Jim the idiot

One of the many things we should thank God most for in this life is His amazing grace. His grace saves us from despair and ruin, it grows within us as we learn more about Him and it sustains as we go through life and Into eternity. While the Lords forgiveness shows in a variety of ways, I believe His saving, growing and sustaining grace are the three most significant demonstrations of His mercy.God willingly chose to give up his life In Heaven so that He could come down on this sinful Earth In unman form before dying a horrible death on the cross to save all those who love Him. Helping not only as a redeeming factor in our lives but in also making us acceptable to Him, God uses His saving grace to wash away our sins. God lets us know that He always has us in His hands, protecting us from harm.Without our Saviors endless compassion and mercy we would have no chance of surviving this life and spending eternity In Heaven with Him would be impossible. As we acquire more knowledge about G od, the more His grace expands in every aspect of our lives. However, in order for His grace to grow and for Him to become a bigger part in our ivies we need to humble ourselves and accept Him as our one and 11 only Lord. If we truly want to see how much mercy He has for us, we have to have a deep interest in acquiring more knowledge about God and His works.When we grow with Christ we'll experience greater Joy In the smaller, simpler things In this life as God will make Himself more apparent in them. Sustaining grace holds as God's answer to the painful circumstances in life that we go through. We need to remember that no matter what God will always love us and that He has infinite amounts of love and mercy for His children. Whatever we are owing through, God will stand 100% behind us and will always get us out safely. Even If we do not see It, His grace dwells with us forever. No temptation has overtaken you that Is not common to man. God is faithful, and He will not let you be tem pted beyond your ability, but with the temptation He will also provide the way of escape, that you may be able to endure it. † 1 Corinthians 10:13 ultimately, there are many ways in which God shows us His amazing grace in our lives, and if we pay attention to the work He does around us we will definitely see throughout eternity. God's grace truly amazes me.

Farewell: Friendship and Various School Activities Essay

We have gathered here today to bid farewell to the students of standard 10th. I am indeed honored to be given this opportunity to represent the students of standard 9th. Just when we start to get comfortable with a person, something comes to alter the recipe. In this context, I would like to mention that for the past few months, the students of standards 9th and 10th have indeed worked very closely together to organize various school activities which have helped us forge close ties of friendship. And now, before we know, its time to say ‘Adieu’. The Bible says â€Å"To everything there is a reason and a time to every purpose under heaven† You all have waited for this moment all your lives, the moment when you leave your childhood behind and step into the real competitive world to forge your own paths in life. We have counted down the years, the months, the hours, minutes and seconds, and finally, that moment has arrived. Most of you all will miss the very heart of your experience as a student; your friends and your teachers. Although all may be separated by time and distance in the interim, nothing will diminish the important role that you have and always will play in our lives. We wish you happy adventures, fantastic new friendships, amazing experiences and the journey of a lifetime. Richard Bach says, â€Å"Can miles truly separate you from friends and loved ones? If you want to be with someone†¦ aren’t you already there?† May the road rise up to meet you, May the wind be ever at your back. May the sun shine warm upon your face and the rain fall softly on your fields. And until we meet again, may God hold you in the hollow of his hand.

Career Path for Acounting Essay Example for Free

Career Path for Acounting Essay It is always so hard to give the exact number of people who have majored in accounting, but one thing that I know is that the demography is very wide and large. This is because they have different reasons for majoring in this career path. The most common reason to all people is because accounting is a marketable career and they merely want to find a job. The number of people majoring in this field is growing immensely and the most important thing is to consider the main reason of joining this profession. Some people will claim that when they were in high school, this was their best subject and they loved it and so they will need to major in it. I believe the best reason for majoring in accounting is because it has wide varieties of career path that one can major in. People should understand that this field is not all about debits and credits. It is more of a communicating language in the world of business and this is why many chief executive officers hold a degree in this field. In the day today life it is usually one of the most common undergraduate degree programs. The most important thing is to make certain that all of the people who are in this profession understand business and that is why many people who have ventured in accounting always have considerations for such posts. The most interesting part of this career choice is that most of the time the people who venture into it will always have the best job positions waiting for them because many people always have a notion that it is a difficult discipline. The employment opportunities are abounding for the graduates majoring in accounting. The government figures shows that at least 1.2 million of jobs are held by accountants every year. According to the Feldmann, 2009 and also the survey done by the Institute of Certified Public Accountants (AICPA, 2000) the graduates are declining but after revisiting their research in the year 2005, it reflected an increase in number of the accountant graduates. This has become a relief to many accounting recruiters. According to the 2007 Employment dynamics and growth expectations (EDGE) 57% of the hiring managers have a difficulty when hiring qualified staff. This call for a necessity of accounting graduates, which fortunately is increasing day after the other as the business enterprises increase. After attaining a degree in this sector, most of the students always opt to become public accountants as the first career choice. The choice of either taking job as a private accountant depended on the fact that they had to make choices among the salary values offered to them. None of them like to work in the non profit organizations. They also venture to work in a CPA company because this will give them an opportunity to venture in areas that they want to experience especially in the write up sector and auditing. This will offer them the necessary experience and that is one of the things that have invigorated so many students in venturing in the public sector option. One may also opt to venture in the private sector which is immensely lucrative. Some of the student will always like to work for the company which is rising up in this sector, but this will be determined by the level of research one is willing to do. This will give them a chance to grow and nurture their career paths in different sectors. I would advise the graduates to incline towards the public sector especially the government and non profitable sector which will provide them with the best job security even if the salary is low. There are several things that an accountant can do after they have completed their undergraduate degree. One can choose to specialize in different areas of this field, but most of all have the kind of skills that can enable them in doing so. One of the areas that is very common for people who have done accounting. Auditing is one of the areas that one can venture in. It is one of the basic areas that people have chosen to build their careers in. This kind of job involves checking of ledgers and financial statements for an organization so as to determine if they are making losses and are they spending the cash that has been allocated to them accordingly. In the era that we are in today, the work of this nature has been automated and mostly they just need to key in the values accordingly and they are going to get the right kind of statement. They ensure that the values that are presented are for the financial year contains the right values. Accounting career paths are very varied and this is why many a times one has to consider the path that they want take. Many people after they have cleared school do not have an impression where to flinch their careers but the many options have in these career paths that can be taken. Book keeping is another thing that they can do. These are the people who keep records of invoices, payments and other revenue coming for a company or an individual. In many cases they will always want to venture in this area accordingly. Another area, which they would venture in is becoming general accountants. This is almost the same to a book keeper, but they make accruals and the necessary adjustments in the accounting records. In the large organizations, they are usually placed in departments like human resources department dealing with the payment of the staff. Another area is when one becomes a controller. These are the people who are responsible for the accounting department. They usually work in the public sector but also venture in the private sector and they are usually in charge of cash flow for the organization. For one to reach to such a position, one must work and put a lot of determination in the work that they do. The other job, which is available for them is becoming a forensic accountant. These are the people who work with the government or the persons who are accountable for auditing and investigating crimes which are related to accounting frauds and other related things. These people should ensure that they posses some level of law knowledge because this will assist them in identifying areas which have been altered and assist in prosecution of the culprits. A budget analyst is another thing that they can do. This is because they are able to interpret many things, which are recorded in the budget. This is a very crucial and involving work because they are the people who are responsible in the making of financial plans for businesses and other organizations especially the government agencies and other non profitable organizations. The professionals who have taken up these works can take up these jobs in both the private and the public sectors. The people who take these kinds of jobs should be very innovative when it comes to the negotiation process and that is why they should have good personal and interpersonal skills. Financial accounting is another sector that one can venture in. These are the persons who are accountable for the preparation of financial statements of the available businesses or any enterprise. These are the persons who are used to make decisions when there is a merger which is going to take place in any company. This is because these people Are gifted to study the fiscal statements of the two companies and determine if there is a need for merger and if one of the companies is taking advantage of the other or not. They are also responsible for forecasting to determine the returns that will be experienced by the companies when they merge. It is important to make sure that these people are responsible for the financial and accounting processes. Management accounting is a very busy position in any organization. This is why many people are able to have the kind of decisions that are deterministic in the process of capital budgeting and the area of analysis of contracts. Control on businesses on the expenses and the cost analysis is done by these people. They usually make sure that they work in close contact with the people responsible for the marketing sector since they assist in a big way when it comes to the making decisions which are good for the welfare of the company. Taxation is another area which they can take up. This is for persons who would like to become tax accountants. These are the people who work for both companies and individuals. They usually prepare statements which either for a corporation of personal income. It is a boost for the individual who is doing this kind of work to have good knowledge background of the necessary kind of economics which is being used by these people. Accountants are also responsible for advising individuals when it comes to venturing in different kinds of businesses. This is because they are the people who have the knowhow on the issues that are present and current in the business world. It is very good to ensure that the people who need services can be given independent and privately. Budgeting and other issues, which are associated with the business are given and offered to the people accordingly. This is very usual for the companies which need a lot of desecrate business especially those that are being faces with of competition. They need individuals who are trustworthy and can be able to keep a secret and the customer’s information private. Some individuals have also opted to continue with their studies even after becoming qualified accountants. They continue for MS to become licensed, Certified Public Accountants. This is a person who is approved by the state to finance financial information in the public companies to give accurate results. These are the individuals qualified to start their own auditing firms if they do not a favouring or well paying job opportunity (Felix 2010, 56). Thus the study found it advisable for the accountant graduates to continue to this level for better and higher chances of employment opportunities and also private or self employment enterprises. The study realized various career choices coincide with the accountant career path. Though the rate of accountant graduate seems to increase year after the other, the job opportunities are also increasing since many people are venturing to businesses which requires accountants to deal with the financial analysis. Each and every sector starting with the individual enterprises, the public, private and nongovernmental organizations cannot be successful without the accountants. These are important personnel since every business is after making profits and thus accounting careers like the auditing department are important to examine whether the business profitable or not. The private and public sectors also requires accountant staffs that are qualified to analyze their financial status and thus, realizing on the areas that needs improvement. Some students lack the opportunity of joining any of the discussed careers especially because of some issues like corruption and high competition. Nevertheless such students are not supposed to be frustrated but to come up with other activities that utilize their qualifications. A number of graduates who have lacked a position in the public, private, or the non profit organizations have started their own auditing firms. They run their own business as private auditors and are employed casually by these organizations. Other graduates have set their small microfinance businesses. These are industries which are growing at a high rate. For the qualified accountants their operations are easy and beneficial. These enterprises have become common in the rural areas and in areas with small scale business. Some of the accountants are joining hands to operate such businesses as partners. Some of these enterprises have grown to become Sacco’s and eventually banks. continue for MS to become licensed, Certified Public Accountants. This is an individual who is licensed by the state to finance financial information in the public companie s to give accurate results. These are the individuals qualified to start their own auditing firms if they do not a favouring or well paying job opportunity (Felix 2010, 56). Thus the study found it advisable for the accountant graduates to continue to this level for better and higher chances of employment opportunities and also private or self employment enterprises. For people who have advanced in these areas and actually had the best payment package compared to having a degree alone. This is why I would advice many people to make sure that they have taken the issue of taking CPA in an extra way to be able to make more money and have better jobs. Many people who have licences and certifications are able to have the best things in the career paths toward getting the best jobs possible. Every qualified accountant expects a salary that is higher than for any other undergraduate from a number of business schools. There is also an expectation of initiation into an exclusive professional club of the practicing accountants. This is a symbolic status that makes one feel to have an important and recognized rank in the society. Unfortunately these expectations are rarely met in the current society. Quite a number of students have joined the account career. This is making this field to have more than the required participants. In other words the supply is overtaking the demand. With high expectations of having a unique status, what happens when one fails to achieve this goal? One is also interested with the queries like where an accountant career path can lead one to or if there are there other industrial areas related to accountant career that such a graduate could get involved to utilize his knowledge. For students who are clearing from the universities i would advise that one who is trying to learn about a good accounting career path should have a wide variety of choices especially if he has a degree in accounting. One’s initial selection depends on the feeling about a primary direction that he believes is of interest to him. There are various general areas where one can choose to work in for instance private, public, government linked, or the non profit making organizations. For newer graduates, it is advisable to work with a CPA firm since it gives an opportunity to examine a number of industries and experience of both the audit and write up functions. One may also decide to join a private sector which is more beneficial, nevertheless it is advisable to first investigate on any industry that lies as a choice and go for the one that is fast growing. This gives an opportunity for expansion of ones career and thus wider rooms for advancement. Where one is inclined in a public service or a career in a government or non profit making organizations, one gets a good chance of exploring in various issues and can easily make changes which are beneficial to a the whole society or even the nation. All the government offices, in all departments, require accountant personnel that are talented. These offices include the FDIC, IRS, Comptroller of the currency, General services administration, military branches departments, health ministries, environmental ministries, to mention but a few. Any accounting working area, be it in government, public, or private sectors, will always lead to an interesting financial rewarding and beneficial careers. Though some of these careers overlap they vary in focus and lead to a challenging, professional life. In conclusion I would say that Accounting is a career that moulds accountants; these are persons that are responsible in the provision of data that is mainly required to make an assessment on the future and current economic activities. Accountants performs various duties, which include planning tax strategy, calculating the computing cost, preparation of financial statements, developing information technology, measuring financial performance, to mention but a few. This suggests that there are various and different accounting career paths which are beneficial in one way or another and can fit different people. Though some of them overlap, each of them has a specific focus. For successful career people should be able to do the best that they can do to advance this sector. Many technological advances have been made to ensure that these people who take up this course are able to save time and actually do their work better too. Career Path for Acounting. (2016, Dec 24).

Safety and Security in Health Care Assignment Example | Topics and Well Written Essays - 1000 words

Safety and Security in Health Care - Assignment Example The employee health department plays the role of protecting the employees from succumbing to diseases that may be transmitted by medical practitioners. Protection is done through immunizations. The department ensures that all the health of employees is safeguarded through reduction of malingering by workers as well as numerous reimbursement claims. Â  Facility safety committees are primarily set up to shield employees from injuries that may result from accidents. The committee has the role of ensuring that the right steps towards disaster management are properly followed for purposes of saving a life. Kavaler and Spiegel (2003) argue that safety committees have the responsibility of conducting mass education on disaster. Â  I operate with The Federal Physician Data Center that highlights on the vices that take place in health facilities. I own the state license that allows me right of entry for other licenses in my state. From my regulatory agency, I am able to understand the actions to be taken against nurses upon misconduct. Â  According to Kavaler and Spiegel (2003), national tracking agencies agree on the extent to which a healthcare practitioner can intermingle with the patients. These agencies also define the actions to be undertaken just in case the rules and regulations of the agency are not adhered to. National tracking agencies ensure that all structures required to execute the standards of the agency are held fast. Â  Physician peer review has the ability to withdraw any form of punishment that may be imposed on a physician in relation to his or her conduct. Peer review has the mandate of denying any form of invalidation of a physician’s license to operate. They also protect the physicians from possible lawsuits as a result of their conduct. Â  

Cooperation against global warming Essay Example | Topics and Well Written Essays - 1000 words

Cooperation against global warming - Essay Example According to Stella, the rise in greenhouse gas emission over the past 50 years serves as a major factor in the modern day global warming. Even if the excessive carbon dioxide emissions were controlled, the climatic changes would still take place for many years to come, leading to a drastic shortage of water for more than 5 billion people. It is further forecasted by the Intergovernmental Panel on Climate Change (IPCC) that Northern Europe would experience increased flooding by 2025 owing to global warming. Scientists and environmentalists have come up with a range of solutions from decreasing the use of fossil fuels to incentives for using refined forms of energy. These measures are believed to be sufficient to make a real and positive impact on climatic change. Proposed in 1997, Kyoto Protocol focuses on reducing greenhouse gas emissions and halting the climatic changes. Kyoto Protocol declares the developed countries as the world's greatest polluters. It aims at reducing greenhouse gas emissions by 5 % of the 1990s levels over the period of 2008-2012. Though the Protocol has been ratified by many developed industrial nations, there are others who have been resistant towards signing it. Such nations argue that it is unfair to exempt the developing countries from the Protocol. Businesses, scientists and politicians of developed countries also give the following reasons for not signing the Protocol: 1. Doubt about the effect of carbon dioxide emission on global warming 2. Concerns about the negative effect of the Protocol on their own economies 3. Rejection of the need for an imposed reduction in carbon dioxide emission Developed countries versus Developing countries Many critiques of the Kyoto Protocol declare that global warming is a global problem which requires the developing countries to participate just as much as the developed countries. Stella acknowledges the fact that both developed as well as developing countries have a role to play in curbing the carbon dioxide emission. However, she argues that the developed countries have a greater obligation to address this issue for the reason that they contributed most towards it. As Stella writes in her article, "However, for developing countries, the argument that they should be subject to exactly the same restrictions as developed countries does not carry weight. After watching developed countries build their wealth and power on extensive use of fossil fuels this appears to be a case of 'do what I say, not what I do".2 Factors discouraging the Developed Countries Stella makes note of the following factors which discourage the developed countries from signing the Kyoto Protocol: 1. Reluctance to offend giant fossil fuel companies which contribute largely to the economies of the developed countries 2. Large scale unemployment if these giant fossil fuel companies are forced to shut down 3. Fear of giving a competitive advantage to emerging economies such as China and Korea as they would not be subject to the terms of the Protocol Developing countries' Roles Stella further states that some developing count

PCR pratical Write-up Journal style.(VIROLOGY) Lab Report

PCR pratical Write-up Journal style.(VIROLOGY) - Lab Report Example However, no viral DNA was detected in MRC5 cell line. In conclusion, PCR is an effective tool for the detection of viral genome in infected host cells. Conventional laboratory methods of identifying disease-causing pathogens often involve morphological characterization and antigen detection (Lee et al., 2009; Nitzan et al., 2009; Cicek et al., 2007). However, the traditional morphological examination which relies heavily on culture techniques, presents a serious laggard, on top of contamination problems (Candrian 1995). The emergence of molecular diagnostic tools have circumvented and altered the limitations brought about by the conventional diagnostic techniques (Lion et al., 2006). Specifically, genome-based techniques are increasingly becoming popular due to their high specificity and sensitivity. One tool that has revolutionized the field of clinical diagnostics is polymerase chain reaction (PCR), an enzymatic procedure which amplifies a specific fragment of DNA or RNA (Lion et al., 2006). Since PCR makes use of nucleic acids to detect the presence of organisms, it is extremely useful in the identification of notoriously difficult-to-detect pathogens like viruses. It has been established that human papilloma virus (HPV) infection is a necessary precursor for the onset of cervical cancer (Stanley 2010). In fact, approximately 90% of cervical cancer cases can be accounted for by HPV types 16 and 18. Since HPV infection is very common with a lifetime risk of infection of 50-80%, its accurate diagnosis is very crucial (Stanley 2010). . The purpose of this experiment is to detect the presence of viral genome using polymerase chain reaction. Specifically, the experiment seeks to compare the genomic DNA extracted from HeLa cells, a cervical cancer cell line and MRC5 cells derived from a 14-week old fetal lung tissue in order to confirm that HeLa cells contain human papilloma virus (HPV) 18 DNA. The HeLa

Not Finishing Well Essay Example | Topics and Well Written Essays - 500 words

Not Finishing Well - Essay Example We accept warfare or conflict as a normal part of life. The Divine Teachers want us to free ourselves from this condition by not looking backward but instead, by looking ahead. In Christian spirit, one sees that the most essential discipline is the nearness with Christ. Nearness implies the fidelity in carrying the teachings of Christ and applying them to one's daily life. This gives a person some plans or purpose in life. It is incumbent upon the followers of Christ to promote amity or harmony among the believers. They should enlighten and educate children to instill a growing hope. Ignoring this call is like a journey back, a failure. In his article Longevity with Distinction and Dignity-Finishing Well, Pastor Eugene Harder echoes that "Jesus died to remove the curse that prevented people from finishing well." We are reaching a new era in the history of mankind. And springtime is knocking at the door. For our brief sojourn on this life-giving planet, we could say that even though we did not start well, we could indeed find time to finish well.

Evidence-Based Practices Essay Example | Topics and Well Written Essays - 1000 words

Evidence-Based Practices - Essay Example The Role of Nurses in Research and EBP: Nurses are the frontline soldiers who meet with patients, conduct assessment reports, and they must research the best health solution applicable to each patient. Nurses, as actual practitioners, are also the best ones to conduct research studies, based on trends they may be seeing in their practices (Melnyk & Fineout-Overholt 2011). Deductions can be made through the research involved in determining solutions, taking accurate records of treatment results, using clinical reasoning throughout the process, and providing outcome treatment results for either supporting current practices or providing a case for the need to change a current process. EBP Models Used in Hospitals/Clinics/Organizations: The model diagram below shows the typical process used in hospitals, clinics, and organizations on how medical practices use EBP as part of the common practice process for providing the best healthcare possible.  The Institute of Medicine’s Roundtable on Evidence-Based Medicine (IMREBM) addresses healthcare processes within a clinical setting to achieve best results in providing medical solutions. The group is made up of senior leadership from healthcare professionals, policymakers, researchers, third-party payers and patients (Melnyk & Fineout-Overholt 2011). The emphasis is placed on efficiency in providing EBP in a timely manner, generating more evidence in supporting the most effective and valued healthcare strategies and, finally, developing best processes in disseminating healthcare evidence as part of educating the public (Melnyk & Fineout-Overholt 2011; LoBiondo-Wood & Haber 2013).  The United States Preventive Se rvices Task Force (USPSTF) is an independent panel of experts who continuously review and recommend better practices in preventive services such as any type of medical screening, preventive medicines and best practices in counseling for the public.

Environmental law Essay Example | Topics and Well Written Essays - 250 words - 3

Environmental law - Essay Example One has to hire environmental consultants to do this work. It may also involve the company treating the waste to make it less harmful to the environment and this also come with additional work for the organization. It will also be subject to frequent scrutiny from the authorities to see how they conduct the treatment process and whether they are meeting the required standards. This therefore means in case of discharge to the natural water, the company with have additional work of waste treatment and have to strictly release waste which is considered environmental friendly (Novotny & Brown, 2007). This implies that the regulations with discharging into the natural water have more regulative restrictions which also come with extra costs. Discharging into a sewer system on the other hand has no major impact on the work environment. This is because the sewer company treats the waste and also takes the obligation of looking for the final destination of this waste. In that case, the company does not get into direct contact with environmental protection authorities on waste disposal. This reduces the work that the company would have undertaken and has lesser financial constraints. Novotny, V., & Brown, P. R. (2007). Cities of the future: Towards integrated sustainable water and landscape management : proceedings of an international workshop held July 12-14, 2006 in Wingspread Conference Center, (Racine, WI). London: IWA

The Banking Concept of Education Essay Example for Free

The Banking Concept of Education Essay In the banking concept of education Freire explains how the relationship between students and teachers suffer from narrative sickness (Freire). Freire describes the bond between students and teachers as if the student is like a bank where they are the depositories and the teacher are the depositors hint the â€Å"banking concept†. Another term that stuck out to me is how he say that learning should have something to do with your past experiences. He compares two concepts of education, banking and problem posing; in the banking concept teachers assume students don’t control what they learn. In his theory of the banking concept he fells some teachers feel like students are empty vessels that need to be filled. Both concepts can be true but, no two finger prints are alike. Everyone doesn’t learn the same. So the theory of banking or problem posing being better or worse depends on the student and teacher. Freire goes further to express how he feels banking is a negative way for students to learn. How â€Å"banking† is composed and based upon just memorization and not really learning; in this concept students are receiving, memorizing, and repeating. Also in the banking concept students aren’t able to put to use any of what they have learned to use in every day life. â€Å"The more a child or students can apply and adapt to situations that allow them to use what they have been taught the better the student will manage.†(Freire). Freire also talks about authentic thinking. The teacher cannot think for you nor can he/she force you to think or see as he or she does. Problem posing opposed to banking is a way for both the student and the teacher to learn at the same time. For example asking questions in class and engaging in classroom conversations, but at the same time allowing the teacher to know that the student is understanding the information. Freire describes problem posing as the better solution to aiding the students in learning. Problem posing is a way for students to establish mutual respect. What Freire trying to say is when a student understands the material instead of trying to memorize he/ she will be more successful in life. For example in grade school you learn basic math. The child then goes to the next grade to learn multiplication, division, adding, subtracting etc. When a child grasps the concept early on they are able to build on what they have learned in a previous setting. With the knowledge they have acquired they will be very successful in math that requires more steps to get to the answer. Now on the other hand you may have a child that did not understand math early on so he or she may struggle because he or she memorized what was needed to pass, not building on what he or she should have learned. In today’s education system some can agree with problem posing because you need to have an education to get somewhere in life. So pursuing your education after high school is in a sense almost mandatory to obtain a high paying job. So gaining knowledge in high school by allowing teachers to help you learn will only prepare you for college and then the real world. I agree with Freire theory on education only from self-experience. But I have experienced both sides. Banking and problem posing; Banking because there have been times when I memorized key terms for a test and left the classroom and not remembered anything. Problem posing because there have been classes where engaged in the conversation and really understood what it was the teacher was trying to help the class understand. Freire makes a huge point when it comes to education because you cannot survive on memorization along. It is necessary for you to know and understand information to really acquire knowledge.

Analysing People Oriented Methodology And Its Ethics Philosophy Essay

Analysing People Oriented Methodology And Its Ethics Philosophy Essay People oriented methodology is mainly focused on obtaining the ethical position of every individual. It emphasizes more on ethics which is a participative approach of human or people who might be the stakeholders or users. It also highlights that users are deeply involved in the development process and take control over the stages, it means that the users are also involved in the decision making process and fully committed to the IS development. People oriented methodology can be applied to a system which really involves various types of people. It is normally a difficult task of making the users getting involved in to the development stages, but still the involvement of users from the top level management to the staff level is required in order to avoid some thoughts of the user like, feeling that the job should be more demanding and less secure. On the other hand user involvement may also be used to improvise the human-computer interface. Using this sort of an approach also include s visibility, simplicity, consistency and flexibility. It is also one to the suitable methodology in the life cycle where its aim is to involve users in the development system; its focus is on ethics, socio technical view and human implementation; in the feasibility phase it identifies current problem, opportunity, system boundaries, existing system, key objectives and task. In the analysis phase diagnosis of efficiency, job satisfaction need and analysis, specifying and weighting efficiency is done. People-oriented methodology focuses on organizational design of new system, technical options and preparation of a detailed work design. In the implementation phase, the implementing process is planned in detail it also checks for whatever it is required to make a smooth changeover and finally in the maintenance phase the system is checked in order to make sure the objective is attained, If not the correction action is taken once again ETHICS As it is told already people-oriented methodology mainly focuses on ethics. Ethics is a branch of philosophy which seeks to address questions about morality that is concepts such as good and bad, wrong and right, justice and virtue. On the hand it can also be defined as a moral philosophy involving systematizing, defending, and recommending concepts of right and wrong behavior which is required for an organization. According to Enid Mumford (see Mumford, 1995), ethics is a methodology based on the participative approach to information systems development. Ethics is different from most of the system development methodologies. In ethics the process of change is viewed with the perspective of organizational issue and not as a technical issue. Ethical Theories Ethical theories play an important role in optimizing ordinary moral functions and to establish or defend basic moral principles. Why Ethical Theories? The need for this is that the emergence of new practices in the business and the basic principles may not be enough for the arising problems and may not cover the new areas that are still uncovered. Therefore it is necessary for a rational and consistent theory to evaluate the morality of actions. There are two possible approaches in order to overcome these problems, firstly there are some general rules and approaches but they may not be enough for some sort of issues. There might be some situation where the generally accepted practice or rules may be challenged. In such cases if there is some ways to decide and proceed on which, rule to follow it would be grateful. The ethical theories help an individual or an organization in choosing the right rule. Secondly the decision maker may be able to elaborate and decide his moral decisions to others. Its not a better thought to engage moral reasoning alone with the ethical theory should also be able to interpret it with the moral argumentation. This may help the decision maker to take part in a persuasive and intelligent way. And search of a completely satisfying ethical theory will never end up. There is no theory designed that satisfy all the people and philosophers, but still there are two theories that seems to be good while considering the other theories. They are the teleological and deontological theories, other than this there are theories like utilitarian and Kantian approach which can help in carrying out decisions in a better way. Ethics can be apportioned into three categories Meta-ethics, normative ethics, Applied Ethics. Philosophical Ethics Philosophical ethics carries a different approach to ethics by seeking morality through rational, secular outlook that prioritizes human happiness and well-being. The advantage with this sort of an approach is that it does not subject to religious, cultural or legal perspectives. Modern philosophical ethics can be split in to two categories they are Teleological and Deontological theories. a. Teleological Theories This theory has a special mark because pragmatic, common sensed, and knowledge approach to ethics. The claim here in this theory is that moral character of actions depending on how it can help or harm in a simple and realistic way. It also suggests that the actions that produce more benefits are right and that they dont are wrong. Jeremy Bentham planned to develop a moral science that is more teleological than other ways to separate right and wrong, and he in his Introduction to principles and moral legislation tells that Under the governance of two sovereign masters, pain and pleasure. It is for them alone to point out what we ought to do, as well as to determine what we shall do. On the one hand the standard of right and wrong, on the other the chain of causes and effects, are fastened to their throne. Aiming to make ethics practical, Bentham even proposed a system for measuring the amount of pleasure and pain that an action produces. Called the hedonistic calculus, Benthams system identifies seven aspects of an actions consequence that can be used to compare the results of different deeds: the intrinsic strength of the pleasurable or painful feelings produced (intensity), how long they last (duration), how likely it is that these sensations will be produced by a given action (certainty or uncertainty), how soon they will be felt (propinquity or remoteness), whether these feelings will lead to future pleasures (fecundity) or pains (purity), and the number of people affected (extent). Robbery example to be used for weighing happiness and unhappiness in scrum. Types of pleasure LEADERSHIP Leadership can be defined as process of social influence in which one person can enlist the aid and support of others in the accomplishment of a common task[1]. It can also be said in other words as Leadership is ultimately about creating a way for people to contribute to making something extraordinary happen [2]. A good leader sustains him-self with a never ending process of education, self-study and so on. Leadership is a process where an individual makes his team accomplish a particular task and directs the organization in a logically connected and cohesive ways, for this few attributes like beliefs, character, ethics, values, knowledge and skills is required. Before getting in to concept of leadership in software development lets have an overview on the leadership theories and the concepts of leadership LEADERSHIP THEORIES Leadership seemed to take a view from the society only from the twentieth century. Theories in the early period concentrated only on the qualities distinguished between the Leader and the follower. There are lots of theories emerging and most of them can be classified as one among the eight major types. i. Great Man Theories This theory assumes that leaders are not born but made and a great leader will arise when there is need. Previously the research was on the people who were already leaders and on those days leaders mostly were from aristocracy and only a few were from the lower level, and this indicated that leadership has something to do with family or breeding. This great man theory says that leaders are men with heroism, mythic and should be capable of admitting these attributes whenever it is required. ii. Trait Theories This theory assumes that people are born with inherited traits where, some of those traits are particularly suited for to be an effective leader. Early research was on psychological focus of the day but analyzing inherent characteristics of people. A study was often made on great leaders and check whether other people have those traits of those successful leasers. McCall and Lombardo (1983) did a research on both success and failure; they identified four primary traits by which a leader can succeed [2]. Emotional stability and composure Admitting error Good interpersonal skills Intellectual breath But there arises a question who possess those qualities but are not leaders? if we consider traits as key features for leadership. This question is one which makes a difficulty to explain leadership using trait theory. iii. Behavioral Theory The perspective of this theory is that Leaders can be made or rather than are born and also assumes that leadership in order to be successful it should be based on definable and learnable behavior. This theory does not focus on the inbuilt traits or capabilities and tries to intensify from what the leaders actually do. According to this theory people can become leaders by teaching and learning iv. Participative Leadership This theory assumes that people are more committed towards action and involve themselves in to the game when they are put in to some sort of relevant decision making and it also tells that when people make decisions together the social commitment one another plays a vital role and thus there comes a pure involvement in work. Several persons making decisions together brings about a good result is what the theory tells about. A participative leader rather than taking a decision himself will involve other people in to the process including stakeholders, subordinates and superiors, and involves him-self as well. In this theory the leaders allow others to share their ideas and also try to implement them. v. Situational Leadership This theory assumes that best action of a leader is based on the range of situational factors. When a decision is made an effective leader does not fall in to a unique style rather they take different styles based on the situation they work on. Factors that influence situational behavior are the motivation and the capability that the follower carries. A leaders focus of himself, his follower or the factors such as mood, stress and so on might also determine the behavior of a leader. Yukl (1989) seeks to combine other approaches and identifies six variables [3]: Subordinate effort: the motivation and actual effort expended. Subordinate ability and role clarity: followers knowing what to do and how to do it. Organization of the work: the structure of the work and utilization of resources. Cooperation and cohesiveness: of the group in working together. Resources and support: the availability of tools, materials, people, etc. External coordination: the need to collaborate with other groups. From these approaches this theory come to a conclusion that a leaders styles is often variable and it purely demands relationships, resource utilization and managing capabilities. vi. Contingency Theories: This states that leadership focus on the particular variables related to the environment that determine which particular style may best suit for a leadership behavior. This it states that leadership doesnt have a unique style that would be best in all situations. It is a class of behavioral theory where leadership style might be suitable for some theory but may not be successful in some other situation. The main difference between the situational and the contingent theories is that in situational the view is more on the behavior that the leader should adopt in a given situation wherein contingency theory takes an elaborate focus on the capabilities and variables that in a situation. VI. Management theories Management theories are also called transactional theories, and the assumptions made by this theory are that Reward and punishment may motivate people in a better way. And this is a system which works best with the clear chain of command. The subordinates are supposed to do the work given by their superiors or managers. In early days transactional leadership is the one where a subordinate is employed he is paid and given with some task, so that the company gets authority towards the subordinate. And when a transactional leader allocates a work for the subordinate he is the only person responsible for completing the task, whether they have the resource or not. If anything goes wrong the subordinate is been punished as like he is rewarded for succeeding. Managerial theories are often uses in the business domains VII. Relational theories Relational theories are also called as transformational theories, here the assumptions are People will follow a person who inspires them and on the other hand it also states that a person with vision and goal can go to great heights. Working with a transactional leader is an uplifting experience and moreover they care a lot for you and they try their level best to help you succeed, these leaders often follow simple procedures to accomplish their tasks Developing the vision Selling the vision Finding the way forwards And leading the charge These leaders often follow a high level of moral values and ethics in the organization with their followers. This type of leaders get frustrates when the organization or the people expect no changes and are happy the way they are living. Leadership Factors and Keys to Effective Leadership If a person decides to accept one to be a leader he shouldnt see the attributes in his leader rather he should focus on how a leader work and should take him to be an inspiration or role model. This may involve various factors a. Follower and a Leader These are two main factors where, its not a good idea to expect the entire follower may require the same kind of leader for example, a person in the analysis phase might require more assistance in the gathering requirements and a person working in the implementation phase may require a leader who might totally have different traits. So a leader must know his people! Leader is another factor must know answers for three questions in a concrete way, who he is, what he knows, what he can do. He must have the talents of convincing his followers because only because of them a person is leader. SITUATION Communication FOLLOWER LEADER Fig 1: Factors of leadership b. Communication and Situation A leader should always focus on Two-way communication. Its always better that the leader informs his follower dos and donts much of it in a non-verbal form. The way you communicate and what you communicate may play a major role in the leader, follower relationship. It also depends on the situation which is another important factor, situations are not always same, and the work done in one situation will not be suitable for other situation. A best judgment should be made in order to select the leadership style. There are two most important keys for effective leadership Trust and confidence which brings about employee satisfaction Effective communication by leadership in three critical areas as follows Helping employees to understand the companys business strategies. Helping employees understand what is their contribution. Sharing information with employees. LEADERSHIP IN SOFTWARE DEVELOPEMENT ^ Chemers, M. M. (2002). Meta-cognitive, social, and emotional intelligence of transformational leadership: Efficacy and Effectiveness. In R. E. Riggio, S. E. Murphy, F. J. Pirozzolo (Eds.), Multiple Intelligences and Leadership. McCall, M.W. Jr. and Lombardo, M.M. (1983). Off the track: Why and how successful executives get derailed. Greenboro, NC: Centre for Creative Leadership Yukl, G. A. (1989). Leadership in Organizations. Englewood Cliffs, NJ: Prentice Hall

Observational Abilities Test :: essays research papers

Observational Abilities Test INTRODUCTION What is true in the eyes of one, can be seen as a delusion in another. We, as a society, are made up of a dramatically diverse amalgam of cultures and abilities. Finding out what those differences are can help us reach a better understanding of each other, thus a more equitable relationship can be developed. Therefore, finding the observational abilities of a given group may help yield some interesting and valuable information. In the following study several groups were tested on their observational abilities. In order to develop such a test, it was necessary to devise a structured approach for gathering and interpreting the information. Therefore, the scope of the test was formulated based on hypothesis testing. The following hypothesis was established as the criterion for the test: Null hypothesis (Ho) : Males and females do not have different observational abilities Alternative Hypothesis (H1) : Males and females do have different observational abilities EXPERIMENTAL DESIGN The study consisted of 3 groups of varying size and structure. During the initial phase, the members of the study were unaware that any test was being conducted. The locations of the test were Wilford Hall Medical Center : Primary Care Meeting, University of the Incarnate Word : World Literature Class, and University of Texas at San Antonio : Business Statistics Class. The sample sizes and constructs were as follows: Wilford Hall Medical Center : 30 people - 19 (F) 11 (M) University of the Incarnate Word : 19 people - 9 (F) 10 (M) University of Texas at San Antonio: 32 people - 11 (F) 21 (M) The test subjects were all presented with the same scenario, given the normal degree of variation. The procedure of the test was as follows: - The instructor/manager was advised that a test would be conducted sometime during the period. - A male messenger with black hair and wearing a blue shirt and slacks, would enter the room unannounced. - The messenger would hand an envelope to the instructor. - The messenger would then say, "This is from Debbie". - The messenger would then exit the room. The instructor/manager had been asked to wait 10 minutes, then the instructor/manager would pass out a form for the respondents to fill out (Results: Sample Form). All the data was compiled and corrected, then the data was inputted into the SPSS statistical program for analysis. Each correct answer on the form was given a value of 10 and each incorrect answer was given a value of 0. The male and female respondents were analyzed individually by sex and group (Results: Descriptives), Then the relevant scores and data of the groups were evaluated against each

Snowmobiling on Priest Mountain Essay -- Descriptive Writing Examples

Snowmobiling on Priest Mountain In late May I never pictured myself carving a highmark on Priest Mountain. Priest Mountain is nestled on the east edge of the Grand Mesa National Forest. Deep sugary snow and feathery blue spruce trees cover the mountain and the area around. One fine day it occurred that I had the opportunity to carve my highmark and I still I have the mental image of my territory after that day. Even before that day, Priest has left a impression on me. Priest Mountain, for me, has been such a majestic riding area; IÃ ­ve been riding in this area for more than 10 years, and it is such a magical place to ride. On this one fine day, we had a typical Colorado snow storm.. I can recall this very trip to the wonderful Grand Mesa because my mom was sick and it was Mother's Day. She told me to go have fun, and that she'll wait until she feels better. My dad wanted to play in a golf tournament, but I wanted to go snowmobiling. We both agreed that he would play golf in the morning and once he was done, I would meet him in the parking lot on the mesa to go snowmobiling. My dad said, "Don't leave until I call you!" "Dad, just watching TV, I'll be here." I replied. The snow began to fall, and I could not control myself; so I just left. Jeff rode with me in the Power Stroke, and Alex rode with Justin in the Dodge. By the time I reached Cedaredge, I couldn't even see the sleds behind me because the snow was flying like crazy. I wondered why my dad was still playing golf in this weather, but that's my dad; he loves to play golf. The whistle of the turbo diesel and the classic rock was getting me pumped for the awesome ride to come. By the time we were on top of the mesa, there was one foot of new fluffy snow... ... halfway. Justin followed, he came down and told us to take the high side, there is less snow. I was ready; I hit the throttle and from the basin up, the ride seemed to last forever. I began to climb and my Yamaha screamed like a cat in a fight. I followed the backbone and kept climbing until I came out on top I arrived at the crest and quickly noticed the mountain top bowl lined with snow. I plowed through the snow up to the peak of the bowl; man, what a view from the top. I could see the guys down at the bottom and miles into the distance. I could almost see all of Delta County in one shot and it was magnificant. I had now conquered the mountain, Priest from now on feels like my place. This mountain will certainly be a part of me for the rest of my life. I'm sure I will travel to other places that will be beautiful, but nono of them will match Priest Mountain.

New York City Essay -- Personal Narrative Writing Descriptive NYC

New York City Every time I hear this song it makes me long to leave all of my responsibilities and head off to the city of dreams. A trip to New York has been a dream of mine since I was a little girl. I have always wanted to visit the place of tall buildings, history, and where culture is intertwined with its people. I have wanted to live the fast pace life of a New Yorker, where I could stand outside and see, smell, and taste all of the experiences that this city has to offer. I have been building and building this ideal image in my mind for so long. If I ever get to New York, will I be disappointed by the city that never sleeps? The city that is a part of almost every movie I watch. Can New York live up to the expectations I have created? In the summer of 2004 my dream of visiting New York came to life. I could hardly contain my excitement to finally live the life of a New Yorker, even if it would only be for a couple of days. The plane ride itself was torture, because of my bubbling anticipation to get to my destination. Once the captain announced the descent into the New York airport my stomach became a bundle of knots. The arrival into the city was everything I had hoped it would be. My husband and I, of course, had trouble finding our way around JFK airport. We couldn't figure out the place that we were supposed to go to get our baggage. My husband and I and everyone from our plane ended up going outside of the airport to gain access to another part of the airport. Eventually things got cleared up and we found our terminal where our luggage was supposed to be. Finally after about a half an hour of being in the airport we figured out how to maneuver ourselves through the airport. As if we had passed our first test we... ...able to see, because of time restraints. The one sight I really wanted to see, but couldn't, was Ground Zero. Heading back to the hotel in the rain was one of my favorite parts of the trip. How awesome to let your guard down long enough for that child inside to take over. My husband and I tried so hard during our walk to keep dry and duck into stores when the rain got worse. My husband and I eventually gave up all hopes of staying dry. Instead we gave caution to the wind and splashed and played in the rain. It was like taking a walk while taking a shower. I know when we both got back to our room that there wasn't any part of our body that was dry. I will forever have this memory in my head for the rest of my life. I will have many wonderful and exciting memories of my trip to New York. I know if I never go back to this city, I will always remember my experiences.

The Secret of Ella and Micha Chapter 20

Ella â€Å"So is this what you used to do all the time?† Lila relaxes back in the lawn chair. â€Å"Just sit around and watch them work on cars all day? God, that must have been nice.† I slurp on my Icee, my eyes fastened on Micha and Ethan working on the car on the opposite side of the garage. They're trying to work too fast and it's making me nervous. â€Å"No, I used to work on the cars with them.† She dumps a bag of M&M's into her hand. â€Å"Do you want to go help them right now?† â€Å"I can hang out here with you,† I say and stick out my hand. â€Å"Besides, I'm kind of enjoying myself.† She dumps some candy into my hand and I pour the chocolate into my mouth. â€Å"I know you are.† She sets the candy on the floor and picks up her soda. â€Å"You're practically glowing.† I rest my face in my hand to hide the alleged glowing. â€Å"This makes me nervous.† â€Å"What does?† â€Å"Racing when the car's not running good.† Lila pulls her hair out of the ponytail and tousles it with her fingers. â€Å"Why? Can something go wrong?† â€Å"With racing, anything can go wrong,† I say, mad at myself for getting Micha into this mess. Micha I kick a tool box out of the way and step up onto the bumper, staring down at the engine. â€Å"So what do you think?† Ethan wipes his hands on a rag as he shakes his head. â€Å"I have no clue if this quick fix is going to hold up or not and we don't have time to check the tie rods. If you got hit hard enough, they're probably bent and your whole steering is going to be fucked up.† â€Å"I guess we'll find out when we get it going.† I glance over at Ella and Lila, laughing in the corner of the garage. â€Å"You're not going to take her with you when you race, are you?† Ethan rounds the back of the car and starts checking the tire pressure. â€Å"Not with the car running like it is.† â€Å"And what if she gives you a hard time.† â€Å"She won't.† I check the oil. â€Å"At least I think she won't.† Ethan wipes his hands on his jeans. â€Å"I think that all depends on which Ella you're dealing with. The nice, polite one or the one who got you into this mess.† I look over at Ella again as she bends over to get a soda from the cooler behind the chairs. Her short shorts ride up and the bottom of her ass peeks out. After getting a drink, she drops back in her chair and opens it up, laughing at something Lila said. I adjust myself and slam the hood of the car down. â€Å"I think she might be a little of both.† *** â€Å"Why are there so many more people tonight?† Lila asks from the backseat, gaping at the cars parked up and down the road. â€Å"It wasn't this bad the last time we were here.† The girl is scared shitless and I kind of feel bad for her. â€Å"Mikey likes to draw a crowd.† â€Å"To watch him lose?† she asks, prodding Ella with her elbow. â€Å"Maybe,† I say with a heavy sigh, psyching myself out as I climb out of the car. The three of them follow me out and Ella takes my hand as we hike through the crowd where Mikey's talking smack to some skater dude who drives a Honda in the middle of the crowd, showing off for everyone. There's a bonfire burning over near The Hitch and people sitting on tailgates, drinking beers, waiting for the race to start. I push my way through the crowd, keeping a hold of Ella's hand. When we step out into the open, everyone looks at us and gossip starts flowing. Mikey stops talking and claps his hands loudly. â€Å"Holy crap, I didn't think you'd actually show up.† â€Å"Do I ever not show up?† I say. â€Å"You're the one that backed out the last time we tried to race.† He spits on the ground and crosses his arms. â€Å"So which one of you's racing? The little one with the big mouth that got you into this mess? Or are you gonna race me yourself?† Ella starts to move forward. â€Å"I'm – â€Å" â€Å"I am.† I squeeze her hand, pulling her behind me. â€Å"Micha,† she hisses. â€Å"This is my thing. I can handle it.† I shake my head, not looking at her. â€Å"Let's line up and get this over with.† Mikey grins, rubbing his hands together. â€Å"What? You eager to get your ass kicked?† â€Å"No, I'm eager for you shut up.† With that I turn away and head back to the car with Ella in tow. â€Å"Micha Scott,† she says, tugging on my arm and planting her feet in the dirt, trying to get me to stop walking. Ethan and Lila are a ways back and Ethan's trying to explain to Lila the rules of racing. I keep walking forward, dragging her along with me, refusing to let her have her way this time – not with this. â€Å"Stop being all noble and just let me drive,† she says hotly. â€Å"It's much better for me to lose to him then for you to. He'll bug you about it for the rest of your life.† I stop just in front of the car and turn to her and brush the pad of my thumb across her cheek. â€Å"Hey, who said anything about losing?† She gathers some strands of hair out of her face and stares at the front end of the car. The glow of the fire highlights the worry in her eyes. â€Å"I know Ethan and you didn't get everything fixed. You were working too fast and I'm sure you didn't do that great of a job.† â€Å"The car's fine,† I assure her. â€Å"But you need to sit this one out.† â€Å"No way,† she argues, folding her arms over her chest defiantly. â€Å"I'm going to at least sit in the passenger seat and ride with you. â€Å" I shake my head. â€Å"Not this time, pretty girl.† She starts to fume, so I lean in and kiss her right in front of everyone, cupping the back of her head and grabbing her ass, letting people know she's mine. Her body trembles as she kisses me back, even when someone whistles. When I pull away, she has this glazed look in her eyes. â€Å"Now take Lila and go sit over by the finish line.† She opens her mouth, then seals her lips shut and nods. Ethan and her trade places and she walks off with Lila over toward the line. Once they're out of sight, Ethan says, â€Å"You sure you want to do this?† I nod, my gaze tracking the line of the road and the trees next to it. â€Å"You sure you want to do this?† â€Å"Absolutely,† he says. â€Å"I have nothing better to do.† We bump fists and climb into the car. I rev up the engine a few times, then inch it forward across the dirt and through the crowd toward the lineup area in front of The Hitch. â€Å"How's the steering?† he asks rolling down the window, and letting the night air flow in. I veer it from side to side, testing it. â€Å"It's shaky.† â€Å"Left or right?† â€Å"To the right.† â€Å"Make sure you do your turnaround to the left then.† I nod as we roll up to the lineup and Mikey's already waiting for us. Ella and Lila are just off to the side, near the trees, sitting on the tailgate of someone's truck. She has her eyes glued to us as Lila talks to her, swinging her legs. I thrum my fingers on the top of the steering wheel, eyeing the end of the road. â€Å"Quit psyching yourself out,† Ethan says and snatches up the iPod. â€Å"I think it's time for a little tunes.† He scrolls through the music and â€Å"The Distance† by Cake flips on. He cranks it up so the base is bumping and we start nodding our heads. When it hits the chorus we start singing and Ethan taps his fingers on the dash, like he's playing the drums. The more the song goes on, the more we get into it. I catch Ella laughing and shaking her head at us, because she knows this is Ethan and mines thing, but usually she's in the car with us. â€Å"Hey, are we going to race?† Mikey shouts, slipping out his window and looking at us from over the roof with his hands in the air. â€Å"Or are we going to sit around and listen to music?† I floor the pedal so loud the sound rumbles through the night and his eyes widen slightly. He gets back into his car and throttles his own pedal. It's half as loud and Ethan and I laugh at him. â€Å"Dude, quit wasting time and get your girl over here to start us off,† he calls out over the music. I turn it down a notch. â€Å"Get Chandra to do it.† â€Å"No man, you know the rules,† he says with a smirk. â€Å"The girlfriend of the one being challenged has to start off the race.† I roll my eyes, knowing Ella's not going to like this, the old or the new version. I slide out of the window, cup my hands around my mouth, and shout over the roof at her. â€Å"Ella May, get your beautiful ass over here.† Lila has her distracted and she jumps. Her eyebrows furrow as I wave her over. She holds up a finger to Lila and hops of the hood, looking at me perplexedly as she makes her way through the crowd and over to me. I sit back in the car as she reaches the window and she lowers her head down, looking into the cab. â€Å"You have to start us off,† I tell her and she instantly makes a face. â€Å"It's the rules. You know that.† â€Å"Those rules are sexist,† she says. â€Å"Let Mikey's slutty girlfriend do it.† â€Å"You know he's not going to let that happen.† â€Å"I could make him let it happen.† I press my lips together as her spitfire personality burns through all her fake politeness. â€Å"Can you just do it for me?† She rolls her eyes, then leans in and kisses my cheek. â€Å"But only for you.† Then she backs out of the car, with an exaggerated sway of her hips, making fun of the ordeal, but still looking hot as hell in her little shorts. Ethan and I bust up laughing as she turns around with a big embellished grin on her face. â€Å"Well, at least she's entertaining,† he says, patting the side of the door with his hand to the beat of the music. I pump the gas a few times, my gaze attached to hers as she elevates her hands above her head. She looks at me as she counts down. When her arms drop, the tires squeal as we peel out. Ella I walk back through the cloud of dirt and hop on the tailgate with Lila. I spot Grantford through the crowd and when he sees me, he hurries away, ducking into the crowd, knowing Micha's around. Lila swings her legs, taking in the surroundings. â€Å"What was that about?† â€Å"Rules,† I sigh, leaning forward so I can get a better view of the road. It's hard to tell because it's dark, but it looks like Micha is winning. I start to grow restless the farther away the taillights get and I jump off the tailgate and pace the dirt. â€Å"You're nervous,† Lila observes. â€Å"And you're making me nervous.† I bite on my fingernails, unable to settle down. â€Å"I don't know what my problem is. Usually, I'm not this jumpy.† But I think deep down, I know exactly what my problem is. My feelings for Micha have been freed and now they consume me, own me, bind me to him. The crowd starts moving, nearly trampling me as they stare down the road, waiting for the turnaround. I hear the scared tones in their voices first before the crash. It's like a train wreck, metal crushing and snapping apart. Lila's eyes snap wide. â€Å"What the hell was that?† I spin around and shove my way to the front of the crowd. There are a few cars on the side backing up onto the road. â€Å"Shit,† someone says. â€Å"I think one of them wrecked.† I feel my heart crumble as I take off down the road. â€Å"Ella!† Lila shouts. â€Å"Where are you going?† I keep running, stumbling through the dark, searching for their lights. My flip flops fall off somewhere, but I keep going, needing to know. Cars are pulling out behind me and headlights shine at my back. Seconds later, Mikey's car zooms by and he shouts something foul at me. Halfway down the road, the air turns to dirt and the sound of â€Å"The Distance† by Cake floods the air, only it's stuck and keeps saying the same line over and over again. Spotting the outline of the car, I slow down. Suddenly, I'm back to the night my mom died. The Chevelle is smashed against the trunk of a large tree, the windshield smashed to pieces, and two of the tires are blown out. Somehow it must have flipped around and the driver's side took most of the impact. I know whatever's inside the car is bad, just like when I opened the bathroom door the night I found my mom and I won't be able to do anything about it. I almost turn away and run, not wanting to see it, but the passenger side door swings open and Ethan stumbles out, clutching at his upper arm. There's a path of blood dripping down his arm and his cheek is scraped. I snap out of my own thoughts and rush to him. â€Å"Are you okay?† â€Å"Ella, go get some help.† He coughs, nearly buckling to his knees. â€Å"No.† My voice comes out sharp and high-pitched and vomit burns at the back of my throat. I gently push him aside and climb into the car, which is filled with dirt and the air is muggy. â€Å"Micha.† I cover my mouth and shake my head. His head is flopped back against the headrest and turned away from me and his arms are slack to the side. Branches are poking in through the window and it looks like one of them might be lodged into his shoulder. His head turns toward me and his eyes widen. â€Å"Fuck. Ethan, get her out of here.† Ethan reaches in to pull me back, but I climb onto the console, taking in the long, thin stick stabbed in his shoulder. I can't breathe. I can't lose him. I can't do this again. â€Å"Ella May, look at me.† His voice is hoarse as he locks eyes with me. â€Å"I'm okay, now back out of the car so Ethan can get me out of here.† My eyes scan his body, looking for any more wounds that could be hiding from me. â€Å"It's just the branch? That's the only place you're hurt?† He nods lethargically. â€Å"A few stitches and I'm as good as new.† Kissing his forehead, I take a deep breath, hating to leave him as I back out of the car. Ethan's walking up the road toward me with Benny at his side. He's still clutching his arm and there's a little bit of a limp to his walk. â€Å"Someone's got to have two good arms to pull it out,† he says to Benny and I see him glance at me with concern in his eyes. Benny nods and hops into the car, while Ethan and I wait impatiently on the outside. Cars start to pull up, headlights lighting up the accident as people rubberneck. One of the cars is a Camaro and Mikey stands in front of it, laughing with his girlfriend at his side. â€Å"Fucking asshole swerved at us,† Ethan tells me as he glares at Mikey. Rage engulfs me and this time I let it take me over. I march up to him and shove him hard so he stumbles back into the front end of his car. â€Å"You think this is funny?† I shout. â€Å"They crash into a tree because of you and you keep driving. What the hell's wrong with you?† His eyes darken and he steps toward me. â€Å"I won and that's all that matters.† Shaking my head, I lift up my leg and knee him in the balls, hard. He groans, his face reddening as he hunches over and his girlfriend runs to his side to coddle him. I start to leave when he straightens back up. Cradling his injured guy parts, he charges, ready to hit me. Ethan blocks him and shoves him back with his good arm. â€Å"If you touch her, I'll slam my good fist into your face.† This is not the first time he's had to say that to someone on my behalf. Mikey backs down from the fight, muttering something about it not being worth it as Benny helps Micha out of the car. The branch is out of his shoulder. Left in its place is a hole, which is bleeding down his arm and shirt, but he's alive and breathing and that's all that matters. We get him into the front seat of Benny's GTO and then Ethan and Lila get in the back. Micha has me sit on his lap, and he nuzzles his head into my chest. I hold onto him tightly as we speed off into the night.

Cisa

1. A benefit of open system architecture is that it: A. facilitates interoperability. B. facilitates the integration of proprietary components. C. will be a basis for volume discounts from equipment vendors. D. allows for the achievement of more economies of scale for equipment. ANSWER: A NOTE: Open systems are those for which suppliers provide components whose interfaces are defined by public standards, thus facilitating interoperability between systems made by different vendors. In contrast, closed system components are built to proprietary standards so that other suppliers' systems cannot or will not interface with existing systems. . An IS auditor discovers that developers have operator access to the command line of a production environment operating system. Which of the following controls would BEST mitigate the risk of undetected and unauthorized program changes to the production environment? A. Commands typed on the command line are logged B. Hash keys are calculated periodica lly for programs and matched against hash keys calculated for the most recent authorized versions of the programs C. Access to the operating system command line is granted through an access restriction tool with preapproved rights D.Software development tools and compilers have been removed from the production environment ANSWER: B NOTE: The matching of hash keys over time would allow detection of changes to files. Choice A is incorrect because having a log is not a control, reviewing the log is a control. Choice C is incorrect because the access was already granted—it does not matter how. Choice D is wrong because files can be copied to and from the production environment. 3. In the context of effective information security governance, the primary objective of value delivery is to: A. optimize security investments in support of business objectives.B. implement a standard set of security practices. C. institute a standards-based solution. D. implement a continuous improvement culture. ANSWER: A NOTE: In the context of effective information security governance, value delivery is implemented to ensure optimization of security investments in support of business objectives. The tools and techniques for implementing value delivery include implementation of a standard set of security practices, institutionalization and commoditization of standards-based solutions, and implementation of a continuous improvement culture considering security as a process, not an event. 4.During a review of a business continuity plan, an IS auditor noticed that the point at which a situation is declared to be a crisis has not been defined. The MAJOR risk associated with this is that: A. assessment of the situation may be delayed. B. execution of the disaster recovery plan could be impacted. C. notification of the teams might not occur. D. potential crisis recognition might be ineffective. ANSWER: B NOTE: Execution of the business continuity plan would be impacted if the organizat ion does not know when to declare a crisis. Choices A, C and D are steps that must be performed to know whether to declare a crisis.Problem and severity assessment would provide information necessary in declaring a disaster. Once a potential crisis is recognized, the teams responsible for crisis management need to be notified. Delaying this step until a disaster has been declared would negate the effect of having response teams. Potential crisis recognition is the first step in responding to a disaster. 5. When implementing an IT governance framework in an organization the MOST important objective is: A. IT alignment with the business. B. accountability. C. value realization with IT. D. enhancing the return on IT investments.ANSWER: A NOTE: The goals of IT governance are to improve IT performance, to deliver optimum business value and to ensure regulatory compliance. The key practice in support of these goals is the strategic alignment of IT with the business (choice A). To achieve alignment, all other choices need to be tied to business practices and strategies. 6. When reviewing an implementation of a VoIP system over a corporate WAN, an IS auditor should expect to find: A. an integrated services digital network (ISDN) data link. B. traffic engineering. C. wired equivalent privacy (WEP) encryption of data.D. analog phone terminals. ANSWER: B NOTE: To ensure that quality of service requirements are achieved, the Voice-over IP (VoIP) service over the wide area network (WAN) should be protected from packet losses, latency or jitter. To reach this objective, the network performance can be managed using statistical techniques such as traffic engineering. The standard bandwidth of an integrated services digital network (ISDN) data link would not provide the quality of services required for corporate VoIP services. WEP is an encryption scheme related to wireless networking.The VoIP phones are usually connected to a corporate local area network (LAN) and are not ana log. 7. An IS auditor selects a server for a penetration test that will be carried out by a technical specialist. Which of the following is MOST important? A. The tools used to conduct the test B. Certifications held by the IS auditor C. Permission from the data owner of the server D. An intrusion detection system (IDS) is enabled ANSWER: C NOTE: The data owner should be informed of the risks associated with a penetration test, what types of tests are to be conducted and other relevant details.All other choices are not as important as the data owner's responsibility for the security of the data assets. 8. Which of the following is a risk of cross-training? A. Increases the dependence on one employee B. Does not assist in succession planning C. One employee may know all parts of a system D. Does not help in achieving a continuity of operations ANSWER: C NOTE: When cross-training, it would be prudent to first assess the risk of any person knowing all parts of a system and what exposur es this may cause. Cross-training has the advantage of decreasing dependence on one employee and, hence, can be part of succession planning.It also provides backup for personnel in the event of absence for any reason and thereby facilitates the continuity of operations. 9. The use of digital signatures: A. requires the use of a one-time password generator. B. provides encryption to a message. C. validates the source of a message. D. ensures message confidentiality. ANSWER: C NOTE: The use of a digital signature verifies the identity of the sender, but does not encrypt the whole message, and hence is not enough to ensure confidentiality. A one-time password generator is an option, but is not a requirement for using digital signatures. 0. A retail outlet has introduced radio frequency identification (RFID) tags to create unique serial numbers for all products. Which of the following is the PRIMARY concern associated with this initiative? A. Issues of privacy B. Wavelength can be absor bed by the human body C. RFID tags may not be removable D. RFID eliminates line-of-sight reading ANSWER: A NOTE: The purchaser of an item will not necessarily be aware of the presence of the tag. If a tagged item is paid for by credit card, it would be possible to tie the unique ID of that item to the identity of the purchaser.Privacy violations are a significant concern because RFID can carry unique identifier numbers. If desired it would be possible for a firm to track individuals who purchase an item containing an RFID. Choices B and C are concerns of less importance. Choice D is not a concern. 11. A lower recovery time objective (RTO) results in: A. higher disaster tolerance. B. higher cost. C. wider interruption windows. D. more permissive data loss. ANSWER: B NOTE: A recovery time objective (RTO) is based on the acceptable downtime in case of a disruption of operations. The lower the RTO, the higher the cost of recovery strategies.The lower the disaster tolerance, the narrower the interruption windows, and the lesser the permissive data loss. 12. During the requirements definition phase of a software development project, the aspects of software testing that should be addressed are developing: A. test data covering critical applications. B. detailed test plans. C. quality assurance test specifications. D. user acceptance testing specifications. ANSWER: D NOTE: A key objective in any software development project is to ensure that the developed software will meet the business objectives and the requirements of the user.The users should be involved in the requirements definition phase of a development project and user acceptance test specification should be developed during this phase. The other choices are generally performed during the system testing phase. 13. The BEST filter rule for protecting a network from being used as an amplifier in a denial of service (DoS) attack is to deny all: A. outgoing traffic with IP source addresses external to the network . B. incoming traffic with discernible spoofed IP source addresses. C. incoming traffic with IP options set.D. incoming traffic to critical hosts. ANSWER: A NOTE: Outgoing traffic with an IP source address different than the IP range in the network is invalid. In most of the cases, it signals a DoS attack originated by an internal user or by a previously compromised internal machine; in both cases, applying this filter will stop the attack. 14. What is the BEST backup strategy for a large database with data supporting online sales? A. Weekly full backup with daily incremental backup B. Daily full backup C. Clustered servers D. Mirrored hard disks ANSWER: ANOTE: Weekly full backup and daily incremental backup is the best backup strategy; it ensures the ability to recover the database and yet reduces the daily backup time requirements. A full backup normally requires a couple of hours, and therefore it can be impractical to conduct a full backup every day. Clustered servers provide a redundant processing capability, but are not a backup. Mirrored hard disks will not help in case of disaster. 15. Which of the following is a feature of Wi-Fi Protected Access (WPA) in wireless networks? A. Session keys are dynamicB. Private symmetric keys are used C. Keys are static and shared D. Source addresses are not encrypted or authenticated ANSWER: A NOTE: WPA uses dynamic session keys, achieving stronger encryption than wireless encryption privacy (WEP), which operates with static keys (same key is used for everyone in the wireless network). All other choices are weaknesses of WEP. 16. The ultimate purpose of IT governance is to: A. encourage optimal use of IT. B. reduce IT costs. C. decentralize IT resources across the organization. D. centralize control of IT. ANSWER: ANOTE: IT governance is intended to specify the combination of decision rights and accountability that is best for the enterprise. It is different for every enterprise. Reducing IT costs may not be the best IT governance outcome for an enterprise. Decentralizing IT resources across the organization is not always desired, although it may be desired in a decentralized environment. Centralizing control of IT is not always desired. An example of where it might be desired is an enterprise desiring a single point of customer contact. 17. The MAIN purpose of a transaction audit trail is to:A. reduce the use of storage media. B. determine accountability and responsibility for processed transactions. C. help an IS auditor trace transactions. D. provide useful information for capacity planning. ANSWER: B NOTE: Enabling audit trails aids in establishing the accountability and responsibility for processed transactions by tracing them through the information system. Enabling audit trails increases the use of disk space. A transaction log file would be used to trace transactions, but would not aid in determining accountability and responsibility.The objective of capacity planning is the efficient an d effective use of IT resources and requires information such as CPU utilization, bandwidth, number of users, etc. 18. An IS auditor invited to a development project meeting notes that no project risks have been documented. When the IS auditor raises this issue, the project manager responds that it is too early to identify risks and that, if risks do start impacting the project, a risk manager will be hired. The appropriate response of the IS auditor would be to: A. tress the importance of spending time at this point in the project to consider and document risks, and to develop contingency plans. B. accept the project manager's position as the project manager is accountable for the outcome of the project. C. offer to work with the risk manager when one is appointed. D. inform the project manager that the IS auditor will conduct a review of the risks at the completion of the requirements definition phase of the project. ANSWER: A NOTE: The majority of project risks can typically be i dentified before a project begins, allowing mitigation/avoidance plans to be put in place to deal with these risks.A project should have a clear link back to corporate strategy and tactical plans to support this strategy. The process of setting corporate strategy, setting objectives and developing tactical plans should include the consideration of risks. Appointing a risk manager is a good practice but waiting until the project has been impacted by risks is misguided. Risk management needs to be forward looking; allowing risks to evolve into issues that adversely impact the project represents a failure of risk management.With or without a risk manager, persons within and outside of the project team need to be consulted and encouraged to comment when they believe new risks have emerged or risk priorities have changed. The IS auditor has an obligation to the project sponsor and the organization to advise on appropriate project management practices. Waiting for the possible appointment of a risk manager represents an unnecessary and dangerous delay to implementing risk management. 19. A data center has a badge-entry system. Which of the following is MOST important to protect the computing assets in the center?A. Badge readers are installed in locations where tampering would be noticed B. The computer that controls the badge system is backed up frequently C. A process for promptly deactivating lost or stolen badges exists D. All badge entry attempts are logged ANSWER: C NOTE: Tampering with a badge reader cannot open the door, so this is irrelevant. Logging the entry attempts may be of limited value. The biggest risk is from unauthorized individuals who can enter the data center, whether they are employees or not. Thus, a process of deactivating lost or stolen badges is important.The configuration of the system does not change frequently, therefore frequent backup is not necessary. 20. Which of the following would impair the independence of a quality assurance tea m? A. Ensuring compliance with development methods B. Checking the testing assumptions C. Correcting coding errors during the testing process D. Checking the code to ensure proper documentation ANSWER: C NOTE: Correction of code should not be a responsibility of the quality assurance team as it would not ensure segregation of duties and would impair the team's independence. The other choices are valid quality assurance functions. 1. Which of the following is the BEST type of program for an organization to implement to aggregate, correlate and store different log and event files, and then produce weekly and monthly reports for IS auditors? A. A security information event management (SIEM) product B. An open-source correlation engine C. A log management tool D. An extract, transform, load (ETL) system ANSWER: C NOTE: A log management tool is a product designed to aggregate events from many log files (with distinct formats and from different sources), store them and typically correlate them offline to produce many reports (e. . , exception reports showing different statistics including anomalies and suspicious activities), and to answer time-based queries (e. g. , how many users have entered the system between 2 a. m. and 4 a. m. over the past three weeks? ). A SIEM product has some similar features. It correlates events from log files, but does it online and normally is not oriented to storing many weeks of historical information and producing audit reports. A correlation engine is part of a SIEM product. It is oriented to making an online correlation of events.An extract, transform, load (ETL) is part of a business intelligence system, dedicated to extracting operational or production data, transforming that data and loading them to a central repository (data warehouse or data mart); an ETL does not correlate data or produce reports, and normally it does not have extractors to read log file formats. 22. To ensure authentication, confidentiality and integrity of a message, the sender should encrypt the hash of the message with the sender's: A. public key and then encrypt the message with the receiver's private key. B. private key and then encrypt the message with the receiver's public key.C. public key and then encrypt the message with the receiver's public key. D. private key and then encrypt the message with the receiver's private key. ANSWER: B NOTE: Obtaining the hash of the message ensures integrity; signing the hash of the message with the sender's private key ensures the authenticity of the origin, and encrypting the resulting message with the receiver's public key ensures confidentiality. The other choices are incorrect. 23. An IS auditor observes a weakness in the tape management system at a data center in that some parameters are set to bypass or ignore tape header records.Which of the following is the MOST effective compensating control for this weakness? A. Staging and job set up B. Supervisory review of logs C. Regular back-up of tapes D. Offsite storage of tapes ANSWER: A NOTE: If the IS auditor finds that there are effective staging and job set up processes, this can be accepted as a compensating control. Choice B is a detective control while choices C and D are corrective controls, none of which would serve as good compensating controls. 24. What is the MOST prevalent security risk when an organization implements remote virtual private network (VPN) access to its network?A. Malicious code could be spread across the network B. VPN logon could be spoofed C. Traffic could be sniffed and decrypted D. VPN gateway could be compromised ANSWER: A NOTE: VPN is a mature technology; VPN devices are hard to break. However, when remote access is enabled, malicious code in a remote client could spread to the organization's network. Though choices B, C and D are security risks, VPN technology largely mitigates these risks. 25. The activation of an enterprise's business continuity plan should be based on predetermine d criteria that address the: A. duration of the outage. B. ype of outage. C. probability of the outage. D. cause of the outage. ANSWER: A NOTE: The initiation of a business continuity plan (action) should primarily be based on the maximum period for which a business function can be disrupted before the disruption threatens the achievement of organizational objectives. 26. After observing suspicious activities in a server, a manager requests a forensic analysis. Which of the following findings should be of MOST concern to the investigator? A. Server is a member of a workgroup and not part of the server domain B. Guest account is enabled on the server C.Recently, 100 users were created in the server D. Audit logs are not enabled for the server ANSWER: D NOTE: Audit logs can provide evidence which is required to proceed with an investigation and should not be disabled. For business needs, a server can be a member of a workgroup and, therefore, not a concern. Having a guest account enab led on a system is a poor security practice but not a forensic investigation concern. Recently creating 100 users in the server may have been required to meet business needs and should not be a concern. 27. Minimum password length and password complexity verification are examples of: A. etection controls. B. control objectives. C. audit objectives. D. control procedures. ANSWER: D NOTE: Control procedures are practices established by management to achieve specific control objectives. Password controls are preventive controls, not detective controls. Control objectives are declarations of expected results from implementing controls and audit objectives are the specific goals of an audit. 28. Which of the following is an advantage of the top-down approach to software testing? A. Interface errors are identified early B. Testing can be started before all programs are complete C.It is more effective than other testing approaches D. Errors in critical modules are detected sooner ANSWER: A NOTE: The advantage of the top-down approach is that tests of major functions are conducted early, thus enabling the detection of interface errors sooner. The most effective testing approach is dependent on the environment being tested. Choices B and D are advantages of the bottom-up approach to system testing. 29. After initial investigation, an IS auditor has reasons to believe that fraud may be present. The IS auditor should: A. expand activities to determine whether an investigation is warranted.B. report the matter to the audit committee. C. report the possibility of fraud to top management and ask how they would like to proceed. D. consult with external legal counsel to determine the course of action to be taken. ANSWER: A NOTE: An IS auditor's responsibilities for detecting fraud include evaluating fraud indicators and deciding whether any additional action is necessary or whether an investigation should be recommended. The IS auditor should notify the appropriate authoritie s within the organization only if it has determined that the indicators of fraud are sufficient to recommend an investigation.Normally, the IS auditor does not have authority to consult with external legal counsel. 30. As a driver of IT governance, transparency of IT's cost, value and risks is primarily achieved through: A. performance measurement. B. strategic alignment. C. value delivery. D. resource management. ANSWER: A NOTE: Performance measurement includes setting and monitoring measurable objectives of what the IT processes need to deliver (process outcome) and how they deliver it (process capability and performance). Strategic alignment primarily focuses on ensuring linkage of business and IT plans.Value delivery is about executing the value proposition throughout the delivery cycle. Resource management is about the optimal investment in and proper management of critical IT resources. Transparency is primarily achieved through performance measurement as it provides informati on to the stakeholders on how well the enterprise is performing when compared to objectives. 31. A technical lead who was working on a major project has left the organization. The project manager reports suspicious system activities on one of the servers that is accessible to the whole team.What would be of GREATEST concern if discovered during a forensic investigation? A. Audit logs are not enabled for the system B. A logon ID for the technical lead still exists C. Spyware is installed on the system D. A Trojan is installed on the system ANSWER: A NOTE: Audit logs are critical to the investigation of the event; however, if not enabled, misuse of the logon ID of the technical lead and the guest account could not be established. The logon ID of the technical lead should have been deleted as soon as the employee left the organization but, without audit logs, misuse of the ID is difficult to prove.Spyware installed on the system is a concern but could have been installed by any user an d, again, without the presence of logs, discovering who installed the spyware is difficult. A Trojan installed on the system is a concern, but it can be done by any user as it is accessible to the whole group and, without the presence of logs, investigation would be difficult. 32. When using a universal storage bus (USB) flash drive to transport confidential corporate data to an offsite location, an effective control would be to: A. carry the flash drive in a portable safe. B. assure management that you will not lose the flash drive. C. equest that management deliver the flash drive by courier. D. encrypt the folder containing the data with a strong key. ANSWER: D NOTE: Encryption, with a strong key, is the most secure method for protecting the information on the flash drive. Carrying the flash drive in a portable safe does not guarantee the safety of the information in the event that the safe is stolen or lost. No matter what measures you take, the chance of losing the flash drive still exists. It is possible that a courier might lose the flash drive or that it might be stolen. 33. The FIRST step in a successful attack to a system would be: A. gathering information. B. aining access. C. denying services. D. evading detection. ANSWER: A NOTE: Successful attacks start by gathering information about the target system. This is done in advance so that the attacker gets to know the target systems and their vulnerabilities. All of the other choices are based on the information gathered. 34. An IS auditor finds that conference rooms have active network ports. Which of the following is MOST important to ensure? A. The corporate network is using an intrusion prevention system (IPS) B. This part of the network is isolated from the corporate network C. A single sign-on has been implemented in the corporate network D.Antivirus software is in place to protect the corporate network ANSWER: B NOTE: If the conference rooms have access to the corporate network, unauthorized us ers may be able to connect to the corporate network; therefore, both networks should be isolated either via a firewall or being physically separated. An IPS would detect possible attacks, but only after they have occurred. A single sign-on would ease authentication management. Antivirus software would reduce the impact of possible viruses; however, unauthorized users would still be able to access the corporate network, which is the biggest risk. 5. While observing a full simulation of the business continuity plan, an IS auditor notices that the notification systems within the organizational facilities could be severely impacted by infrastructural damage. The BEST recommendation the IS auditor can provide to the organization is to ensure: A. the salvage team is trained to use the notification system. B. the notification system provides for the recovery of the backup. C. redundancies are built into the notification system. D. the notification systems are stored in a vault. ANSWER: CNO TE: If the notification system has been severely impacted by the damage, redundancy would be the best control. The salvage team would not be able to use a severely damaged notification system, even if they are trained to use it. The recovery of the backups has no bearing on the notification system and storing the notification system in a vault would be of little value if the building is damaged. 36. The human resources (HR) department has developed a system to allow employees to enroll in benefits via a web site on the corporate Intranet. Which of the following would protect the confidentiality of the data?A. SSL encryption B. Two-factor authentication C. Encrypted session cookies D. IP address verification ANSWER: A NOTE: The main risk in this scenario is confidentiality, therefore the only option which would provide confidentiality is Secure Socket Layer (SSL) encryption. The remaining options deal with authentication issues. 37. Regarding a disaster recovery plan, the role of an IS auditor should include: A. identifying critical applications. B. determining the external service providers involved in a recovery test. C. observing the tests of the disaster recovery plan. D. etermining the criteria for establishing a recovery time objective (RTO). ANSWER: C NOTE: The IS auditor should be present when disaster recovery plans are tested, to ensure that the test meets the targets for restoration, and the recovery procedures are effective and efficient. As appropriate, the auditor should provide a report of the test results. All other choices are a responsibility of management. 38. Which of the following is the BEST practice to ensure that access authorizations are still valid? A. Information owner provides authorization for users to gain access B. Identity management is integrated with human resource processes C.Information owners periodically review the access controls D. An authorization matrix is used to establish validity of access ANSWER: B NOTE: Personnel a nd departmental changes can result in authorization creep and can impact the effectiveness of access controls. Many times when personnel leave an organization, or employees are promoted, transferred or demoted, their system access is not fully removed, which increases the risk of unauthorized access. The best practices for ensuring access authorization is still valid is to integrate identity management with human resources processes.When an employee transfers to a different function, access rights are adjusted at the same time. 39. The application systems of an organization using open-source software have no single recognized developer producing patches. Which of the following would be the MOST secure way of updating open-source software? A. Rewrite the patches and apply them B. Code review and application of available patches C. Develop in-house patches D. Identify and test suitable patches before applying them ANSWER: D NOTE: Suitable patches from the existing developers should be selected and tested before applying them.Rewriting the patches and applying them is not a correct answer because it would require skilled resources and time to rewrite the patches. Code review could be possible but tests need to be performed before applying the patches. Since the system was developed outside the organization, the IT department may not have the necessary skills and resources to develop patches. 40. Which of the following is a prevalent risk in the development of end-user computing (EUC) applications? A. Applications may not be subject to testing and IT general controls B. Increased development and maintenance costsC. Increased application development time D. Decision-making may be impaired due to diminished responsiveness to requests for information ANSWER: A NOTE: End-user developed applications may not be subjected to an independent outside review by systems analysts and frequently are not created in the context of a formal development methodology. These applicati ons may lack appropriate standards, controls, quality assurance procedures, and documentation. A risk of end-user applications is that management may rely on them as much as traditional applications.End-user computing (EUC) systems typically result in reduced application development and maintenance costs, and a reduced development cycle time. EUC systems normally increase flexibility and responsiveness to management's information requests. 41. The MAJOR consideration for an IS auditor reviewing an organization's IT project portfolio is the: A. IT budget. B. existing IT environment. C. business plan. D. investment plan. ANSWER: C NOTE: One of the most important reasons for which projects get funded is how well a project meets an organization's strategic objectives.Portfolio management takes a holistic view of a company's overall IT strategy. IT strategy should be aligned with the business strategy and, hence, reviewing the business plan should be the major consideration. Choices A, B and D are important but secondary to the importance of reviewing the business plan. 42. Which of the following is an attribute of the control self-assessment (CSA) approach? A. Broad stakeholder involvement B. Auditors are the primary control analysts C. Limited employee participation D. Policy driven ANSWER: ANOTE: The control self-assessment (CSA) approach emphasizes management of and accountability for developing and monitoring the controls of an organization's business processes. The attributes of CSA include empowered employees, continuous improvement, extensive employee participation and training, all of which are representations of broad stakeholder involvement. Choices B, C and D are attributes of a traditional audit approach. 43. The BEST method for assessing the effectiveness of a business continuity plan is to review the: A. plans and compare them to appropriate standards. B. results from previous tests.C. emergency procedures and employee training. D. offsite storage an d environmental controls. ANSWER: B NOTE: Previous test results will provide evidence of the effectiveness of the business continuity plan. Comparisons to standards will give some assurance that the plan addresses the critical aspects of a business continuity plan but will not reveal anything about its effectiveness. Reviewing emergency procedures, offsite storage and environmental controls would provide insight into some aspects of the plan but would fall short of providing assurance of the plan's overall effectiveness. 4. An organization has just completed their annual risk assessment. Regarding the business continuity plan, what should an IS auditor recommend as the next step for the organization? A. Review and evaluate the business continuity plan for adequacy B. Perform a full simulation of the business continuity plan C. Train and educate employees regarding the business continuity plan D. Notify critical contacts in the business continuity plan ANSWER: A NOTE: The business co ntinuity plan should be reviewed every time a risk assessment is completed for the organization.Training of the employees and a simulation should be performed after the business continuity plan has been deemed adequate for the organization. There is no reason to notify the business continuity plan contacts at this time. 45. Which of the following insurance types provide for a loss arising from fraudulent acts by employees? A. Business interruption B. Fidelity coverage C. Errors and omissions D. Extra expense ANSWER: B NOTE: Fidelity insurance covers the loss arising from dishonest or fraudulent acts by employees. Business interruption insurance covers the loss of profit due to the disruption in the operations of an organization.Errors and omissions insurance provides legal liability protection in the event that the professional practitioner commits an act that results in financial loss to a client. Extra expense insurance is designed to cover the extra costs of continuing operations following a disaster/disruption within an organization. 46. An IS auditor reviewing the risk assessment process of an organization should FIRST: A. identify the reasonable threats to the information assets. B. analyze the technical and organizational vulnerabilities. C. identify and rank the information assets. D. evaluate the effect of a potential security breach.ANSWER: C NOTE: Identification and ranking of information assets—e. g. , data criticality, locations of assets—will set the tone or scope of how to assess risk in relation to the organizational value of the asset. Second, the threats facing each of the organization's assets should be analyzed according to their value to the organization. Third, weaknesses should be identified so that controls can be evaluated to determine if they mitigate the weaknesses. Fourth, analyze how these weaknesses, in absence of given controls, would impact the organization information assets. 47.An organization is using an enterpr ise resource management (ERP) application. Which of the following would be an effective access control? A. User-level permissions B. Role-based C. Fine-grained D. Discretionary ANSWER: B NOTE: Role-based access controls the system access by defining roles for a group of users. Users are assigned to the various roles and the access is granted based on the user's role. User-level permissions for an ERP system would create a larger administrative overhead. Fine-grained access control is very difficult to implement and maintain in the context of a large nterprise. Discretionary access control may be configured or modified by the users or data owners, and therefore may create inconsistencies in the access control management. 48. The sender of a public key would be authenticated by a: A. certificate authority. B. digital signature. C. digital certificate. D. registration authority. ANSWER: C NOTE: A digital certificate is an electronic document that declares a public key holder is who the holder claims to be. The certificates do handle data authentication as they are used to determine who sent a particular message.A certificate authority issues the digital certificates, and distributes, generates and manages public keys. A digital signature is used to ensure integrity of the message being sent and solve the nonrepudiation issue of message origination. The registration authority would perform most of the administrative tasks of a certificate authority, i. e. , registration of the users of a digital signature plus authenticating the information that is put in the digital certificate. 49. Which of the following is the MOST reliable form of single factor personal identification? A. Smart card B. PasswordC. Photo identification D. Iris scan ANSWER: D NOTE: Since no two irises are alike, identification and verification can be done with confidence. There is no guarantee that a smart card is being used by the correct person since it can be shared, stolen or lost and found. Passwords can be shared and, if written down, carry the risk of discovery. Photo IDs can be forged or falsified. 50. A business application system accesses a corporate database using a single ID and password embedded in a program. Which of the following would provide efficient access control over the organization's data? A.Introduce a secondary authentication method such as card swipe B. Apply role-based permissions within the application system C. Have users input the ID and password for each database transaction D. Set an expiration period for the database password embedded in the program ANSWER: B NOTE: When a single ID and password are embedded in a program, the best compensating control would be a sound access control over the application layer and procedures to ensure access to data is granted based on a user's role. The issue is user permissions, not authentication, therefore adding a stronger authentication does not improve the situation.Having a user input the ID and passwo rd for access would provide a better control because a database log would identify the initiator of the activity. However, this may not be efficient because each transaction would require a separate authentication process. It is a good practice to set an expiration date for a password. However, this might not be practical for an ID automatically logged in from the program. Often, this type of password is set not to expire. 51. Which of the following should be the MOST important consideration when deciding areas of priority for IT governance implementation?A. Process maturity B. Performance indicators C. Business risk D. Assurance reports ANSWER: C NOTE: Priority should be given to those areas which represent a known risk to the enterprise's operations. The level of process maturity, process performance and audit reports will feed into the decision making process. Those areas that represent real risk to the business should be given priority. 52. An IS auditor has been asked to partic ipate in project initiation meetings for a critical project. The IS auditor's MAIN concern should be that the: A. omplexity and risks associated with the project have been analyzed. B. resources needed throughout the project have been determined. C. project deliverables have been identified. D. a contract for external parties involved in the project has been completed. ANSWER: A NOTE: Understanding complexity and risk, and actively managing these throughout a project are critical to a successful outcome. The other choices, while important during the course of the project, cannot be fully determined at the time the project is initiated, and are often contingent upon the risk and complexity of the project. 3. Which of the following would MOST effectively control the usage of universal storage bus (USB) storage devices? A. Policies that require instant dismissal if such devices are found B. Software for tracking and managing USB storage devices C. Administratively disabling the USB por t D. Searching personnel for USB storage devices at the facility's entrance ANSWER: B NOTE: Software for centralized tracking and monitoring would allow a USB usage policy to be applied to each user based on changing business requirements, and would provide for monitoring and reporting exceptions to management.A policy requiring dismissal may result in increased employee attrition and business requirements would not be properly addressed. Disabling ports would be complex to manage and might not allow for new business needs. Searching of personnel for USB storage devices at the entrance to a facility is not a practical solution since these devices are small and could be easily hidden. 54. When performing a database review, an IS auditor notices that some tables in the database are not normalized. The IS auditor should next: A. recommend that the database be normalized. B. review the conceptual data model.C. review the stored procedures. D. review the justification. ANSWER: D NOTE: If the database is not normalized, the IS auditor should review the justification since, in some situations, denormalization is recommended for performance reasons. The IS auditor should not recommend normalizing the database until further investigation takes place. Reviewing the conceptual data model or the stored procedures will not provide information about normalization. 55. Which of the following would be the GREATEST cause for concern when data are sent over the Internet using HTTPS protocol? A.Presence of spyware in one of the ends B. The use of a traffic sniffing tool C. The implementation of an RSA-compliant solution D. A symmetric cryptography is used for transmitting data ANSWER: A NOTE: Encryption using secure sockets layer/transport layer security (SSL/TLS) tunnels makes it difficult to intercept data in transit, but when spyware is running on an end user's computer, data are collected before encryption takes place. The other choices are related to encrypting the traffic, but the presence of spyware in one of the ends captures the data before encryption takes place. 56.At the completion of a system development project, a postproject review should include which of the following? A. Assessing risks that may lead to downtime after the production release B. Identifying lessons learned that may be applicable to future projects C. Verifying the controls in the delivered system are working D. Ensuring that test data are deleted ANSWER: B NOTE: A project team has something to learn from each and every project. As risk assessment is a key issue for project management, it is important for the organization to accumulate lessons learned and integrate them into future projects.An assessment of potential downtime should be made with the operations group and other specialists before implementing a system. Verifying that controls are working should be covered during the acceptance test phase and possibly, again, in the postimplementation review. Test data should be retained for future regression testing. 57. While reviewing the IT infrastructure, an IS auditor notices that storage resources are continuously being added. The IS auditor should: A. recommend the use of disk mirroring. B. review the adequacy of offsite storage. C. eview the capacity management process. D. recommend the use of a compression algorithm. ANSWER: C NOTE: Capacity management is the planning and monitoring of computer resources to ensure that available IT resources are used efficiently and effectively. Business criticality must be considered before recommending a disk mirroring solution and offsite storage is unrelated to the problem. Though data compression may save disk space, it could affect system performance. 58. Which of the following would be MOST important for an IS auditor to verify when conducting a business continuity audit? A.Data backups are performed on a timely basis B. A recovery site is contracted for and available as needed C. Human safety procedures a re in place D. Insurance coverage is adequate and premiums are current ANSWER: C NOTE: The most important element in any business continuity process is the protection of human life. This takes precedence over all other aspects of the plan. 59. While reviewing sensitive electronic work papers, the IS auditor noticed that they were not encrypted. This could compromise the: A. audit trail of the versioning of the work papers. B. approval of the audit phases.C. access rights to the work papers. D. confidentiality of the work papers. ANSWER: D NOTE: Encryption provides confidentiality for the electronic work papers. Audit trails, audit phase approvals and access to the work papers do not, of themselves, affect the confidentiality but are part of the reason for requiring encryption. 60. An IS auditor reviewing an accounts payable system discovers that audit logs are not being reviewed. When this issue is raised with management the response is that additional controls are not necessary bec ause effective system access controls are in place.The BEST response the auditor can make is to: A. review the integrity of system access controls. B. accept management's statement that effective access controls are in place. C. stress the importance of having a system control framework in place. D. review the background checks of the accounts payable staff. ANSWER: C NOTE: Experience has demonstrated that reliance purely on preventative controls is dangerous. Preventative controls may not prove to be as strong as anticipated or their effectiveness can deteriorate over time.Evaluating the cost of controls versus the quantum of risk is a valid management concern. However, in a high-risk system a comprehensive control framework is needed. Intelligent design should permit additional detective and corrective controls to be established that don't have high ongoing costs, e. g. , automated interrogation of logs to highlight suspicious individual transactions or data patterns. Effective ac cess controls are, in themselves, a positive but, for reasons outlined above, may not sufficiently compensate for other control weaknesses. In this situation the IS auditor needs to be proactive.The IS auditor has a fundamental obligation to point out control weaknesses that give rise to unacceptable risks to the organization and work with management to have these corrected. Reviewing background checks on accounts payable staff does not provide evidence that fraud will not occur. 61. A firewall is being deployed at a new location. Which of the following is the MOST important factor in ensuring a successful deployment? A. Reviewing logs frequently B. Testing and validating the rules C. Training a local administrator at the new location D. Sharing firewall administrative dutiesANSWER: B NOTE: A mistake in the rule set can render a firewall insecure. Therefore, testing and validating the rules is the most important factor in ensuring a successful deployment. A regular review of log fil es would not start until the deployment has been completed. Training a local administrator may not be necessary if the firewalls are managed from a central location. Having multiple administrators is a good idea, but not the most important. 62. When evaluating the controls of an EDI application, an IS auditor should PRIMARILY be concerned with the risk of: A. xcessive transaction turnaround time. B. application interface failure. C. improper transaction authorization. D. nonvalidated batch totals. ANSWER: C NOTE: Foremost among the risks associated with electronic data interchange (EDI) is improper transaction authorization. Since the interaction with the parties is electronic, there is no inherent authentication. The other choices, although risks, are not as significant. 63. The PRIMARY objective of implementing corporate governance by an organization's management is to: A. provide strategic direction. B. control business operations.C. align IT with business. D. implement best prac tices. ANSWER: A NOTE: Corporate governance is a set of management practices to provide strategic direction, thereby ensuring that goals are achievable, risks are properly addressed and organizational resources are properly utilized. Hence, the primary objective of corporate governance is to provide strategic direction. Based on the strategic direction, business operations are directed and controlled. 64. To determine if unauthorized changes have been made to production code the BEST audit procedure is to: A. xamine the change control system records and trace them forward to object code files. B. review access control permissions operating within the production program libraries. C. examine object code to find instances of changes and trace them back to change control records. D. review change approved designations established within the change control system. ANSWER: C NOTE: The procedure of examining object code files to establish instances of code changes and tracing these back t o change control system records is a substantive test that directly addresses the risk of unauthorized code changes.The other choices are valid procedures to apply in a change control audit but they do not directly address the risk of unauthorized code changes. 65. When reviewing an active project, an IS auditor observed that, because of a reduction in anticipated benefits and increased costs, the business case was no longer valid. The IS auditor should recommend that the: A. project be discontinued. B. business case be updated and possible corrective actions be identified. C. project be returned to the project sponsor for reapproval. D. project be ompleted and the business case be updated later. ANSWER: B NOTE: An IS auditor should not recommend discontinuing or completing the project before reviewing an updated business case. The IS auditor should recommend that the business case be kept current throughout the project since it is a key input to decisions made throughout the life o f any project. 66. Which of the following audit techniques would BEST aid an auditor in determining whether there have been unauthorized program changes since the last authorized program update? A. Test data run B. Code review C.Automated code comparison D. Review of code migration procedures ANSWER: C NOTE: An automated code comparison is the process of comparing two versions of the same program to determine whether the two correspond. It is an efficient technique because it is an automated procedure. Test data runs permit the auditor to verify the processing of preselected transactions, but provide no evidence about unexercised portions of a program. Code review is the process of reading program source code listings to determine whether the code contains potential errors or inefficient statements.A code review can be used as a means of code comparison but it is inefficient. The review of code migration procedures would not detect program changes. 67. Doing which of the following d uring peak production hours could result in unexpected downtime? A. Performing data migration or tape backup B. Performing preventive maintenance on electrical systems C. Promoting applications from development to the staging environment D. Replacing a failed power supply in the core router of the data center ANSWER: B NOTE: Choices A and C are processing events which may impact performance, but ould not cause downtime. Enterprise-class routers have redundant hot-swappable power supplies, so replacing a failed power supply should not be an issue. Preventive maintenance activities should be scheduled for non-peak times of the day, and preferably during a maintenance window time period. A mishap or incident caused by a maintenance worker could result in unplanned downtime. 68. Which of the following is the MOST robust method for disposing of magnetic media that contains confidential information? A. Degaussing B. Defragmenting C. Erasing D. Destroying ANSWER: DNOTE: Destroying magnetic media is the only way to assure that confidential information cannot be recovered. Degaussing or demagnetizing is not sufficient to fully erase information from magnetic media. The purpose of defragmentation is to eliminate fragmentation in file systems and does not remove information. Erasing or deleting magnetic media does not remove the information; this method simply changes a file's indexing information. 69. The MAIN criterion for determining the severity level of a service disruption incident is: A. cost of recovery. B. negative public opinion. C. geographic location. D. downtime.ANSWER: D NOTE: The longer the period of time a client cannot be serviced, the greater the severity of the incident. The cost of recovery could be minimal yet the service downtime could have a major impact. Negative public opinion is a symptom of an incident. Geographic location does not determine the severity of the incident. 70. During the design of a business continuity plan, the business impact a nalysis (BIA) identifies critical processes and supporting applications. This will PRIMARILY influence the: A. responsibility for maintaining the business continuity plan. B. criteria for selecting a recovery site provider.C. recovery strategy. D. responsibilities of key personnel. ANSWER: C NOTE: The most appropriate strategy is selected based on the relative risk level and criticality identified in the business impact analysis (BIA. ), The other choices are made after the selection or design of the appropriate recovery strategy. 71. What is the lowest level of the IT governance maturity model where an IT balanced scorecard exists? A. Repeatable but Intuitive B. Defined C. Managed and Measurable D. Optimized ANSWER: B NOTE: Defined (level 3) is the lowest level at which an IT balanced scorecard is defined. 2. During the system testing phase of an application development project the IS auditor should review the: A. conceptual design specifications. B. vendor contract. C. error repor ts. D. program change requests. ANSWER: C NOTE: Testing is crucial in determining that user requirements have been validated. The IS auditor should be involved in this phase and review error reports for their precision in recognizing erroneous data and review the procedures for resolving errors. A conceptual design specification is a document prepared during the requirements definition phase. A vendor ontract is prepared during a software acquisition process. Program change requests would normally be reviewed as a part of the postimplementation phase. 73. When reviewing procedures for emergency changes to programs, the IS auditor should verify that the procedures: A. allow changes, which will be completed using after-the-fact follow-up. B. allow undocumented changes directly to the production library. C. do not allow any emergency changes. D. allow programmers permanent access to production programs. ANSWER: A NOTE: There may be situations where emergency fixes are required to resol ve system problems.This involves the use of special logon IDs that grant programmers temporary access to production programs during emergency situations. Emergency changes should be completed using after-the-fact follow-up procedures, which ensure that normal procedures are retroactively applied; otherwise, production may be impacted. Changes made in this fashion should be held in an emergency library from where they can be moved to the production library, following the normal change management process. Programmers should not directly alter the production library nor should they be allowed permanent access to production programs. 4. Though management has stated otherwise, an IS auditor has reasons to believe that the organization is using software that is not licensed. In this situation, the IS auditor should: A. include the statement of management in the audit report. B. identify whether such software is, indeed, being used by the organization. C. reconfirm with management the usag e of the software. D. discuss the issue with senior management since reporting this could have a negative impact on the organization. ANSWER: B NOTE: When there is an indication that an organization might be using nlicensed software, the IS auditor should obtain sufficient evidence before including it in the report. With respect to this matter, representations obtained from management cannot be independently verified. If the organization is using software that is not licensed, the auditor, to maintain objectivity and independence, must include this in the report. 75. Which of the following would be BEST prevented by a raised floor in the computer machine room? A. Damage of wires around computers and servers B. A power failure from static electricity C. Shocks from earthquakes D. Water flood damage ANSWER: ANOTE: The primary reason for having a raised floor is to enable power cables and data cables to be installed underneath the floor. This eliminates the safety and damage risks pose d when cables are placed in a spaghetti-like fashion on an open floor. Static electricity should be avoided in the machine room; therefore, measures such as specially manufactured carpet or shoes would be more appropriate for static prevention than a raised floor. Raised floors do not address shocks from earthquakes. To address earthquakes, anti-seismic architecture would be required to establish a quake-resistant structural framework.Computer equipment needs to be protected against water. However, a raised floor would not prevent damage to the machines in the event of overhead water pipe leakage. 76. The network of an organization has been the victim of several intruders' attacks. Which of the following measures would allow for the early detection of such incidents? A. Antivirus software B. Hardening the servers C. Screening routers D. Honeypots ANSWER: D NOTE: Honeypots can collect data on precursors of attacks. Since they serve no business function, honeypots are hosts that have no authorized users other than the honeypot administrators.All activity directed at them is considered suspicious. Attackers will scan and attack honeypots, giving administrators data on new trends and attack tools, particularly malicious code. However, honeypots are a supplement to, not a replacement for, properly securing networks, systems and applications. If honeypots are to be used by an organization, qualified incident handlers and intrusion detection analysts should manage them. The other choices do not provide indications of potential attacks. 77. The purpose of a deadman door controlling access to a computer facility is primarily to: A. prevent piggybacking.B. prevent toxic gases from entering the data center. C. starve a fire of oxygen. D. prevent an excessively rapid entry to, or exit from, the facility. ANSWER: A NOTE: The purpose of a deadman door controlling access to a computer facility is primarily intended to prevent piggybacking. Choices B and C could be accomplish ed with a single self-closing door. Choice D is invalid, as a rapid exit may be necessary in some circumstances, e. g. , a fire. 78. The MOST important reason for an IS auditor to obtain sufficient and appropriate audit evidence is to: A. comply with regulatory requirements. B. rovide a basis for drawing reasonable conclusions. C. ensure complete audit coverage. D. perform the audit according to the defined scope. ANSWER: B NOTE: The scope of an IS audit is defined by its objectives. This involves identifying control weaknesses relevant to the scope of the audit. Obtaining sufficient and appropriate evidence assists the auditor in not only identifying control weaknesses but also documenting and validating them. Complying with regulatory requirements, ensuring coverage and the execution of audit are all relevant to an audit but are not the reason why sufficient and relevant evidence is required. 9. During the audit of a database server, which of the following would be considered the GREATEST exposure? A. The password does not expire on the administrator account B. Default global security settings for the database remain unchanged C. Old data have not been purged D. Database activity is not fully logged ANSWER: B NOTE: Default security settings for the database could allow issues like blank user passwords or passwords that were the same as the username. Logging all database activity is not practical. Failure to purge old data may present a performance issue but is not an immediate security concern.Choice A is an exposure but not as serious as B. 80. An IS auditor finds that a DBA has read and write access to production data. The IS auditor should: A. accept the DBA access as a common practice. B. assess the controls relevant to the DBA function. C. recommend the immediate revocation of the DBA access to production data. D. review user access authorizations approved by the DBA. ANSWER: B NOTE: It is good practice when finding a potential exposure to look for the best controls. Though granting the database administrator (DBA) access to production data might be a common practice, the IS auditor should evaluate the relevant controls.The DBA should have access based on a need-to-know and need-to-do basis; therefore, revocation may remove the access required. The DBA, typically, may need to have access to some production data. Granting user authorizations is the responsibility of the data owner and not the DBA. 81. What should be the GREATEST concern to an IS auditor when employees use portable media (MP3 players, flash drives)? A. The copying of sensitive data on them B. The copying of songs and videos on them C. The cost of these devices multipl