This action might not be possible to undo. Are you sure you want to continue?
A virtual private network (VPN) provides data confidentiality by using: 1)Secure Sockets Layer (SSL) 2)Tunnelling 3)Digital signatures 4)Phishing5) You have selected 0. But Right Answer is: 2 2.To minimize the cost of a software project, quality management techniques should be applied 1)as close to their writing (i.e., point of origination) as possible 2)primarily at project start-up to ensure that the project is established in accordance with organizational governance standards 3)continuously throughout the project with an emphasis on finding and fixing defects primarily during testing to maximize the defect detection rate 4)mainly at project close-down to capture lessons learned that can be applied to future projects5) You have selected 0. But Right Answer is: 3 3.An organization has been recently downsized. In light of this, an IS auditor decides to test logical access controls. The IS auditor's PRIMARY concern should be that 1)all system access is authorized and appropriate for an individual's role and responsibilities. 2)management has authorized appropriate access for all newly-hired individuals 3)only the system administrator has authority to grant or modify access to individuals 4)access authorization forms are used to grant or modify access to individuals5) You have selected 0. But Right Answer is: 1 4.An organization is considering connecting a critical PC-based system to the Internet. Which of the following would provide the BEST protection against hacking? 1)An application-level gateway 2)A remote access server 3)A proxy server 4)Port scanning5) You have selected 0. But Right Answer is: 1 5.In an organization where an IT security baseline has been defined, an IS auditor should FIRST ensure 1)implementation 2)compliance 3)documentation 4)sufficiency.5) You have selected 0. But Right Answer is: 4 6.Which of the following BEST ensures the integrity of a server's operating system? 1)Protecting the server in a secure location 2)Setting a boot password 3)Hardening the server configuration 4)Implementing activity logging5) You have selected 0. But Right Answer is: 3 7.A company uses a bank to process its weekly payroll. Time sheets and payroll adjustment forms (e.g., hourly rate changes, terminations) are completed and delivered to the bank, which prepares checks (cheques) and reports for distribution. To BEST ensure payroll data accuracy: 1)payroll reports should be compared to input forms 2)gross payroll should be recalculated manually 3)checks (cheques) should be compared to input forms 4)checks (cheques) should be reconciled with output reports5) You have selected 0. But Right Answer is: 1 8.Which of the following is the BEST audit procedure to determine if a firewall is configured in compliance with an organization's security policy?
But Right Answer is: 1 12. But Right Answer is: 2 11.The use of digital signatures 1)requires the use of a one-time password generator 2)provides encryption to a message 3)validates the source of a message. This action provides assurance of the 1)date and time stamp of the message 2)identity of the originating computer 3)confidentiality of the message's content 4)authenticity of the sender5) You have selected 0. But Right Answer is: 4 13. But Right Answer is: 3 .The MOST significant security concern when using flash memory (e. 2)Interview the firewall administrator 3)Review the actual procedures 4)Review the device's log file for recent attacks5) You have selected 0.Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization's change control procedures? 1)Review software migration records and verify approvals 2)Identify changes that have occurred and verify approvals 3)Review change control documentation and verify approvals 4)Ensure that only appropriate staff can migrate changes into production.1)Review the parameter settings. But Right Answer is: 3 16. But Right Answer is: 1 14.Which of the following represents the GREATEST potential risk in an EDI environment? 1)Transaction authorization 2)Loss or duplication of EDI transmissions 3)Transmission delay 4)Deletion or manipulation of transactions prior to or after establishment of application controls5) You have selected 0.A sender of an e-mail message applies a digital signature to the digest of the message.With the help of a security officer. 4)ensures message confidentiality5) You have selected 0.In a public key infrastructure (PKI).5) You have selected 0. But Right Answer is: 1 10. But Right Answer is: 1 9. But Right Answer is: 1 15. which of the following may be relied upon to prove that an online transaction was authorized by a specific customer? 1)Nonrepudiation 2)Encryption 3)Authentication 4)Integrity5) You have selected 0.g. USB removable disk) is that the: 1)contents are highly volatile 2)data cannot be backed up 3)data can be copied 4)device may not be compatible with other peripherals5) You have selected 0..Which of the following virus prevention techniques can be implemented through hardware? 1)Remote booting 2)Heuristic scanners 3)Behavior blockers 4)Immunizers5) You have selected 0. granting access to data is the responsibility of: 1)data owners 2)programmers 3)system analysts 4)librarians5) You have selected 0.
But Right Answer is: 3 20.17. an employee performs computer operations and. But Right Answer is: 3 22. when the situation demands. Which of the following should the IS auditor recommend? 1)Automated logging of changes to development libraries 2)Additional staff to provide separation of duties 3)Procedures that verify that only approved program changes are implemented 4)Access controls to prevent the operator from making program modifications5) You have selected 0.In addition to the backup considerations for all systems. program modifications.A local area network (LAN) administrator normally would be restricted from 1)having end-user responsibilities 2)reporting to the end-user manager 3)having programming responsibilities 4)being responsible for LAN security administration5) You have selected 0. it is MOST important to: 1)finish writing user manuals 2)perform user acceptance testing 3)add last-minute enhancements to functionalities 4)ensure that the code has been documented and reviewed5) You have selected 0.The feature of a digital signature that ensures the sender cannot later deny generating and sending the message is called: 1)data integrity 2)authentication 3)nonrepudiation 4)replay protection5) You have selected 0.The database administrator (DBA) suggests that DB efficiency can be improved by denormalizing some tables. But Right Answer is: 2 24. But Right Answer is: 2 19. which of the following is an important consideration in providing backup for online systems? 1)Maintaining system software parameters 2)Ensuring periodic dumps of transaction logs 3)Ensuring grandfather-father-son file backups 4)Maintaining important data at an offsite location5) You have selected 0.When a new system is to be implemented within a short time frame. audit and control5) You have selected 0.An IS auditor is performing an audit of a network operating system.In a small organization.Two-factor authentication can be circumvented through which of the following attacks? 1)Denial-of-service 2)Man-in-the-middle 3)Key logging 4)Brute force5) You have selected 0. But Right Answer is: 1 21. This would result in 1)loss of confidentiality 2)increased redundancy 3)unauthorized accesses 4)application malfunctions5) . But Right Answer is: 2 23. Which of the following is a user feature the IS auditor should review? 1)Availability of online network documentation 2)Support of terminal access to remote hosts 3)Handling file transfer between hosts and interuser communications 4)Performance management. But Right Answer is: 3 18.
An IS auditor performing a review of the backup processing facilities should be MOST concerned that 1)adequate fire insurance exists. But Right Answer is: 3 28. But Right Answer is: 3 27. reliability and integrity of data? 1)Secure Sockets Layer (SSL) 2)Intrusion detection system (IDS) 3)Public key infrastructure (PKI) 4)Virtual private network (VPN)5) You have selected 0.You have selected 0. But Right Answer is: 2 25.The extent to which data will be collected during an IS audit should be determined based on the . But Right Answer is: 1 30.To ensure that audit resources deliver the best value to the organization. 2)regular hardware maintenance is performed 3)offsite storage of transaction and master files exists 4)backup processing facilities are fully tested5) You have selected 0. But Right Answer is: 1 31. the FIRST step would be to: 1)schedule the audits and monitor the time spent on each audit 2)train the IS audit staff on current technology used in the company 3)develop the audit plan on the basis of a detailed risk assessment 4)monitor progress of audits and initiate cost control measures5) You have selected 0.Which of the following sampling methods is MOST useful when testing for compliance? 1)Attribute sampling 2)Variable sampling 3)Stratified mean per unit 4)Difference estimation5) You have selected 0.To determine which users can gain access to the privileged supervisory state.The BEST overall quantitative measure of the performance of biometric control devices is 1)false-rejection rate 2)false-acceptance rate. But Right Answer is: 4 26. 3)equal-error rate 4)estimated-error rate5) You have selected 0.Disaster recovery planning (DRP) addresses the 1)technological aspect of business continuity planning 2)operational piece of business continuity planning 3)functional aspect of business continuity planning 4)overall coordination of business continuity planning5) You have selected 0.Which of the following would be the BEST overall control for an Internet business looking for confidentiality. But Right Answer is: 3 29. But Right Answer is: 3 32. which of the following should an IS auditor review? 1)System access log files 2)Enabled access control software parameters 3)Logs of access control violations 4)System configuration files for control options used5) You have selected 0.
the use of which of the following keys would prevent deletion of a row from a customer table as long as the customer number of that row is stored with live orders on the orders table? 1)Foreign key 2)Primary key 3)Secondary key 4)Public key5) You have selected 0. But Right Answer is: 1 36.1)availability of critical and required information 2)auditor's familiarity with the circumstances 3)auditee's ability to find relevant evidence 4)purpose and scope of the audit being done5) You have selected 0. 2)increase the length of the recovery time and the cost of recovery 3)reduce the duration of the recovery time and increase the cost of recovery 4)affect neither the recovery time nor the cost of recovery5) You have selected 0. But Right Answer is: 2 37.A hacker could obtain passwords without the use of computer tools or programs through the technique of: 1)social engineering 2)sniffers 3)back doors 4)Trojan horses5) You have selected 0. But Right Answer is: 1 39. But Right Answer is: 4 34.Which of the following would MOST effectively reduce social engineering incidents? 1)Security awareness training 2)Increased physical security measures 3)E-mail monitoring policy 4)Intrusion detection systems5) You have selected 0. But Right Answer is: 1 38.What is the BEST backup strategy for a large database with data supporting online sales? 1)Weekly full backup with daily incremental backup 2)Daily full backup 3)Clustered servers 4)Mirrored hard disks5) You have selected 0.During a review of a business continuity plan.In a relational database with referential integrity.Which of the following will prevent dangling tuples in a database? 1)Cyclic integrity 2)Domain integrity 3)Relational integrity 4)Referential integrity5) You have selected 0. But Right Answer is: 4 33.Which of the following is an appropriate test method to apply to a business continuity plan (BCP)? 1)Pilot 2)Paper 3)Unit 4)System5) . But Right Answer is: 1 35. But Right Answer is: 1 40.A disaster recovery plan for an organization should 1)reduce the length of the recovery time and the cost of recovery. The MAJOR risk associated with this is that: 1)assessment of the situation may be delayed 2)execution of the disaster recovery plan could be impacted 3)notification of the teams might not occur 4)potential crisis recognition might be ineffective5) You have selected 0. an IS auditor noticed that the point at which a situation is declared to be a crisis has not been defined.
Which of the following could be caused by the length of the cable? 1)Electromagnetic interference (EMI) 2)Cross-talk 3)Dispersion 4)Attenuation5) You have selected 0.The vice president of human resources has requested an audit to identify payroll overpayments for the previous year. But Right Answer is: 2 41.The PRIMARY objective of performing a postincident review is that it presents an opportunity to: 1)improve internal control procedures 2)harden the network to industry best practices 3)highlight the importance of incident response management to management 4)improve employee awareness of the incident response process5) You have selected 0. Which of the following controls should the IS auditor recommend to avoid this situation? 1)Log all table update transactions 2)Implement before-and-after image reporting.Which of the following is the BEST method for preventing the leakage of confidential information in a laptop computer? 1)Encrypt the hard disk with the owner's public key 2)Enable the boot password (hardware-based password).Which of the following is a feature of Wi-Fi Protected Access (WPA) in wireless networks? 1)Session keys are dynamic 2)Private symmetric keys are used 3)Keys are static and shared 4)Source addresses are not encrypted or authenticated5) .Data flow diagrams are used by IS auditors to: 1)order data hierarchically 2)highlight high-level data definitions 3)graphically summarize data paths and storage 4)portray step-by-step details of data generation5) You have selected 0. 3)Use a biometric authentication device 4)Use twofactor authentication to logon to the notebook5) You have selected 0.An installed Ethernet cable run in an unshielded twisted pair (UTP) network is more than 100 meters long.You have selected 0. But Right Answer is: 4 45. But Right Answer is: 1 46. But Right Answer is: 3 47. But Right Answer is: 2 44. But Right Answer is: 1 43. 3)Use tracing and tagging 4)Implement integrity constraints in the database5) You have selected 0. But Right Answer is: 2 42.An IS auditor finds out-of-range data in some tables of a database. Which would be the BEST audit technique to use in this situation? 1)Test data 2)Generalized audit software (IDEA/ACL) 3)Integrated test facility 4)Embedded audit module5) You have selected 0. But Right Answer is: 4 48.Which of the following antivirus software implementation strategies would be the MOST effective in an interconnected corporate network? 1)Server antivirus software 2)Virus walls 3)Workstation antivirus software 4)Virus signature updating5) You have selected 0.
Which of the following methods of suppressing a fire in a data center is the MOST effective and environmentally friendly? 1)Halon gas 2)Wet-pipe sprinklers 3)Dry-pipe sprinklers 4)Carbon dioxide gas5) You have selected 0. But Right Answer is: 1 49.When an employee is terminated from service. But Right Answer is: 2 52. But Right Answer is: 2 54. the MOST important action is to: 1)hand over all of the employee's files to another designated employee 2)complete a backup of the employee's work 3)notify other employees of the termination 4)disable the employee's logical access5) You have selected 0. But Right Answer is: 1 55. 4)provide assurance that computer hardware is adequately protected against abuse5) You have selected 0. an IS auditor should give highest priority to obtaining which of the following network documentation? 1)Wiring and schematic diagram 2)Users' lists and responsibilities 3)Application lists and their details 4)Backup and recovery procedures5) You have selected 0.An Internet-based attack using password sniffing can 1)enable one party to act as if they are another party 2)cause modification to the contents of certain transactions 3)be used to gain access to systems containing proprietary information 4)result in major problems with billing systems and transaction processing agreements5) You have selected 0.You have selected 0.When planning an audit of a network setup.Which of the following controls would provide the GREATEST assurance of database integrity? 1)Audit log procedures 2)Table link/reference checks 3)Query/table access time checks 4)Rollback and rollforward database features5) You have selected 0. But Right Answer is: 3 53. But Right Answer is: 1 56.Which of the following is an example of a passive attack initiated through the Internet? 1)Traffic analysis 2)Masquerading 3)Denial of service 4)E-mail spoofing5) You have selected 0. But Right Answer is: 1 50.The optimum business continuity strategy for an entity is determined by the 1)lowest downtime cost and highest recovery cost 2)lowest sum of downtime cost and recovery cost 3)lowest recovery cost and highest downtime cost 4)average of the combined downtime and recovery cost5) You have selected 0. But Right Answer is: 2 51.The PRIMARY objective of a logical access control review is to 1)review access controls provided through software 2)ensure access is granted per the organization's authorities 3)walk through and assess the access provided in the IT environment. But Right Answer is: 4 .
Under these circumstances. But Right Answer is: 1 63. an IS auditor should recommend that 1)the company policy be changed 2)passwords are periodically changed 3)an automated password management tool be used 4)security awareness training is delivered5) You have selected 0.During a logical access controls review.In an online banking application. But Right Answer is: 3 60.An IS auditor interviewing a payroll clerk finds that the answers do not support job descriptions and documented procedures. But Right Answer is: 2 . But Right Answer is: 1 64. But Right Answer is: 3 58. an IS auditor observes that user accounts are shared. the IS auditor should: 1)conclude that the controls are inadequate 2)expand the scope to include substantive testing 3)place greater reliance on previous audits 4)suspend the audit5) You have selected 0.The security level of a private key system depends on the number of: 1)encryption key bits 2)messages sent 3)keys 4)channels used5) You have selected 0. which of the following would BEST protect against identity theft? 1)Encryption of personal password 2)Restricting the user to a specific terminal 3)Two-factor authentication (requires two independent methods for establishing identity and privileges) 4)Periodic review of access logs5) You have selected 0.The MAIN purpose of a transaction audit trail is to 1)reduce the use of storage media 2)determine accountability and responsibility for processed transactions 3)help an IS auditor trace transactions 4)provide useful information for capacity planning5) You have selected 0. But Right Answer is: 4 61.To detect attack attempts that the firewall is unable to recognize. 2)Internet and the firewall 3)Internet and the web server 4)web server and the firewall5) You have selected 0. an IS auditor should recommend placing a network intrusion detection system (IDS) between the 1)firewall and the organization's network.57.To ensure compliance with a security policy requiring that passwords be a combination of letters and numbers. But Right Answer is: 1 59. But Right Answer is: 2 62. 2)user access management is time consuming 3)passwords are easily guessed 4)user accountability may not be established5) You have selected 0.Which of the following is a feature of an intrusion detection system (IDS)? 1)Gathering evidence on attack attempts 2)Identifying weaknesses in the policy definition 3)Blocking access to particular sites on the Internet 4)Preventing certain users from accessing specific servers5) You have selected 0. The GREATEST risk resulting from this situation is that 1)an unauthorized user may use the ID to gain access.
3)is executed by automated tools.What is the MOST effective method of preventing unauthorized use of data files? 1)Automated file entry 2)Tape librarian 3)Access control software 4)Locked library5) You have selected 0. An IS auditor reviewing the outsourced operation should be MOST concerned about which of the following findings? 1)The outsourcing contract does not cover disaster recovery for the outsourced IT operations.An organization has implemented a disaster recovery plan.65. . Which of the following findings is the MOST critical? 1)Nonavailability of an alternate private branch exchange (PBX) system 2)Absence of a backup for the network backbone 3)Lack of backup systems for the users' PCs 4)Failure of the access card system5) You have selected 0. But Right Answer is: 4 68.Which of the following is MOST critical for the successful implementation and maintenance of a security policy? 1)Assimilation of the framework and intent of a written security policy by all appropriate parties 2)Management support and approval for the implementation and maintenance of a security policy 3)Enforcement of security rules by providing punitive actions for any violation of security rules 4)Stringent implementation. whereas penetration testing is a totally manual process 4)is executed by commercial tools. But Right Answer is: 3 69.5) You have selected 0. But Right Answer is: 1 70.Which of the following is the PRIMARY purpose for conducting parallel testing? 1)To determine if the system is cost-effective 2)To enable comprehensive unit and system testing 3)To highlight errors in the program interfaces with files 4)To ensure the new system meets user requirements5) You have selected 0. whereas penetration testing intends to exploit the vulnerabilities to probe the damage that could result from the vulnerabilities 2)and penetration tests are different names for the same activity. Which of the following steps should be carried out next? 1)Obtain senior management sponsorship 2)Identify business needs 3)Conduct a paper test 4)Perform a system restore test5) You have selected 0. But Right Answer is: 3 71. whereas penetration testing is executed by public processes5) You have selected 0.An IS auditor has audited a business continuity plan (BCP). But Right Answer is: 2 67.IT operations for a large organization have been outsourced. But Right Answer is: 1 66.The difference between a vulnerability assessment and a penetration test is that a vulnerability assessment 1)searches and checks the infrastructure to detect vulnerabilities. 2)The service provider does not have incident handling procedures 3)Recently a corrupted database could not be recovered because of library management problems 4)Incident logs are not being reviewed.
Which of the following is the MOST reasonable option for recovering a noncritical system? 1)Warm site 2)Mobile site 3)Hot site 4)Cold site5) You have selected 0. But Right Answer is: 2 73. But Right Answer is: 2 77. But Right Answer is: 1 72.An IS auditor selects a server for a penetration test that will be carried out by a technical specialist. 2)inadequate succession planning 3)one person knowing all parts of a system 4)a disruption of operations5) You have selected 0.Compliance testing determines 1)whether controls are applied in a manner that complies with the Industry Standards 2)whether controls are applied in a manner that complies with management policies and procedures 3)whether controls are applied in a manner that complies with industry best practices 4)None5) You have selected 0. Which of the following is MOST important? 1)The tools used to conduct the test 2)Certifications held by the IS auditor 3)Permission from the data owner of the server 4)An intrusion detection system (IDS) is enabled5) You have selected 0. But Right Answer is: 1 .monitoring and enforcing of rules by the security officer through access control software5) You have selected 0. the aspects of software testing that should be addressed are developing: 1)test data covering critical applications 2)detailed test plans 3)quality assurance test specifications 4)user acceptance testing specifications5) You have selected 0.Which of the following is widely accepted as one of the critical components in networking management 1)Configuration management 2)Topological mappings 3)Application of monitoring tools 4)Proxy server troubleshooting5) You have selected 0. But Right Answer is: 1 75.Which of the following should be included in an organization's IS security policy? 1)A list of key IT resources to be secured 2)The basis for access authorization 3)Identity of sensitive security features 4)Relevant software security features5) You have selected 0.An IS auditor reviewing an organization that uses cross-training practices should assess the risk of: 1)dependency on a single person. But Right Answer is: 3 78. But Right Answer is: 4 74.The use of residual biometric information to gain unauthorized access is an example of which of the following attacks? 1)Replay 2)Brute force 3)Cryptographic 4)Mimic5) You have selected 0.During the requirements definition phase of a software development project. But Right Answer is: 3 79. But Right Answer is: 4 76.
80. But Right Answer is: 2 . which of the following technologies provides for continuous operations? 1)Load balancing 2)Fault-tolerant hardware 3)Distributed backups 4)Highavailability computing5) You have selected 0.In the event of a disruption or disaster.