Ais Final Exam Study

1. Which of the following functions should be separated from the others if segregation of duties cannot be achieved in an automated system? B. Authorization 2. If separation of duties cannot be achieved, which of the following is an acceptable alternative? A. Compensating controls 3. Segregation of duties may not be practical in a small environment. A single employee may be performing the combined functions of server operator and application programmer. The IS auditor should recommend controls for which of the following? C. Procedure to verify that only approved program changes are implemented 4. Which of the following is the best example of mandatory controls? D. Government regulations 5. What is the objective of incident response? A. Ensure that the problem is reviewed by appropriate personnel using an established procedure to protect evidence 6. An IS auditor is auditing the controls related to employee termination. Which of the following is the most important aspect to be reviewed? B. All login accounts of the employee are terminated 7. Which of the following is not true concerning the process of terminating personnel?

C. The employee must be allowed to copy any personal files from their computer 8. Which of the following is a governance problem that may occur when projects are funded under the “sponsor pays” method? C. The sponsor may not implement the proper controls 9. Which of the following is not true concerning mandatory access controls?

A. Someone in authority determines what is acceptable 10. Which type of charge-back scheme is notorious for violating separation of duties or for attempting to exceed authority? A. Sponsor pays 11. Why is change control considered a governance issue A. It forces separation of duties to ensure that at least two people agree with the decision 12. Which of the following is not considered a control failure? C. Testing to discover how many policy violations have occurred 13. Which of the following is likely to be the most...