting in wastage of resources for locating an
Bio-metric devices
Input control
Checklists
The information technology infrastructure
substantive test
the installation of the anti-virus software should be properly authorised
Humidity increase
Rule based policy
Process errors
Page 255
Sheet1

Polymorphism
transmission delay
Creeping functions
Implementation
Implementation
Problem support
Batch controls
Maintainability
TCP/IP
Code metrics
A random structured
Page 256
Sheet1
Package fixes
preventive control
Bio-metric devices
Input control
achieving system effectiveness
Attribute Sampling
the encrypted pre-hash code and the message are encrypted using a secret key
Narrowband ISDN, central office switches, Voice Mail system
Systems Programming
Capacity planning
Best IS expertise from the outside source.
achieving system effectiveness
Corrective
compromise of a sender's private key
A dependency check
Implementation
A random structured
BHAGWAN SRIGANESH
Page 257
Sheet1

Designing quality into the process
Data entry operators
call-back features
cryptologist
data security
Breaching in the security of the IS resulting in destruction of hardware or software
Attribute Sampling
channel
Input control
Integration test
The information technology infrastructure
Implementation
Ergonomics
Data Link
Coding phase
Creeping functions
fax/modem software
Ensuring that provisions are made to minimise damage or abuse to hardware and to maintain the hardware in good opera
The spiral model
possessed objects
Routers
Page 258
Sheet1

Performing compliance tests and evaluating the adequacy of procedures that were implemented by the management to c
Trojan Horse
Critical systems
Resiliency testing
Operations Manager.
Snapshot
Maintenance
manual control procedures
Implementation
boundary controls
Systems management
data security
Input control
secrecy
Software licensing
TCP/IP
Page 259
Sheet1
Output analyser
Design bugs
Check digit
Resource management
Observation
Ergonomics
Export/import tools
Output analyser
Process errors
Network structure
Software licensing
proper validation procedures to be built in during user creation and password change
plastic cards with magnetic stripe and a PIN
Page 260
Sheet1
Implementation
Maintenance
fax/modem software
Corrective
Data encryptor
TCP/IP
Systems testing
A random structured
Port
the installation of the anti-virus software should be properly authorised
Star topology network
Process errors
Page 261
Sheet1

Repeater
sender's public key
Checklists
Expert system
Resource management
A site where the computer environment is maintained without any equipment.
The right training
Data editing
QA personnel should have the greatest incentives to effect improvements to information systems standards
channel
Integration test
Checklists
Software reengineering
Modularity
Page 262
Sheet1

traffic analysis
Snapshot
Value-added network
Prevention
Capacity planning
BHAGWAN SRIGANESH
preventive control
Reliability
allow a reasonable number of PIN entry attempts, close the account after the limit has been reached, but do not retain th
Corrective
Export/import tools
Reviews
Implementation
Function points
the designer is circumspect of the user's cooperation in spelling out their requirements
Page 263
Sheet1

Check digit
Licensed software
Batch controls
Integration testing
Actual time
Code metrics
Mean-time-to-repair
Format check
Detective control
Processing controls
Corrective
System development tools
A run chart
Systems testing
Page 264
Sheet1
Implemented
Resource management
Format check
Use of two VANs
service type
file server
Maintenance costs
Code metrics
Integration test
Output analyser
Detective controls
Observation
organises itself along hierarchical lines of communication to a central host computer.
Data owner
DES Cryptosystem
Licensed software
TCP/IP
Licensed software
Traffic analysis
Page 265
Sheet1

substantive test
Usage of CAATs to verify the interest rates
the designer is circumspect of the user's cooperation in spelling out their requirements
Lease or purchase
Licensed software
possessed objects
Network structure
Deadlock resolution
Processes in priority order, as defined by the business manager
Production mailbox
Observation
Maintaining the systems in production.
Bio-metric devices
A dependency check
Mr. R 's public key
small key
Either allow access to all resources or none
Code metrics
Repeater
Code metrics
Implementation
Page 266
Sheet1
Deadlock resolution
Run-to-run totals
Delay distortion
Licensed software
Systems management
Verify specific) balance-sheet and Profit and loss account values
transmission delay
Trojan Horse
One-time pad
Creeping functions
Function points
Limiting access to local drives and directories
Integration test
Actual time
Page 267
Sheet1

Capacity planning
procedure for authorising access to computer resources
Data Link
fax/modem software
Systems management
DES Cryptosystem
Implementation
Data encryptor
Batch controls
TCP/IP
Corrective
Routers
Output analyser
Detective control
Costs associated with the hot sites are low.
The spiral model
Corrective
Snapshot
Page 268
Sheet1
Known procedure
Systems management
Terminal simulator
acceptance of executable only from the established and trusted source
tape librarian
Encryption will solve all problems of industrial espionage
Delay distortion
User satisfaction
Implementation
Modularity
Regular back ups by many of the LAN nodes are not taken in the file server.
Software licensing
TCP/IP
transmittal control
Operating systems
Control risk
Detective controls
With compatible equipment and applications
Traffic analysis
Flow-charting tool
Page 269
Sheet1

Data encryptor
traffic analysis
Terminal simulator
Manually reperforming, as of a moment in time, the processing of input data and comparing the simulated results with the
Requires the minimum computer usage and manual personnel.
Expert system
Run-to-run totals
Frequency of offsite backup
Regression analysis and testing
Baseline
transmittal control
Spreadsheets
transmission delay
Detail requirements document
The spiral model
Observation
Page 270
Sheet1

call-back features
Snapshot
possessed objects
Licensed software
traffic analysis
Implementation
substantive test
Critical systems
Use of two VANs
Traffic analysis
Conflicting requirements errors
Observation
it does not have to be stored. Hence preserving privacy is easier
the encrypted pre-hash code and the message are encrypted using a secret key
small key
Format check
Detective control
Page 271
Sheet1

data security
Maintenance
Corrective
A run chart
Behavioral issues
Project Management softwares
traffic analysis
Detective control
Encrypting once with the same key
Coding phase
Operating systems
Corrective
small key
fax/modem software
Verifying the key data
Page 272
Sheet1

Creeping functions
Reviews
Control and arithmetic-logic
An error-correcting code
data security
Maintainability
secrecy
Lease or purchase
channel
transmittal control
Repeater
Integration testing
traffic analysis
Disk utility
Known procedure
virtual storage
Mr. R 's public key
Data custodian
Barometer
Licensed software
Page 273
Sheet1
Deadlock resolution
Daily control totals.
tape librarian
Under normal circumstances only about 25% of the processing is critical to an organisation. Hence, there is no need to ta
Implementation
channel
Data Entry
Barometer
Licensed software
Lease or purchase
sender's public key
Operating systems
Implementation
Format check
Disk utility
naming convention gives a unique identity to the resources
User satisfaction
Reviews
Systems management
Coding
Corrective
Data encryptor
Page 274
Sheet1

Software reengineering
Critical systems
Production mailbox
Implementation
Firmware
Network structure
virtual storage
If a program is erroneously coded, it commits errors at a very high speed resulting in wastage of resources for locating an
Code metrics
small key
Use of two VANs
Star topology network
User satisfaction
Testing
Baseline
Modularity
Mr. R 's public key
Page 275
Sheet1

Code metrics
Delay distortion
Implementation
Mean-time-to-repair
Disk utility
Writing incorrect program code
Package fixes
PCs and Laptops must be programmed directly in machine language while mainframes use higher level language
commodity
file server
Corrective
Operating systems
More accountability
Implementation
Telecommunication
Daily control totals.
small key
Check digit
Page 276
Sheet1

Inference engine
Data Entry
Snapshot
call-back features
channel
Output analyser
Technique enabling to enter test data into a live computer for processing verification.
It facilitates repudiation by the sender
Reviews
Package fixes
Implementation
Implementation
Data encryptor
Licensed software
Corrective
Checklists
Implementation
Data Link
transmission delay
Frequency of offsite backup
Known procedure
Baseline
Lease or purchase
Page 277
Sheet1
gateways to allow personal computers to connect to mainframe computers

Network structure
Repeater
The spiral model
transmittal control
Implementation
Actual time
Data editing
Terminal simulator
Package fixes
Bio-metric devices
Mr. R 's public key
Input control
possessed objects
Comparator
Resource management
Deadlock resolution
Implementation
Requirements follow design
The right training
Page 278
Sheet1

Routers
Polymorphism
Test drivers
hosting site over the authenticity of the customer
Licensed software
Value-added network
Transmission cost is not charged by packet
More accountability
Interception
Detective controls
Testing
Operations Manager.
boundary controls
traffic analysis
Barometer
Corrective
Page 279
Sheet1
Testing
Lease or purchase
commodity
It can be used to obtain an unauthorized copy of a report.
Page 280
Sheet1
Option C
A legacy system is difficult to port to other environments
Laser activated photo identification.
Duplicate transaction processing
Audit hooks
downloaded codes reading files on the client s hard disk
Each request for data made by an application program must be analysed by DBMS.
Integrated services digital network (ISDN)
production work flow control
Volume test
Maintenance
whether there is any abnormal work load during a particular shift which may be because of private use of resources by so
it can be a major bottleneck in the work flow in a data processing installation
CIS is can not write exceptions identified to a log file
Examine the creation date and file size.
free channel utilization to make more capacity available for the user
Compliance tests
Test transactions are representative of normal application system processing.
Availability of adequate manpower for the effective implementation of the system.
demagnetising the hard disk
restricting access to sensitive messages by restricting them to specific parts of the network
Transport
Unit test cases
Faster delivery
Detailed Testing
Does not provide backup in the event of absence.
It is easy to assign the cost of using link encryption to the users of the link
Link editor
Digital signature.
Analysis of system generated core dumps
Substantive tests of executed program logic
machine room fires
Mr. S 's private key
availability
defrauding by the receiver by colluding with the sender.
confirm that the card is not listed as hot
High MTBF values imply good reliability
System D - Likelihood 25%, Losses(in$) 4 million
Configuration test
error log
Extension of the network to new users
Recovery
Interviewing the system operator's supervisor
Tolerable rate and the expected deviation rate.
Temperature increase
altering the audit trail to correct an error
Paralled simulation
Specifying physical data definition
Reviewing execution of computer processing tasks.
All input transactions
lesser flexibility in leveling system workloads
The technique provides for taking the backup on a high speed medium like CDROM
Expert systems can explain their own actions
Productivity
Incremental model
Page 281
Sheet1
Development time of a high priority system is more than 12 months.
redundancy control
Ensure that management s hardware acquisition plan has taken into consideration technological obsolescence.
Managing end-user expectations
Accreditation and assurance
The model is iterated too many times
the designer is uncertain as well as the user about the requirements and it is likely to evolve as the design progresses
maintaining a test deck
dedicated telephone lines
A control chart
Estimate the operating costs of the communication subsystem
Maintenance
checking the transaction log
inadequate backup and recovery capabilities
d. Record locking
Less computer equipment
network defence program
The confidence level increases as the sample size decreases.
Touring key activities of the organisation.
Recovery actions for the error codes.
The users should be required to review a random sample of processed data.
The audit review file.
using CAAT techniques to know the access provided in the software
Design fault
Faster delivery
Both the Internal and External business processes are covered under the standard.
authorizations are no more needed
Field-size check
Decision table
customer over the authenticity of the hosting site
Establishing data disclosure guidelines
Windows NT platform
It has high risk of wire-tapping
Test case preparation and test case execution
Screens, interactive edits, process programs and sample reports
Application Programming
non-repudiation
Information-oriented techniques
Maintenance
Conversion projects
Sign-on verification security at the operating system level
Terminal controllers
System performance
is suitable for an online system whereas a floppy disk is not
Skills and judgement that are commonly possessed by IS practitioners of that speciality.
Test all new software on a stand-alone microcomputer.
Page 282
Sheet1
Non-critical systems
Repudiated transactions
Fourth-generation programming languages
Rapid prototyping model
Optical fiber
Such access authority is inappropriate because they have the full knowledge and understanding about the system
Private key modifications
Suggestive
call-back telephone facility
Suggestive
the decryption key is the same as the encryption key
Software testing
Duplicate files and backup procedures
Analysing system schedules
Compliance tests
Taking picture of transaction as it flows through a system
Manual recalculation of sample items
Remote processing site prior to transmission to the central processing site.
with full access to read, write and execute
Expand the use of the built-in access controls to new applications.
Offsite storage location should be secured and should not be easily identified from the outside.
Maintenance
The sequence of the phases cannot vary
Rent or purchase
Increased number of people using the technology causes a serious concern for BPR projects.
Hardware
private branch exchange
time sharing
Logical design of a database
to alleviate conflict between the Statutory Auditors and Information Systems Auditors
QA personnel should have incentives to ensure their organisation adopts the best set of
quality assurance standards
The program contained a serious logic error
whether users are authorised and authenticated prior to granting access to system resources
Developing system justification
Security mechanisms
Guaranteed procedure
ciphertext form that is a function of the account number
Volume test
Face-to-face communications
correcting a hardware error in a modem
facility to change queue sizes at a node
Decision- table preprocessor
Functional business areas under audit.
control the normality of the distribution curve of the loss from the threat
Custody and control over the non IS assets.
Page 283
Sheet1
a continuous voltage stabilizer

data entry by the user department is made easy
Reduced software maintenance efforts
End user interface
Configuration test
Incremental model
System size and complexity
Systems analyst and database administrator are done by the same person.
Coaxial cable
logging and restart verification
Completeness, accuracy and validity of input
the control that reconciles input with processing control totals to ensure that all transactions have been processed and g
identifying what the user is and what she/he knows/remembers
Identification on the cardkeys documenting the name and address of the data centre.
Obsolescence
remembered information
Voltmeter
troubleshooting electrical connections failure
Configuration test
Include data which represent conditions that occur in actual processing
data capture, data preparation, data capture, data input
Public switched telephone network
Destruction of the logging and auditing data
Compliance tests
Diagram checking tools
Performing job activity analysis
understanding of internal controls
Corrective control
transmission on satellite microwave
Encryption is resorted to as a control technique more in bus topology than ring topology
Developing conversion plans
Menu-oriented user interfaces
The time required for subsequent acquisition to meet the requirement
the adoption of national and international information systems standards reduces for conflict within the management
low error propagation
The database administrator
Contingent liabilities file
Allowing distribution processing
Application layer
Network traffic analyzers
Audit hooks
Optimistic Time
A communications terminal control hardware unit that controls a number of computer terminals.
For the decryption, the decryption key should be equivalent to the encryption key
encryption system that can not be used more than once
Inadequate volume testing.
Preparation of data classification methodology.
Link editor
Page 284
Sheet1
Ownership is irrelevant on account of diversified control.

Determine the degree to which substantive auditing may be limited.
Providing audit documentation for review and reference.
proper procedure for verification of User ID and passwords, ensuring authorisation and authentication before granting ac
preparations and plans for the accidental damage or loss in the IPF
Advance information about the test to non-business continuity team members.
It prevents repudiation by the sender
the unique identifier of the sender s node from which it was sent
Identity based policy
Cost of technical action
Portability
Backup and recovery procedures are minimised
duplicate circuitry, echo checks and dual reading
QA personnel should avoid making comments to management about the consequences of compliance failures
The only way to breach the privacy of online reports is to wiretap the communications line
Cryptographic devices
error log
Digital signature.
How the new application will fit with other applications
Current decisions can be based on audited information.
an offsite back copy should be maintained
Incorporate into revision procedures
Test cases rejected, test cases accepted
Contractual issues
Software project management
No, since this backup provision is adequately provided for in the agreement.
Train current users in how to specify the right destination codes for their printing.
Standby power supplies
Appropriate accounting for rejections and exceptions
map the network software and hardware products into their respective layers
convert analog signals to digital signals
Electronic benefits transfer system (EBTS)
The ability of a personal computer to act as a data terminal
Recovery
Suggestive
Time period for which the key is valid
Maintenance
The ownership rights for the programs and files.
Page 285
Sheet1

whether there is any abnormal work load during a particular shift which may be because of private use of resources by s
improved business relationships with trading partners
poor contacts
renders charge back system easier and effective
Range check
Begin with previous year s IS audit plan and carry over any IS audit that had not been accomplished.
the strategic nature of the system
The data being intercepted and disclosed to others without authorisation
Black-box, specification-based, data-driven technique
The IS auditor is not concerned with the key controls that once existed but with the one which exists in the new business
Review of Short and Long term IS strategies.
high work factor
Digital signature.
A Processing control
Operating System
Link editor
Maintenance
Cost of initial debugging of software
inappropriate, because technical support personnel are capable of running the system
Productivity
validations logic to fields and records based o their interrelationships with controls established for the batch.
Control total
Compliance tests
Process the data using a different generalized audit software.
Relay
Standard deviation of the population
Controls to contain the threat.
The basic objectives of auditing have undergone change
Management control system
Provides utility programs for a limited number of application systems
Telephone bill paying system
Malfunctioning of the hub will bring the star network down
Maintenance
security administration subsystem
Range check
The same user can initiate transactions and also change related parameters
for them to carry out their work, normally the application system controls have to be relaxed
Page 286
Sheet1

A Pareto diagram
follow-up on unpaid accounts if a transfer pricing scheme is being used
Assessing control risk too high
A test to evaluate the validation controls in an input program.
the second-last residual dump
Indicates the action to be taken when a rules is saisfied)
Updation of anti-virus configuration settings on logging in by the user.
The password used to make the attempt.
Ensuring data processing resources are efficiently used.
enforcing regular password changes
With the increase in use, the degree of concern regarding physical security decreases
the control that reconciles input with processing control totals to ensure that all
transactions have been processed an
physical security
Decision table
operators do not need to rely on documentation during a disaster recovery operation
sender's public key and receiver's private key
White noise
Determining whether system specification documents are available
the loss likely to occur if the threat materializes
Modification of the message
There will be no need for taking a data dump
Data errors
Maintenance
System migration guidelines
QA report must degenerate into a long list of defects that have been identified
Prevent the file from being read before expiry of the retention date
Page 287
Sheet1
modifications to private keys

manager responsible for the internal audit function
Audit hooks
A control chart
all of the above
A big bang approach
Unauthorized vendors invoices will be paid.
Responsibilities of each organizational unit
Range check
An increase in control risk
The IS auditor conducting a comprehensive security control study.
Information hiding
Review system logs on such occasions to identify irregularities encountered if any.
poor contacts
Call back procedures
none of the above
to prevent misuse of e-mail facilities
increasing inventory by reducing order lead-time
Modems
tape management system is putting processing at risk and that the parameters must be set correctly.
Windows NT platform
Program changes due to changes in data formats
Range check
Distributed
User updates of their access profiles.
mail the card and PIN mailer separately in registered envelopes
Ratio and difference estimation.
IS personnel do not enjoy the as much power and clout in organizations as manual systems personnel do like the HR pers
narrate the competitive advantages of the proposed development
Data ownership and classification
Application programmer mailbox
Develop a GUI application
Detailed Testing
redundancy control
Random Access Memory (RAM)
Page 288
Sheet1
database administrator
Access control
none of the above
The cost per transaction to process on each type of computer has decreased in recent years
Having the information systems steering committee set the priority
Data storage
establishing control over output
Unit test cases
Project Management tool
End user interface
The iterative model
Develop a client/server system
Communication channel
crashing disk drives read-write heads
allow a reasonable number of PIN entry attempts, close the account after the limit has been reached, and retain the card
Continuous training
be in the top floor
Database replication
Suggestive
encrypt the message with the receiver's private key and sign the message with the sender's public key
dynamically share a smaller number of output channels
System external specifications
Data compression
A big bang approach
A index sequential
Sequential sampling selection technique
Using a locking device that can secure the notebook computer to an immovable object.
Unauthorized vendors invoices will be paid)
Should be easily identified from outside so that in the event of an emergency it can be easily found
Reduce risks of existing or anticipated control weaknesses.
Page 289
Sheet1
Maturity of the implemented quality system is irrelevant.

authorizations are no more needed
security measures are easier to provide
Data compression
Inheritance
To ensure that no statutory regulations are violated using networks.
A data dictionary
Routers and gateways
the receiver forging a message using the sender s private key
Maintenance
Maintenance
proper procedure for verification of User ID and passwords, ensuring authorisation and authentication before granting acc
Introduction of automated checks to detect corruption of messages
Transport
General design documents
Coding follows implementation
Including other features of word processing, spreadsheets and e-mails.
Assessing the organisation s business needs.
Business priorities will not be modified.
Link editor
Portability
conduct a substantive test of the application system
Decreasing of the legal liabilities over proprietary data
message integrity
Evaluating software distribution
Distributed
A index sequential
Code optimiser
less difficult because monitoring the employee activities electronically is feasible
Access privileges are established on a need-to-know basis
Restart procedures
They both sign messages
elimination of control total problems when the transactions are resubmitted after a disaster and a restoration of the backu
Maintenance
Page 290
Sheet1

Ensure a standard quality of life is lead by the employee which could enhance productivity.
Corporate database definition.
Operating System
Access control at data base management system level
machine room fires
Resources
Range check
whether a master file should be stored on a particular storage medium
Low cohesion of modules, low coupling of modules, and low modularity of programs
Only possess a knowledge of auditing
The receiver might not have captured the token but it might have passed the addressee node
Cold site
Test coverage
Relational structure
It has high risk of wire tapping
Incremental model
Suggestive
Multiplexor
Keeping sensitive programs and data on an isolated machine.
Link editor
System performance
Periodically submitting auditor prepared test data to the same computer process and evaluating the results
Page 291
Sheet1
Hard disk free space

High Level of IS expertise is essential.
fancy and international names can be used
Reasonableness checks and Hash totals
Incremental model
Information hiding
Maintenance
the control that reconciles input with processing control totals to ensure that all transactions have been processed and giv
Internet Protocol (IP) address
Application layer
Information hiding
Suggestive
PIN entry at acquirer's premises
Productivity
maintain a log of all transactions of an organisation with its trading partner
multidrop line network
to eliminate the risk that unauthorised changes may be made to the payment transactions
Inclusion of an uninterruptible power supply system and surge protection.
always boot from the diskettes
Data errors
Turnaround documents
The logic needed to solve a problem in an application program
Standardisation
QA training should be an ongoing process and all new QA employees must be inducted in the QA goals, standards and p
the users are assigned privileges only if they know the password for each resource
A documentation control
Configuration identification
Coaxial cable
Audit hooks
Application programmer
Suggestive
Page 292
Sheet1
Check digit
Knowingly, an IS Manager , approved a payment for his uncle's IS software firm for a job not done by them.
Maintenance
Data encryption standard (DES)
Introduction of automated checks to detect corruption of messages
a satellite line
time sharing
a new key is generated for each transaction
Information hiding
Security mechanisms
Suggestive
Statistical Sampling
Range check
Maintenance
It provides for full processing capability in the event of a disaster.
Selection of testing sample data
It is not always possible to determine how much damage has been done for undoing it
Walkthroughs
Rent or purchase
Grade of Service
physical security
Punishable by law relatively easily
The iterative model
Project staff skills
Access control
Page 293
Sheet1

Completing the program coding work
What error analysis techniques were used?
IS operations are performed in accordance with appropriate authorizations
Conducts a review of the application developed)
Detection risk
Audit log
Programming controls
Formulation of a corporate information security policy and its adoption by the top management
Test coverage
getting concentrated at different location but becoming less valuable
Link editor
error log
Access control
Digital signature.
Productivity
Test metrics
Phase hits and amplitude jitter
Paid EDI and non-EDI invoices
Software project management
Output distribution
Legal requirements
A index sequential
Whether the computer has terminal emulation software on it.
Some countries will not allow transborder encryption of information
a procedural lapse
Chargeback system
A Processing control
Rule-based policy
User interface
Page 294
Sheet1
enforced periodic change of the PINs
To explore the use of new technology
message integrity
Conversion projects
Optical fiber
Information processing facilities operations and procedures manuals.
Compliance tests
Traditional system development life cycle
Configuration test
The iterative model
Decision table
time sharing
Portability
Configuration test
increasing inventory by reducing order lead-time
X.12
thin ethernet cable transmission
On-line system response times
A report generated by the accountant from internal evidence
An organisation chart provides a precise definition of the segregation of duties among the employees.
Managing distribution of outputs.
an audit trail is not required with a mandatory access control policy
Page 295
Sheet1
Concurrent transaction processing

Ensure that run-to-run totals in application systems are consistent
formulated by the operations manager and promulgated as a standard through-out the organisation
Change controls are more problematic to achieve than in a traditional SDLC.
It provides a means for assessing the risk that the sample results will not accurately represent the population characterist
Lack of internal program documentation
data are recorded on source documents so it can be keyed to some type of magnetic medium
Corrective control
high work factor
information systems personnel tend to prefer a development role to a monitoring role
It is more likely that the external auditors will focus on the reliability of the QA function rather than undertaking direct tests
Security administration is made simple
Application layer
Modularity means program segmentation
QA
ISP's network
Restrict updating to one position but permit read acccess to source code for everyone in IS
Log attempts of unauthorized access.
Reviewing management s response to the weaknesses in their formal report to the Board of Director s audit committee.
Be dynamic and often change with the technology and profession.
With similar business activities
Standardisation
Data compression
QA personnel should have incentives to ensure their organisation adopts the best set of quality assurance standards pos
Page 296
Sheet1
transmission cipher
data
Interviewing people at the site for the specific tasks performed by them.
required display of user codes and passwords
Magnetic card reader
Continuous training
User interface
Testing
Product reliability
Coaxial cable
A data dictionary
Diagnostic routines
Data compression
Optical fiber
Password files are encrypted and the system should force the user to change the initial password allotted and also at sub
Testing
Obsolescence
Chargeback system
transmission cipher
traffic is exchanged through the firewall at the application layer only
Appoint a qualified computer operator on a temporary basis.
Access control
be in the top floor
Audit hooks
log of unsuccessful log on attempts are reviewed online and the active monitoring of the same by the security administrat
Link editor
Test metrics
multidrop line network
Code optimiser
Analog signals are less attenuated than digital signals
The period up to which the log file is retained
Page 297
Sheet1
Operations controls
Tracing
Incremental model
Suggestive
Maintenance
Faster delivery
Maintenance
traffic analysis
Responsibilities of each organizational unit
Allocation of log-on Ids are controlled
All financial processing applications
Low maintenance cost
Tracing
Productivity
An important means of discouraging illegal acts.
relocating devices in the office is an expensive and difficult task
Coaxial cable
Application layer
A control chart
Control total
Range check
Statistical sampling capabilities
Code optimiser
Operational controls
highlights and identity of the sensitive security features
installing anti-virus software on all nodes
Page 298
Sheet1
distribution of output
Cold site
input subsystem
Coaxial cable
Maintenance
all of the above
Record locking
Knowingly, an IS Manager , approved a payment for his uncle s IS software firm for a job not done by them.
Audit trail records can be amended by the users.
Allow for cash withdrawal and cash deposits only
Rent or purchase
Configuration test
Compliance tests
a satellite line
Page 299
Sheet1
Only possess a knowledge of auditing

Multiplexor
Detailed organisation chart
Hot sites do not require that equipment and systems software to be compatible with the primary installation being backed
Faster delivery
Portability
time sharing
Data compression
Application control
Test metrics
Suggestive
high work factor
PIN entry at acquirer s premises
transmission cipher
Page 300
Sheet1
Use of individual passwords plus separate access passwords for customer data and product data
Maintenance
Skills and judgement that are commonly possessed by IS practitioners of that speciality.
IS personnel do not enjoy the as much power and clout in organizations as manual systems personnel do like the HR per
Maintenance
Decision table
Standardisation
Maintenance
Activate the fire extinguishing system.
Incremental model
Decision table
changing the cryptographic key has no implications for existing PINs
traffic analysis
the control objectives pose more problems for implementing
Operational controls
Changes in project scheduling
Obsolescence
Application control
Continuous training
Rent or purchase
Page 301
Sheet1

Suggestive
Portability
Range check
Test metrics
Compliance tests
Improvement done by the line management.
Authority to access and delete transaction data files
White noise
Maintenance
Incremental model
between related computer runs
Suggestive
Voltmeter
Resources
message integrity
the exposures associated with transmitting credit card PINs as clear text
Unique user ID, password and personal identification number (PIN)
Benefit-cost ratio
Testing phase
Input and Control
Inappropriate, because System Administrator has the capacity to run the system.
between related computer runs
Page 302
Sheet1

Audit hooks
Volume test
Check digit
Coaxial cable
Record locking
Distributed
Audit trail records can be amended by the users.
Used to design memory caches
User acceptance testing
Portability
Electronic spreadsheet packages are types of application software for microcomputers
Grade of Service
Access control
Optical fiber
Audit hooks
Review of console logs for attempted / illegal intrusion.
routers to strengthen data signals between distant computers
Have a proper and highly secured physical access control environment
Restart procedures
Penalty provisions
Page 303
Sheet1
User interface
Security mechanisms
Suggestive
Controlling file-transfer rights
The time and cost parameters for software projects are within schedule and comply with the estimated ones.
The iterative model
Faster delivery
Multiplexor
Legal requirements
Point-to-point network
Grade of Service
Regular back ups taken at periodical intervals
Suggestive
none of the above
Test metrics
Unit test, integration test, systems test, acceptance test
Maintenance
Detailed Testing
a satellite line
Compliance tests
Corrective control
Identify applications that could be processed at the alternate site and develop manual procedures for other applications.
Design fault
Page 304
Sheet1
physical security
Operating System
Rent or purchase
non-repudiation
Maintenance
Only the IS Auditor can determine whether the controls in the system are adequate
Indicates the action to be taken when a rules is satisfied.
Automated controls
Testing phase
Data bugs
End user interface
Coaxial cable
Appoint a qualified computer operator on a temporary basis.
User interface
availability
Portability
Link editor
ISP's network
Quality assurance review
separation of duties does not totally eliminate frauds in manual systems whereas computerized systems do not allow frau
Page 305
Sheet1
Multiplexor
Helping the user by reminding the user's password through the screen
Encrypting twice with the same key
Configuration test
use of a fake public key
message deletion
Security
Detailed Testing
Legal requirements
Internet trend analysis of the industry s performance.
redundancy control
input subsystem
high work factor
smaller protection domains are permitted
Range check
Security
Number of customer problems reported per user month
System performance
Record locking
Transport
Page 306
Sheet1

Maintenance
The iterative model
consider appropriate corrective actions so they can make recommendations to management
Terminal ID and password)
write time is minimised to avoid concurrency conflicts
To ensure that no statutory regulations are violated using networks.
X.12
Recovery
poor contacts
Configuration test
Quality assurance manager.
Standardisation
Portability
Exchange of traffic through the firewall at the application layer only
Maintenance
QA
Volume test
Page 307
Sheet1
Distributed
The latter tests for controls while the former tests for details
details of complete authentication steps and security procedures to allow access
Authority to access and delete transaction data files
Plan is circulated to all the Head of Departments
Productivity
Graphical-user interface (GUI) technology
Interviewing people at the site for the specific tasks performed by them.
Willful damage to IS hardware or software.
Application layer
Security mechanisms
QA
none of the above
Configuration test
Portability
Faster delivery
A control chart
Review of console logs for attempted / illegal intrusion.
Range check
Compliance tests
Test metrics
a procedural lapse
A index sequential
be in the top floor
Access control
Page 308
Sheet1

Suggestive
none of the above
Application layer
Conversion projects
Maintenance
showing much more details than a manual audit trail, if care is taken to build more controls into the system and print when
Field-size check
Rule-based policy
Exchange of traffic through the firewall at the application layer only
availability
message integrity
Application layer
Workload forecasting
a satellite line
Transport
Check digit
The right hardware
the efficiency with which it completes processes
getting concentrated at different location but becoming less valuable
on-line processing
Data compression
Grade of Service
an open environment
Page 309
Sheet1
Maintenance
transmission cipher
none of the above
Modems
Volume test
Conversion projects
Accept the statistical hypothesis that value is not materially misstated when the true value is not materially misstated)
Calculation verifications.
Walkthroughs
Assumptions
packets travel through the network depending upon channel availability
Digital signature.
error log
concentrator
A control chart
Contractual issues
balancing procedures through the system itself automatically
Restart procedures
Maintenance
data
Only one person should be responsible for correcting errors in any application system
Page 310
Sheet1

Rule-based policy
Ensure that run-to-run totals in application systems are consistent
Information hiding
Security mechanisms
user workstations
Privileges of the group inherited by the user
concentrator
Assumptions
System testing
Benefit-cost ratio
Detailed Testing
Coaxial cable
physical security
Computers systems handle large volume of data
Access control
none of the above
A data dictionary
Optical fiber
The information systems operational support
the earlier anti-virus software should be uninstalled.
Data errors
Productivity
Page 311
Sheet1

all of the above
Inheritance
Compliance tests
unauthorised access to data
Testing
Maintenance
Project staff skills
Portability
X.12
Test metrics
Accept the statistical hypothesis that value is not materially misstated when the true value is not materially misstated.
A index sequential
Page 312
Sheet1

Penalty provisions
redundancy control
an open environment
Access control
safeguarding the assets
the encrypted pre-hash code is derived mathematically from the message to be sent
ISDN LAN Bridges, fiber optics, and asynchronous transfer mode (ATM)
Chargeback system
a satellite line
Exercising direct control over computer operations.
safeguarding the assets
Suggestive
use of a fake public key
A sequence check
Maintenance
A index sequential
XW7_TU
Page 313
Sheet1

Designing quality into the interfaces
Data Librarian
cryptogenist
physical security
Willful damage to IS hardware or software.
Link editor
Access control
Configuration test
high work factor
The information systems operational support
Maintenance
System performance
Transport
Testing phase
The iterative model
machine room fires
Windows NT platform
Page 314
Sheet1

Reviewing management s response to the weaknesses in their formal report to the Board of Director s audit committee.
Data Diddling
Faster delivery
Audit hooks
Obsolescence
balancing procedures through the system itself automatically
Maintenance
input subsystem
Coaxial cable
physical security
Access control
availability
Product reliability
none of the above
X.12
Page 315
Sheet1
a satellite line
Compliance tests
Code optimiser
Data bugs
Field-size check
non-repudiation
Windows NT platform
Output distribution
Detailed Testing
System performance
Code optimiser
Data errors
Product reliability
require a periodic review of matching of user ID and passwords for detection and correction
call-back telephone facility
Page 316
Sheet1

Maintenance
Range check
Obsolescence
Faster delivery
Suggestive
Decision table
none of the above
Windows NT platform
X.12
Acceptance testing
A index sequential
a procedural lapse
Range check
the earlier anti-virus software should be uninstalled.
Mesh topology network
Data errors
Page 317
Sheet1

Modems
Faster delivery
Output distribution
Dedicated, self developed recovery site that can backup critical applications
The right hardware
Data compression
QA personnel are in the best position to decide whether quality improvement will result in better achievement of the organ
Link editor
Configuration test
Commitment
traffic analysis
Standardisation
Page 318
Sheet1

message deletion
none of the above
Audit hooks
ISP's network
Recovery
Chargeback system
Coaxial cable
XW7_TU
redundancy control
Grade of Service
Suggestive
message integrity
Coaxial cable
Walkthroughs
Testing
Test coverage
Page 319
Sheet1
Coaxial cable
Field-size check
System testing
Optimistic Time
Test metrics
Check digit
Corrective control
Operations controls
Restart procedures
Information hiding
Suggestive
Faster delivery
Data storage
A control chart
Acceptance testing
Accept the statistical hypothesis that value is not materially misstated when the true value is not materially misstated)
Page 320
Sheet1
Distributed
Output distribution
Check digit
user workstations
Productivity
Test metrics
Configuration test
Code optimiser
traffic analysis
Detailed Testing
links all communication channels to form a loop, and each link passes communications through its neighbour to the appro
Digital signature.
X.12
Range check
Page 321
Sheet1

Reviewing independently the transaction listing
Rent or purchase
Record locking
IS personnel do not enjoy the as much power and clout in organizations as manual systems personnel do like the HR per
All financial processing applications
Detailed Testing
Moving test versions into the production environment.
A sequence check
Privileges of the group inherited by the user
message integrity
Test metrics
Modems
Test metrics
Maintenance
Page 322
Sheet1

Record locking
Automated controls
White noise
Determine the degree to which substantive auditing may be limited.
Data Diddling
Test coverage
Coaxial cable
Controlling file-transfer rights
Volume test
Optimistic Time
Page 323
Sheet1

Chargeback system
Legal requirements
details of complete authentication steps and security procedures to allow access
Transport
Digital signature.
Maintenance
Decision table
X.12
Suggestive
Code optimiser
proper procedure for verification of User ID and passwords, ensuring authorisation and authentication before granting acc
Corrective control
Hot sites do not require that equipment and systems software to be compatible with the primary installation being backed
The iterative model
all of the above
be in the top floor
Suggestive
Audit hooks
Page 324
Sheet1
hosting the website as part of your organisation
access control software & procedures
Some countries will not allow transborder encryption of information
White noise
a procedural lapse
Benefit-cost ratio
Maintenance
Standardisation
Password controls are not administered over the client/server environment
Product reliability
Windows NT platform
X.12
Faster delivery
error log
Detection risk
With similar business activities
Page 325
Sheet1
Range check
Information hiding
Decision table
message deletion
Compliance tests
Periodically submitting auditor prepared test data to the same computer process and evaluating the results
High Level of IS expertise is essential.
Automated controls
Frequency of restoration of backups to test the backup tapes
traffic analysis
Unit test cases
Productivity
System testing
Assumptions
error log
Paralled simulation
Fourth-generation programming languages
The iterative model
Detailed Testing
Page 326
Sheet1

Audit hooks
a procedural lapse
Maintenance
Input/output errors
Detailed Testing
changing the cryptographic key has no implications for existing PINs
the encrypted pre-hash code is derived mathematically from the message to be sent
QA
Check digit
all of the above
Corrective control
Page 327
Sheet1

physical security
Range check
Obsolescence
Suggestive
A control chart
Contractual issues
Corrective control
Encrypting twice with the same key
Testing phase
Suggestive
Keeping a log of all batches and hash total reconciliation
Page 328
Sheet1

Walkthroughs
Input and Control
Frequent access code revalidation
physical security
Portability
machine room fires
availability
Rent or purchase
Link editor
error log
Modems
System testing
Multiplexor
on-line processing
Database administrator
A data dictionary
Voltmeter
Productivity
Page 329
Sheet1
Record locking
Physicals and logical access controls.
access control software & procedures
Identify applications that could be processed at the alternate site and develop manual procedures for other applications.
Maintenance
Link editor
Voltmeter
Rent or purchase
poor contacts
Maintenance
Check digit
Multiplexor
fancy and international names can be used
Benefit-cost ratio
Walkthroughs
an open environment
Testing
Suggestive
Decision table
Page 330
Sheet1
Commitment
Restart procedures
Maintenance
be in the top floor
on-line processing
Computers systems handle large volume of data
Operating System
non-repudiation
Test metrics
Legal requirements
Mesh topology network
The data being intercepted and disclosed to others without authorisation
Benefit-cost ratio
Tracing
Assumptions
Standardisation
QA
Page 331
Sheet1

Test metrics
White noise
Maintenance
Multiplexor
Using inappropriate tools
Penalty provisions
all of the above
data
an open environment
user workstations
Suggestive
none of the above
Productivity
Windows NT platform
none of the above
Conversion projects
Range check
Maintenance
Physicals and logical access controls.
Field-size check
Page 332
Sheet1
User interface
Audit hooks
Optical fiber
Link editor
Code optimiser
Utilisation details of hardware and software for reviewing functioning of the system.
It prevents repudiation by the sender
Walkthroughs
Penalty provisions
Maintenance
Maintenance
Coaxial cable
Decision table
System testing
Suggestive
Maintenance
Operating System
Transport
Frequency of restoration of backups to test the backup tapes
Assumptions
Rent or purchase
Page 333
Sheet1
routers to strengthen data signals between distant computers

System testing
Modems
The iterative model
error log
Maintenance
Optimistic Time
Data compression
Penalty provisions
Optical fiber
Access control
machine room fires
Diagnostic routines
Output distribution
Record locking
Maintenance
Coding follows implementation
The right hardware
Productivity
Page 334
Sheet1

a satellite line
an open environment
Inheritance
be in the top floor
Network traffic analyzers
customer over the authenticity of the hosting site
non-repudiation
ISP's network
packets travel through the network depending upon channel availability
Relay
Tracing
input subsystem
message integrity
QA
Voltmeter
Suggestive
non-repudiation
all of the above
Page 335
Sheet1
Tracing
Rent or purchase
data
The output could be cancelled before printing.
Page 336
Sheet1
Answers
B
C
B
A
A
B
D
C
A
C
C
D
B
D
B
A
D
C
D
A
B
A
B
C
C
A
B
D
B
A
C
A
D
B
C
B
D
D
D
D
C
C
B
D
D
A
C
B
A
A
A
C
C
B
A
Page 337
Sheet1
D
A
A
C
C
D
A
A
D
B
B
B
C
B
A
C
D
A
B
A
C
C
D
C
B
D
C
C
A
A
B
D
C
C
C
B
D
B
D
D
A
B
B
C
D
A
C
B
C
D
D
D
A
A
D
D
Page 338
Sheet1
C
A
B
C
D
C
B
C
D
D
A
B
C
A
C
D
A
C
C
A
D
C
D
A
B
A
C
C
C
B
D
C
A
A
B
D
B
C
D
D
B
D
B
A
C
D
A
D
D
D
B
A
C
D
C
C
Page 339
Sheet1
C
C
A
D
B
D
A
D
C
D
D
D
B
D
C
D
D
B
B
A
B
D
D
A
C
D
C
A
B
C
A
C
C
A
B
D
B
A
B
C
B
C
A
C
D
B
A
A
C
C
B
A
A
C
B
B
Page 340
Sheet1
A
C
D
C
D
A
D
C
B
B
C
D
B
D
B
B
D
D
D
D
B
A
B
D
D
C
C
A
C
C
B
C
D
A
A
B
B
C
C
B
C
C
A
B
C
D
C
D
A
B
A
A
D
B
C
C
Page 341
Sheet1
D
D
C
D
B
B
D
B
A
C
A
B
D
A
D
C
A
C
D
C
D
B
A
A
A
B
C
C
A
C
B
A
A
B
B
B
B
D
D
D
D
C
C
C
A
A
C
A
A
D
B
A
C
B
C
A
Page 342
Sheet1
A
A
D
A
A
A
B
B
C
C
D
B
C
B
C
A
A
B
C
D
D
A
B
B
C
A
D
B
C
B
C
D
C
B
D
A
D
D
C
D
A
C
D
B
C
C
A
D
C
A
C
B
D
D
C
D
Page 343
Sheet1
A
D
C
D
D
B
B
B
C
D
C
D
D
D
A
C
B
C
B
A
D
C
B
A
A
B
A
B
D
C
A
A
C
C
D
C
A
B
C
C
C
B
D
A
D
B
D
C
D
C
A
D
C
A
A
C
Page 344
Sheet1
B
D
B
C
C
C
C
D
D
D
D
D
B
D
B
A
C
A
D
D
C
D
A
C
B
B
A
D
C
B
C
C
C
B
B
C
C
B
C
C
B
A
D
D
C
D
A
D
A
D
A
C
D
D
B
D
Page 345
Sheet1
C
C
D
C
D
D
A
B
A
D
B
D
B
D
A
C
A
C
B
C
D
C
B
B
B
D
A
B
C
A
B
D
C
B
D
B
C
D
C
A
A
A
B
C
B
C
A
D
A
B
D
D
B
C
C
C
Page 346
Sheet1
B
C
C
C
C
C
D
C
D
D
B
A
C
B
D
A
B
C
C
D
B
C
B
A
D
A
B
C
B
B
A
B
B
D
D
C
B
D
B
C
C
A
A
C
C
C
B
A
B
B
C
C
B
D
D
C
Page 347
Sheet1
C
A
B
B
D
A
D
A
C
C
D
C
B
C
B
A
D
D
C
D
C
C
C
B
A
A
B
B
A
B
C
C
C
C
D
D
C
D
D
D
C
C
B
B
B
D
B
D
A
A
B
C
A
B
C
D
Page 348
Sheet1
A
C
D
C
D
D
B
C
D
C
C
C
B
C
A
C
B
B
C
C
A
C
D
C
C
C
D
B
D
B
B
A
A
D
C
B
C
A
B
C
B
D
A
B
C
A
D
C
C
B
B
C
B
C
B
C
Page 349
Sheet1
B
B
A
A
D
A
D
B
B
A
D
B
A
B
D
D
A
B
A
D
B
B
B
D
C
C
D
D
C
A
A
B
B
C
C
A
A
D
A
C
D
C
D
A
A
A
C
A
C
A
C
D
C
B
B
C
Page 350
Sheet1
C
C
C
D
C
D
A
C
B
C
B
B
B
C
D
D
A
A
A
C
D
D
D
B
B
B
B
D
A
D
D
D
D
A
C
C
B
A
D
D
B
A
B
A
C
B
C
C
D
D
C
C
D
C
B
A
Page 351
Sheet1
D
A
C
C
D
B
A
B
B
B
D
D
C
D
A
D
A
C
B
A
C
C
A
C
D
C
D
D
C
C
D
A
D
D
A
B
B
A
A
C
B
C
D
A
A
C
B
A
C
C
D
C
D
D
D
C
Page 352
Sheet1
B
D
B
C
B
B
B
C
A
D
C
D
D
D
A
D
B
B
D
B
A
C
A
B
C
C
D
A
D
D
D
B
D
D
D
A
A
B
B
D
A
D
B
D
D
C
D
D
B
A
C
B
C
C
D
D
Page 353
Sheet1
B
B
C
D
D
D
D
D
C
A
A
A
D
B
A
B
D
C
D
B
A
B
D
D
D
A
A
B
C
B
B
A
C
A
C
A
C
D
D
D
B
A
D
D
B
D
B
B
B
A
D
D
C
B
D
C
Page 354
Sheet1
A
A
B
A
A
A
A
A
C
D
C
B
B
A
D
D
C
B
C
B
D
C
C
D
D
C
D
B
A
C
A
C
D
C
D
D
D
B
C
D
A
A
A
B
A
D
B
A
D
A
A
B
B
B
A
A
Page 355
Sheet1
B
B
D
C
B
B
B
D
C
D
C
B
C
D
A
D
D
D
C
D
B
D
A
C
C
C
A
C
A
A
C
D
D
C
B
A
D
D
D
D
A
B
C
D
B
C
D
A
B
B
B
C
C
D
C
B
Page 356
Sheet1
C
D
D
D
C
B
B
C
C
C
D
D
C
B
C
C
C
A
B
C
B
A
C
A
A
C
B
C
C
C
D
D
C
C
B
D
C
B
C
C
B
B
B
D
C
C
D
D
B
D
B
B
B
B
A
A
Page 357
Sheet1
B
A
A
D
C
B
B
A
C
C
B
A
D
B
A
C
D
D
D
B
A
A
C
A
D
D
C
C
D
B
B
B
D
A
A
A
C
C
C
A
A
B
A
B
C
D
C
A
C
C
C
A
D
C
C
C
Page 358
Sheet1
C
A
B
C
B
A
A
A
D
D
A
D
C
C
C
D
D
C
C
D
A
B
C
D
D
B
D
D
D
C
C
B
B
A
B
C
D
D
C
D
A
A
C
B
C
D
D
C
D
A
B
D
A
A
D
D
Page 359
Sheet1
B
C
B
B
D
C
A
C
B
B
B
D
C
C
D
A
A
B
C
D
B
C
D
B
C
D
D
D
C
B
D
C
D
A
D
C
C
D
D
A
D
D
D
A
C
D
A
D
A
A
D
D
C
A
A
A
Page 360
Sheet1
D
A
D
D
C
D
C
C
B
D
B
A
B
B
D
A
D
C
C
C
D
A
D
D
C
C
C
B
A
C
A
B
C
B
D
D
C
A
A
B
D
A
A
C
D
B
C
A
A
C
D
B
A
A
B
C
Page 361
Sheet1
C
D
D
D
C
B
A
B
C
B
D
A
D
B
A
B
C
D
C
D
B
A
C
C
D
D
A
D
B
B
D
B
B
A
A
B
C
C
B
C
B
B
D
A
D
C
B
A
D
A
C
D
A
B
B
D
Page 362
Sheet1
D
D
C
B
C
A
B
C
A
B
D
D
D
B
B
D
A
A
B
C
C
A
A
C
A
A
C
C
C
D
D
A
D
C
B
A
D
C
C
B
D
D
B
C
C
D
C
C
D
A
C
A
D
A
B
C
Page 363
Sheet1
A
A
C
D
A
D
D
C
A
B
A
C
C
B
B
D
C
B
B
D
D
B
A
B
C
D
D
B
A
C
B
D
C
B
B
A
C
C
A
A
B
A
B
C
B
B
B
B
A
B
C
A
B
D
B
D
Page 364
Sheet1
A
A
C
D
B
C
D
B
D
C
D
C
C
D
C
D
B
A
D
D
C
B
D
B
C
D
D
A
A
A
A
D
D
D
A
B
A
B
A
D
C
A
B
A
C
A
A
C
D
D
D
C
C
B
A
B
Page 365
Sheet1
B
B
C
C
C
D
A
B
B
A
D
C
C
D
B
A
D
A
B
D
D
A
A
D
D
D
D
D
B
C
A
A
C
C
B
A
C
D
B
A
A
A
A
C
C
D
D
B
D
B
A
C
B
C
D
C
Page 366
Sheet1
C
C
B
C
C
D
C
C
A
C
C
C
D
B
C
C
D
C
C
A
B
C
C
C
B
B
D
B
A
C
C
C
C
C
D
B
A
B
B
A
D
B
D
B
D
A
C
B
D
A
D
D
B
C
C
A
Page 367
Sheet1
C
B
B
A
D
B
D
A
C
D
D
C
D
D
C
A
A
D
B
C
C
A
D
D
B
B
C
A
C
C
B
D
B
C
C
B
A
C
D
C
C
C
C
C
D
C
C
D
B
C
A
A
B
D
B
D
Page 368
Sheet1
B
A
A
C
C
C
D
B
D
C
D
A
B
B
A
B
B
B
D
B
C
D
C
D
D
A
A
D
C
A
D
C
C
A
C
B
C
C
D
A
A
A
C
A
B
C
C
C
D
D
B
A
A
A
C
D
Page 369
Sheet1
C
C
A
B
A
C
C
A
C
B
B
C
B
B
B
B
B
D
C
B
C
B
D
C
D
D
B
A
A
A
C
B
A
C
A
C
D
A
C
A
C
C
D
B
C
D
C
D
B
C
B
D
D
B
A
D
Page 370
Sheet1
A
C
C
D
D
C
C
B
B
C
A
C
D
B
B
C
D
D
D
D
B
C
C
D
D
C
D
B
D
B
C
D
D
C
B
C
D
A
C
A
A
A
A
A
D
C
C
C
A
C
C
D
C
C
A
C
Page 371
Sheet1
C
D
C
A
A
A
D
B
C
C
D
C
A
A
C
B
C
A
B
D
C
C
D
D
A
D
C
A
A
A
D
C
D
D
C
D
D
C
A
D
D
A
D
B
C
C
A
B
C
C
C
C
C
C
C
A
Page 372
Sheet1
B
C
D
C
D
D
C
B
D
A
B
B
A
D
D
D
D
B
D
D
A
A
C
B
D
A
A
B
A
B
B
B
C
D
C
C
C
C
A
B
B
A
D
A
C
C
C
D
D
D
C
D
B
C
C
A
Page 373
Sheet1
B
C
B
A
B
A
A
B
D
C
D
D
C
A
D
A
A
C
A
B
C
B
B
B
D
D
A
D
D
C
B
B
A
C
D
A
C
D
D
C
D
D
C
A
A
B
B
D
D
D
D
D
C
D
B
C
Page 374
Sheet1
B
D
B
D
A
C
C
D
D
C
C
D
D
D
B
D
C
D
C
C
B
B
A
A
C
D
A
A
D
D
D
C
C
C
A
D
A
A
D
B
A
D
D
C
C
B
C
A
D
C
A
B
D
A
B
D
Page 375
Sheet1
A
D
D
B
C
C
B
D
C
D
A
C
A
C
A
C
C
A
B
D
C
D
A
C
C
B
A
A
B
D
B
C
C
C
C
D
C
A
D
C
C
B
D
B
B
C
A
C
B
A
B
A
B
C
B
D
Page 376
Sheet1
C
D
D
D
A
A
C
D
A
D
D
A
D
C
C
D
C
C
A
D
D
B
D
D
D
C
A
B
D
D
C
A
B
B
B
D
C
D
C
D
C
D
A
D
A
A
C
B
C
C
C
C
D
A
C
B
Page 377
Sheet1
D
D
D
C
A
D
D
A
D
D
D
B
D
B
C
A
D
D
D
B
C
A
B
A
D
B
D
B
D
D
C
B
D
C
A
A
D
C
B
D
D
D
C
A
C
A
B
C
A
A
C
B
C
B
C
D
Page 378
Sheet1
C
C
B
B
A
B
C
D
A
C
D
C
B
A
B
B
C
C
C
B
C
A
C
C
C
C
A
D
D
C
D
C
C
A
D
D
C
A
D
C
A
C
B
C
D
C
D
D
B
D
D
A
C
B
A
A
Page 379
Sheet1
D
B
C
D
D
D
A
A
A
D
B
B
B
A
D
A
D
D
A
B
B
D
B
A
C
C
B
C
B
C
C
A
D
D
C
B
C
C
C
C
B
D
A
C
C
B
D
B
C
B
D
B
B
D
C
A
Page 380
Sheet1
C
A
A
C
A
B
C
A
D
C
C
D
D
C
B
C
B
A
A
C
A
D
C
D
D
B
D
C
D
C
A
A
B
D
D
C
D
D
C
B
C
A
A
D
B
D
C
C
C
D
B
D
D
B
C
C
Page 381
Sheet1
B
C
C
D
B
D
B
C
C
C
B
A
A
D
D
A
A
C
C
B
D
C
B
D
B
A
C
A
B
C
D
B
C
B
A
D
C
D
D
A
D
A
D
B
A
A
D
C
D
D
D
D
C
B
D
C
Page 382
Sheet1
C
A
A
D
C
D
D
A
B
A
D
A
D
C
C
C
C
A
A
C
C
B
C
D
C
D
C
B
A
D
C
C
C
A
B
C
D
C
C
C
D
C
B
A
A
B
B
A
C
B
A
D
D
A
C
A
Page 383
Sheet1
C
B
D
C
A
D
A
C
B
A
D
D
A
A
A
B
C
A
D
C
D
B
C
D
C
D
C
A
B
D
A
A
D
B
C
B
D
B
D
D
C
B
D
C
C
A
B
D
D
A
C
B
B
D
D
B
Page 384
Sheet1
D
C
D
C
C
C
D
D
C
B
D
C
C
D
C
D
D
B
B
B
B
A
A
D
C
B
C
D
C
B
C
B
C
C
B
D
D
D
B
C
C
A
D
D
D
D
D
B
C
C
B
C
C
B
B
C
Page 385
Sheet1
A
D
C
C
B
D
D
A
D
C
D
D
B
C
A
B
D
C
C
A
A
B
C
B
A
D
C
C
D
B
C
D
C
A
A
C
B
A
C
D
A
A
C
C
C
C
C
A
A
D
A
B
C
A
A
A
Page 386
Sheet1
B
A
D
D
A
C
D
A
D
A
A
C
B
C
B
B
C
B
C
C
D
D
D
A
A
B
A
D
B
A
D
C
D
D
A
A
A
D
D
D
D
C
C
D
B
B
D
C
D
D
A
C
A
C
C
A
Page 387
Sheet1
B
C
C
B
A
D
D
A
D
D
C
B
A
B
A
A
A
A
B
D
C
C
D
C
C
C
A
C
A
C
B
D
C
C
A
A
B
C
C
A
A
C
C
C
D
C
B
C
C
A
D
D
B
B
C
D
Page 388
Sheet1
A
B
A
B
A
B
B
D
C
D
B
D
A
B
A
C
C
C
C
C
C
C
D
A
A
C
C
C
D
C
C
B
C
C
C
A
A
D
C
C
D
D
B
C
C
B
A
B
D
D
D
B
D
D
B
B
Page 389
Sheet1
C
B
C
C
A
C
D
B
A
D
C
A
A
D
B
C
C
A
A
C
D
C
A
A
D
D
B
D
D
B
C
A
C
B
C
A
C
A
C
C
D
D
B
A
A
A
C
D
D
C
A
C
B
B
C
A
Page 390
Sheet1
B
A
B
D
C
C
C
B
B
B
D
A
A
C
D
C
C
D
C
D
C
D
C
B
B
B
C
B
C
A
D
B
A
B
C
D
D
C
A
A
B
B
A
D
C
C
D
D
B
B
A
C
B
D
B
D
Page 391
Sheet1
B
C
C
C
A
B
D
D
D
D
C
Page 392

Prince Convertedcomplete

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Prince Convertedcomplete

Загружено:

Авторское право:

Доступные форматы

Sheet1

Which of the following is a responsibility of computer operations department?

The advantage of an ISO 9001 quality system implementation is:

Which type of cipher has the highest work factor?

To conduct a System audit the IS auditor should:

Which of the following statement is FALSE for Equipment mean-time-between-failure (MTBF)?

The comment which is NOT true regarding ISO 9000 is

Which of the following is NOT included in the digital certficate:

Which phase of SDLC uses Data Flow Diagram?

A Systems Analyst s duties and roles comprises of:

Which of the following is not a function of the control section:

The IS Control Group is NOT responsible for performing

The application run manual would normally comprise of :

Which of the following electronic commerce systems handle non-monetary documents?

The objective of compliance testing is to find :

The internet is made up of a series of networks that include

A normally expected outcome of a business process re-engineering is that:

A function NOT possible of being accomplished using CAATs is :

There is a delay of more than 36 months in application development.

an alternative source of power

In sharing of resources, ownership is difficult to be established.

the success of a BPR.

analysing system degradation

Multiple users use data concurrently

Duplicate processing of transactions

formulating the data classification methodology

entry via phone

Documentation of activities is the main focus of the standard.

The private key of the sender

Scheduling of computer resources.

use of security guards can be dispensed with

tape header should be manually logged and checked by the operators

receiver's private key

dispatching input to the computer room

higher cost per transaction

Logging of data input

Such access authority is appropriate, if they are logged completely.

Ease to use compared with other systems.

Develop a shareware application

Whether statutory regulations are complied with.

parallel simulation technique

bridges to direct messages through the optimum data path

Information technologies will remain unaltered.

System maintenance constitutes about 65% of the programming costs.

a dedicated power generator

In the rapid development of technology, the duties change very frequently.

Recompile infected programs from source code backups.

Data are shared by passing files between programs or systems

Human-computer interaction guidelines

blocking a card if it is not used for a period of 3 months

LAN Server Overload

supervision of data entry

Use of a Accounts Receivable Section password

PIN entry at the issuer's premises

Quality compliance requirement sets are defined in ISO 9000.

Testing and evaluating programmer and optimisation tools.

The rate at which computer technology is expected to advance

physical access to back up storage devices can be restricted effectively

sender's private key

altering source data to correct input errors

unauthorised access and activity

Review and scrutiny of error listing.

Master file lookup

User friendly features built in.