1). In conducting an audit of the contingency plan, the auditor will seek evidence of all of the following except: (a) The adequacy of the plan (b) The effectiveness of the implementation of the plan (c) The input of Audit in developing the plan (d) The existence of an mechanism for keeping the plan up to date and relevant (e) None of the above 2) In satisfying himself that the contingency plan will be kept up to date and appropriate, the auditor will typically ensure all of the following except: (a) The master plan is kept secure (b) Executive management is involved in the maintenance of the plan (c) Distributed copies of kept up to date and secure (d) The responsibility for planned maintenance has been properly assigned (e) None of the above 3) Fraud within e-commerce may involve: (a) Invalid contracts (b) Suppliers not being paid for goods and services delivered (c) Agencies not receiving services/goods already paid for (d) All of the above (e) A and B only ACCT 433 SECTION 6980 AUDIT AND CONTROL OF INFORMATION TECHNOLOGY-EXAM 2 SPRING 2013 INSTRUCTOR: MR. STEVEN ULMER 4) In examining the account policy, the auditor would normally seek to determine all of the following except: (a) Does the system allow unlimited attempts (b) Does the network administrator monitor network capacity (c) Is there lock out after a certain number of bad attempts and is the number reasonable? (d) Is the lockout duration set to a time period (e) None of the above 5) For e-commerce to be successful, information must be available to other participants in the trading community. This can put information at risk including all of the following except: (a) Cost structures (b) Individuals? private information (c) Information on discounts offered (d) Products and services available (e) None of the above 6) Which of following is not considered to be a weakness of COBIT V4.1? (a) It is covers a full range of IT activities (b) It is time consuming to implement the entire framework (c) It does not contain best practices (d) There is limited guidance on how to implement (e) None of the above 7) Implementation of EDI requires all of the following except: (a) A standard format of a common language used between trading partners (b) Message authentication and encryption for high risk transactions (c) Translation software performing file conversions to and from standard formats (d) A data communication link (e) None of the above 8) Failure of successful prosecution can be as a result of any of the following except: (a) Evidence which is not legally gathered (b) Evidence extracted from the computer system using a file backup (c) Evidence where the chain of custody has not been correctly maintained (d) Evidence which is inconclusive (e) All of the above ACCT 433 SECTION 6980 AUDIT AND CONTROL OF INFORMATION TECHNOLOGY-EXAM 2 SPRING 2013 INSTRUCTOR: MR. STEVEN ULMER 9) Which of the following is not a factor in deciding to use CAATs? (a) Computer knowledge of the IT auditor (b) Time constraints (c) Integrity of the data in the information system being audited (d) Audit risk (e) None of the above 10) In terms of risk management, risks are usually divided into: (a) Those risks that are appropriate to control (b) Those risks that cannot be avoided and must be accepted (c) Those risks which remain unacceptable and can be transferred to third-party (d) All of the above (e) A and C only TRUE/FALSE (1 point each) 11) The Trust Services Principles are not applicable to e-commerce. 12) Transactions that lack documentation are a potential red flag for fraud 13) One of the most common obstacles preventing organizations from obtaining business continuity readiness is neglect. 14) Auditing standards require that the business continuity plan be tested at least twice a year 15) An important step in a fraud investigation is to make an image backup. 16) E-commerce risks are the same for all industries 17) A Unix password can?t be compromised by a dictionary attack. 18) The FAT filing system can?t be used on a PC running Vista. 19) SAS 70 is not the most current auditing standard dealing with service organizations. 20) The Board of Directors is responsible for establishing and maintaining an effective internal control system. 21) Pre-judging results is a risk of using generalized audit software 22) An ITF involves entering dummy transactions into a production system. ACCT 433 SECTION 6980 AUDIT AND CONTROL OF INFORMATION TECHNOLOGY-EXAM 2 SPRING 2013 INSTRUCTOR: MR. STEVEN ULMER 23) The audit process is a series of discrete and sequential steps. 24) Polices are not a trust services principle and criteria. 25) E-commerce and EDI are the same thing. 26) Protecting social security numbers falls under the trust services principle of confidentiality 27) Cookies are a type of Internet tracking tool 28) One reason for partitioning a hard drive is to run multiple operating systems 29) Continuous assurance requires a higher degree of reliance on an auditee?s information systems than traditional auditing. 30) A review of audit trails is generally not required in an e-commerce audit.
Paper#6633 | Written in 18-Jul-2015Price : $25