Professional Documents
Culture Documents
Cisa V3
Cisa V3
Which of the A. B. C. D. C. E.
following Binary System-level Logical Physical Logical Component
refers to the access access access access access access
collection of control control control control control control
policies and
procedures
for
implementin
g controls
capable of
restricting
access to
computer
software and
data files?
A trojan A. B. Explanation: A.
horse simply true false As a true
cannot common
operate type of
autonomous Trojan
ly. horses, a
legitimate
software
might have
been
corrupted
with
malicious
codewhich
runs when
the program
is used. The
key is that
the user has
to invoke
the program
in order to
trigger
themalicious
code.In
other words,
a trojan
horse simply
cannot
operate
autonomous
ly. You
would also
want to
Creating B. C. D. E. D. Explanation:
which of the checksum CRC backdoors None of the backdoors A backdoor
following is choices. refers to a
how a generally
hacker can undocument
insure his ed means of
ability to getting into
return to the a system,
hacked mostly for
system at programmin
will?A. g and
rootsec maintenance
/troublesho
oting needs.
Most real
world
programs
have
backdoors.
Creating
backdoors is
how a
hacker can
insure his
ability to
return to the
hacked
system at
will.
Which of the A. B. Explanation: B.
following is Enticement Entrapment Enticement Entrapment
not a good occurs after
tactic to use somebody
against has gained
hackers? unlawful
access to a
system and
then
subsequentl
y lured to
ahoney pot.
Entrapment
encourages
the
commitment
of unlawful
access. The
latter is not
a good tactic
to use asit
involves
encouraging
someone to
commit a
crime.
The A. B. C. D. C. E.
sophisticatio the target’s the target’s the target’s the target’s the target’s the target’s
n and managemen location. size and budget. size and head count.
formality of t hands-on complexity. complexity.
IS audit involvement.
programs
may vary
significantly
depending
on which of
the
following
factors?
Which of the A. B. C. D. A. E.
following is as a trojan as a virus. as an as a device as a trojan as a macro.
one most horse. Adware. driver. horse.
common
way that
spyware is
distributed?
Properly A. B. C. D. A. E.
planned risk- audit audit audit audit audit audit
based audit efficiency efficiency effectiveness transparency efficiency transparency
programs and only. only. only. and and
are often effectiveness effectiveness effectiveness
capable of . . .
offering
which of the
following
benefits?
Which of the A. B. C. D. D. E.
following The cost of The income Resource The nature The nature None of the
should be risk analysis generated allocation and level of and level of choices.
seen as one by the strategy risk risk
of the most business
significant function
factors
considered
when
determining
the
frequency of
IS audits
within your
organization
?
For B. C. D. E. Explanation:
application at the at the final at the None of the For
acquisitions testing approval budget choices. acquisitions
with stage. stage. preparation with
significant stage. significant IT
impacts, impacts,
participation participation
of your IS of IS audit is
audit team often
should be necessary
encouraged: early in the
A. early in due
the due diligence
diligence stage as
stage. defined in
the audit
policy.
A A. B. C. D. D. E.
comprehensi in the in the in the in the in the None of the
ve IS audit developmen acquisition human developmen developmen choices.
policy t and coding and resource t, t,
should of major OS maintenance managemen acquisition, acquisition,
include applications. of major t cycle of the conversion, conversion,
guidelines WEB application and testing and testing
detailing applications. developmen of major of major
what t project. applications. applications.
involvement
the internal
audit team
should
have?
In-house A. B. C. D. A. E.
personnel information sufficient sufficient sufficient information information
performing systems analytical knowledge knowledge systems systems
IS audits knowledge skills to on secure on secure knowledge knowledge
should commensura determine system platform commensura commensura
posses te with the root cause coding developmen te with the te outside of
which of the scope of the of t scope of the the scope of
following IT deficiencies IT the IT
knowledge environment in question environment environment
and/or skills in question in question in question
(choose
2):
Your final A. B. C. D. A. E.
audit report after an before an if an without after an None of the
should be agreement agreement agreement mentioning agreement choices.
issued: on the on the on the the on the
observations observations observations observations observations
is reached. is reached. cannot . is reached.
reached.
IS audits A. B. C. D. A. E.
should be those areas those areas those areas areas led by those areas random
selected of greatest of least risk of the the key of greatest events.
through a risk and and greatest people of risk and
risk analysis opportunity opportunity financial the opportunity
process to for for value. organization. for
concentrate improvemen improvemen improvemen
on: ts. ts. ts.
What should A. B. C. D. B. E.
be done to determine define an calculate the define an define an define an
determine the effective company’s effective effective effective
the company’s assessment yearly system assessment network
appropriate quarterly methodolog budget upgrade methodolog implementa
level of audit budget y. requirement methodolog y. tion
coverage for requirement . y. methodolog
an . y.
organization’
s IT
environment
?
Which of the A. B. C. D. A. E.
following to collect to ensure to verify to collect to collect None of the
correctly and evaluate document data and evaluate and evaluate choices.
describes evidence of validity. accuracy. benefits evidence of
the purpose an brought by an
of an organization’ an organization’
Electronic s organization’ s
data information s information
processing systems, information systems,
audit? practices, systems to practices,
and its and
operations. bottomline. operations.
The use of A. B. C. D. D. E.
risk the use of the use of using the the None of the
assessment risk controls. computer computer developmen developmen choices.
tools for assisted assisted t of written t of written
classifying functions. audit guidelines. guidelines.
risk factors technology
should be tools.
formalized in
your IT audit
effort
through:
A successful A. B. C. D. A. E.
risk-based IT an effective an effective an effective an effective an effective an effective
audit scoring PERT department organization scoring yearly
program system. diagram. al -wide system. budget.
should be brainstorm brainstorm
based on: session. session.
Talking A. B. C. D. A. E.
about performance the ability to input of data output of performance changes to
application and controls limit are data are and controls the system
system of the unauthorize processed processed of the are properly
audit, focus system d access and correctly correctly system authorized
should manipulatio
always be n
placed on:
In a security A. B. C. D. A. E.
server audit, proper adequate continuous proper proper system
focus should segregation user training and accurate application segregation stability
be placed on of duties audit trail licensing of duties
(choose all
that apply):
Which of the A. B. C. D. E. E.
following System audit Application Software License audit Security Security
types of audit audit server audit server audit
audit always
takes high
priority over
the others?
The purpose A. B. D. E. A. F.
of a processes the procedures procedures processes the OS
mainframe are being mainframe is in place are in place are are being applications
audit is to implemente operating as working updated as implemente are secured
provide d as it shouldC. needed d as
assurance required security is required
that (choose strong
all that
apply):
Which of the A. B. C. D. A. E.
following Software System audit Application Test audit Software Mainframe
refers to a audit System audit audit audit
primary
component
of corporate
risk
managemen
t with the
goal of
minimizing
the risk of
prosecution
for software
piracy due to
use of
unlicensed
software?
The A. B. C. D. A. E.
technique of Information Intelligence Identity System Information Program
rummaging diving diving diving diving diving diving
through
commercial
trash to
collect
useful
business
information
is known as:
Fault- A. B. C. D. D. E.
tolerance is desktop laptop handheld business- business- None of the
a feature systems systems PDAs critical critical choices.
particularly systems systems
sought-after
in which of
the
following
kinds of
computer
systems
(choose all
that apply):
Physical A. B. C. D. A. E.
access mechanical guards operating transaction mechanical None of the
controls are locks systems applications locks choices.
usually
implemente
d based on
which of the
following
means
(choose all
that
apply):
In the A. B. C. D. A. E.
context of Authenticati Authorizatio Accounting Encryption Authenticati Compression
physical on n on
access
control,
what is
known as
the process
of verifying
user
identities?
Effective A. B. C. D. A. E.
transactional reduced shortened enhanced diminished reduced None of the
controls are administrati contract procuremen legal risk administrati choices.
often ve and cycle times t decisions ve and
capable of material material
offering costs costs
which of the
following
benefits
(choose all
that
apply):
Common A. B. C. D. A. E.
implementa ‘something ‘something ‘something ‘something ‘something ‘something
tions of you know’ you have’ you are’ you have you know’ you have
strong done in the installed on
authenticati past on this this same
on may use same system’
which of the system’
following
factors in
their
authenticati
on
efforts
(choose all
that apply):
Which of the A. B. C. E. B. F.
following Strong- Two-factor Dual- Dual-keys Two-factor Rich-factor
refers to any factor authenticati password authenticati authenticati authenticati
authenticati authenticati on authenticati on on on
on protocol on onD. Two-
that requires passphrases
two authenticati
independent on
ways to
establish
identity and
privileges?
Which of the A. B. C. D. A. E.
following performing performing performing performing performing None of the
refers to an vulnerability data check dictionary capacity vulnerability choices.
important assessments against the check check assessments
procedure against the database. against the against the against the
when database. database. database database.
evaluating system.
database
security
(choose the
BEST
answer)?
Sophisticate A. B. C. D. A. E.
d database Access Auditing Encryption Integrity Access Compression
systems control controls control controls
provide
many layers
and types of
security,
including
(choose all
that apply):
The Federal A. B. C. D. A. E.
Information all non- US all military all private all non- None of the
Processing military government government and public military choices.
Standards government contractors agencies colleges in government
(FIPS) are agencies the US agencies
primarily for
use by
(choose all
that apply):
The Federal A. B. C. D. A. E.
Information the United ANSI ISO IEEE the United IANA
Processing States States
Standards Federal Federal
(FIPS) were government government
developed
by:
Which of the A. B. C. D. B. E.
following potential potential potential potential potential None of the
correctly compatibility compatibility performance performance compatibility choices.
describe the problems problems problems problems problems
potential with with with with with
problem of wireless wireless wireless wireless wireless
deploying network access network access access
Wi-Fi interface points. interface points. points.
Protected cards. cards.
Access to
secure
your
wireless
network?
Cisco IOS A. B. C. D. B. E.
based datagram access lists stateful state access lists link
routers scanning inspection checking progressing
perform
basic traffic
filtering via
which of the
following
mechanisms
?
Iptables is A. B. C. D. A. E.
based on Netfilter NetDoom NetCheck NetSecure Netfilter None of the
which of the choices.
following
frameworks
?
Which of the A. B. D. E. A. Explanation:
following is a ipchains iptablesC. ipcook None of the ipchains Iipchains is a
rewrite of Netfilter choices. free
ipfwadm? software
based
firewall
running on
earlier Linux.
It is a
rewrite of
ipfwadm but
is
superseded
by iptables
in Linux 2.4
and above.
Iptables
controls the
packet
filtering and
NAT
components
within the
Linux kernel.
It is based
on Netfilter,
a
framework
which
provides a
set of hooks
within the
Linux kernel
for
You should A. B. C. Explanation: B.
know the exploit vulnerability both You should vulnerability
difference know the
between an difference
exploit and a between an
vulnerability. exploit and a
Which of the vulnerability.
following An exploit
refers to a refers to
weakness in software,
the system? data,
orcommand
s capable of
taking
advantage of
a bug, glitch
or
vulnerability
in order to
cause
unintended
behavior.Vul
nerability in
this sense
refers to a
weakness in
the system.
Which of the A. B. C. D. B. E.
following Keywords Keystroke Directory Password Keystroke None of the
types of logging logging logging logging logging choices.
spyware was
originally
designed for
determining
the sources
of error or
for
measuring
staff
productivity
?
The A. B. C. D. B. Explanation:
Trojan.Linux. e-mails. MP3. MS Office. Word MP3. Most trojan
JBellz Trojan template.E. horse
horse runs None of the programs
as a choices. are spread
malformed through e-
file of what mails. Some
format? earlier trojan
horse
programs
were
bundled in
“”Root
Kits””. For
example, the
Linux Root
Kit version 3
(lrk3) which
was released
in December
96 had tcp
wrapper
trojans
included and
enhanced in
the kit.
Portable
devices that
run Linux
can also be
affected by
trojan
horse. The
Trojan.Linux.
Most trojan A. B. C. D. A. E.
horse e-mails. MP3. MS Office. Word e-mails. None of the
programs template. choices.
are spread
through:
What would A. B. C. D. A. E.
be the major to hide to encrypt to corrupt to hijack to hide None of the
purpose of evidence files for files for system evidence choices.
rootkit? from system system system sessions. from system
administrato administrato administrato administrato
rs. rs. rs. rs.
Which of the A. B. C. D. A. E.
following are the Apache- third-party the mod_ssl the mod_css the Apache- None of the
valid choices SSL project SSL patches module module SSL project choices.
for the
Apache/SSL
combination
(choose all
that apply):
Which of the A. B. C. D. D. E.
following is a honeymoon honeytrap honeytube honeyd honeyd None of the
tool you can choices.
use to
simulate a
big network
structure on
a single
computer?
Which of the A. B. C. D. A. E.
following honeypot superpot IDS IPS honeypot firewall
typically
consists of a
computer,
some real
looking data
and/or a
network site
that
appears to
be part of a
production
network but
which is in
fact isolated
and well
prepared?
Which of the A. B. C. D. B. E.
following stream block cipher check cipher string cipher block cipher None of the
refers to a cipher choices.
symmetric
key cipher
which
operates on
fixedlength
groups of
bits with an
unvarying
transformati
on?
One major A. B. C. D. E. E.
improvemen SKIP RKIP OKIP EKIP TKIP TKIP
t in WPA
over WEP is
the use of a
protocol
which
dynamically
changes
keys as the
system is
used. What
protocol is
this?
Wi-Fi B. C. D. E. Explanation:
Protected 802.11g 802.11x 802.11v None of the Wi-Fi
Access choices. Protected
implements Access (WPA
the majority / WPA2) is a
of which class of
IEEE systems to
standard?A. secure
802.11i wireless
computer
networks. It
implements
the majority
of the IEEE
802.11i
standard,
and is
designed to
work with all
wireless
network
interface
cards (but
not
necessarily
with first
generation
wireless
access
points). One
major
improvemen
t in
WPA over
Many WEP A. B. C. D. B. E.
systems binary hexadecimal 128 bit 256 bit hexadecimal None of the
require a key format. format. format. format. format. choices.
in a
relatively
insecure
format.
What format
is this?
As part of A. B. C. D. A. E.
the IEEE integrity. validity. accuracy. confidentiali integrity. None of the
802.11 ty. choices.
standard
ratified in
September
1999, WEP
uses the
CRC- 32
checksum
for:
As part of A. B. C. D. F.
the IEEE CRC-32 CRC-64 DES 3DESE. RC4 RC5
802.11
standard
ratified in
September
1999, WEP
uses which
stream
cipher for
confidentiali
ty?
An accurate A. B. C. D. A. E.
biometric low EER low CER high EER high CER low EER None of the
system choices.
usually
exhibits
(choose all
that apply):
Talking A. B. C. D. B. E.
about failure to false accept false reject failure to false accept None of the
biometric reject rate rate rate enroll rate rate choices.
measureme
nt, which of
the
following
measures
the percent
of invalid
users who
are
incorrectly
accepted in?
Performance A. B. C. D. B. E.
of a failure to false accept false reject failure to false accept None of the
biometric reject rate rate rate enroll rate rate choices.
measure is
usually
referred to
in terms of
(choose all
that apply):
Talking A. B. C. D. A. E.
about Voice Finger Body Signature Voice None of the
biometric measureme measureme choices.
authenticati nt nt
on, which of
the
following is
often
considered
as a mix of
both
physical and
behavioral
characteristi
cs?
Talking A. C. D. E. A. F.
about fingerprintsB irises facial hand fingerprintsB None of the
biometric . eye retinas patterns measureme . eye retinas choices.
authenticati nts
on, physical
characteristi
cs typically
include
(choose all
that apply):
Gimmes A. B. C. D. C. E.
often work SMS IRC chat email news email file
through: attachment attachment download
Which of the A. B. C. D. A. E.
following Gimmes Tripwire Icing Soft coding Gimmes Pretexting
types of
attack often
take
advantage of
curiosity or
greed to
deliver
malware?
Phishing A. B. C. D. A. E.
attack works email and SMS chat email email and news
primarily hyperlinks attachment hyperlinks
through:
Why is it not A. B. C. D. A. E.
preferable Such a Such a Such a Such a Such a Such a
for a firewall firewall has firewall is firewall is firewall is firewall has firewall
to treat each no way of costly to too CPU hungry. no way of offers poor
network knowing if setup. complicated knowing if compatibility
frame or any given to maintain. any given .
packet in packet is packet is
isolation? part of an part of an
existing existing
connection, connection,
is trying to is trying to
establish a establish a
new new
connection, connection,
or is just a or is just a
rogue rogue
packet. packet.
A major A. B. C. D. B. E.
portion of strong strong strong strong strong None of the
what is methods for methods for methods for methods for methods for choices.
required to authenticati authenticati authorizatio authenticati authenticati
address on and on and n and on and on and
nonrepudiati ensuring ensuring ensuring ensuring ensuring
on is data validity data data data data
accomplishe integrity. integrity. reliability. integrity.
d through
the use of:
Screening A. B. C. D. A. E.
router message virus message attachment message None of the
inspects header. payload content type header. choices.
traffic
through
examining:
Which of the A. B. C. D. D. E.
following stateful hardware PIX firewall packet filter packet filter None of the
can be firewall firewall choices.
thought of
as the
simplest and
almost
cheapest
type of
firewall?
Within a A. B. C. D. A. E.
virus, which the payload the the trigger the premium the payload None of the
component signature choices.
is
responsible
for what the
virus does to
the victim
file?
A virus A. B. C. D. A. Explanation:
typically a a payload a signature None of the a A virus
consists of mechanism choices. mechanism typically
what major that allows that allows consist of
parts them to them to three parts,
(choose all infect other infect other which are a
that apply): files and files and mechanism
reproduce” reproduce” that allows
a trigger that a trigger that them to
activates activates infect other
delivery of a delivery of a files and
“”payload””” “”payload””” reproduce a
trigger that
activates
delivery of a
“”payload””
and the
payload
from which
the virus
often gets
itsname. The
payload is
what the
virus does to
the victim
file.
You should A. B. C. D. A. E.
keep all 20 – 70 10 – 70 10 – 60 70 – 90 20 – 70 60 – 80
computer percent. percent. percent. percent. percent. percent.
rooms at
reasonable
humidity
levels, which
are in
between:
You should A. B. C. D. A. E.
keep all 60 – 75 10 – 25 30 – 45 1 – 15 60 – 75 20 – 35
computer degrees degrees degrees degrees degrees degrees
rooms at Fahrenheit Celsius Fahrenheit Celsius Fahrenheit Fahrenheit
reasonable
temperature
s, which is in
between
(choose all
that apply):
Which of the A. B. C. D. D. E.
following is a every 180 to every 30 to every 10 to every 90 to every 90 to None of the
good time 365 days 45 days 20 days 120 days 120 days choices.
frame for
making
changes to
passwords?
Which of the A. B. C. D. A. E.
following is a password local DoS network remote password None of the
good tool to cracker attacker hacker windowing cracker choices.
use to help tool
enforcing
the
deployment
of good
passwords?
What is the A. B. C. D. B. E.
recommend 6 characters 8 characters 12 18 8 characters 22
ed minimum characters characters characters
length of a
good
password?
Which of the A. B. C. D. A. E.
following are It has mixed- It has mixed- It has mixed- It has mixed- It has mixed- None of the
the case case case case case choices.
characteristi alphabetic alphabetic alphabetic alphabetic alphabetic
cs of a good characters, characters characters characters, characters,
password? numbers, and and symbols. numbers, numbers,
and symbols. numbers. and binary and symbols.
codes.
Which of the A. B. C. D. C. E.
following are certificates security password biometrics password None of the
often token choices.
considered
as the first
defensive
line in
protecting a
typical data
and
information
environment
?
What is A. B. C. D. C. E.
wrong with a you cannot you cannot you cannot you cannot you cannot None of the
Black Box patch it test it examine its tune it examine its choices.
type of internal internal
intrusion workings workings
detection from from
system? outside. outside.
What is the A. B. C. D. A. E.
best defense patch your run a virus run an anti- find the DoS patch your None of the
against systems. checker. spy program and systems. choices.
Distributed software. kill it.
DoS Attack?
Which of the A. B. C. D. A. E.
following are TFN TFN2K Trin00 Stacheldrach TFN Tripwire
examples of t
tools for
launching
Distributed
DoS Attack
(choose all
that apply):
What is the A. B. C. D. D. E.
best defense patch your run a virus run an anti- find this find this None of the
against Local systems. checker. spy program and program and choices.
DoS attacks? software. kill it. kill it.
Which of the A. B. C. D. A. E.
following Local DoS Remote DoS Distributed Local Virus Local DoS None of the
types of attacks attacks DoS attacks attacks attacks choices.
attack
involves a
program
that creates
an infinite
loop, makes
lots of
copies of
itself, and
continues to
open lots of
files?
Which of the A. B. C. D. E. E.
following statefull hardware combination packet stateless stateless
types of firewall firewall firewall filtering firewall firewall
firewall firewall
treats each
network
frame or
packet in
isolation?
Squid is an A. B. C. D. B. E.
example of: IDS caching security connection caching dialer
proxy proxy proxy proxy
With Deep A. B. C. D. A. E.
packet Layer 2 Layer 3 Layer 2 Layer 3 Layer 2 Layer 2
inspection, through through through through through through
which of the Layer 7 Layer 7 Layer 6 Layer 6 Layer 7 Layer 5
following
OSI layers
are
involved?
Pretexting is A. C. D. E. F.
an act of: DoSB. social eavedroppin soft coding hard coding None of the
engineering g choices.
Which of the A. B. C. D. A. E.
following Pretexting Backgroundi Check Bounce Pretexting None of the
refers to the ng making checking choices.
act of
creating and
using an
invented
scenario to
persuade a
target to
perform an
action?
Relatively A. B. C. D. E. E.
speaking, almost almost almost almost None of the None of the
firewalls always less always less always less always less choices. choices.
operated at efficient. effective. secure. costly to
the physical setup.
level of the
seven-layer
OSI model
are:
Relatively A. B. C. D. A. E.
speaking, almost almost almost almost almost None of the
firewalls always less always less always less always less always less choices.
operated at efficient. effective. secure. costly to efficient.
the setup.
application
level of the
sevenlayer
OSI model
are:
All Social A. B. C. D. A. E.
Engineering human logic. hardware software device logic. human logic. group logic.
techniques logic. logic.
are based on
flaws in:
Which of the A. B. C. D. A. E.
following Honeypots Hardware Hardware Botnets Honeypots Stateful
may be IPSs IDSs inspection
deployed in firewalls
a network as
lower cost
surveillance
and early-
warning
tools?
Introducing A. B. C. D. D. E.
inhomogene poorer poor weak high costs in high costs in None of the
ity to your performance scalability. infrastructur terms of terms of choices.
network for . e. training and training and
the sake of maintenance maintenance
robustness . .
would have
which of the
following
drawbacks?
Which of the A. B. C. D. A. E.
following is software software single line of multiple software None of the
an oft-cited monoculture diversificatio defense DMZ monoculture choices.
cause of n
vulnerability
of networks?
Which of the B. C. D. E. B. F.
following Porn dialer War dialer T1 dialer T3 dialer Porn dialer None of the
software choices.
tools is often
used for
stealing
money from
infected PC
owner
through
taking
control of
the modem?
A. System
patcher
In a botnet, A. B. C. D. A. E.
malbot logs Chat system SMS system Email system Log system Chat system Kernel
into a system
particular
type of
system for
making
coordinated
attack
attempts.
What type of
system is
this?
In order to A. B. C. D. D. E.
coordinate wormnets trojannets spynets botnets botnets rootnets
the activity
of many
infected
computers,
attackers
have used
coordinating
systems
known as:
To install A. B. C. D. A. E.
backdoors, either Trojan either either either Trojan either Trojan None of the
hackers horse or Tripwire or eavedropper horse or horse or choices.
generally computer computer or computer eavedropper computer
prefer to worm. virus. worm. . worm.
use:
Which of the A. B. C. D. F. E.
following virus worm trojan horse spyware backdoor rootkits
refers to a
method of
bypassing
normal
system
authenticati
on
procedures?
Which of the B. C. D. E. E. F.
following worm trojan horse spyware rootkits rootkits backdoor
terms is
used more
generally for
describing
concealment
routines in a
malicious
program?A.
virus
Broadly A. B. Explanation: B.
speaking, a True False Broadly False
Trojan horse speaking, a
is any Trojan horse
program is any
that invites program
the user to that invites
run it, but the user to
conceals a run it, but
harmful or conceals a
malicious harmful
payload. The ormalicious
payload may payload. The
take effect payload may
immediately take effect
and can lead immediately
to and can lead
immediate to
yet immediate
undesirable yet
effects, undesirable
or more effects,or
commonly it more
may install commonly it
further may install
harmful further
software harmful
into the software
user’s into the
system to user’s
serve the system to
creator’s serve the
longerterm creator’s
goals. longerterm
Which of the A. B. C. D. C. E.
following virus worm trojan horse spyware trojan horse rootkits
refers to any
program
that invites
the user to
run it but
conceals a
harmful or
malicious
payload?
Which of the A. B. C. E. E. Explanation:
following are viruses worms trojan All of the All of the Malware is
valid horsesD. above above software
examples of spyware designed to
Malware infiltrate or
(choose all damage a
that apply): computer
system
without the
owner’s
informed
consent.
Software is
considered
malware
based on the
intent of the
creator
rather than
any
particular
features. It
includes
computer
viruses,
worms,
trojan
horses,
spyware,
adware, and
other
malicious
and
unwanted
Software is A. B. C. D. A. E.
considered the intent of its particular its location. its the intent of None of the
malware the creator. features. compatibility the creator. choices.
based on: .
Host Based A. B. C. D. D. E.
ILD&P information information information information information None of the
primarily integrity accuracy validity leakage leakage choices.
addresses
the issue of:
Network A. B. C. D. B. E.
ILD&P are on the on the on each end on the on the None of the
typically organization’ organization’ user firewall. organization’ choices.
installed: s internal s internet stations. s internet
network network network
connection. connection. connection.
Which of the A. B. C. D. A. E.
following ILD&P ICT&P ILP&C ILR&D ILD&P None of the
terms refers choices.
to systems
designed to
detect and
prevent the
unauthorize
d
transmission
of
information
from the
computer
systems of
an
organization
to outsiders?
Which of the A. B. C. D. C. E.
following format string integer code command code None of the
types of vulnerabiliti overflow injection injection injection choices.
attack works es
by taking
advantage of
the
unenforced
and
uncheckedas
sumptions
the system
makes about
its inputs?
Integer A. B. C. D. E. E.
overflow string debug output input arithmetic arithmetic
occurs formatting operations formatting verifications operations operations
primarily
with:
Which of the A. B. C. D. A. E.
following C functions C functions C functions VB functions C functions SQL
kinds of that perform that perform that perform that perform that perform functions
function are output integer real number integer output that perform
particularly formatting computation subtraction conversion formatting string
vulnerable conversion
to format
string
attacks?
Which of the A. B. C. D. B. E.
following buffer format string integer code format string command
types of overflows vulnerabiliti overflow injection vulnerabiliti injection
attack makes es es
use of
unfiltered
user input as
the format
string
parameter in
the
printf()
function of
the C
language?
Which of the A. B. C. D. A. E.
following Sufficient Sufficient Sufficient Sufficient Sufficient None of the
measures bounds memory processing code bounds choices.
can checking capability injection checking
effectively
minimize the
possibility of
buffer
overflows?
Buffer A. B. C. D. C. E.
overflow system network system disk storage system None of the
aims processor firewall memory memory choices.
primarily at
corrupting:
Which of the A. B. C. D. A. E.
following buffer format string integer code buffer None of the
refers to an overflow vulnerabiliti misappropri injection overflow choices.
anomalous es ation
condition
where a
process
attempts to
store data
beyond the
boundaries
of a fixed
length
buffer?
ALL A. B. Explanation: B.
computer True False The majority False
programmin of software
g languages vulnerabiliti
are es result
vulnerable from a few
to command known kinds
injection of coding
attack. defects.
Common
softwaredef
ects include
buffer
overflows,
format string
vulnerabiliti
es, integer
overflow,
and
code/comm
and
injection.So
me
commonlang
uages such
as C and C++
are
vulnerable
to all of
these
defects.
Languages
such as Java
are immune
The majority A. B. C. D. A. E.
of software buffer format string integer code buffer command
vulnerabiliti overflows vulnerabiliti overflow injection overflows injection
es result es
from a few
known kinds
of coding
defects, such
as (choose
all
that apply):
Nowadays, A. B. C. D. A. E.
computer True True only for True only for False True None of the
security trusted untrusted choices.
comprises networks networks
mainly
“preventive”
” measures.
Which of the A. B. C. D. A. E.
following are Intrusion Audit trails System logs Tripwire Intrusion None of the
designed to Detection Detection choices.
detect Systems Systems
network
attacks in
progress and
assist in
post-attack
forensics?
Which of the A. B. C. D. A. E.
following is Firewall IDS IPS Hardened Firewall Tripwire
by far the OS
most
common
prevention
system from
a network
security
perspective?
Which of the A. B. C. D. A. E.
following User User User IDS and User Firewall and
measures account account account cryptograph account cryptograph
can protect access access access y access y
systems files controls and controls and controls and controls and
and data, cryptograph firewall IPS cryptograph
respectively y y
?
You may A. B. C. D. A. E.
reduce a keeping your hiring using using keeping your None of the
cracker’s systems up competent multiple multiple systems up choices.
chances of to date using people firewalls. firewalls and to date using
success by a security responsible IDS. a security
(choose all scanner. for security scanner.
that apply): to scan and
update your
systems.
Why is one- A. B. C. D. A. E.
time pad not it is difficult it is highly it requires it requires it is difficult it is
always to use inconvenient licensing fee. internet to use Microsoft
preferable securely. to use. connectivity. securely. only.
for
encryption
(choose all
that apply):
Which of the A. B. C. D. E. E.
following Blowfish Tripwire certificate DES one-time one-time
encryption pad pad
methods
uses a
matching
pair of key-
codes,
securely
distributed,
which are
used once-
and-only-
once to
encode and
decode a
single
message?
Which of the A. B. C. D. E. E.
following key pair Oakley certificate 3-DES one-time one-time
methods of pad pad
encryption
has been
proven to be
almost
unbreakable
when
correctly
used?
Which of the A. B. C. D. A. E.
following Direct access Wireless Port attack Window Direct access System
types of attack attack attack attack attack
attack
almost
always
requires
physical
access to the
targets?
Which of the A. B. C. D. A. E.
following Direct access Indirect Port attack Window Direct access Social attack
types of attacks access attack attacks
attack makes attacks
use of
common
consumer
devices that
can be used
to transfer
data
surreptitious
ly?
Which of the A. B. C. D. A. E.
following rootkits virus trojan tripwire rootkits None of the
will replace choices.
system
binaries
and/or hook
into the
function
calls of the
operating
system to
hide the
presence of
other
programs
(choose the
most precise
answer)?
Back Orifice A. B. C. D. C. E.
is an a virus. a legitimate a backdoor an a backdoor None of the
example of: remote that takes eavedropper that takes choices.
control the form of . the form of
software. an installed an installed
program. program.
Attack A. B. C. D. C. E.
amplifier is Packet ToS DDoS ATP DDoS Wiretapping
often being dropping
HEAVILY
relied upon
on by which
of the
following
types of
attack?
A computer A. B. C. D. C. E.
system is no Eavedroppin DoS DDoS ATP DDoS Social
more secure g Engineering
than the
human
systems
responsible
for its
operation.
Malicious
individuals
have
regularly
penetrated
well-
designed,
secure
computer
systems by
taking
advantage of
the
carelessness
of trusted
individuals,
or by
deliberately
deceiving
them.
zombie
computers
are being
HEAVILY
relied upon
Human error A. B. C. D. E. E.
is being Eavedroppin DoS DDoS ATP Social Social
HEAVILY g Engineering Engineering
relied upon
on by which
of the
following
types of
attack?
TEMPEST is A. B. C. D. A. E.
a hardware Eavedroppin Social Virus Firewalling Eavedroppin None of the
for which of g engineering scanning g choices.
the
following
purposes?
Machines A. B. Explanation: B.
that operate True False Any data False
as a closed that is
system can transmitted
NEVER be over a
eavesdroppe network is at
d. some risk of
being
eavesdroppe
d, or even
modified by
amalicious
person. Even
machines
that operate
as a closed
system can
be
eavesdroppe
d upon via
monitoringt
he faint
electromagn
etic
transmission
s generated
by the
hardware
such as
TEMPEST.
Codes from A. B. C. D. E. E.
exploit trojan computer OS patchers. eavedropper trojan trojan
programs horses only. viruses only. s. horses and horses and
are computer computer
frequently viruses. viruses.
reused in:
Which of the A. B. C. D. A. E.
following exploit patch quick fix service pack exploit malware
terms
generally
refers to
small
programs
designed to
take
advantage of
a software
flaw
that has
been
discovered?
The ‘trusted A. B. C. D. A. E.
systems’ many earlier the IBM the SUN most OS many earlier None of the
approach Microsoft OS AS/400 Solaris series products in Microsoft OS choices.
has been products series the market products
predominant
in the design
of:
Security A. B. C. D. D. E.
should True True for True for False False None of the
ALWAYS be trusted untrusted choices.
an all or systems only systems only
nothing
issue.
Under the A. B. C. D. B. E.
concept of “”fail “”fail “”react to “”react to “”fail None of the
“”defense in insecure””” secure””” attack””” failure””” secure””” choices.
depth””,
subsystems
should be
designed to:
Which of the A. B. C. D. D. E.
following Analytical Automated Automated Automated Automated None of the
refers to the theorem technology theorem theorem theorem choices.
proving of proving proving processing proving proving
mathematic
al theorems
by a
computer
program?
Talking A. B. C. D. C. E.
about the most full privilege least null privilege least None of the
different privilege privilege privilege choices.
approaches
to security in
computing,
the principle
of regarding
the
computer
system
itself as
largely an
untrusted
system
emphasizes:
Default A. B. C. D. A. E.
permit is security security security users are security None of the
only a good threats are threats are threats are trained. threats are choices.
approach in non-existent non- serious and non-existent
an or negligible. negligible. severe. or negligible.
environment
where:
Everything A. B. C. D. A. E.
not explicitly it improves it improves it improves it improves it improves None of the
permitted is security at a functionality security at a performance security at a choices.
forbidden cost in at a cost in cost in at a cost in cost in
has which of functionality security. system functionality functionality
the . performance . .
following .
kinds of
tradeoff?
A medium- A. B. C. D. D. Explanation:
sized Full-scale Walk- IT disaster Functional Functional After a
organization, test with through test recovery test of a test of a tabletop
whose IT relocation of of a series of test with scenario scenario exercise has
disaster all predefined business with limited with limited been
recovery departments scenarios departments IT IT performed,
measures , including with all involved in involvement involvement the next
have been in IT, to the critical testing the step would
place and contingency personnel critical be a
regularly site involved applications functional
tested for test, which
years, has includes the
just mobilization
developed a of staff to
formal exercise the
business administrati
continuity ve and
plan (BCP). A organization
basic BCP al functions
tabletop of a
exercise has recovery.
been Since the IT
performed part
successfully. of the
Which recovery has
testing been tested
should an IS for years, it
auditor would be
recommend more
be efficient to
performed verify and
NEXT to optimize the
verify the business
adequacy of continuity
A financial A. B. C. D. B. Explanation:
services The The business The recovery The The business It is a
organization organization continuity time organization continuity common
is uses good capabilities objectives plans to rent capabilities mistake to
developing practice are planned (RTOs) do a shared are planned use scenario
and guidelines around a not take IT alternate around a planning for
documentin instead of carefully disaster site with carefully business
g business industry selected set recovery emergency selected set continuity.
continuity standards of scenarios constraints workplaces of scenarios The problem
measures. In and relies on which into account, which has which is that it is
which of the external describeeve such as only enough describeeve impossible
following advisors nts that personnel or room for nts that to
cases would to ensure might system half of the might plan and
an IS auditor the happen with dependencie normal staff. happen with document
MOST likely adequacy of a reasonable s during the a reasonable actions for
raise an the probability. recovery probability. every
issue? methodolog phase. possible
y. scenario.
Planning for
just selected
scenarios
denies the
fact that
even
improbable
events can
cause an
organization
to break
down. Best
practice
planning
addresses
the four
To optimize A. B. C. D. C. Explanation:
an the business the priorities the business the priorities the business To ensure
organization’ processes and order processes and order of processes the
s business that for recovery that must be recovery that must be organization’
contingency generate the to ensure recovered which will recovered s survival
plan (BCP), most alignment following a recover the following a following a
an IS auditor financial with the disaster to greatest disaster to disaster, it is
should value for the organization’ ensure the number of ensure the important to
recommend organization s business organization’ systems in organization’ recover the
conducting a and strategy. s survival. the shortest s survival. most critical
business therefore time business
impact must be frame. processes
analysis recovered first, it is a
(BlA) in first. common
order to mistake to
determine: overemphasi
ze value (A)
rather than
urgency. For
example,
while the
processing
of incoming
mortgage
loan
payments is
important
from a
financial
perspective,
it could be
delayed
for a few
days in the
An IS auditor A. B. C. D. B. Explanation:
can verify alignment of results of off-site annual results of The
that an the BCP with business facility, its financial cost business effectiveness
organization’ industry best continuity contents, of the BCP continuity of the
s business practices. tests security and activities tests business
continuity performed environment versus the performed continuity
plan (BCP) is by IS and al controls. expected by IS and plan (BCP)
effective by end-user benefit of end-user can best be
reviewing personnel. implementa personnel. evaluated by
the: tion of the reviewing
plan. the results
from
previous
business
continuity
tests for
thoroughnes
s and
accuracy in
accomplishin
g their
stated
objectives.
All
other
choices do
not provide
the
assurance of
the
effectiveness
of the BCP.
An A. B. C. D. A. Explanation:
organization Review Review Review the Review the Review Reviewing
has whether the whether the methodolog accreditatio whether the whether the
outsourced service service level y adopted by n of the service service
its wide area provider’s agreement the third-party provider’s provider’s
network BCP process (SLA) organization service BCP process business
(WAN) to a is aligned contains a in choosing provider’s is aligned continuity
third-party with the penalty the service staff. with the plan (BCP)
service organization’ clause in provider. organization’ process is
provider. s BCP and case of s BCP and aligned with
Under these contractual failure to contractual the
circumstanc obligations. meet the obligations. organization’
es, which of level of s BCP and
the service in contractual
following is case of a obligations is
the disaster. the correct
PRIMARY answer since
task the IS an adverse
auditor effect or
should disruption to
perform the
during an business of
audit of the service
business provider has
continuity a direct
(BCP) and bearing on
disaster the
recovery organization
planning and its
(DRP)? customers.
Reviewing
whether
the service
level
While A. B. C. D. C. Explanation:
observing a the salvage the redundancie the redundancie If the
full team is notification s are built notification s are built notification
simulation of trained to system into the systems are into the system has
the business use the provides for notification stored in a notification been
continuity notification the recovery system. vault. system. severely
plan, an IS system. of the impacted by
auditor backup. the damage,
notices that redundancy
the would be
notifications the best
ystems control.
within the The salvage
organization team would
al facilities not be able
could be to use a
severely severely
impacted by damaged
infra notification
structural system, even
damage. The if they are
BEST trained to
recommend use it. The
ation the IS recovery of
auditor can the backups
provide to has no
the bearing on
organization the
is to ensure: notification
system and
storing the
notification
system in a
vault would
The A. B. C. D. A. Explanation:
activation of duration of type of probability cause of the duration of The
an the outage. outage. of the outage. the outage. initiation of
enterprise’s outage. a business
business continuity
continuity plan (action)
plan should should
be based on primarily be
predetermin based on the
ed criteria maximum
that period for
address the: which
a business
function can
be disrupted
before the
disruption
threatens
the
achievement
of
organization
al
objectives.
An A. B. C. D. A. Explanation:
organization Review and Perform a Train and Notify Review and The business
has just evaluate the full educate critical evaluate the continuity
completed business simulation of employees contacts in business plan should
their annual continuity the business regarding the business continuity be reviewed
risk plan for continuity the business continuity plan for every time a
assessment. adequacy plan continuity plan adequacy risk
Regarding plan assessment
the business is completed
continuity for the
plan, what organization.
should an IS Training of
auditor the
recommend employees
as the next and a
step for the simulation
organization should be
? performed
after the
business
continuity
plan
has been
deemed
adequate for
the
organization.
There is no
reason to
notify the
business
continuity
plan
contacts at
An A. B. C. D. A. Explanation:
organization Review and Perform a Train and Notify Review and The business
has just evaluate the full educate critical evaluate the continuity
completed business simulation of employees contacts in business plan should
their annual continuity the business regarding the business continuity be reviewed
risk plan for continuity the business continuity plan for every time a
assessment. adequacy plan continuity plan adequacy risk
Regarding plan assessment
the business is completed
continuity for the
plan, what organization.
should an IS Training of
auditor the
recommend employees
as the next and a
step for the simulation
organization should be
? performed
after the
business
continuity
plan
has been
deemed
adequate for
the
organization.
There is no
reason to
notify the
business
continuity
plan
contacts at
During a A. B. C. D. B. Explanation:
review of a assessment execution of notification potential execution of Execution of
business of the the disaster of the teams crisis the disaster the business
continuity situation recovery might not recognition recovery continuity
plan, an IS may be plan could occur. might be plan could plan would
auditor delayed. be impacted. ineffective. be impacted. be impacted
noticed that if the
the point at organization
which a does not
situation is know when
declared to declare
to be a crisis a crisis.
has not been Choices A, C
defined. The and D are
MAJOR risk steps that
associated must be
with this is performed
that: to know
whether to
declare a
crisis.
Problem
and severity
assessment
would
provide
information
necessary in
declaring a
disaster.
Once a
potential
crisis is
recognized,
During the A. B. C. D. C. Explanation:
design of a responsibilit criteria for recovery responsibiliti recovery The most
business y for selecting a strategy. es of key strategy. appropriate
continuity maintaining recovery site personnel. strategy is
plan, the the business provider. selected
business continuity based on the
impact plan. relative risk
analysis level and
(BIA) criticality
identifies identified in
critical the business
processes impact
and analysis
supporting (BIA.) The
applications. other
This will choices are
PRIMARILY made after
influence the selection
the: or design of
the
appropriate
recovery
strategy.
With respect A. B. C. D. A. Explanation:
to business clarity and adequacy of effectiveness ability of IS clarity and The IS
continuity simplicity of the business of the and end- simplicity of auditor
strategies, the business continuity business user the business should
an IS auditor continuity plans. continuity personnel to continuity interview
interviews plans. plans. respond plans. key
key effectively in stakeholders
stakeholders emergencies to evaluate
in an . how well
organization they
to understand
determine their roles
whether and
they responsibiliti
understand es. When all
their roles stakeholders
and have a
responsibiliti detailed
es. The IS understandi
auditor is ng of their
attempting roles and
to evaluate responsibiliti
the: es in the
event of a
disaster, an
IS auditor
can deem
the business
continuity
plan to be
clear and
simple. To
evaluate
adequacy,
The BEST A. B. C. D. B. Explanation:
method for plans and results from emergency offsite results from Previous test
assessing compare previous procedures storage and previous results will
the them to tests. and environment tests. provide
effectiveness appropriate employee al controls. evidence of
of a business standards. training. the
continuity effectiveness
plan is to of the
review the: business
continuity
plan.
Comparisons
tostandards
will give
some
assurance
that the plan
addresses
the critical
aspects of a
business
continuity
plan
but will not
reveal
anything
about its
effectiveness
. Reviewing
emergency
procedures,
offsite
storage and
environment
Which of the A. B. C. D. B. Explanation:
following Business Fidelity Errors and Extra Fidelity Fidelity
insurance interruption coverage omissions expense coverage insurance
types covers the
provide for a loss arising
loss arising from
from dishonest or
fraudulent fraudulent
acts by acts by
employees? employees.
Business
interruption
insurance
covers the
loss of profit
due to the
disruption in
the
operations
of an
organization.
Errors and
omissions
insurance
provides
legal liability
protection in
the event
that the
professional
practitioner
commits an
act that
results in
Which of the A. B. C. D. C. Explanation:
following Data A recovery Human insurance Human The most
would be backups are site is safety coverage is safety important
MOST performed contracted procedures adequate procedures element in
important on a timely for and are in place and are in place any business
for an IS basis available as premiums continuity
auditor to needed are current process is
verify when the
conducting a protection of
business human life.
continuity This takes
audit? precedence
over all
other
aspects of
the plan.
In the event A. B. C. D. B. Explanation:
of a Load Fault- Distributed High- Fault- Fault-
disruption or balancing tolerant backups availability tolerant tolerant
disaster, hardware computing hardware hardware is
which of the the only
following technology
technologies that
provides for currently
continuous supports
operations? continuous,
uninterrupte
d service.
Load
balancing is
used to
improve the
performance
of the server
by splitting
the work
between
several
servers
basedon
workloads.
High-
availability
(HA)
computing
facilities
provide a
quick but
not
continuous
In A. B. C. D. C. Explanation:
determining only recovery both indirect both Both
the downtime operations downtime downtime downtime downtime
acceptable costs need should be costs and costs should costs and costs and
time period to be analyzed. recovery be ignored. recovery recovery
for the considered. costs need costs need costs need
resumption to be to be to be
of critical evaluated. evaluated. evaluated in
business determining
processes: the
acceptable
time period
before
the
resumption
of critical
business
processes.
The
outcome of
the business
impact
analysis
(BIA) should
be a
recovery
strategy that
represents
the optimal
balance.
Downtime
costs cannot
be looked at
in isolation.
The A. B. C. D. D. Explanation:
PRIMARY familiarize ensure that exercise all identify identify Testing the
objective of employees all residual possible limitations limitations business
testing a with the risks are disaster of the of the continuity
business business addressed. scenarios. business business plan
continuity continuity continuity continuity provides the
plan is to: plan. plan. plan. best
evidence of
any
limitations
that may
exist.
Familiarizing
employees
with the
business
continuity
plan is a
secondary
benefit of a
test. It is not
cost
effective to
address
residual risks
in a business
continuity
plan, and it
is not
practical to
test all
possible
disaster
scenarios.
The A. B. C. D. B. Explanation:
optimum lowest lowest sum lowest average of lowest sum Both costs
business downtime of downtime recovery the of downtime have to be
continuity cost and cost and cost and combined cost and minimized,
strategy for highest recovery highest downtime recovery and the
an entity is recovery cost. downtime and recovery cost. strategy for
determined cost. cost. cost. which the
by the: costs are
lowest is the
optimum
strategy. The
strategy
with the
highest
recovery
cost cannot
be the
optimum
strategy. The
strategy
with the
highest
downtime
cost cannot
be the
optimum
strategy. The
average of
the
combined
downtime
and recovery
cost will be
higher
Managemen A. B. C. D. A. Explanation:
t considered downtime resumption recovery walkthrough downtime Since the
two costs. costs. costs. costs. costs. recovery
projections time is
for its longer in
business plan B,
continuity resumption
plan; plan A and recovery
with two costs can be
months to expected to
recover and be lower.
plan B with Walkthrough
eight costs are not
months to a part of
recover. The disaster
recovery recovery.
objectives Since the
are the same managemen
in both t considered
plans. It is a higher
reasonable window for
to recovery in
expect that plan B,
plan B downtime
projected costs
higher: included in
the plan are
likely to be
higher.
During an A. B. C. D. A. Explanation:
audit of a Evacuation Recovery Backup Call tree Evacuation Protecting
business plan priorities storages plan human
continuity resources
plan (BCP), during a
an IS auditor disaster-
found that, related
although all event should
departments be
were addressed
housed in first. Having
the same separate
building, BCPs
each could result
department in conflicting
had a evacuation
separate plans, thus
BCP. The IS jeopardizing
auditor the safety of
recommend staff and
ed that the clients.
BCPs be Choices B, C
reconciled. and D
Which of the may be
following unique to
areas should each
be department
reconciled and could be
FIRST? addressed
separately,
but still
should be
reviewed for
possible
When A. B. C. D. C. Explanation:
developing a Business Resource Risk Gap analysis Risk Risk
business continuity recovery assessment assessment assessment
continuity self-audit analysis and business
plan (BCP), impact
which of the assessment
following are tools for
tools should understandi
be used to ng business-
gain an for-business
understandi continuity
ng of the planning.
organization’ Business
s business continuity
processes? self-audit is
a tool for
evaluating
the
adequacy of
the BCP,
resource
recovery
analysis is a
tool for
identifying a
business
resumption
strategy,
while the
role gap
analysis can
play in
business
continuity
An IS auditor A. B. C. D. B. Explanation:
noted that Recommend Determine Accept the Recommend Determine Depending
an that an whether the BCPs as the creation whether the on the
organization additional BCPs are written. of a single BCPs are complexity
had comprehensi consistent. BCP. consistent. of the
adequate ve BCP be organization,
business developed. there could
continuity be more
plans (BCPs) than one
for each plan to
individual address
process, but various
no aspects
comprehensi of business
ve BCP. continuity
Which and disaster
would be recovery.
the BEST These do not
course of necessarily
action for have to be
the IS integrated
auditor? into one
single
plan;
however,
each plan
should be
consistent
with other
plans to
have a viable
business
continuity
planning
During a A. B. C. D. B. Explanation:
business recommend assess the report the redefine assess the The business
continuity that the BCP impact of findings to critical impact of impact
audit an IS cover all the the IT processes. the analysis
auditor business processes manager. processes needs to be
found that processes. not covered. not covered. either
the business updated or
continuity revisited to
plan (BCP) assess the
covered only risk of not
critical covering all
processes. processes in
The IS the plan. It is
auditor possible that
should: the cost of
including all
processes
might
exceed the
value of
those
processes;
therefore,
they should
not be
covered. An
IS auditor
should
substantiate
this by
analyzing
the risk.
Depending A. B. C. D. A. Explanation:
on the each plan is all plans are each plan is the each plan is Depending
complexity consistent integrated dependent sequence for consistent on the
of an with one into a single on one implementa with one complexity
organization’ another. plan. another. tion of all another. of an
s business plans is organization,
continuity defined. there could
plan (BCP), be more
the plan may than one
be plan to
developed address
as a set of various
more than aspects
one plan to of business
address continuity
various and disaster
aspects of recovery.
business These do not
continuity necessarily
and disaster have to be
recovery, in integrated
such into one
an single
environment plan.
, it is However,
essential each plan
that: has tobe
consistent
with other
plans to
have a viable
business
continuity
planning
While A. B. C. D. A. Explanation:
designing shadow file electronic hard-disk hot-site shadow file In shadow
the business processing. vaulting. mirroring. provisioning. processing. file
continuity processing,
plan (BCP) exact
for an airline duplicates of
reservation the files are
system, the maintained
MOST at the same
appropriate site or at a
method of remote site.
data The
transfer/bac two files are
kup at an processed
offsite concurrently
location . This is used
would be: for critical
data files,
such as
airline
booking
systems.
Electronic
vaulting
electronicall
y transmits
data either
to direct
access
storage, an
optical disc
or another
storage
medium;
After a full A. B. C. D. A. Explanation:
operational Perform an Broaden the Make increase the Perform an Performing
contingency integral processing improvemen amount of integral an
test, an IS review of capacity to ts in the human review of exhaustive
auditor the recovery gain facility’s resources the recovery review of
performs a tasks. recovery circulation involved in tasks. the recovery
review of time. structure. the tasks would
the recovery recovery. be
steps. The appropriate
auditor to identify
concludes the way
that the these tasks
time it took were
for the performed,
technologica identify the
l time
environment allocated to
and systems each of the
to return to steps
full- required to
functioning accomplish
exceeded recovery,
the required and
critical determine
recovery where
time. Which adjustments
of the can be
following made.
should the Choices B, C
auditor and D could
recommend be actions
? after the
described
review has
The A. B. C. D. D. Explanation:
PRIMARY safeguard provide for minimize the protect protect Since human
objective of critical IS continuity of loss to an human life. human life. life is
business assets. operations. organization. invaluable,
continuity the main
and disaster priority of
recovery any business
plans should continuity
be to: and disaster
recovery
plan should
be
to protect
people. All
other
priorities are
important
but are
secondary
objectives of
a business
continuity
and
disaster
recovery
plan.
Which of the A. B. C. D. D. Explanation:
following A hot site is A business insurance Media Media Without
would an IS contracted continuity coverage is backups are backups are data to
auditor for and manual is adequate performed performed process, all
consider to available as available and on a timely on a timely other
be the MOST needed. and current. premiums basis and basis and components
important to are current. stored stored of the
review when offsite. offsite. recovery
conducting a effort are in
business vain. Even in
continuity the absence
audit? of a plan,
recovery
efforts of
any type
would not
be practical
without data
to process.
To develop a A. B. C. D. C. Explanation:
successful Business Detailed Business Testing and Business End user
business recovery plan impact maintenance impact involvement
continuity strategy developmen analysis analysis is critical in
plan, end t (BIA) (BIA) the BIA
user phase.
involvement During this
is critical phase the
during which current
of the operations
following of the
phases? business
needs to be
understood
and the
impact on
the business
of various
disasters
must be
evaluated.
End users
are
the
appropriate
persons to
provide
relevant
information
for these
tasks,
inadequate
end user
involvement
Which of the A. B. C. D. B. Explanation:
following Document is Planning Approval by Audit by an Planning The
would circulated to involves all senior external IS involves all involvement
contribute all user managemen auditor user of user
MOST to an interested departments t departments departments
effective parties in the BCP is
business crucial for
continuity the
plan (BCP)? identificatio
n of the
business
processing
priorities.
The BCP
circulation
will ensure
that the BCP
document is
received by
all users.
Though
essential,
this does not
contribute
significantly
to the
success of
the BCP. A
BCP
approved by
senior
managemen
t would
not ensure
Which of the A. B. C. D. D. Explanation:
following Verify Review the Perform a Update the Update the An IS assets
activities compatibility implementa walk- IS assets IS assets inventory is
should the with the hot tion report. through of inventory. inventory. the basic
business site. the disaster input for the
continuity recovery business
manager plan. continuity/di
perform saster
FIRST after recovery
the plan, and
replacement the plan
of hardware must
at the be updated
primary to reflect
information changes in
processing the IS
facility? infrastructur
e. The other
choices are
procedures
required to
update the
disaster
recovery
plan after
having
updated the
required
assets
inventory.
As part of A. B. C. D. C. Explanation:
the business Organization Threats to Critical Resources Critical The
continuity al risks, such critical business required for business identificatio
planning as single business processes resumption processes n of the
process, point-of- processes for of business for priority for
which of the failure and ascertaining ascertaining recovering
following infrastructur the priority the priority critical
should be e risk for recovery for recovery business
identified processes
FIRST in the should be
business addressed
impact first.
analysis? Organization
al risks
should be
identified
next,
followed by
the
identificatio
n of threats
to critical
business
processes.
Identificatio
n of
resources
for business
resumption
will occur
after the
tasks
mentioned.
An IS auditor A. B. C. D. B. Explanation:
has audited Nonavailabili Absence of a Lack of Failure of Absence of a Failure of a
a business ty of an backup for backup the access backup for network
continuity alternate the network systems for card system the network backbone
plan (BCP). private backbone the users’ backbone will result in
Which of the branch PCs the failure of
following exchange the
findings is (PBX) system complete
the MOST network and
critical? impact the
ability of all
users
to access
information
on the
network.
The
nonavailabili
ty of an
alternate
PBX system
will result in
users not
being able to
make or
receive
telephone
calls or
faxes;
however,
users may
have
alternate
means of
Which of the A. B. C. D. B. Explanation:
following is Pilot Paper Unit System Paper A paper test
an is
appropriate appropriate
test method for testing a
to apply to a BCP. it is a
business walkthrough
continuity of the entire
plan (BCP)? plan, or part
of the plan,
involving
major
players in
the plan’s
execution,
who reason
out what
may happen
in a
particular
disaster.
Choices A, C
and D are
not
appropriate
for a BCP.
After A. B. C. D. C. Explanation:
completing Test and Develop a Develop implement Develop The next
the business maintain the specific plan. recovery the plan. recovery phase in the
impact plan. strategies. strategies. continuity
analysis plan
(BIA), what developmen
is the next t is to
step in the identify the
business various
continuity recovery
planning strategies
process? and select
the
most
appropriate
strategy for
recovering
from a
disaster.
After
selecting a
strategy, a
specific plan
can be
developed,
tested and
implemente
d.
Which of the A. B. C. D. A. Explanation:
following Resuming Recovering Restoring Relocating Resuming The
would have critical sensitive the site operations critical resumption
the HIGHEST processes processes to an processes of critical
priority in a alternative processes
business site has the
continuity highest
plan (BCP)? priority as it
enables
business
processes to
begin
immediately
after the
interruption
and not later
than the
declared
mean time
between
failure
(MTBF).
Recovery
of sensitive
processes
refers to
recovering
the vital and
sensitive
processes
that can be
performed
manually at
a tolerable
To address A. B. C. D. C. Explanation:
an service level recovery recovery maximum recovery The recovery
organization’ objective time point acceptable point point
s disaster (SLO). objective objective outage objective objective
recovery (RTO). (RPO). (MAO). (RPO). (RPO)
requirement defines the
s, backup point in time
intervals to which
should not data must
exceed the: be restored
after a
disaster so
as to resume
processing
transactions.
Backups
should be
performed
in a way that
the latest
backup is no
older
than this
maximum
time frame.
If service
levels are
not met, the
usual
consequenc
es are
penalty
payments,
not
A live test of A. B. C. D. A. Explanation:
a mutual system and resources connectivity workflow of system and The
agreement the IT and the to the actual the IT applications
for IT system operations environment applications business operations have been
recovery has team can could at the operations team can intensively
been carried sustain sustain the remote site can use the sustain operated,
out, operations transaction meets emergency operations therefore
including a in the load. response system in in the choices B, C
four-hour emergency time case of a emergency and D have
test of environment requirement disaster. environment been
intensive . s. . actually
usage by the tested, but
business the
units. The capability of
test has the system
been and the IT
successful, operations
but gives team to
only partial sustain and
assurance support this
that the: environment
(ancillary
operations,
batch
closing,
error
corrections,
output
distribution,
etc.) is only
partially
tested.
The frequent A. B. C. D. A. Explanation:
updating of Contact Server individual Procedures Contact In the event
which of the information inventory roles and for declaring information of a disaster,
following is of key documentati responsibiliti a disaster of key it is
key to the personnel on es personnel important to
continued have a
effectiveness current
of a disaster updated list
recovery of personnel
plan who are key
(DRP)? to the
operation
of the plan.
Choices B, C
and D would
be more
likely to
remain
stable
overtime.
Which of the A. B. C. D. D. Explanation:
following Due to the During the The Every year, Every year, A disaster
issues limited test test it was procedures the same the same recovery
should be time noticed that to shut employees employees test should
the window, some of the down and perform the perform the test the
GREATEST only the backup secure the test. The test. The plan,
concern to most systems original recovery recovery processes,
the IS essential were production plan plan people and
auditor systems defective or site before documents documents IT systems.
when were tested. not working, starting the are not used are not used Therefore, if
reviewing an The other causing the backup site since every since every the plan is
IT systems test of these required step is well step is well not
disaster were systems to far more known by all known by all used, its
recovery tested fail. time than participants. participants. accuracy and
test? separately planned. adequacy
during the cannot be
rest of the verified.
year. Disaster
recovery
should not
rely on key
staff since a
disaster can
occur when
they are not
available. It
is common
that not all
systems can
be tested in
a limited
test
time frame.
It is
An A. B. C. D. A. Explanation:
organization a data loss a 1-minute a processing both a data a data loss The recovery
has a of up to 1 processing interruption loss and a of up to 1 time
recovery minute, but interruption of 1 minute processing minute, but objective
time the but cannot or more. interruption the (RTO)
objective processing tolerate any longer than processing measures an
(RTO) equal must be data loss. 1 minute. must be organization’
to zero and a continuous. continuous. s tolerance
recovery for
point downtime
objective and the
(RPO) close recovery
to 1 minute point
for a critical objective
system. This (RPO)
implies that measures
the system how much
can tolerate: data loss can
be accepted.
Choices B, C
and D are
incorrect
since they
exceed the
RTO limits
set by the
scenario.
During a A. B. C. D. D. Explanation:
disaster event error disaster disaster configuratio configuratio Since the
recovery log recovery recovery ns and ns and configuratio
test, an IS generated at test plan. plan (DRP). alignment of alignment of n of the
auditor the disaster the primary the primary system is the
observes recovery and disaster and disaster most
that the site. recovery recovery probable
performance sites. sites. cause, the IS
of the auditor
disaster should
recovery review that
site’s first. If the
server is issue cannot
slow. To find be clarified,
the root the IS
cause of auditor
this, the IS should then
auditor review the
should FIRST event error
review the: log. The
disaster
recovery
test plan
and the
disaster
recovery
plan (DRP)
would not
contain
information
about the
system
configuratio
n.
Regarding a A. B. C. D. C. Explanation:
disaster identifying determining observing determining observing The IS
recovery critical the external the tests of the criteria the tests of auditor
plan, the applications. service the disaster for the disaster should be
role of an IS providers recovery establishing recovery present
auditor involved in a plan. a recovery plan. when
should recovery time disaster
include: test. objective recovery
(RTO). plans are
tested, to
ensure that
the test
meets the
targets for
restoration,
and the
recovery
procedures
are effective
and efficient.
As
appropriate,
the auditor
should
provide a
report of the
test results.
All other
choices are a
responsibilit
y of
managemen
t.
A lower A. B. C. D. B. Explanation:
recovery higher higher cost. wider more higher cost. A recovery
time disaster interruption permissive time
objective tolerance. windows. data loss. objective
(RTO) results (RTO) is
in: based on the
acceptable
downtime in
case of a
disruption of
operations.
The
lower the
RTO, the
higher the
cost of
recovery
strategies.
The lower
the disaster
tolerance,
the
narrower
the
interruption
windows,
and the
lesser the
permissive
data loss.
When A. B. C. D. D. Explanation:
developing a annualized service quantity of maximum maximum The recovery
disaster loss delivery orphan data. tolerable tolerable time
recovery expectancy objective. outage. outage. objective is
plan, the (ALE). determined
criteria for based on the
determining acceptable
the downtime in
acceptable case of a
downtime disruption of
should be operations,
the: it indicates
the
maximum
tolerable
outage that
an
organization
considers to
be
acceptable
before a
system or
process
must
resume
following a
disaster.
Choice A is
incorrect,
because the
acceptable
downtime
would not
Due to A. B. C. D. A. Explanation:
changes in Catastrophic High Total cost of Users and Catastrophic Choices B, C
IT, the service consumption the recovery recovery service and D are all
disaster interruption of resources may not be teams may interruption possible
recovery minimized face severe problems
plan of a difficulties that might
large when occur, and
organization activating would cause
has been the plan difficulties
changed. and financial
What is the losses
PRIMARY or waste of
risk if the resources.
new plan is However, if
not tested? a new
disaster
recovery
plan is not
tested, the
possibility of
a
catastrophic
service
interruption
is the most
critical of all
risks.
If the A. B. C. D. A. Explanation:
recovery the disaster the cost of a cold site the data the disaster The longer
time tolerance recovery cannot be backup tolerance the recovery
objective increases. increases. used. frequency increases. time
(RTO) increases. objective
increases: (RTO), the
higher
disaster
tolerance
and the
lower the
recovery
cost. It
cannot be
concluded
that a cold
site is
inappropriat
e or that the
frequency of
data backup
would
increase.
An A. B. C. D. D. Explanation:
organization data full posttest. preparednes preparednes A
has a recovery operational s test. s test. preparednes
number of test. test. s test should
branches be
across a performed
wide by each local
geographical office/area
areA. To to test the
ensure that adequacy of
all aspects of the
the preparednes
disaster s of
recovery local
plan are operations
evaluated in in the event
a cost of a disaster.
effective This test
manner, an should be
IS auditor performed
should regularly on
recommend different
the use of a: aspects of
the
plan and can
be a cost-
effective
way to
gradually
obtain
evidence of
the plan’s
adequacy. A
data
Of the A. B. C. D. B. Explanation:
following all threats a cost- the recovery the cost of a cost- It is critical
alternatives, can be effective, time recovery can effective, to initially
the FIRST completely built-in objective be built-in identify
approach to removed. resilience can be minimized. resilience information
developing a can be optimized. can be assets that
disaster implemente implemente can be made
recovery d. d. more
strategy resilient to
would be to disasters,
assess e.g., diverse
whether: routing,
alternate
paths or
multiple
communicati
on carriers.
It is
impossible
to remove
all existing
and future
threats. The
optimization
of the
recovery
time
objective
and efforts
to minimize
the cost of
recovery
come later
in the
Which of the A. B. C. D. D. Explanation:
following The disaster The The overall The The If nobody
should be of levels are difference BCP is responsibilit responsibilit declares the
MOST based on between documented y for y for disaster, the
concern to scopes of low-level , but declaring a declaring a response
an IS auditor damaged disaster and detailed disaster is disaster is and recovery
reviewing functions, software recovery not not plan would
the BCP? but not on incidents is steps are not identified. identified. not be
duration. not clear. specified. invoked,
making all
other
concerns
mute.
Although
failure to
consider
duration
could be a
problem, it
is not as
significant as
scope, and
neither is as
critical as
the need to
have
someone
invoke the
plan. The
difference
between
incidents
and lowlevel
disasters is
When A. B. C. D. A. Explanation:
auditing a Alert Cancel the Complete Postpone Alert An IS auditor
disaster managemen audit. the audit of the audit managemen should make
recovery t and the systems until the t and managemen
plan for a evaluate the covered by systems are evaluate the t aware that
critical impact of the existing added to the impact of some
business not covering disaster disaster not covering systems are
area, an IS all systems. recovery recovery all systems. omitted
auditor finds plan. plan. from the
that it does disaster
not cover all recovery
the systems. plan.
Which of the An IS auditor
following is should
the MOST continue the
appropriate audit and
action for include an
the IS evaluation of
auditor? the impact
of not
including all
systems in
the disaster
recovery
plan.
Cancelling
the audit,
ignoring the
fact that
some
systems are
not covered
or
postponing
An A. B. C. D. C. Explanation:
organization Obtain Identify Conduct a Perform a Conduct a A best
has senior business paper test. system paper test. practice
implemente managemen needs. restore test. would be to
d a disaster t conduct a
recovery sponsorship. paper test.
plan. Which Senior
of the managemen
following t
steps should sponsorship
be carried and business
outnext? needs
identificatio
n should
have been
obtained
prior to
implementin
g the plan. A
paper test
should be
conducted
first,
followed by
system or
full testing.
A hot site A. B. C. D. A. Explanation:
should be disaster recovery recovery disaster disaster Disaster
implemente tolerance is point time tolerance is tolerance is tolerance is
d as a low. objective objective high. low. the time gap
recovery (RPO) is (RTO) is during which
strategy high. high. the business
when the: can accept
nonavailabili
ty of IT
facilities. If
this
time gap is
low,
recovery
strategies
that can be
implemente
d within a
short period
of time, such
as a hot site,
should be
used. The
RPO is the
earliest
point in time
at which it is
acceptable
to recover
the data. A
high RPO
means that
the process
can wait for
Which of the A. B. C. D. D. Explanation:
following is interview Perform a Review the Perform a Perform a A business
the BEST the gap analysis. most recent business business impact
method for application application impact impact analysis will
determining programmer audits. analysis. analysis. give the
the criticality s. impact of
of each the loss of
application each
system in application.
the Interviews
production with the
environment application
? programmer
s will
provide
limited
information
related to
the criticality
of the
systems. A
gap analysis
is only
relevant to
systems
developmen
t and project
managemen
t. The audits
may not
contain the
required
information
or may not
Which of the A. B. C. D. D. Explanation:
following A disaster Customer Processes Results of Results of Plans are
provides the recovery references for tests and tests and important,
BEST plan for the maintaining drills drills but mere
evidence of alternate the disaster plans do not
an site provider recovery provide
organization’ plan reasonable
s disaster assurance
recovery unless
readiness? tested.
References
for the
alternate
site provider
and the
existence
and
maintenance
of a disaster
recovery
plan are
important,
but only
tests and
drills
demonstrate
the
adequacy of
the plans
and provide
reasonable
assurance of
an
organization’
Which of the A. B. C. D. B. Explanation:
following Develop a Perform a Map Appoint Perform a The first step
tasks should recovery business software recovery business in any
be strategy. impact systems, teams with impact disaster
performed analysis. hardware defined analysis. recovery
FIRST when and network personnel, plan is to
preparing a components. roles and perform a
disaster hierarchy. business
recovery impact
plan? analysis. All
other tasks
come
afterwards.
The cost of A. B. C. D. A. Explanation:
ongoing increase. decrease. remain the be increase. Due to the
operations same. unpredictabl additional
when a e. cost of
disaster disaster
recovery recovery
plan is in planning
place, (DRP)
compared to measures,
not having a the cost of
disaster normal
recovery operations
plan, will for any
MOST likely: organization
will always
increase
after a DRP
implementa
tion, i.e., the
cost of
normal
operations
during a
nondisaster
period will
be more
than the
cost of
operations
during a
nondisaster
period when
no disaster
recovery
A financial A. B. C. D. C. Explanation:
institution Reciprocal Alternate Alternate Installation Alternate The
that agreement processor in processor at of duplex processor at unavailabilit
processes with another the same another communicati another y of the
millions of organization location network on links network central
transactions node node communicati
each day has ons
a central processor
communicati would
ons disrupt all
processor access to the
(switch) for banking
connecting network.
to This could
automated be caused by
teller an
machines equipment,
(ATMs). power or
Which of the communicati
following ons failure.
would be Reciprocal
the BEST agreements
contingency make an
plan for the organization
communicati dependent
ons on the other
processor? organization
and raise
privacy,
competition
and
regulatory
issues.
Having
A disaster A. B. C. D. D. Explanation:
recovery A hot site Distributed Synchronous Synchronous Synchronous The
plan for an that can be database updates of remote copy remote copy synchronous
organization’ operational systems in the data and of the data of the data copy of the
s financial in eight multiple standby in a warm in a warm storage
system hours with locations active site that can site that can achieves the
specifies asynchronou updated systems in a be be RPO
that the s backup of asynchronou hot site operational operational objective
recovery the sly in 48 hours in 48 hours and a warm
point transaction site
objective logs operational
(RPO) in 48 hours
is no data meets the
loss and the required
recovery RTO.
time Asynchrono
objective us updates
(RTO) is 72 of the
hours. database in
Which of the distributed
following is locations do
the MOST not meet the
costeffective RPO.
solution? Synchronous
updates of
the data and
standby
active
systems in a
hot site
meet the
RPO and
RTO
requirement
A disaster A. B. C. D. A. Explanation:
recovery reduce the increase the reduce the affect reduce the One of the
plan for an length of the length of the duration of neither the length of the objectives of
organization recovery recovery the recovery recovery recovery a disaster
should: time and the time and the time and time nor the time and the recovery
cost of cost of increase the cost of cost of plan is to
recovery. recovery. cost of recovery. recovery. reduce the
recovery. duration and
cost of
recovering
from a
disaster. A
disaster
recovery
plan would
increase the
cost of
operations
before and
after the
disaster
occurs,
but should
reduce the
time to
return to
normal
operations
and the cost
that could
result from a
disaster.
An offsite A. B. C. D. A. Explanation:
information cold site. warm site. dial-up site. duplicate cold site. A cold site is
processing processing ready to
facility with facility. receive
electrical equipment
wiring, air but does not
conditioning offer any
and flooring, components
but no at the site in
computer or advance of
communicati the need.
ons A warm site
equipment, is an offsite
is a: backup
facility that
is partially
configured
with
network
connections
and selected
peripheral
equipment-
such as disk
and tape
units,
controllers
and CPUs-to
operate an
information
processing
facility. A
duplicate
information
Which of the A. B. C. D. C. Explanation:
following The site is The site The The The Resource
must exist to near the contains the workload of hardware is workload of availability
ensure the primary site most the primary tested when the primary must be
viability of a to ensure advanced site is it is installed site is assured. The
duplicate quick and hardware monitored to ensure it monitored workload of
information efficient available. to ensure is working to ensure the site must
processing recovery. adequate properly. adequate be
facility? backup is backup is monitored
available. available. to ensure
that
availability
for
emergency
backup use
is not
impaired.
The site
chosen
should not
be subject to
the same
natural
disaster as
the primary
site. In
addition, a
reasonable
compatibility
of
hardware/so
ftware must
exist to
serve as a
Which of the A. B. C. D. A. Explanation:
following The User Copies of Feedback is The The
disaster alternate managemen the plan are provided to alternate alternate
recovery/co facility will t is involved kept at the managemen facility will facility
ntinuity plan be available in the homes of t assuring be available should be
components until the identificatio key decision- them that until the made
provides the original n of critical making the business original available
GREATEST information systems and personnel. continuity information until the
assurance of processing their plans are processing original site
recovery facility is associated indeed facility is is restored
after a restored. critical workable restored. to provide
disaster? recovery and that the the greatest
times. procedures assurance of
are current. recovery
after a
disaster.
Without this
assurance,
the plan will
not be
successful.
All other
choices
ensure
prioritization
or the
execution of
the plan.
While A. B. C. D. B. Explanation:
reviewing Deterrence Mitigation Recovery Response Mitigation An effective
the business business
continuity continuity
plan of an plan
organization, includes
an IS auditor steps to
observed mitigate the
that the effects of a
organization’ disaster.
s Files must
data and be restored
software on a timely
files are basis for a
backed up backup plan
on a periodic to be
basis. Which effective. An
characteristi example of
c of an deterrence
effective is when a
plan does plan
this includes
demonstrate installation
? of firewalls
for
information
systems. An
example of
recovery is
when a plan
includes an
organization’
s hot site to
restore
The A. B. C. D. D. Explanation:
responsibiliti obtaining, locating a managing coordinating coordinating Choice A
es of a packaging recovery the the process the process describes an
disaster and shipping site, if one relocation of moving of moving offsite
recovery media and has not been project and from the hot from the hot storage
relocation records to predetermin conducting a site to a new site to a new team, choice
team the recovery ed, and more location or location or B defines a
include: facilities, as coordinating detailed to the to the transportati
well as the assessment restored restored on team and
establishing transport of of the original original choice C
and company damage to location. location. defines a
overseeing employees the facilities salvage
an offsite to the and team.
storage recovery equipment.
schedule. site.
There are A. B. C. D. B. Explanation:
several alternative diverse long-haul last-mile diverse Diverse
methods of routing. routing. network circuit routing. routing
providing diversity. protection. routes traffic
telecommun through
ications split-cable
continuity. facilities or
The method duplicate-
of routing cable
traffic facilities.
through This can be
split cable or accomplishe
duplicate d
cable with
facilities is different
called: and/or
duplicate
cable
sheaths, if
different
cable
sheaths are
used, the
cable may
be in the
same
conduit and,
therefore,
subject to
the same
interruption
s as the
cable it is
backing up.
An IS auditor A. B. C. D. B. Explanation:
reviewing an tested every regularly approved by communicat regularly The plan
organization’ six months. reviewed the chief ed to every reviewed should be
s IS disaster and executive department and reviewed at
recovery updated. officer head in the updated. appropriate
plan should (CEO). organization. intervals,
verify that it depending
is: upon the
nature of
the business
and the rate
of change of
systems and
personnel.
Otherwise, it
may become
out of date
and may no
longer be
effective.
The plan
must be
subjected to
regular
testing, but
the period
between
tests will
again
depend on
the nature
of
the
organization
Which of the A. B. C. D. A. Explanation:
following Built-in Completing A repair A duplicate Built-in Alternative
would BEST alternative full system contract machine alternative routing
ensure routing backup daily with a alongside routing would
continuity of service each server ensure the
a wide area provider network
network would
(WAN) continue if a
across the server is lost
organization or if a link is
? severed as
message
rerouting
could be
automatic.
System
backup will
not afford
immediate
protection.
The repair
contract is
not as
effective as
perm a
nentalte
(native
routing.
Standby
servers will
not provide
continuity if
a link is
severed
Which of the A. B. C. D. A. Explanation:
following Developmen Resources The recovery The security Developmen If one
represents ts may result may not be plan cannot infrastructur ts may result organization
the in hardware available be tested. es in each in hardware updates its
GREATEST and software when company and software hardware
risk created incompatibili needed. may be incompatibili and software
by a ty. different. ty. configuratio
reciprocal n, it may
agreement mean that it
for disaster is no longer
recovery compatible
made with the
between systems of
two the other
companies? party in the
agreement.
This may
mean that
each
company is
unable to
use the
facilities at
the other
company to
recover their
processing
following a
disaster.
Resources
being
unavailable
when
needed are
Facilitating A. B. C. D. A. Explanation:
telecommun last-mile long-haul diverse alternative last-mile The method
ications circuit network routing. routing. circuit of providing
continuity by protection. diversity. protection. telecommun
providing ication
redundant continuity
combination through the
s of local use of many
carrier T-1 recovery
lines, facilities,
microwaves providing
and/or redundant
coaxial combination
cables to s of local
access the carrier T-ls,
local microwave
communicati and/or
on loop: coaxial cable
to access the
local
communicati
on
loop in the
event of a
disaster, is
called last-
mile circuit
protection.
Providing
diverse long-
distance
network
availability
utilizing T-l
A large chain A. B. C. D. D. Explanation:
of shops Offsite Alternative installation Alternative Alternative Having an
with storage of standby of duplex standby standby alternative
electronic daily processor communicati processor at processor at standby
funds backups onsite on links another another processor at
transfer network network another
(EFT) at node node network
point-of-sale node would
devices has be the best
a central solution. The
communicati unavailabilit
ons y
processor of the
for central
connecting communicati
to the ons
banking processor
network. would
Which of the disrupt all
following is access to the
the BEST banking
disaster network,
recovery resulting in
plan for the the
communicati disruption of
ons operations
processor? for all of the
shops. This
could be
caused by
failure of
equipment,
power or
communicati
The MAIN A. B. C. D. C. Explanation:
purpose for protect the eliminate ensure the ensure that ensure the The main
periodically integrity of the need to continued program and continued purpose of
testing the data in develop compatibility system compatibility offsite
offsite the detailed of the documentati of the hardware
facilities is database. contingency contingency on remains contingency testing is to
to: plans. facilities. current. facilities. ensure the
continued
compatibility
of the
contingency
facilities.
Specific
software
tools are
available to
protect the
ongoing
integrity of
the
database.
Contingency
plans should
not be
eliminated
and program
and system
documentati
on should be
reviewed
continuously
for
currency.
Disaster A. B. C. D. D. Explanation:
recovery operations strategic the alternative alternative It is
planning turnover long-range probability procedures procedures important
(DRP) for a procedures. planning. that a to process to process that disaster
company’s disaster will transactions. transactions. recovery
computer occur. identifies
system alternative
usually processes
focuses on: that can be
put in place
while the
system is
not
available.
An IS auditor A. B. C. D. C. Explanation:
conducting a take no recommend perform a report that perform a An IS auditor
review of action as the that the review to the financial review to does not
disaster lack of a hardware verify that expenditure verify that have a
recovery current plan configuratio the second on the the second finding
planning is the only n at each configuratio alternative configuratio unless it can
(DRP) at a significant site is n can site is n can be shown
financial finding. identical. support live wasted support live that the
processing processing. without an processing. alternative
organization effective hardware
has plan. cannot
discovered support
the thelive
following: processing
• The system. Even
existing though the
disaster primary
recovery finding is the
plan was lack of a
compiled proven and
two years communicat
earlier by a ed disaster
systems recovery
analyst in plan, it is
the essential
organization’ that this
s IT aspect of
department recovery is
using included in
transaction the audit. If
flow it is found to
projections be
from the inadequate,
operations the finding
An IS auditor A. B. C. D. D. Explanation:
conducting a the deputy a board of the existing a manager a manager The primary
review of CEO be senior plan is coordinates coordinates concern is to
disaster censured for managers is approved the creation the creation establish a
recovery their failure set up to and of a new or of a new or workable
planning to approve review the circulated to revised plan revised plan disaster
(DRP) at a the plan. existing all key within a within a recovery
financial plan. managemen defined time defined time plan, which
processing t and staff. limit. limit. reflects
organization current
has processing
discovered volumes to
the protect the
following: organization
• The from any
existing disruptive
disaster incident.
recovery Censuring
plan was the deputy
compiled CEO will not
two years achieve this
earlier by a and is
systems generally
analyst in not within
the the scope of
organization’ an IS auditor
s IT to
department recommend.
using Establishing
transaction a board to
flow review the
projections plan,
from the which is two
operations years out of
Disaster A. B. C. D. A. Explanation:
recovery technologica operational functional overall technologica Disaster
planning l aspect of piece of aspect of coordination l aspect of recovery
(DRP) business business business of business business planning
addresses continuity continuity continuity continuity continuity (DRP) is the
the: planning. planning. planning. planning. planning. technologica
l aspect of
business
continuity
planning.
Business
resumption
planning
addresses
the
operational
part of
business
continuity
planning.
Which of the A. B. C. D. C. Explanation:
following is a Invite client involve all Rotate install Rotate Recovery
practice that participation technical recovery locally- recovery managers
should be . staff. managers. stored managers. should be
incorporated backup. rotated to
into the plan ensure the
for testing experience
disaster of the
recovery recovery
procedures? plan is
spread
among the
managers.
Clients may
be involved
but not
necessarily
in every
case. Not all
technical
staff should
be involved
in each test.
Remote or
offsite
backup
should
always be
used.
An A. B. C. D. C. Explanation:
advantage of the costs hot sites can hot sites can they do not hot sites can Hot sites can
the use of associated be used for be made require that be made be made
hot sites as a with hot an extended ready for equipment ready for ready for
backup sites are amount of operation and systems operation operation
alternative is low. time. within a software be within a normally
that: short period compatible short period within
of time. with the of time. hours.
primary site. However,
the use of
hot sites is
expensive,
should not
be
considered
as a long-
term
solution, and
requires that
equipment
and systems
software be
compatible
with the
primary
installation
being
backed up.
An A. B. C. D. D. Explanation:
organization’ all all financial only those processing in processing in Business
s disaster information processing applications priority priority managemen
recovery systems applications. designated order, as order, as t should
plan should processes. by the IS defined by defined by know which
address manager. business business systems are
early managemen managemen critical and
recovery of: t. t. when they
need to
process well
in advanceof
a disaster. It
is
managemen
t’s
responsibilit
y to develop
and
maintain the
plan.
Adequate
time will not
be
available for
this
determinatio
n once the
disaster
occurs. IS
and the
information
processing
facility are
service
An A. B. C. D. B. Explanation:
organization Full Preparednes Paper test Regression Preparednes A
having a operational s test test s test preparednes
number of test s test is
offices performed
across a by each local
wide office/area
geographical to test the
area has adequacy of
developed a the
disaster preparednes
recovery s of local
plan. Using operations
actual for disaster
resources, recovery. A
which of the paper test is
following is a structured
the MOST walk-
cost- through of
effective test the disaster
of the recovery
disaster plan and
recovery should be
plan? conducted
before a
preparednes
s test. A full
operational
test is
conducted
after the
paper and
preparednes
s test. A
Which of the A. B. C. D. D. Explanation:
following is Warm site Mobile site Hot site Cold site Cold site Generally a
the MOST cold site is
reasonable contracted
option for for a longer
recovering a period at a
noncritical lower cost.
system? Since it
requires
more time
to make a
cold site
operational,
it is
generally
used for
noncritical
applications.
A warm site
is generally
available at
a
medium
cost,
requires less
time to
become
operational
and is
suitable for
sensitive
operations.
A mobile site
is
After A. B. C. D. C. Explanation:
implementa decrease. not change increase. increase or increase. There are
tion of a (remain the decrease costs
disaster same). depending associated
recovery upon the with all
plan, pre- nature of activities
disaster and the business. and disaster
post-disaster recovery
operational planning
costs for an (DRP) is not
organization an
will: exception.
Although
there are
costs
associated
with a
disaster
recovery
plan, there
are
unknown
costs that
are incurred
if
a disaster
recovery
plan is not
implemente
d.
The A. B. C. D. B. Explanation:
PRIMARY provide a identify the publicize the provide the identify the A business
purpose of a plan for events that commitment framework events that impact
business resuming could impact of the for an could impact analysis
impact operations the organization effective the (BIA) is one
analysis after a continuity of to physical disaster continuity of of the key
(BIA) is to: disaster. an and logical recovery an steps in the
organization’ security. plan. organization’ developmen
s operations. s operations. t of a
business
continuity
plan
(BCP). A BIA
will identify
the diverse
events that
could impact
the
continuity of
the
operations
of an
organization.
Which of the A. B. C. D. C. Explanation:
following A hot site A A reciprocal A third-party A reciprocal For a
recovery maintained commercial arrangement hot site arrangement business
strategies is by the cold site between its between its having many
MOST business offices offices offices
appropriate within a
for a region, a
business reciprocal
having arrangement
multiple among its
offices offices
within a would be
region and a most
limited appropriate.
recovery Each office
budget? could be
designated
as a
recovery site
for some
other office.
This would
be the least
expensive
approach to
providing an
acceptable
level of
confidence.
A hot site
maintained
by the
business
would be a
Which of the A. B. C. D. A. Explanation:
following is Timely Availability Adequacy of Effectiveness Timely A warm site
the availability of heat, electrical of the availability has the basic
GREATEST of hardware humidity power telecommun of hardware infrastructur
concern and air connections ications e facilities
when an conditioning network implemente
organization’ equipment d, such as
s backup power, air
facility is at a conditioning
warm site? and
networking,
but is
normally
lacking
computing
equipment.
Therefore,
the
availability
of hardware
becomes a
primary
concern.
A structured A. B. C. D. B. Explanation:
walk- representati all moving the distributing all A structured
through test ves from employees systems to copies of the employees walk-
of a disaster each of the who the alternate plan to the who through test
recovery functional participate processing various participate of a disaster
plan areas in the day- site and functional in the day- recovery
involves: coming to-day performing areas for to-day plan involves
together to operations processing review. operations representati
go over the coming operations. coming ves from
plan. together to together to each of the
practice practice functional
executing executing areas
the plan. the plan. coming
together to
review the
plan to
determine if
the plan
pertaining to
their area is
accurate and
complete
and can be
implemente
d when
required.
Choice B is a
simulation
test to
prepare and
train the
personnel
who will be
required to
In a contract A. B. C. D. C. Explanation:
with a hot, Physical Total Number of References Number of The contract
warm or security number of subscribers by other subscribers should
cold site, measures subscribers permitted to users permitted to specify the
contractual use a site at use a site at number of
provisions one time one time subscribers
should cover permitted to
which of the use the site
following at any one
consideratio time.
ns? Physical
security
measures
are not a
part of the
contract,
although
they are an
important
consideratio
n when
choosing a
third-party
site. The
total
number of
subscribers
is not a
consideratio
n; what is
important is
whether the
agreement
limits the
Which of the A. B. C. D. B. Explanation:
following is Minimum Acceptable Mean time Acceptable Acceptable Recovery
the MOST operating data loss between time for data loss time
important requirement failures recovery objectives
consideratio s (RTOs) are
n when the
defining acceptable
recovery time delay in
point availability
objectives of business
(RPOs)? operations,
while
recovery
point
objectives
(RPOs) are
the level of
data
loss/reworki
ng an
organization
is willing to
accept.
Mean
time
between
failures and
minimum
operating
requirement
s help in
defining
recovery
strategies.
Which of the A. B. C. D. D. Explanation:
following is Backup time Backup Storage Server Server In case of a
the would operational operational recovery recovery crash,
GREATEST steadily cost would cost would work may work may recovering a
risk when increase significantly significantly not meet the not meet the server with
storage increase increase recovery recovery an extensive
growth in a time time amount of
critical file objective objective data could
server is not (RTO) (RTO) require a
managed significant
properly? amount of
time. If the
recovery
cannot meet
the recovery
time
objective
(RTO), there
will be a
discrepancy
in IT
strategies.
It’s
important to
ensure that
server
restoration
can meet
the RTO.
Incremental
backup
would only
take the
backup of
During an A. B. C. D. A. Explanation:
audit, an IS the level of information information change the level of Business
auditor information security security managemen information should
notes that security roles and resource t procedures security consider
an required responsibiliti requirement for required whether
organization’ when es in the s. information when information
s business business crisis security that business security
continuity recovery managemen could affect recovery levels
plan (BCP) procedures t structure. business procedures required
does not are invoked. continuity are invoked. during
adequately arrangement recovery
address s. should be
information the same,
confidentiali lower or
ty during a higher than
recovery when
process. The business is
IS auditor operating
should normally. In
recommend particular,
that the plan any special
be modified rules for
to include: access to
confidential
data during
a crisis need
to be
identified.
The other
choices do
not directly
address the
information
confidentiali
What is the A. B. C. D. A. Explanation:
BEST backup Weekly full Daily full Clustered Mirrored Weekly full Weekly full
strategy for backup with backup servers hard disks backup with backup and
a large daily daily daily
database incremental incremental incremental
with data backup backup backup is
supporting the best
online sales? backup
strategy; it
ensures the
ability to
recover
the database
and yet
reduces the
daily backup
time
requirement
s. A full
backup
normally
requires a
couple of
hours, and
therefore it
can be
impractical
to conduct a
full backup
every day.
Clustered
servers
provide a
redundant
Which of the A. B. C. D. C. Explanation:
following Virtual tape Disk-based Continuous Disk-to-tape Continuous The recovery
backup libraries snapshots data backup backup data backup point
techniques objective
is the MOST (RPO) is
appropriate based on the
when an acceptable
organization data loss in
requires the case of a
extremely disruption.
granular In this
data restore scenario the
points, as organization
defined in needs a
the recovery short RPO.
point Virtual tape
objective libraries,
(RPO)? disk-based
snapshots
and disk-to-
tape
backup
would
require time
to complete
the backup,
while
continuous
data backup
happens
online (in
real time).
In the event A. B. C. D. B. Explanation:
of a data Daily data Real-time Hard disk Real-time Real-time With real-
center backup to replication mirroring to data backup replication time
disaster, tape and to a remote a local to the local to a remote replication
which of the storage at a site server storage area site to a remote
following remote site network site, data are
would be (SAN) updated
the MOST simultaneou
appropriate sly in two
strategy to separate
enable locations;
a complete therefore,
recovery of a a disaster in
critical one site
database? would not
damage the
information
located in
the remote
site. This
assumes
that both
sites
were not
affected by
the disaster.
Daily tape
backup
recovery
could lose
up to a day’s
work of
datA.
Choices C
Which of the A. B. C. D. D. Explanation:
following Full backup Media costs Restore Media Media To comply
should be window window reliability reliability with
the MOST regulatory
important requirement
criterion in s, the media
evaluating a should be
backup reliable
solution for enough to
sensitive ensure an
data organization’
that must be s ability
retained for to recovery
a long the data
period of should they
time due to be required
regulatory for any
requirement reason.
s? Media price
is a
consideratio
n, but
should not
be
more
important
than the
ability to
provide the
required
reliability.
Choices A
and C are
less critical
An A. B. C. D. A. Explanation:
organization fast backup to tape data storage fast Disk-to-disk
currently synthetic disk is libraries are on disks is synthetic (D2D)
using tape backups for always no longer more backups for backup
backups offsite significantly needed. reliable than offsite should not
takes one storage are faster than on tapes. storage are be seen as a
full backup supported. backup to supported. direct
weekly and tape. replacement
incremental for backup
backups to tape;
daily. rather, it
They should be
recently viewed as
augmented part of a
their tape multitiered
backup backup
procedures architecture
with a that takes
backup-to- advantage of
disk the best
solution. features of
This is both tape
appropriate and
because: disk
technologies
. Backups to
disks are not
dramatically
faster than
backups to
tapes in a
balanced
environment
. Most often
Network A. B. C. D. A. Explanation:
Data a network the use of file backup a network NDMP
Managemen attached TCP/I P must permissions consistency attached defines
t Protocol storage be avoided. that can not over several storage three kind of
(NDMP) (NAS) be handled related data (NAS) services: a
technology appliance is by legacy volumes appliance is data service
should be required. backup must be required. that
used for systems ensured. interfaces
backup if: must be with the
backed up. primary
storage to
be backed
up or
restored, a
tape service
that
interfaces
with the
secondary
storage
(primarily a
tape device),
and a
translator
service
performing
translations
including
multiplexing
multiple
data streams
into one
data stream
and vice
In which of A. B. C. D. C. Explanation:
the Disaster Recovery Recovery Recovery Recovery A recovery
following tolerance is time point point point point
situations is high. objective is objective is objective is objective is objective
it MOST high. low. high. low. (RPO)
appropriate indicates the
to latest point
implement in time at
data which it is
mirroring as acceptable
the recovery to recover
strategy? the datA.
If the RPO is
low, data
mirroring
should be
implemente
d as the data
recovery
strategy. The
recovery
time
objective
(RTO) is an
indicator of
the disaster
tolerance.
The lower
the RTO, the
lower the
disaster
tolerance.
Therefore,
choice C is
IS A. B. C. D. C. Explanation:
managemen upgrading to increasing reinstating establishing reinstating A RAID
t has a level 5 the the offsite a cold site in the offsite system, at
decided to RAID. frequency of backups. a secure backups. any level,
install a level onsite location. will not
1 Redundant backups. protect
Array of against a
Inexpensive natural
Disks (RAID) disaster. The
system in all problem will
servers to not be
compensate alleviated
for the without
elimination offsite
of offsite backups,
backups. The more
IS auditor frequent
should onsite
recommend: backups or
even setting
up a cold
site. Choices
A, B and D
do not
compensate
for the lack
of offsite
backup.
Which of the A. B. C. D. D. Explanation:
following Send tapes Send tapes Capture Transmit Transmit The only
ensures the hourly daily transactions transactions transactions way to
availability containing containing to multiple offsite in offsite in ensure
of transactions transactions storage real time. real time. availability
transactions offsite, offsite. devices. of all
in the event transactions
of a is to perform
disaster? a real-time
transmission
to an offsite
facility.
Choices A
and B are
not in real
time and,
therefore,
would not
include all
the
transactions.
Choice C
does not
ensure
availability
at an offsite
location.
To provide A. B. C. D. D. Explanation:
protection located on a easily clearly protected protected The offsite
for media different accessible by labeled for from from storage site
backup floor of the everyone. emergency unauthorize unauthorize should
stored at an building. access. d access. d access. always be
offsite protected
location, the against
storage site unauthorize
should be: d access and
have at least
the same
security
requirement
s as the
primary site.
Choice A is
incorrect
because, if
the backup
is in the
same
building, it
may suffer
the same
event and
may be
inaccessible.
Choices B
and C
represent
access risks.
Online A. B. C. D. D. Explanation:
banking database validation input database database Database
transactions integrity checks. controls. commits and commits and commits
are being checks. rollbacks. rollbacks. ensure the
posted to data are
the database saved to
when disk, while
processing the
suddenly transaction
comes to a processing is
halt. The underway or
integrity of complete.
the Rollback
transaction ensures that
processing is the already
BEST completed
ensured by: processing is
reversed
back, and
the data
already
processed
are not
saved to the
disk in the
event of the
failure of the
completion
of the
transaction
processing.A
ll other
options do
not ensure
Which of the A. B. C. D. C. Explanation:
following There are Paper Data files The offsite Data files Choice A is
findings three documents that are vault is that are incorrect
should an IS individuals are also stored in the located in a stored in the because
auditor be with a key to stored in the vault are separate vault are more than
MOST enter the offsite vault. synchronize facility. synchronize one person
concerned area. d. d. would
about when typically
performing need to have
an audit of a key to the
backup and vault to
recovery and ensure
the offsite that
storage individuals
vault? responsible
for the
offsite vault
can take
vacations
and rotate
duties.
Choice B is
not correct
because an
IS auditor
would not
be
concerned
with
whether
paper
documents
are stored in
the offsite
Which of the A. B. C. D. B. Explanation:
following Reviewing Reviewing Turning off Reviewing Reviewing Operations
procedures program operations the UPS, program operations documentati
would BEST code documentati then the documentati documentati on should
determine on power on on contain
whether recovery/res
adequate tart
recovery/res procedures,
tart so
procedures operations
exist? can return to
normal
processing in
a timely
manner.
Turning off
the
uninterrupti
ble power
supply (UPS)
and then
turning off
the
power might
create a
situation for
recovery and
restart, but
the negative
effect on
operations
would prove
this
method to
An IS auditor A. B. C. D. C. Explanation:
performing a adequate regular offsite backup offsite Adequate
review of fire hardware storage of processing storage of fire
the backup insurance maintenance transaction facilities are transaction insurance
processing exists. is and master fully tested. and master and fully
facilities performed. files exists. files exists. tested
should be backup
MOST processing
concerned facilities are
that: important
elements for
recovery,
but
without the
offsite
storage of
transaction
and master
files, it is
generally
impossible
to recover.
Regular
hardware
maintenance
does not
relate to
recovery.
An offsite A. B. C. D. A. Explanation:
information should have should be should be need not should have An offsite
processing the same easily located in have the the same information
facility: amount of identified proximity to same level amount of processing
physical from the the of physical facility
access outside so originating environment access should have
restrictions that, in the site, so it can al restrictions the same
as the event of an quickly be monitoring as the amount of
primary emergency, made as the primary physical
processing it can be operational. originating processing control as
site. easily found. site. site. the
originating
site. It
should not
be easily
identified
from the
outside to
prevent
intentional
sabotage.
The offsite
facility
should
not be
subject to
the same
natural
disaster that
could affect
the
originating
site and thus
should not
As updates A. B. C. D. A. Explanation:
to an online The previous The previous The current The current The previous The previous
order entry day’s backup day’s transaction hard copy day’s backup day’s backup
system are file and the transaction tape and the transaction file and the file will be
processed, current file and the current hard log and the current the most
the updates transaction current copy previous transaction current
are recorded tape transaction transaction day’s tape historical
on a tape log transaction backup of
transaction file activity in
tape and the system.
a hard copy The current
transaction day’s
log. At the transaction
end of the file will
day, the contain all of
order entry the day’s
files are activity.
backed up Therefore,
on tape. the
During the combination
backup of these two
procedure, a files will
drive enable
malfunctions full recovery
and the upto the
order entry point of
files are lost. interruption.
Which of the
following is
necessary to
restore
these files?
In addition A. B. C. D. B. Explanation:
to the Maintaining Ensuring Ensuring Maintaining Ensuring Ensuring
backup system periodic grandfather- important periodic periodic
consideratio software dumps of father-son data at an dumps of dumps of
ns for all parameters transaction file backups offsite transaction transaction
systems, logs location logs logs is the
which of the only safe
following is way of
an important preserving
consideratio timely
n in historical
providing datA. The
backup for volume of
online activity
systems? usually
associated
with an
online
system
makes other
more
traditional
methods of
backup
impractical.
If a database A. B. C. D. A. Explanation:
is restored Before the After the last As the first As the last Before the If before
using last transaction transaction transaction last images are
before- transaction after the before the transaction used, the
image latest latest last
dumps, checkpoint checkpoint transaction
where in the dump
should the will not have
process updated the
begin database
following an prior to the
interruption dump
? being taken.
The last
transaction
will not have
updated the
database
and must be
reprocessed.
Program
checkpoints
are
irrelevant in
this
situation.
Which of the A. B. C. D. A. Explanation:
following is physically given the outsourced equipped physically It is
the MOST separated same level to a reliable with separated important
important from the of protection third party. surveillance from the that there
criterion data center as that of capabilities. data center be an offsite
when and not the and not storage
selecting a subject to computer subject to location for
location for the same data center. the same IS files and
an offsite risks. risks. that it be in
storage a location
facility for not subject
IS backup to the
files? The same risks as
offsite the primary
facility must data center.
be: The other
choices are
all issues
that must be
considered
when
establishing
the offsite
location, but
they are not
as critical as
the location
selection.
The A. B. C. D. C. Explanation:
PRIMARY achieve provide user ensure ensure the ensure RAID level 1
purpose of performance authenticati availability confidentiali availability provides
implementin improvemen on. of data. ty of data. of data. disk
g Redundant t. mirroring.
Array of Data written
Inexpensive to one disk
Disks (RAID) are also
level 1 in a written to
file server is another disk.
to: Users in the
network
access data
in the first
disk; if disk
one fails, the
second disk
takes over.
This
redundancy
ensures the
availability
of data. RAID
level 1 does
not improve
performance
, has no
relevance to
authenticati
on and does
nothing to
provide for
data
confidentiali
Which of the A. B. C. D. C. Explanation:
following Daily backup Offsite Mirroring Periodic Mirroring Mirroring of
would BEST storage testing critical
support 24/7 elements is
availability? a too! that
facilitates
immediate
recoverabilit
y. Daily
backup
implies that
it is
reasonable
for
restoration
to take place
within a
number of
hours but
not
immediately
. Offsite
storage and
periodic
testing of
systems do
not of
themselves
support
continuous
availability.
Which of the A. B. C. D. C. Explanation:
following Daily backup Offsite Mirroring Periodic Mirroring Mirroring of
would BEST storage testing critical
support 24/7 elements is
availability? a too! that
facilitates
immediate
recoverabilit
y. Daily
backup
implies that
it is
reasonable
for
restoration
to take place
within a
number of
hours but
not
immediately
. Offsite
storage and
periodic
testing of
systems do
not of
themselves
support
continuous
availability.
At a hospital, A. B. C. D. A. Explanation:
medical The The Timely The usage of The Data
personal handheld employee synchroniza the handheld confidentiali
carry computers who deletes tion is handheld computers ty is a major
handheld are properly temporary ensured by computers is are properly requirement
computers protected to files from policies and allowed by protected to of privacy
which prevent loss the local PC, procedures. the hospital prevent loss regulations.
contain of data after usage, policy. of data Choices B, C
patient confidentiali is authorized confidentiali and D relate
health data. ty, in case of to maintain ty, in case of to internal
These theft or PCs. theft or security
handheld loss. loss. requirement
computers s, and are
are secondary
synchronize when
d with PCs compared to
which compliance
transfer data with data
from a privacy laws.
hospital
database.
Which of the
following
would be of
the most
importance?
When A. B. C. D. B. Explanation:
reviewing Hard disks All files and Hard disks The All files and Deleting and
the are folders on are rendered transport of folders on formatting
procedures overwritten hard disks unreadable hard disks is hard disks does not
for the several are by hole- escorted by are completely
disposal of times at the separately punching internal separately erase the
computers, sector level, deleted, and through the security staff deleted, and data but
which of the but are not the hard platters at to a nearby the hard only marks
following reformatted disks are specific metal disks are the sectors
should be before formatted positions recycling formatted that
the leaving the before before company, before contained
GREATEST organization. leaving leaving the where leaving files as
concern for the organization. the hard the being free.
the IS organization. disks are organization. There are
auditor? registered tools
and then available
shredded. over the
Internet
which allow
one to
reconstruct
most of a
hard disk’s
contents.
Overwriting
a hard disk
at the sector
level would
completely
erase data,
directories,
indices and
master file
tables.
Which of the A. B. C. D. D. Explanation:
following invoices An optical Frequent Customer Customer It is
would be recorded on scanner is power credit card credit card important
the MOST the POS not used to outages information information for the IS
significant system are read bar occur, is stored is stored auditor to
audit finding manually codes for resulting in unencrypted unencrypted determine if
when entered into the the manual on the local on the local any credit
reviewing a an generation preparation POS system POS system card
point-of-sale accounting of sales of invoices information
(POS) application invoices is stored on
system? the local
point-of-sale
(POS)
system. Any
such
information,
if stored,
should be
encrypted or
protected by
other means
to avoid the
possibility of
unauthorize
d disclosure.
Manually
inputting
sale invoices
into the
accounting
application
is an
operational
issue, if the
To ensure A. B. C. D. B. Explanation:
authenticati public key private key public key private key private key Obtaining
on, and then and then and then and then and then the hash of
confidentiali encrypt the encrypt the encrypt the encrypt the encrypt the the message
ty and message message message message message ensures
integrity of a with the with the with the with the with the integrity;
message, receiver’s receiver’s receiver’s receiver’s receiver’s signing the
the sender private key. public key. public key. private key. public key. hash of the
should message
encrypt the with the
hash of the sender’s
message private
with the key ensures
sender’s: the
authenticity
of the origin,
and
encrypting
the resulting
message
with the
receiver’s
public key
ensures
confidentiali
ty. The other
choices are
incorrect.
An A. B. C. D. D. Explanation:
organization Run a low- Erase all Format all Physical Physical The most
is disposing level data data file hard drives destruction destruction effective
of a number wipe utility directories of the hard of the hard method is
of laptop on all hard drive drive physical
computers. drives destruction.
Which of the Running a
following low-level
data data wipe
destruction utility may
methods leave some
would be residual data
the MOST that could
effective? be
recovered;
erasing data
directories
and
formatting
hard drives
are easily
reversed,
exposing all
data on the
drive to
unauthorize
d
individuals.
Which of the A. B. C. D. B. Explanation:
following Policies that Software for Administrati Searching Software for Software for
would MOST require tracking and vely personnel tracking and centralized
effectively instant managing disabling the for USB managing tracking and
control the dismissal if USB storage USB port storage USB storage monitoring
usage of such devices devices devices at devices would allow
universal are found the facility’s a USB usage
storage bus entrance policy to be
(USB) applied to
storage each user
devices? based on
changing
business
requirement
s, and would
provide for
monitoring
and
reporting
exceptions
to
managemen
t. A policy
requiring
dismissal
may result in
increased
employee
attrition and
business
requirement
s would not
be properly
addressed.
Which of the A. B. C. D. D. Explanation:
following is Degaussing Defragmenti Erasing Destroying Destroying Destroying
the MOST ng magnetic
robust media is the
method for only way to
disposing of assure that
magnetic confidential
media that information
contains cannot be
confidential recovered.
information? Degaussing
or
demagnetizi
ng is not
sufficient to
fully erase
information
from
magnetic
mediA. The
purpose of
defragmenta
tion is to
eliminate
fragmentatio
n in file
systems and
does not
remove
information.
Erasing or
deleting
magnetic
media does
A hard disk A. B. C. D. D. Explanation:
containing Rewrite the Low-level Demagnetiz Physically Physically Physically
confidential hard disk format the e the hard destroy the destroy the destroying
data was with random hard disk. disk. hard disk. hard disk. the hard disk
damaged Os and Is. is the most
beyond economical
repair. What and practical
should be way to
done to the ensure that
hard disk to the data
prevent cannot be
access to the recovered.
data residing Rewriting
on it? data and
low-level
formatting
are
impractical,
because the
hard disk is
damaged.
Demagnetizi
ng is an
inefficient
procedure,
because it
requires
specialized
and
expensive
equipment
to be fully
effective.
Which of the A. B. C. D. C. Explanation:
following Processing Volume of Key Complexity Key Symmetric
aspects of power data distribution of the distribution key
symmetric algorithm encryption
key requires that
encryption the keys be
influenced distributed.
the The larger
developmen the user
t of group, the
asymmetric more
encryption? challengingt
he key
distribution.
Symmetric
key
cryptosyste
ms are
generally
less
complicated
and,
therefore,
use less
processing
power than
asymmetric
techniques,
thus making
it ideal for
encrypting a
large volume
of data. The
major
Which of the A. B. C. D. B. Explanation:
following is identifying Ensuring the Denying or Monitoring Ensuring the Maintaining
the MOST persons who integrity of authorizing logical integrity of data
important need access information access to the accesses information integrity is
objective of to IS system the most
data information important
protection? objective of
data
security. This
is a necessity
if an
organization
is to
continue as
a viable and
successful
enterprise.
The other
choices are
important
techniques
for achieving
the objective
of data
integrity.
Which of the A. B. C. D. B. Explanation:
following is identifying Ensuring the Denying or Monitoring Ensuring the Maintaining
the MOST persons who integrity of authorizing logical integrity of data
important need access information access to the accesses information integrity is
objective of to IS system the most
data information important
protection? objective of
data
security. This
is a necessity
if an
organization
is to
continue as
a viable and
successful
enterprise.
The other
choices are
important
techniques
for achieving
the objective
of data
integrity.
Which of the A. B. C. D. C. Explanation:
following is Overwriting initializing Degaussing Erasing the Degaussing The best
the BEST the tapes the tape the tapes tapes the tapes way to
way to labels handle
handle obsolete
obsolete magnetic
magnetic tapes is to
tapes before degauss
disposing of them. This
them? action leaves
a very low
residue of
magnetic
induction,
essentially
erasing the
data from
the tapes.
Overwriting
or erasing
the tapes
may cause
magnetic
errors but
would not
remove the
data
completely.
Initializing
the tape
labels would
not remove
the
data that
Which of the A. B. C. D. C. Explanation:
following is Overwriting initializing Degaussing Erasing the Degaussing The best
the BEST the tapes the tape the tapes tapes the tapes way to
way to labels handle
handle obsolete
obsolete magnetic
magnetic tapes is to
tapes before degauss
disposing of them. This
them? action leaves
a very low
residue of
magnetic
induction,
essentially
erasing the
data from
the tapes.
Overwriting
or erasing
the tapes
may cause
magnetic
errors but
would not
remove the
data
completely.
Initializing
the tape
labels would
not remove
the
data that
An IS auditor A. B. C. D. A. Explanation:
is reviewing nonpersonal access cards card the nonpersonal Physical
the physical ized access are not issuance and computer ized access security is
security cards are labeled with rights system used cards are meant to
measures of given to the the administrati for given to the control who
an cleaning organization’ on for the programmin cleaning is entering a
organization. staff, who s name and cards are g the cards staff, who secured
Regarding use a sign-in address to done by can only be use a sign-in area, so
the access sheet but facilitate different replaced sheet but identificatio
card show no easy return departments after three show no n of all
system, the proof of of a lost , causing weeks in the proof of individuals is
IS auditor identity. card. unnecessary event identity. of
should be lead time for of a system utmost
MOST new cards. failure. importance.
concerned It is not
that: adequate to
trust
unknown
external
people by
allowing
them to
write down
their
alleged
name
without
proof, e.g.,
identity
card, driver’s
license.
Choice B is
not a
concern
What should A. B. C. D. D. Explanation:
an The Employees Any access The The Physical
organization processes of of the by an organization organization access of
do before the external external external should should information
providing an agency agency agency conduct a conduct a processing
external should be should be should be risk risk facilities
agency subjected to trained on limited to assessment assessment (IPFs) by an
physical an IS audit the security the and design and design external
access to its by an procedures demilitarize and and agency
information independent of the d zone implement implement introduces
processing agency. organization. (DMZ). appropriate appropriate additional
facilities controls. controls. threats
(IPFs)? into an
organization.
Therefore, a
risk
assessment
should be
conducted
and controls
designed
accordingly.
The
processes of
the external
agency are
not of
concern
here. It is
the agency’s
interaction
with the
organization
that needs
Which of the A. B. C. D. A. Explanation:
following is A smart card User ID Iris scanning A magnetic A smart card A smart card
the BEST requiring the along with plus card requiring the addresses
way to user’s PIN password fingerprint requiring the user’s PIN what the
satisfy a scanning user’s PIN user has.
two-factor This is
user generally
authenticati used in
on? conjunction
with testing
what the
user
knows, e.g.,
a keyboard
password or
personal
identificatio
n number
(PIN). An ID
and
password,
what the
user
knows, is a
single-factor
user
authenticati
on. Choice C
is not a two-
factor user
authenticati
on because
it is only
biometric.
Which of the A. B. C. D. A. Explanation:
following is A smart card User ID Iris scanning A magnetic A smart card A smart card
the BEST requiring the along with plus card requiring the addresses
way to user’s PIN password fingerprint requiring the user’s PIN what the
satisfy a scanning user’s PIN user has.
two-factor This is
user generally
authenticati used in
on? conjunction
with testing
what the
user
knows, e.g.,
a keyboard
password or
personal
identificatio
n number
(PIN). An ID
and
password,
what the
user
knows, is a
single-factor
user
authenticati
on. Choice C
is not a two-
factor user
authenticati
on because
it is only
biometric.
The MOST A. B. C. D. B. Explanation:
effective which has which has for which for which which has The equal-
biometric the highest the lowest the false- the FRR is the lowest error rate
control equal-error EER. rejection equal to the EER. (EER) of a
system is the rate (EER). rate (FRR) is failure-to- biometric
one: equal to the enroll rate system
false- (FER). denotes the
acceptance percent at
rate (FAR). which the
false-
acceptance
rate (FAR)
is equal to
the false-
rejection
rate (FRR).
The
biometric
that has the
lowest EER is
the most
effective.
The
biometric
that has the
highest EER
is the most
ineffective.
For any
biometric,
there will be
a measure at
which
the FRR will
The MOST A. B. C. D. B. Explanation:
effective which has which has for which for which which has The equal-
biometric the highest the lowest the false- the FRR is the lowest error rate
control equal-error EER. rejection equal to the EER. (EER) of a
system is the rate (EER). rate (FRR) is failure-to- biometric
one: equal to the enroll rate system
false- (FER). denotes the
acceptance percent at
rate (FAR). which the
false-
acceptance
rate (FAR)
is equal to
the false-
rejection
rate (FRR).
The
biometric
that has the
lowest EER is
the most
effective.
The
biometric
that has the
highest EER
is the most
ineffective.
For any
biometric,
there will be
a measure at
which
the FRR will
Which of the A. B. C. D. C. Explanation:
following Biometric Combination Deadman Bolting door Deadman Deadman
physical door locks door locks doors locks doors doors use a
access pair of
controls doors. For
effectively the second
reduces the door to
risk of operate, the
piggybacking first entry
? door must
close and
lock
with only
one person
permitted in
the holding
area. This
effectively
reduces the
risk of
piggybacking
. An
individual’s
unique body
features
such as
voice, retina,
fingerprint
or signature
activate
biometric
door locks;
however,
they do not
Which of the A. B. C. D. C. Explanation:
following Biometric Combination Deadman Bolting door Deadman Deadman
physical door locks door locks doors locks doors doors use a
access pair of
controls doors. For
effectively the second
reduces the door to
risk of operate, the
piggybacking first entry
? door must
close and
lock
with only
one person
permitted in
the holding
area. This
effectively
reduces the
risk of
piggybacking
. An
individual’s
unique body
features
such as
voice, retina,
fingerprint
or signature
activate
biometric
door locks;
however,
they do not
A data A. B. C. D. C. Explanation:
center has a Badge The A process for All badge A process for Tampering
badge-entry readers are computer promptly entry promptly with a badge
system. installed in that controls deactivating attempts are deactivating reader
Which of the locations the badge lost or stolen logged lost or stolen cannot open
following is where system is badges badges the door, so
MOST tampering backed up exists exists this is
important to would be frequently irrelevant.
protect the noticed Logging the
computing entry
assets in the attempts
center? may be
of limited
value. The
biggest risk
is from
unauthorize
d individuals
who can
enter the
data center,
whether
they
are
employees
or not. Thus,
a process of
deactivating
lost or stolen
badges is
important.
The
configuratio
n of the
Which of the A. B. C. D. D. Explanation:
following is Smart card Password Photo iris scan iris scan Since no two
the MOST identificatio irises are
reliable form n alike,
of single identificatio
factor n and
personal verification
identificatio can be done
n? with
confidence.
There is no
guarantee
that a smart
card is being
used by the
correct
person since
it can be
shared,
stolen or lost
and found.
Passwords
can be
shared and,
if written
down, carry
the risk of
discovery.
Photo IDs
can be
forged or
falsified.
Which of the A. B. C. D. D. Explanation:
following is Smart card Password Photo iris scan iris scan Since no two
the MOST identificatio irises are
reliable form n alike,
of single identificatio
factor n and
personal verification
identificatio can be done
n? with
confidence.
There is no
guarantee
that a smart
card is being
used by the
correct
person since
it can be
shared,
stolen or lost
and found.
Passwords
can be
shared and,
if written
down, carry
the risk of
discovery.
Photo IDs
can be
forged or
falsified.
The purpose A. B. C. D. A. Explanation:
of a prevent prevent starve a fire prevent an prevent The purpose
deadman piggybacking toxic gases of oxygen. excessively piggybacking of a
door . from rapid entry . deadman
controlling entering the to, or exit door
access to a data center. from, the controlling
computer facility. access to a
facility is computer
primarily to: facility is
primarily
intended to
prevent
piggybacking
. Choices B
and C could
be
accomplishe
d with a
single self-
closing door.
Choice D is
invalid, as a
rapid exit
may be
necessary in
some
circumstanc
es, e.g., a
fire.
The purpose A. B. C. D. A. Explanation:
of a prevent prevent starve a fire prevent an prevent The purpose
deadman piggybacking toxic gases of oxygen. excessively piggybacking of a
door . from rapid entry . deadman
controlling entering the to, or exit door
access to a data center. from, the controlling
computer facility. access to a
facility is computer
primarily to: facility is
primarily
intended to
prevent
piggybacking
. Choices B
and C could
be
accomplishe
d with a
single self-
closing door.
Choice D is
invalid, as a
rapid exit
may be
necessary in
some
circumstanc
es, e.g., a
fire.
The MOST A. B. C. D. B. Explanation:
likely that that people the the that people Humans
explanation computers make computer technologica make make errors
for a make logic judgment knowledge l judgment in judging
successful errors. errors. of the sophisticatio errors. others; they
social attackers. n of the may trust
engineering attack someone
attack is: method. when, in
fact, the
person is
untrustwort
hy.
Driven by
logic,
computers
make the
same error
every time
they execute
the
erroneous
logic;
however,
this is
not the basic
argument in
designing a
social
engineering
attack.
Generally,
social
engineering
attacks do
The MOST A. B. C. D. B. Explanation:
likely that that people the the that people Humans
explanation computers make computer technologica make make errors
for a make logic judgment knowledge l judgment in judging
successful errors. errors. of the sophisticatio errors. others; they
social attackers. n of the may trust
engineering attack someone
attack is: method. when, in
fact, the
person is
untrustwort
hy.
Driven by
logic,
computers
make the
same error
every time
they execute
the
erroneous
logic;
however,
this is
not the basic
argument in
designing a
social
engineering
attack.
Generally,
social
engineering
attacks do
Which of the A. B. C. D. C. Explanation:
following Palm scan Face Retina scan Hand Retina scan Retina scan
biometrics recognition geometry uses optical
has the technology
highest to map the
reliability capillary
and lowest pattern of an
false- eye’s retina.
acceptance This is highly
rate (FAR)? reliable and
has the
lowest false-
acceptance
rate (FAR)
among the
current
biometric
methods.
Use of palm
scanning
entails
placing a
hand on a
scanner
where a
palm’s
physical
characteristi
cs are
captured.
Hand
geometry,
one
of the oldest
Which of the A. B. C. D. C. Explanation:
following Palm scan Face Retina scan Hand Retina scan Retina scan
biometrics recognition geometry uses optical
has the technology
highest to map the
reliability capillary
and lowest pattern of an
false- eye’s retina.
acceptance This is highly
rate (FAR)? reliable and
has the
lowest false-
acceptance
rate (FAR)
among the
current
biometric
methods.
Use of palm
scanning
entails
placing a
hand on a
scanner
where a
palm’s
physical
characteristi
cs are
captured.
Hand
geometry,
one
of the oldest
A firm is A. B. C. D. A. Explanation:
considering that a the full the usage of assurance that a The
using registration elimination the that it will registration fingerprints
biometric process is of the risk of fingerprint be process is of
fingerprint executed for a false reader be impossible executed for accredited
identificatio all acceptance. accessed by to gain all users need
n on all PCs accredited a separate unauthorize accredited to be read,
that access PC users. password. d access to PC users. identified
critical datA. critical data. and
This recorded,
requires: i.e.,
registered,
before a
user may
operate the
system from
the screened
PCs. Choice
B is
incorrect, as
the false-
acceptance
risk of a
biometric
device may
be
optimized,
but will
never be
zero
because this
would imply
an
unacceptabl
The use of A. B. C. D. A. Explanation:
residual Replay Brute force Cryptographi Mimic Replay Residual
biometric c biometric
information characteristi
to gain cs, such as
unauthorize fingerprints
d access is left on a
an example biometric
of which of capture
the device, may
following be reused by
attacks? an
attacker to
gain
unauthorize
d access. A
brute force
attack
involves
feeding the
biometric
capture
device
numerous
different
biometric
samples. A
cryptographi
c attack
targets the
algorithm or
the
encrypted
data, in a
Which of the A. B. C. D. A. Explanation:
following is Visitors are Visitor Visitors sign Visitors are Visitors are Escorting
the MOST escorted. badges are in. spot- escorted. visitors will
effective required. checked by provide the
control over operators. best
visitor assurance
access to a that visitors
data center? have
permission
to access the
data
processing
facility.
Choices B
and C are
not reliable
controls.
Choice D is
incorrect
because
visitors
should be
accompanie
d at all times
while they
are on the
premises,
not only
when they
are in the
data
processing
facility.
Which of the A. B. C. D. A. Explanation:
following is Visitors are Visitor Visitors sign Visitors are Visitors are Escorting
the MOST escorted. badges are in. spot- escorted. visitors will
effective required. checked by provide the
control over operators. best
visitor assurance
access to a that visitors
data center? have
permission
to access the
data
processing
facility.
Choices B
and C are
not reliable
controls.
Choice D is
incorrect
because
visitors
should be
accompanie
d at all times
while they
are on the
premises,
not only
when they
are in the
data
processing
facility.
The BEST A. B. C. D. C. Explanation:
overall false- false- equal-error estimated- equal-error A low equal-
quantitative rejection acceptance rate. error rate. rate. error rate
measure of rate. rate. (EER) is a
the combination
performance of a low
of biometric false-
control rejection
devices is: rate and a
low false-
acceptance
rate.
EER,
expressed as
a
percentage,
is a measure
of the
number of
times that
the false-
rejection
and
falseaccepta
nce rates are
equal. A low
EER is the
measure of
the more
effective
biometrics
control
device. Low
false-
The BEST A. B. C. D. C. Explanation:
overall false- false- equal-error estimated- equal-error A low equal-
quantitative rejection acceptance rate. error rate. rate. error rate
measure of rate. rate. (EER) is a
the combination
performance of a low
of biometric false-
control rejection
devices is: rate and a
low false-
acceptance
rate.
EER,
expressed as
a
percentage,
is a measure
of the
number of
times that
the false-
rejection
and
falseaccepta
nce rates are
equal. A low
EER is the
measure of
the more
effective
biometrics
control
device. Low
false-
The MOST A. B. C. D. D. Explanation:
effective a single the use of a biometric a deadman a deadman Deadman
control for entry point smart cards. door lock. door. door. doors are a
addressing with a system of
the risk of receptionist. using a pair
piggybacking of (two)
is: doors. For
the second
door to
operate, the
first entry
door
must close
and lock
with only
one person
permitted in
the holding
area. This
reduces the
risk of an
unauthorize
d person
following an
authorized
person
through a
secured
entry
(piggybackin
g). The other
choices
are all
physical
The MOST A. B. C. D. D. Explanation:
effective a single the use of a biometric a deadman a deadman Deadman
control for entry point smart cards. door lock. door. door. doors are a
addressing with a system of
the risk of receptionist. using a pair
piggybacking of (two)
is: doors. For
the second
door to
operate, the
first entry
door
must close
and lock
with only
one person
permitted in
the holding
area. This
reduces the
risk of an
unauthorize
d person
following an
authorized
person
through a
secured
entry
(piggybackin
g). The other
choices
are all
physical
An A. B. C. D. A. Explanation:
organization False- Equal-error False- False- False- FAR is the
with acceptance rate (EER) rejection identificatio acceptance frequency of
extremely rate (FAR) rate (FRR) n rate (FIR) rate (FAR) accepting an
high security unauthorize
requirement d person as
s is authorized,
evaluating thereby
the granting
effectiveness access when
of biometric it
systems. should be
Which of the denied, in an
following organization
performance with high
indicators is security
MOST requirement
important? s, user
annoyance
with a
higher FRR is
less
important,
since it is
better to
deny access
to an
authorized
individual
than to grant
access to an
unauthorize
d
individual.
What is a A. B. C. D. A. Explanation:
risk Unauthorize The Access Removing Unauthorize The concept
associated d individuals contingency cards, keys access for d individuals of
with wait for plan for the and pads can those who wait for piggybacking
attempting controlled organization be easily are no controlled compromise
to control doors to cannot duplicated longer doors to s all physical
physical open and effectively allowing authorized is open and control
access to walk in test easy complex. walk in established.
sensitive behind controlled compromise behind Choice B
areas such those access of the those would be of
as computer authorized. practices. control. authorized. minimal
rooms concern in a
using card disaster
keys or recovery
locks? environment
. Items in
choice C are
not easily
duplicated.
Regarding
choice D,
while
technology
is constantly
changing,
card keys
have existed
for some
time and
appear to be
a viable
option
for the
foreseeable
An accuracy A. B. C. D. D. Explanation:
measure for system registration input file false- false- For a
a biometric response time. size. acceptance acceptance biometric
system is: time. rate. rate. solution
three main
accuracy
measures
are used:
false-
rejection
rate (FRR),
cross-error
rate
(CER) and
false-
acceptance
rate (FAR).
FRR is a
measure of
how often
valid
individuals
are rejected.
FAR is a
measure of
how often
invalid
individuals
are
accepted.
CER is a
measure of
when the
false-
An accuracy A. B. C. D. D. Explanation:
measure for system registration input file false- false- For a
a biometric response time. size. acceptance acceptance biometric
system is: time. rate. rate. solution
three main
accuracy
measures
are used:
false-
rejection
rate (FRR),
cross-error
rate
(CER) and
false-
acceptance
rate (FAR).
FRR is a
measure of
how often
valid
individuals
are rejected.
FAR is a
measure of
how often
invalid
individuals
are
accepted.
CER is a
measure of
when the
false-
During the A. B. C. D. A. Explanation:
review of a enrollment. identificatio verification. storage. enrollment. The users of
biometrics n. a biometrics
system device must
operation, first be
an IS auditor enrolled in
should FIRST the device.
review the The device
stage of: captures a
physical or
behavioral
image of the
human,
identifies
the unique
features and
uses an
algorithm to
convert
them into a
string of
numbers
stored as a
template to
be used in
the
matching
processes.
During the A. B. C. D. A. Explanation:
review of a enrollment. identificatio verification. storage. enrollment. The users of
biometrics n. a biometrics
system device must
operation, first be
an IS auditor enrolled in
should FIRST the device.
review the The device
stage of: captures a
physical or
behavioral
image of the
human,
identifies
the unique
features and
uses an
algorithm to
convert
them into a
string of
numbers
stored as a
template to
be used in
the
matching
processes.
Which of the A. B. C. D. C. Explanation:
following Wet-pipe Dry-pipe FM- Carbon FM- FM-200 is
fire sprinkler sprinkler 200system dioxide- 200system safer to use
suppression system system based fire than carbon
systems is extinguisher dioxide. It is
MOST s considered a
appropriate clean agent
to use in a for use in
data center gaseous fire
environment suppression
? applications.
A water-
based fire
extinguisher
is suitable
when
sensitive
computer
equipment
could be
damaged
before the
fire
department
personnel
arrive at the
site. Manual
firefighting
(fire
extinguisher
s) may not
provide
fast enough
protection
Users are A. B. C. D. D. Explanation:
issued Users should Users must Users should Users should Users should If a user
security not leave never keep select a PIN never write never write writes their
tokens to be tokens the token in that is down their down their PIN on a slip
used in where they the same completely PIN PIN of paper, an
combination could be bag as their random, individual
with a PIN to stolen laptop with no with the
access the computer repeating token, the
corporate digits slip of paper,
virtual and the
private computer
network could access
(VPN). the
Regarding corporate
the PIN, network. A
what is the token and
MOST the PIN is a
important two-factor
rule to be authenticati
included in a on method.
security Access to
policy? the
token is of
no value
with out the
PIN; one
cannot work
without the
other. The
PIN does not
need to be
random
as long as it
is secret.
A A. B. C. D. C. Explanation:
penetration provides should be exploits the would not exploits the Penetration
test assurance performed existing damage the existing tests are an
performed that all without vulnerabiliti information vulnerabiliti effective
as part of vulnerabiliti warning the es to gain assets when es to gain method of
evaluating es are organization’ unauthorize performed unauthorize identifying
network discovered. s d access. at network d access. real-time
security: managemen perimeters. risks to an
t. information
processing
environment
. They
attempt to
break into a
live site in
order to gain
unauthorize
d access to a
system. They
do
have the
potential for
damaging
information
assets or
misusing
information
because
they mimic
an
experienced
hacker
attacking a
live system.
A A. B. C. D. C. Explanation:
penetration provides should be exploits the would not exploits the Penetration
test assurance performed existing damage the existing tests are an
performed that all without vulnerabiliti information vulnerabiliti effective
as part of vulnerabiliti warning the es to gain assets when es to gain method of
evaluating es are organization’ unauthorize performed unauthorize identifying
network discovered. s d access. at network d access. real-time
security: managemen perimeters. risks to an
t. information
processing
environment
. They
attempt to
break into a
live site in
order to gain
unauthorize
d access to a
system. They
do
have the
potential for
damaging
information
assets or
misusing
information
because
they mimic
an
experienced
hacker
attacking a
live system.
Which of the A. B. C. D. A. Explanation:
following Damage of A power Shocks from Water flood Damage of The primary
would be wires failure from earthquakes damage. wires reason for
BEST around static around having a
prevented computers electricity computers raised floor
by a raised and servers and servers is to enable
floor in the power
computer cables and
machine data cables
room? to be
installed
underneath
the floor.
This
eliminates
the safety
and damage
risks posed
when cables
are placed in
a
spaghettilike
fashion on
an open
floor.
Staticelectric
ity should be
avoided in
the machine
room;
therefore,
measures
such as
specially
Which of the A. B. C. D. A. Explanation:
following Damage of A power Shocks from Water flood Damage of The primary
would be wires failure from earthquakes damage. wires reason for
BEST around static around having a
prevented computers electricity computers raised floor
by a raised and servers and servers is to enable
floor in the power
computer cables and
machine data cables
room? to be
installed
underneath
the floor.
This
eliminates
the safety
and damage
risks posed
when cables
are placed in
a
spaghettilike
fashion on
an open
floor.
Staticelectric
ity should be
avoided in
the machine
room;
therefore,
measures
such as
specially
An IS auditor A. B. C. D. B. Explanation:
inspected a The halon Both fire The CO2 The Both fire Protecting
windowless extinguisher suppression extinguisher documentati suppression people’s
room should be systems should be on binders systems lives should
containing removed present a removed, should be present a always be of
phone because risk of because CO2 removed risk of highest
switching halon has a suffocation is ineffective from the suffocation priority in
and negative when used for equipment when used fire
networking impact on in a closed suppressing room to in a closed suppression
equipment the room. fires reduce room. activities.
and atmospheric involving potential COz and
documentati ozone solid risks. halon both
on binders. layer. combustible reduce the
The room s (paper). oxygen ratio
was in the
equipped atmosphere,
with two which can
handheld induce
fire serious
extinguisher personal
s-one filled hazards, in
with CO2, many
the countries
other filled installing or
with halon. refilling
Which ofthe halon fire
following suppression
should be systems is
given the not allowed.
HIGHEST Although
priority in COz and
the auditor’s halon are
report? effective and
appropriate
Which of the A. B. C. D. A. Explanation:
following Power line Surge Alternative Interruptible Power line Power line
environment conditioners protective power power conditioners conditioners
al controls is devices supplies supplies are used to
appropriate compensate
to protect for peaks
computer and valleys
equipment in the power
against supply and
short-term reduce
reductions in peaks in
electrical the power
power? flow to what
is needed by
the machine.
Any valleys
are removed
by power
stored in the
equipment.
Surge
protection
devices
protect
against high-
voltage
bursts.
Alternative
power
supplies are
intended for
computer
equipment
running for
Which of the A. B. C. D. C. Explanation:
following Halon gas Wet-pipe Dry-pipe Carbon Dry-pipe Water
methods of sprinklers sprinklers dioxide gas sprinklers sprinklers,
suppressing with an
a fire in a automatic
data center power
is the MOST shutoff
effective and system, are
environment accepted as
ally friendly? efficient
because
they can be
set to
automatic
release
without
threat to
life, and
water is
environment
ally friendly.
Sprinklers
must be dry-
pipe to
prevent the
risk of
leakage.
Halon is
efficient and
effective as
it does not
threaten
human life
and,
Which of the A. B. C. D. C. Explanation:
following Halon gas Wet-pipe Dry-pipe Carbon Dry-pipe Water
methods of sprinklers sprinklers dioxide gas sprinklers sprinklers,
suppressing with an
a fire in a automatic
data center power
is the MOST shutoff
effective and system, are
environment accepted as
ally friendly? efficient
because
they can be
set to
automatic
release
without
threat to
life, and
water is
environment
ally friendly.
Sprinklers
must be dry-
pipe to
prevent the
risk of
leakage.
Halon is
efficient and
effective as
it does not
threaten
human life
and,
When A. B. C. D. A. Explanation:
auditing hardware is integrity is immediate hardware is hardware is A voltage
security for a protected maintained power will protected protected regulator
data center, against if the main be available against long- against protects
an IS auditor power power is if the main term power power against
should look surges. interrupted. power is fluctuations. surges. short-term
for the lost. power
presence of fluctuations.
a voltage It normally
regulator to does not
ensure that protect
the: against
longterm
surges, nor
does it
maintain the
integrity if
power is
interrupted
or lost.
Which of the A. B. C. D. A. Explanation:
following Statistical- Signature- Neural Host-based Statistical- A statistical-
intrusion based based network based based IDS
detection relies on a
systems definition of
(IDSs) will known and
MOST likely expected
generate behavior of
false alarms systems.
resulting Since normal
from network
normal activity may
network at times
activity? include
unexpected
behavior
(e.g., a
sudden
massive
download by
multiple
users), these
activities will
be flagged as
suspicious. A
signature-
based IDS is
limited to its
predefined
set of
detection
rules,
just like a
virus
IS A. B. C. D. A. Explanation:
managemen Review and, Install Create a Redirect all Review and, Firewalls
t is where modems to physically VoIP traffic where used as
considering necessary, allow distinct to allow necessary, entry points
a Voice-over upgrade remote network to clear text upgrade to a Voice-
Internet firewall maintenance handle VoIP logging of firewall over
Protocol capabilities support traffic authenticati capabilities Internet
(VoIP) access on Protocol
network to credentials (VoIP)
reduce network
telecommun should be
ication VoIP-
costs and capable.
managemen VoIP
t asked the network
IS auditor to services
comment on such as
appropriate H.323
security introduce
controls. complexities
Which of the that are
following likely to
security strain the
measures is capabilities
MOST of older
appropriate? firewalls.
Allowing for
remote
support
access is an
important
consideratio
n. However,
a virtual
Upon receipt A. B. C. D. B. Explanation:
of the initial registration certificate certificate receiver. certificate A certificate
signed authority authority repository. authority authority
digital (RA). (CA). (CA). (CA) is a
certificate network
the user will authority
decrypt the that issues
certificate and
with the manages
public key of security
the: credentials
and public
keys
for message
encryption.
As a part of
the public
key
infrastructur
e, a CA
checks with
a
registration
authority
(RA)
to verify
information
provided by
the
requestor of
a digital
certificate. If
the RA
verifies the
A A. B. C. D. C. Explanation:
perpetrator eavesdroppi spoofing. traffic masqueradin traffic In traffic
looking to ng. analysis. g. analysis. analysis,
gain access which is a
to and passive
gather attack, an
information intruder
about determines
encrypted the nature
data being of the traffic
transmitted flow
over the between
network defined
would use: hosts and
through an
analysis of
session
length,
frequency
and message
length, and
the intruder
is
able to guess
the type of
communicati
on taking
place. This
typically is
used when
messages
are
encrypted
and
Which of the A. B. C. D. D. Explanation:
following Using a Encrypting Using a Digitally Digitally A digital
would secret the portable signing the signing the signature is
effectively password transaction document transaction transaction an electronic
verify the between the with the format (PDF) with the with the identificatio
originator of originator receiver’s to source’s source’s n of a
a and the public key encapsulate private key private key person,
transaction? receiver transaction created by
content using a
public key
algorithm, to
verify to
a recipient
the identity
of the
source of a
transaction
and the
integrity of
its content.
Since they
are a ‘shared
secret’
between the
user and the
system
itself,
passwords
are
considered a
weaker
means of
authenticati
on.
Which of the A. B. C. D. D. Explanation:
following Using a Encrypting Using a Digitally Digitally A digital
would secret the portable signing the signing the signature is
effectively password transaction document transaction transaction an electronic
verify the between the with the format (PDF) with the with the identificatio
originator of originator receiver’s to source’s source’s n of a
a and the public key encapsulate private key private key person,
transaction? receiver transaction created by
content using a
public key
algorithm, to
verify to
a recipient
the identity
of the
source of a
transaction
and the
integrity of
its content.
Since they
are a ‘shared
secret’
between the
user and the
system
itself,
passwords
are
considered a
weaker
means of
authenticati
on.
When using A. B. C. D. C. Explanation:
a digital only by the only by the by both the by the by both the A digital
signature, sender. receiver. sender and certificate sender and signature is
the message the receiver. authority the receiver. an electronic
digest is (CA). identificatio
computed: n of a person
or entity. It
is created by
using
asymmetric
encryption.
To verify
integrity of
data, the
sender uses
a
cryptographi
c hashing
algorithm
against the
entire
message to
create a
message
digest to be
sent along
with the
message.
Upon receipt
of the
message,
the
receiver will
recompute
When using A. B. C. D. C. Explanation:
a digital only by the only by the by both the by the by both the A digital
signature, sender. receiver. sender and certificate sender and signature is
the message the receiver. authority the receiver. an electronic
digest is (CA). identificatio
computed: n of a person
or entity. It
is created by
using
asymmetric
encryption.
To verify
integrity of
data, the
sender uses
a
cryptographi
c hashing
algorithm
against the
entire
message to
create a
message
digest to be
sent along
with the
message.
Upon receipt
of the
message,
the
receiver will
recompute
When A. B. C. D. B. Explanation:
reviewing a There is no The Digital Subscribers The If the
digital registration certificate certificates report key certificate certificate
certificate authority revocation contain a compromise revocation revocation
verification (RA) for list (CRL) is public key s to the list (CRL) is list (CRL) is
process, reporting not current. that is used certificate not current. not current,
which of the key to encrypt authority there could
following compromise messages (CA). be a digital
findings s. and verify certificate
represents digital that is not
the MOST signatures. revoked that
significant could be
risk? used for
unauthorize
d or
fraudulent
activities.
The
certificate
authority
(CA) can
assume the
responsibilit
y if there is
no
registration
authority
(RA). Digital
certificates
containing a
public key
that is used
to
encrypt
The MOST A. B. C. D. D. Explanation:
effective centralized including publishing security security Phishing is a
control for monitoring signatures the policy on training for training for type of e-
reducing the of systems. for phishing antiphishing all users. all users. mail attack
risk related in antivirus on the that
to phishing software. intranet. attempts to
is: convince a
user that the
originator is
genuine,
with the
intention of
obtaining
information.
Phishing is
an example
of a social
engineering
attack. Any
social
engineering
type of
attack can
best
Decontrolled
through
security and
awareness
training.
The MOST A. B. C. D. D. Explanation:
effective centralized including publishing security security Phishing is a
control for monitoring signatures the policy on training for training for type of e-
reducing the of systems. for phishing antiphishing all users. all users. mail attack
risk related in antivirus on the that
to phishing software. intranet. attempts to
is: convince a
user that the
originator is
genuine,
with the
intention of
obtaining
information.
Phishing is
an example
of a social
engineering
attack. Any
social
engineering
type of
attack can
best
Decontrolled
through
security and
awareness
training.
The A. B. C. D. C. Explanation:
GREATEST that there decreased the blocking reliance on the blocking An intrusion
risk posed by will be too network of critical specialized of critical prevention
an many alerts performance systems or expertise systems or system (IPS)
improperly for system due to IPS services due within the IT services due prevents a
implemente administrato traffic. to false organization. to false connection
d intrusion rs to verify. triggers. triggers. or service
prevention based on
system (IPS) how it is
is: programmed
to react
to specific
incidents. If
the packets
are coming
from a
spoofed
address and
the IPS is
triggered
based on
previously
defined
behavior, it
may biock
the service
or
connection
of a critical
internal
system. The
other
choices are
risks that are
The A. B. C. D. C. Explanation:
GREATEST that there decreased the blocking reliance on the blocking An intrusion
risk posed by will be too network of critical specialized of critical prevention
an many alerts performance systems or expertise systems or system (IPS)
improperly for system due to IPS services due within the IT services due prevents a
implemente administrato traffic. to false organization. to false connection
d intrusion rs to verify. triggers. triggers. or service
prevention based on
system (IPS) how it is
is: programmed
to react
to specific
incidents. If
the packets
are coming
from a
spoofed
address and
the IPS is
triggered
based on
previously
defined
behavior, it
may biock
the service
or
connection
of a critical
internal
system. The
other
choices are
risks that are
An IS auditor A. B. C. D. B. Explanation:
is reviewing is configured is installed has been is configured is installed Default
a software- with an on an configured as a virtual on an settings are
based implicit deny operating with rules private operating often
firewall rule as the system with permitting network system with published
configuratio last rule in default or denying (VPN) default and provide
n. Which of the rule settings. access to endpoint. settings. an intruder
the base. systems or with
following networks. predictable
represents configuratio
the n
GREATEST information,
vulnerability which
? The allows easier
firewall system
software: compromise.
To mitigate
this risk,
firewall
software
should be
installed on
a system
using
a hardened
operating
system that
has limited
functionality
, providing
only the
services
necessary to
support the
An A. B. C. D. D. Explanation:
organization Implement Permit Disable open Implement Implement Wi-Fi
is planning Wired access to broadcast of Wi-Fi Wi-Fi Protected
to replace its Equivalent only service set Protected Protected Access
wired Privacy authorized identifiers Access Access (WPA) 2
networks (WEP) Media (SSID) (WPA) 2 (WPA) 2 implements
with Access most of the
wireless Control requirement
networks. (MAC) s of the IEEE
Which of the addresses 802.11i
following standard.
would The
BEST secure Advanced
the wireless Encryption
network Standard
from (AESJ used in
unauthorize WPA2
d access? provides
better
security.
Also, WPA2
supports
both the
Extensible
Authenticati
on Protocol
and the
preshared
secret key
authenticati
on model.
Implementin
g Wired
Equivalent
In wireless A. B. C. D. C. Explanation:
communicati Device Wireless The use of Packet The use of Calculating
on, which of authenticati intrusion cryptographi headers and cryptographi cryptographi
the on and data detection c hashes trailers c hashes c hashes for
following origin (IDS) and wireless
controls authenticati prevention communicati
allows the on systems (IPS) ons allows
device the device
receiving the receiving the
communicati communicati
ons to ons
verify that to verify that
the received the received
communicati communicati
ons have not ons have not
been altered been altered
in transit? in transit.
This
prevents
masqueradin
g and
message
modification
attacks.
Device
authenticati
on and data
origin
authenticati
on is not the
correct
answer
since
authenticati
When A. B. C. D. C. Explanation:
protecting Personal Antivirus Intrusion Virtual local Intrusion An intrusion
an firewall programs detection area detection detection
organization’ system (IDS) network system (IDS) system (IDS)
s IT systems, (VLAN) would be
which of the configuratio the next line
following is n of defense
normally the after the
next line of firewall. It
defense would
after detect
the network anomalies in
firewall has the
been network/ser
compromise ver activity
d? and try to
detect the
perpetrator.
Antivirus
programs,
personal
firewalls
and VI_AN
configuratio
ns would be
later in the
line of
defense.
Which of the A. B. C. D. D. Explanation:
following Targeted External internal Double-blind Double-blind In a double-
penetration testing testing testing testing testing blind test,
tests would the
MOST administrato
effectively r and
evaluate security staff
incident are not
handling and aware of the
response test, which
capabilities will result in
of an an
organization assessment
? of the
incident
handling and
response
capability in
an
organization.
In targeted,
external,
and
internal
testing, the
system
administrato
r and
security staff
are aware of
the tests
since they
are informed
before the
When A. B. C. D. C. Explanation:
conducting a the finding all restoring all logging all restoring all All
penetration confidentiali possible systems to changes systems to suggested
test of an IT ty of the weaknesses the original made to the the original items should
system, an report. on the state. production state. be
organization system. system. considered
should be by the
MOST system
concerned owner
with: before
agreeing to
penetration
tests, but
the
most
important
task is to be
able to
restore all
systems to
their original
state.
Information
that is
created
and/or
stored on
the tested
systems
should be
removed
from these
systems. If
for some
What is the A. B. C. D. A. Explanation:
BEST action Using virtual Enabling Auditing the Logging all Using virtual The best
to prevent private data access changes to private way to
loss of data network encryption control to access lists network ensure
integrity or (VPN) within the the network (VPN) confidentiali
confidentiali tunnels for application tunnels for ty and
ty in the data transfer data transfer integrity of
case of an e- data is to
commerce encrypt it
application using virtual
running on a private
LAN, network
processing (VPN)
electronic tunnels. This
fund is the most
transfers common
(EFT) and and
orders? convenient
way to
encrypt the
data
traveling
over the
network.
Data
encryption
within the
application
is less
efficient
than VPN.
The other
options are
good
An IS auditor A. B. C. D. B. Explanation:
finds that The This part of A single sign- Antivirus This part of If the
conference corporate the network on has been software is the network conference
rooms have network is is isolated implemente in place to is isolated rooms have
active using an from the d in the protect the from the access to the
network intrusion corporate corporate corporate corporate corporate
ports. Which prevention network network network network network,
of the system (IPS) unauthorize
following is d users may
MOST be able to
important connect to
to ensure? the
corporate
network;
therefore,
both
networks
should be
isolated
either via a
firewall or
being
physically
separated.
An I PS
would
detect
possible
attacks, but
only after
they have
occurred. A
single sign-
on would
The sender A. B. C. D. C. Explanation:
of a public certificate digital digital registration digital A digital
key would authority, signature. certificate. authority. certificate. certificate is
be an electronic
authenticate document
d by a: that declares
a public key
holder is
who the
holder
claims to be.
The
certificates
do handle
data
authenticati
on as they
are used to
determine
who sent a
particular
message. A
certificate
authority
issues the
digital
certificates,
and
distributes,
generates
and
manages
public keys.
A digital
The sender A. B. C. D. C. Explanation:
of a public certificate digital digital registration digital A digital
key would authority, signature. certificate. authority. certificate. certificate is
be an electronic
authenticate document
d by a: that declares
a public key
holder is
who the
holder
claims to be.
The
certificates
do handle
data
authenticati
on as they
are used to
determine
who sent a
particular
message. A
certificate
authority
issues the
digital
certificates,
and
distributes,
generates
and
manages
public keys.
A digital
The FIRST A. B. C. D. A. Explanation:
step in a gathering gaining denying evading gathering Successful
successful information. access. services. detection. information. attacks start
attack to a by gathering
system information
would be: about the
target
system. This
is done in
advance so
that the
attacker gets
to know the
target
systems and
their
vulnerabiliti
es. All of the
other
choices are
based on the
information
gathered.
The FIRST A. B. C. D. A. Explanation:
step in a gathering gaining denying evading gathering Successful
successful information. access. services. detection. information. attacks start
attack to a by gathering
system information
would be: about the
target
system. This
is done in
advance so
that the
attacker gets
to know the
target
systems and
their
vulnerabiliti
es. All of the
other
choices are
based on the
information
gathered.
The use of A. B. C. D. C. Explanation:
digital requires the provides validates the ensures validates the The use of a
signatures: use of a one- encryption source of a message source of a digital
time to a message. confidentiali message. signature
password message. ty. verifies the
generator. identity of
the sender,
but does not
encrypt the
whole
message,
and
hence is not
enough to
ensure
confidentiali
ty. A one-
time
password
generator is
an option,
but is not a
requirement
for using
digital
signatures.
The use of A. B. C. D. C. Explanation:
digital requires the provides validates the ensures validates the The use of a
signatures: use of a one- encryption source of a message source of a digital
time to a message. confidentiali message. signature
password message. ty. verifies the
generator. identity of
the sender,
but does not
encrypt the
whole
message,
and
hence is not
enough to
ensure
confidentiali
ty. A one-
time
password
generator is
an option,
but is not a
requirement
for using
digital
signatures.
What is the A. B. C. D. A. Explanation:
MOST Malicious VPN logon Traffic could VPN Malicious VPN is a
prevalent code could could be be sniffed gateway code could mature
security risk be spread spoofed and could be be spread technology;
when an across the decrypted compromise across the VPN devices
organization network d network are hard to
implements break.
remote However,
virtual when
private remote
network access is
(VPN) access enabled,
to its malicious
network? code in a
remote
client could
spread to
the
organization’
s network.
Though
choices B, C
and D are
security
risks, VPN
technology
largely
mitigates
these risks.
The human A. B. C. D. A. Explanation:
resources SSL Two-factor Encrypted IP address SSL The main
(HR) encryption authenticati session verification encryption risk in this
department on cookies scenario is
has confidentiali
developed a ty, therefore
system to the only
allow option which
employees would
to enroll in provide
benefits via confidentiali
a ty is
web site on Secure
the Socket Layer
corporate (SSL)
Intranet. encryption.
Which of the The
following remaining
would options deal
protect the with
confidentiali authenticati
ty of the on issues.
data?
A firewall is A. B. C. D. B. Explanation:
being Reviewing Testing and Training a Sharing Testing and A mistake in
deployed at logs validating local firewall validating the rule set
a new frequently the rules administrato administrati the rules can render a
location. r at the new ve duties firewall
Which of the location insecure.
following is Therefore,
the MOST testing and
important validating
factor in the rules is
ensuring a the most
successful important
deployment factor in
? ensuring a
successful
deployment.
A regular
review of log
files would
not start
until the
deployment
has been
completed.
Training a
local
administrato
r may not be
necessary if
the firewalls
are
managed
from a
central
Which of the A. B. C. D. A. Explanation:
following Presence of The use of a The A symmetric Presence of Encryption
would be spyware in traffic implementa cryptograph spyware in using secure
the one of the sniffing tool tion of an y is used for one of the sockets
GREATEST ends RSA- transmitting ends layer/transp
cause for compliant data ort layer
concern solution security
when data (SSL/TLS)
are sent tunnels
over the makes it
Internet difficult to
using intercept
HTTPS data in
protocol? transit, but
when
spyware is
running on
an end
user’s
computer,
data are
collected
before
encryption
takes place.
The other
choices are
related to
encrypting
the traffic,
but the
presence of
spyware in
one of the
After A. B. C. D. D. Explanation:
observing Server is a Guest Recently, Audit logs Audit logs Audit logs
suspicious member of a account is 100 users are not are not can provide
activities in a workgroup enabled on were enabled for enabled for evidence
server, a and not part the server created in the server the server which is
manager of the server the server required to
requests a domain proceed
forensic with an
analysis. investigation
Which of the and should
following not be
findings disabled.
should be of For business
MOST needs, a
concern to server can
the be a
investigator? member of a
workgroup
and,
therefore,
not a
concern.
Having a
guest
account
enabled on a
system is a
poor
security
practice but
not a
forensic
investigation
concern.
An IS auditor A. B. C. D. C. Explanation:
selects a The tools Certification Permission An intrusion Permission The data
server for a used to s held by the from the detection from the owner
penetration conduct the IS auditor data owner system (IDS) data owner should be
test that will test of the server is enabled of the server informed of
be carried the risks
out by a associated
technical with a
specialist. penetration
Which of test, what
the types of
following is tests are to
MOST be
important? conducted
and other
relevant
details. All
other
choices are
not as
important as
the data
owner’s
responsibilit
y
for the
security of
the data
assets.
A company A. B. C. D. A. Explanation:
has decided use of the forgery by impersonati forgery by use of the The user’s
to user’s using on of a user substitution user’s digital
implement electronic another by of another electronic signature is
an electronic signature by user’s substitution person’s signature by only
signature another private key of the user’s private key another protected by
scheme person if the to sign a public key on the person if the a password.
based on password is message with another computer. password is Compromise
public key compromise with an person’s compromise of the
infrastructur d. electronic public key. d. password
e. The signature. would
user’s enable
private key access
will be to the
stored on signature.
the This is the
computer’s most
hard drive significant
and risk. Choice
protected by B would
a password. require
The MOST subversion
significant of the public
risk of this key
approach is: infrastructur
e
mechanism,
which is very
difficult and
least likely.
Choice C
would
require that
the message
The network A. B. C. D. D. Explanation:
of an Antivirus Hardening Screening Honeypots Honeypots Honeypots
organization software the servers routers can collect
has been the data on
victim of precursors
several of attacks.
intruders’ Since they
attacks. serve no
Which of the business
following function,
measures honeypots
would allow are
for the early hosts that
detection of have no
such authorized
incidents? users other
than the
honeypot
administrato
rs. All
activity
directed at
them is
considered
suspicious.
Attackers
will scan and
attack
honeypots,
giving
administrato
rs data on
new trends
and
The BEST A. B. C. D. A. Explanation:
filter rule for outgoing incoming incoming incoming outgoing Outgoing
protecting a traffic with traffic with traffic with traffic to traffic with traffic with
network IP source discernible IP options critical IP source an IP source
from being addresses spoofed IP set. hosts. addresses address
used as an externa! to source externa! to different
amplifier in the network. addresses. the network. than the IP
a denial of range in the
service (DoS) network is
attack invalid, in
is to deny most of the
all: cases, it
signals a DoS
attack
originated
by an
internal user
or by a
previously
compromise
d internal
machine;
in both
cases,
applying this
filter will
stop the
attack.
A sender of A. B. C. D. D. Explanation:
an e-mail date and identity of confidentiali authenticity authenticity The
message time stamp the ty of the of the of the signature on
applies a of the originating message’s sender. sender. the digest
digital message. computer. content. can be used
signature to to
the digest of authenticate
the the sender.
message. It does not
This action provide
provides assurance of
assurance of the date
the: and time
stamp or the
identity of
the
originating
computer.
Digitally
signing an e-
mail
message
does not
prevent
access to its
content
and,therefor
e, does not
assure
confidentiali
ty.
What is the A. B. C. D. D. Explanation:
BEST implement Assess web Strong User User Phishing
approach to an intrusion site security authenticati education education attacks can
mitigate the detection on be mounted
risk of a system (IDS) in various
phishing ways;
attack? intrusion
detection
systems
(IDSs) and
strong
authenticati
on
cannot
mitigate
most types
of phishing
attacks.
Assessing
web site
security
does not
mitigate the
risk. Phishing
uses a server
masqueradin
g as a
legitimate
server. The
best way to
mitigate the
risk of
phishing is
to
What is the A. B. C. D. D. Explanation:
BEST implement Assess web Strong User User Phishing
approach to an intrusion site security authenticati education education attacks can
mitigate the detection on be mounted
risk of a system (IDS) in various
phishing ways;
attack? intrusion
detection
systems
(IDSs) and
strong
authenticati
on
cannot
mitigate
most types
of phishing
attacks.
Assessing
web site
security
does not
mitigate the
risk. Phishing
uses a server
masqueradin
g as a
legitimate
server. The
best way to
mitigate the
risk of
phishing is
to
To address a A. B. C. D. A. Explanation:
maintenance Secure Shell two-factor dial-in virtual Secure Shell For granting
problem, a (SSH-2) authenticati access. private (SSH-2) temporary
vendor tunnel for on network tunnel for access to the
needs the duration mechanism (VPN) the duration network, a
remote of the for network account for of the Secure Shell
access to a problem. access. the duration problem. (SSH-2)
critical of the tunnel is the
network. vendor best
The MOST support approach. It
secure contract. has
and effective auditing
solution is to features and
provide the allows
vendor with restriction to
a: specific
access
points.
Choices B, C
and D all
give full
access to the
internal
network.
Two-factor
authenticati
on and
virtual
private
network
(VPN)
provide
access to the
entire
A web server A. B. C. D. C. Explanation:
is attacked Dump the Run the Disconnect Shut down Disconnect The first
and volatile server in a the web the web the web action is to
compromise storage data fail-safe server from server. server from disconnect
d. Which of to a disk. mode. the network. the network. the web
the server from
following the network
should be to contain
performed the damage
FIRST to and prevent
handle the more
incident? actions by
the attacker.
Dumping the
volatile
storage data
to a disk
may be used
at the
investigation
stage but
does not
contain an
attack in
progress. To
run the
server in a
fail-safe
mode, the
server needs
to be shut
down.
Shutting
down the
Which of the A. B. C. D. C. Explanation:
following intrusion Honeypot Intrusion Network Intrusion An intrusion
potentially detection system prevention security prevention prevention
blocks system system scanner system system (IPS)
hacking is deployed
attempts? as an in-line
device that
can detect
and block
hacking
attempts. An
intrusion
detection
system (IDS)
normally is
deployed in
sniffing
mode and
can detect
intrusion
attempts,
but cannot
effectively
stop them. A
honeypot
solution
traps the
intruders to
explore a
simulated
target.
A network
security
scanner
Which of the A. B. C. D. C. Explanation:
following intrusion Honeypot Intrusion Network Intrusion An intrusion
potentially detection system prevention security prevention prevention
blocks system system scanner system system (IPS)
hacking is deployed
attempts? as an in-line
device that
can detect
and block
hacking
attempts. An
intrusion
detection
system (IDS)
normally is
deployed in
sniffing
mode and
can detect
intrusion
attempts,
but cannot
effectively
stop them. A
honeypot
solution
traps the
intruders to
explore a
simulated
target.
A network
security
scanner
Which of the A. B. C. D. A. Explanation:
following Man-in-the Dictionary Password Phishing Man-in-the Attackers
attacks middle sniffing middle can establish
targets the a fake
Secure Secure
Sockets Sockets
Layer (SSL)? Layer (SSL)
server to
accept user’s
SSL traffic
and then
route to
the real SSL
server, so
that
sensitive
information
can be
discovered.
A dictionary
attack that
has been
launched
to discover
passwords
would not
attack SSL
since SSL
does not rely
on
passwords.
SSL traffic is
encrypted,
thus it is not
Which of the A. B. C. D. A. Explanation:
following Man-in-the Dictionary Password Phishing Man-in-the Attackers
attacks middle sniffing middle can establish
targets the a fake
Secure Secure
Sockets Sockets
Layer (SSL)? Layer (SSL)
server to
accept user’s
SSL traffic
and then
route to
the real SSL
server, so
that
sensitive
information
can be
discovered.
A dictionary
attack that
has been
launched
to discover
passwords
would not
attack SSL
since SSL
does not rely
on
passwords.
SSL traffic is
encrypted,
thus it is not
To protect a A. B. C. D. B. Explanation:
VoIP access session backbone intrusion session Session
infrastructur control border gateways. detection border border
e against a servers. controllers. system (IDS). controllers. controllers
denial-of- enhance the
service (DoS) security in
attack, it is the access
MOST network and
important to in the core.
secure the: In the access
network,
they hide a
user’s real
address and
provide a
managed
public
address. This
public
address can
be
monitored,
minimizing
the
opportunitie
s for
scanning and
denial-of-
service (DoS)
attacks.
Session
border
controllers
permit
Which of the A. B. C. D. D. Explanation:
following Digital Digital Online Private key Private key Confidentiali
ensures signature certificate Certificate cryptosyste cryptosyste ty is assured
confidentiali Status m m by a private
ty of Protocol key
information cryptosyste
sent over m. Digital
the signatures
internet? assure data
integrity,
authenticati
on
and
nonrepudiati
on, but not
confidentiall
y. A digital
certificate is
a certificate
that uses a
digital
signature to
bind
together a
public key
with an
identity;
therefore, it
does not
address
confidentiali
ty. Online
Certificate
Status
Which of the A. B. C. D. D. Explanation:
following Digital Digital Online Private key Private key Confidentiali
ensures signature certificate Certificate cryptosyste cryptosyste ty is assured
confidentiali Status m m by a private
ty of Protocol key
information cryptosyste
sent over m. Digital
the signatures
internet? assure data
integrity,
authenticati
on
and
nonrepudiati
on, but not
confidentiall
y. A digital
certificate is
a certificate
that uses a
digital
signature to
bind
together a
public key
with an
identity;
therefore, it
does not
address
confidentiali
ty. Online
Certificate
Status
In a public A. B. C. D. A. Explanation:
key Nonrepudia Encryption Authenticati Integrity Nonrepudia Nonrepudia
infrastructur tion on tion tion,
e (PKI), achieved
which of the through the
following use of digital
may be signatures,
relied upon prevents the
to prove that claimed
an online sender from
transaction later
was denying
authorized that they
by a specific generated
customer? and sent the
message.
Encryption
may protect
the data
transmitted
over the
Internet, but
may not
prove that
the
transactions
were made.
Authenticati
on is
necessary to
establish the
identificatio
n of all
parties to a
When A. B. C. D. A. Explanation:
installing an Properly Preventing Identifying Minimizing Properly Proper
intrusion locating it in denial-of- messages the rejection locating it in location of
detection the network service (DoS) that need to errors the network an intrusion
system (IDS), architecture attacks be architecture detection
which of the quarantined system (IDS)
following is in the
MOST network is
important? the most
important
decision
during
installation.
A poorly
located IDS
could leave
key areas of
the network
unprotected.
Choices B, C
and D are
concerns
during the
configuratio
n of an IDS,
but if the IDS
is not placed
correctly,
none of
them would
be
adequately
addressed.
When A. B. C. D. A. Explanation:
installing an Properly Preventing Identifying Minimizing Properly Proper
intrusion locating it in denial-of- messages the rejection locating it in location of
detection the network service (DoS) that need to errors the network an intrusion
system (IDS), architecture attacks be architecture detection
which of the quarantined system (IDS)
following is in the
MOST network is
important? the most
important
decision
during
installation.
A poorly
located IDS
could leave
key areas of
the network
unprotected.
Choices B, C
and D are
concerns
during the
configuratio
n of an IDS,
but if the IDS
is not placed
correctly,
none of
them would
be
adequately
addressed.
Which of the A. B. C. D. C. Explanation:
following A remote A proxy A personal A password- A personal A personal
would access server firewall generating firewall firewall is
provide the server token the best way
BEST to protect
protection against
against the hacking,
hacking of a because it
computer can be
connected defined with
to the rules that
Internet? describe
the type of
user or
connection
that is or is
not
permitted. A
remote
access
server can
be mapped
or scanned
from the
Internet,
creating
security
exposures.
Proxy
servers can
provide
protection
based on the
IP address
An A. B. C. D. C. Explanation:
organization provides is faster than can cause requires a can cause In a
is using authenticity. asymmetric key relatively key symmetric
symmetric encryption. managemen simple managemen algorithm,
encryption. t to be algorithm. t to be each pair of
Which of the difficult. difficult. users needs
following a unique
would be a pair of keys,
valid reason so the
for moving number of
to keys grows
asymmetric and key
encryption? managemen
Symmetric t can
encryption: become
overwhelmi
ng.
Symmetric
algorithms
do not
provide
authenticity,
and
symmetric
encryption is
faster than
asymmetric
encryption.
Symmetric
algorithms
require
mathematic
al
calculations,
Which of the A. B. C. D. B. Explanation:
following Encrypts the Makes other Facilitates Stores Makes other A directory
BEST information users’ the certificate users’ server
describes transmitted certificates implementa revocation certificates makes other
the role of a over the available to tion of a lists (CRLs) available to users’
directory network applications password applications certificates
server in a policy available to
public key applications.
infrastructur Encrypting
e (PKI)? the
information
transmitted
over the
network and
storing
certificate
revocation
lists (CRLs)
are roles
performed
by a security
server.
Facilitating
the
implementa
tion of a
password
policy is not
relevant to
public key
infrastructur
e (PKl).
An IS auditor A. B. C. D. D. Explanation:
reviewing IDS sensors a behavior- a signature- the IDS is the IDS is An intrusion
the are placed based IDS is based IDS is used to used to detection
implementa outside of causing weak against detect detect system (IDS)
tion of an the firewall. many false new types of encrypted encrypted cannot
intrusion alarms. attacks. traffic. traffic. detect
detection attacks
system (IDS) within
should be encrypted
MOST traffic, and it
concerned would be a
if: concern if
someone
was
misinformed
and thought
that the IDS
could detect
attacks in
encrypted
traffic. An
organization
can place
sensors
outside of
the firewall
to detect
attacks.
These
sensors are
placed in
highly
sensitive
areas
To prevent A. B. C. D. A. Explanation:
IP spoofing the source it has a a reset flag dynamic the source IP spoofing
attacks, a routing field broadcast (RST) is routing is routing field takes
firewall is enabled. address in turned on used instead is enabled. advantage of
should be the for the TCP of static the source-
configured destination connection. routing. routing
to drop a field. option in the
packet if: IP protocol.
With this
option
enabled, an
attacker can
insert a
spoofed
source IP
address. The
packet will
travel the
network
according to
the
information
within the
source-
routing field,
bypassing
the logic in
each router,
including
dynamic and
static
routing
(choice
D). Choices B
To prevent A. B. C. D. A. Explanation:
IP spoofing the source it has a a reset flag dynamic the source IP spoofing
attacks, a routing field broadcast (RST) is routing is routing field takes
firewall is enabled. address in turned on used instead is enabled. advantage of
should be the for the TCP of static the source-
configured destination connection. routing. routing
to drop a field. option in the
packet if: IP protocol.
With this
option
enabled, an
attacker can
insert a
spoofed
source IP
address. The
packet will
travel the
network
according to
the
information
within the
source-
routing field,
bypassing
the logic in
each router,
including
dynamic and
static
routing
(choice
D). Choices B
An IS auditor A. B. C. D. B. Explanation:
reviewing evaluate the identify the review the review the identify the A client-
access encryption network identity application network server
controls for technique. access managemen level access access environment
a client- points. t system. controls. points. typically
server contains
environment several
should access
FIRST: points and
utilizes
distributed
techniques,
increasing
the risk of
unauthorize
d access to
data and
processing.
To evaluate
the security
of the client
server
environment
, all network
access
points
should be
identified.
Evaluating
encryption
techniques,
reviewing
the
identity
An IS auditor A. B. C. D. B. Explanation:
reviewing evaluate the identify the review the review the identify the A client-
access encryption network identity application network server
controls for technique. access managemen level access access environment
a client- points. t system. controls. points. typically
server contains
environment several
should access
FIRST: points and
utilizes
distributed
techniques,
increasing
the risk of
unauthorize
d access to
data and
processing.
To evaluate
the security
of the client
server
environment
, all network
access
points
should be
identified.
Evaluating
encryption
techniques,
reviewing
the
identity
In auditing a A. B. C. D. A. Explanation:
web server, common enterprise applets. web common Common
an IS auditor gateway Java beans services. gateway gateway
should be interface (EJBs). interface interface
concerned (CGI) scripts. (CGI) scripts. (CGI) scripts
about the are
risk of executable
individuals machine
gaining independent
unauthorize software
d programs on
access to the
confidential server that
information can be called
through: and
executed by
a web server
page. CGI
performs
specific tasks
such as
processing
inputs
received
from clients.
The use of
CGI scripts
needs to be
evaluated,
because as
they run in
the server, a
bug in them
may allow a
A virtual A. B. C. D. B. Explanation:
private Secure Tunnelling Digital Phishing Tunnelling VPNs secure
network Sockets signatures data in
(VPN) Layer (SSL) transit by
provides encapsulatin
data g traffic, a
confidentiali process
ty by using: known as
tunnelling.
SSL is a
symmetric
method
of
encryption
between a
server and a
browser.
Digital
signatures
are not used
in the VPN
process,
while
phishing is a
form of a
social
engineering
attack.
A virtual A. B. C. D. B. Explanation:
private Secure Tunnelling Digital Phishing Tunnelling VPNs secure
network Sockets signatures data in
(VPN) Layer (SSL) transit by
provides encapsulatin
data g traffic, a
confidentiali process
ty by using: known as
tunnelling.
SSL is a
symmetric
method
of
encryption
between a
server and a
browser.
Digital
signatures
are not used
in the VPN
process,
while
phishing is a
form of a
social
engineering
attack.
An IS auditor A. B. C. D. A. Explanation:
reviewing reduces the is not automaticall increases reduces the Dynamic
wireless risk of suitable for y provides the risks risk of Host
network unauthorize small an IP associated unauthorize Configuratio
security d access to networks. address to with d access to n Protocol
determines the network. anyone. Wireless the network. (DHCP)
that the Encryption automaticall
Dynamic Protocol y assigns IP
Host (WEP). addresses to
Configuratio anyone
n Protocol is connected
disabled at to the
all wireless network.
access With DHCP
points. This disabled,
practice: static IP
addresses
must be
used and
represent
less risk due
to the
potential for
address
contention
between an
unauthorize
d device and
existing
devices on
the network.
Choice B is
incorrect
because
An A. B. C. D. A. Explanation:
investment encrypting encrypting digitally encrypting encrypting There is no
advisor e- the hash of the hash of signing the the the hash of attempt on
mails the the document newsletter the the part of
periodic newsletter newsletter using the using the newsletter the
newsletters using the using the advisor’s advisor’s using the investment
to clients advisor’s advisor’s private key. private key. advisor’s advisor to
and wants private key. public key. private key. prove their
reasonable identity or to
assurance keep the
that no one newsletter
has confidential.
modified the The
newsletter. objective is
This to assure the
objective receivers
can be that it came
achieved by: to them
without any
modification
, i.e., it has
message
integrity.
Choice Ais
correct
because the
hash is
encrypted
using the
advisor’s
private key.
The
recipients
can open the
An A. B. C. D. C. Explanation:
organization The new The old The The new The The old
has a mix of access access organization’ access organization’ access
access points with points are s security points are s security points
points that stronger poorer in would be as easier to would be as should be
cannot be security are terms of strong as its manage. strong as its discarded
upgraded to affordable. performance weakest weakest and replaced
stronger . points. points. with
security and products
newer having
access strong
points security;
having otherwise,
advanced they
wireless will leave
security. An security
IS auditor holes open
recommend for attackers
s replacing and thus
the make the
nonupgrade entire
abie access network as
points. weak as they
Which of the are.
following Affordability
would BEST is not the
justify the IS auditor’s
auditor’s major
recommend concern.
ation? Performance
is not as
important as
security in
this
Which of the A. B. C. D. D. Explanation:
following is a Message Masqueradi Denial of Traffic Traffic The intruder
passive modification ng service analysis analysis determines
attack to a the nature
network? of the flow
of traffic
(traffic
analysis)
between
defined
hosts and is
able to
guess the
type of
communicati
on taking
place.
Message
modification
involves the
capturing of
a message
and
making
unauthorize
d changes or
deletions,
changing the
sequence or
delaying
transmission
of captured
messages.
Masqueradi
Which of the A. B. C. D. D. Explanation:
following is a Message Masqueradi Denial of Traffic Traffic The intruder
passive modification ng service analysis analysis determines
attack to a the nature
network? of the flow
of traffic
(traffic
analysis)
between
defined
hosts and is
able to
guess the
type of
communicati
on taking
place.
Message
modification
involves the
capturing of
a message
and
making
unauthorize
d changes or
deletions,
changing the
sequence or
delaying
transmission
of captured
messages.
Masqueradi
Sending a A. B. C. D. A. Explanation:
message and authenticity authenticity integrity and privacy and authenticity If the sender
a message and and privacy. privacy. nonrepudiati and sends both a
hash integrity. on. integrity. message and
encrypted a message
by the hash
sender’s encrypted
private key by its private
will ensure: key, then
the receiver
can
apply the
sender’s
public key to
the hash and
get the
message
hash. The
receiver can
apply the
hashing
algorithm to
the message
received and
generate a
hash. By
matching
the
generated
hash with
the one
received, the
receiver is
ensured that
Sending a A. B. C. D. A. Explanation:
message and authenticity authenticity integrity and privacy and authenticity If the sender
a message and and privacy. privacy. nonrepudiati and sends both a
hash integrity. on. integrity. message and
encrypted a message
by the hash
sender’s encrypted
private key by its private
will ensure: key, then
the receiver
can
apply the
sender’s
public key to
the hash and
get the
message
hash. The
receiver can
apply the
hashing
algorithm to
the message
received and
generate a
hash. By
matching
the
generated
hash with
the one
received, the
receiver is
ensured that
An A. B. C. D. A. Explanation:
organization digitally encrypting compressing password digitally By digitally
can ensure signing all e- all e-mail all e-mail protecting signing all e- signing all e-
that the mail messages. messages. all e-mail mail mail
recipients of messages. messages. messages. messages,
e-mails from the receiver
its will be able
employees to validate
can the
authenticate authenticity
the identity of the
of the sender.
sender by: Encrypting
all e-mail
messages
would
ensure that
only the
intended
recipient will
be able to
open the
message;
however, it
would not
ensure the
authenticity
of the
sender.
Compressing
all e-mail
messages
would
reduce the
Two-factor A. B. C. D. B. Explanation:
authenticati Denial-of- Man-in-the- Key logging Brute force Man-in-the- A man-in-
on can be service middle middle the-middle
circumvente attack is
d through similar to
which of the piggybacking
following , in that the
attacks? attacker
pretends to
be the
legitimate
destination,
and then
merely
retransmits
whatever is
sent by the
authorized
user along
with
additional
transactions
after
authenticati
on has been
accepted. A
denial-of-
service
attack does
not have a
relationship
to
authenticati
on. Key
Two-factor A. B. C. D. B. Explanation:
authenticati Denial-of- Man-in-the- Key logging Brute force Man-in-the- A man-in-
on can be service middle middle the-middle
circumvente attack is
d through similar to
which of the piggybacking
following , in that the
attacks? attacker
pretends to
be the
legitimate
destination,
and then
merely
retransmits
whatever is
sent by the
authorized
user along
with
additional
transactions
after
authenticati
on has been
accepted. A
denial-of-
service
attack does
not have a
relationship
to
authenticati
on. Key
When A. B. C. D. B. Explanation:
conducting a Use the IP Pause the Conduct the Use multiple Pause the Pausing the
penetration address of scanning scans during scanning scanning scanning
test of an an existing every few evening tools since every few every few
organization’ file server or minutes to hours when each tool minutes to minutes
s internal domain allow no one is has different allow avoids
network, controller. thresholds logged-in. characteristi thresholds overtaxing
which of the to reset. cs. to reset. the network
following as well as
approaches exceeding
would BEST thresholds
enable the that
conductor of may trigger
the test to alert
remain messages to
undetected the network
on the administrato
network? r. Using the
IP address of
a server
would result
in an
address
contention
that would
attract
attention.
Conducting
scans after
hours would
increase the
chance of
detection,
since there
Active radio A. B. C. D. B. Explanation:
frequency ID Session Eavesdroppi Malicious Phishing Eavesdroppi Like wireless
(RFID) tags hijacking ng code ng devices,
are subject active RFID
to which of tags are
the subject to
following eavesdroppi
exposures? ng. They are
by nature
not subject
to session
hijacking,
malicious
code or
phishing.
The A. B. C. D. D.
implementa a the labeling the creation an inventory an inventory
tion of classification of IS of an access of IS of IS
access of IS resources. control list. resources. resources.
controls resources.
FIRST
requires:
An IS auditor A. B. C. D. C. Explanation:
performing critical. vital. sensitive. noncritical. sensitive. Sensitive
an functions
independent are best
classification described as
of systems those that
should can be
consider a performed
situation manually at
where a tolerable
functions cost for an
could be extended
performed period of
manually at time. Critical
a tolerable functions
cost for an are those
extended that cannot
period of be
time as: performed
unless they
are replaced
by
identical
capabilities
and cannot
be replaced
by manual
methods.
Vital
functions
refer to
those that
can be
performed
Which of the A. B. C. D. A. Explanation:
following Three users Five users Five users Three users Three users The ability of
user profiles with the with the with the with the with the one
should be of ability to ability to ability to ability to ability to individual to
MOST capture and capture and verify other capture and capture and capture and
concern to verify their send their users and to verify the verify their verify
an IS auditor own own send their messages of own messages
when messages messages own other users messages represents
performing messages and to send an
an audit of their own inadequate
an EFT messages segregation,
system? since
messages
can be taken
as correct
and as if
they had
already been
verified.
The A. B. C. D. D. Explanation:
reliability of user IDs are the security date and users can users can An audit trail
an recorded in administrato time stamps amend audit amend audit is not
application the audit r has read- are recorded trail records trail records effective if
system’s trail. only rights when an when when the details in
audit trail to the audit action correcting correcting it can be
may be file. occurs. system system amended.
questionable errors. errors.
if:
The A. B. C. D. D. Explanation:
reliability of user IDs are the security date and users can users can An audit trail
an recorded in administrato time stamps amend audit amend audit is not
application the audit r has read- are recorded trail records trail records effective if
system’s trail. only rights when an when when the details in
audit trail to the audit action correcting correcting it can be
may be file. occurs. system system amended.
questionable errors. errors.
if:
A hacker A. B. C. D. A. Explanation:
could obtain social sniffers. back doors. Trojan social Social
passwords engineering. horses. engineering. engineering
without the is based on
use of the
computer divulgence
tools or of private
programs information
through the through
technique dialogues,
of: interviews,
inquiries,
etc., in
which a user
may be
indiscreet
regarding
their or
someone
else’s
personal
data. A
sniffer is a
computer
tool to
monitor the
traffic in
networks.
Back doors
are
computer
programs
left by
hackers to
Which of the A. B. C. D. A. Explanation:
following Information Access Password System Information The
provides the systems control lists managemen configuratio systems information
framework security t n files security systems
for designing policy policy security
and policy
developing developed
logical and
access approved by
controls? an
organization’
s top
managemen
t is the
basis upon
which logical
access
control is
designed
and
developed.
Access
control lists,
password
managemen
t and
systems
configuratio
n files are
tools for
implementin
g the access
controls.
The FIRST A. B. C. D. A. Explanation:
step in data establish perform a define create a data establish Data
classification ownership. criticality access rules. dictionary. ownership. classification
is to: analysis. is necessary
to define
access rules
based on a
need-to-do
and need-to-
know basis.
The
data owner
is
responsible
for defining
the access
rules;
therefore,
establishing
ownership is
the first step
in data
classification
. The other
choices are
incorrect. A
criticality
analysis is
required for
protection of
data, which
takes input
from data
classification
The FIRST A. B. C. D. A. Explanation:
step in data establish perform a define create a data establish Data
classification ownership. criticality access rules. dictionary. ownership. classification
is to: analysis. is necessary
to define
access rules
based on a
need-to-do
and need-to-
know basis.
The
data owner
is
responsible
for defining
the access
rules;
therefore,
establishing
ownership is
the first step
in data
classification
. The other
choices are
incorrect. A
criticality
analysis is
required for
protection of
data, which
takes input
from data
classification
With the A. B. C. D. A. Explanation:
help of a data owners. programmer system librarians. data owners. Data owners
security s. analysts. are
officer, responsible
granting for the use
access to of datA.
data is the Written
responsibilit authorizatio
y of: n for users
to gain
access to
computerize
d
information
should be
provided by
the data
owners.
Security
administrati
on with the
owners’
approval
sets up
access rules
stipulating
which users
or group of
users are
authorized
to access
data or files
and the level
of
With the A. B. C. D. A. Explanation:
help of a data owners. programmer system librarians. data owners. Data owners
security s. analysts. are
officer, responsible
granting for the use
access to of datA.
data is the Written
responsibilit authorizatio
y of: n for users
to gain
access to
computerize
d
information
should be
provided by
the data
owners.
Security
administrati
on with the
owners’
approval
sets up
access rules
stipulating
which users
or group of
users are
authorized
to access
data or files
and the level
of
Security A. B. C. D. B. Explanation:
administrati access security log logging user profiles. security log Security
on control files. options. files. administrati
procedures tables. on
require procedures
read-only require
access to: read-only
access to
security log
files to
ensure that,
once
generated,
the logs are
not
modified.
Logs provide
evidence
and track
suspicious
transactions
and
activities.
Security
administrati
on
procedures
require
write access
to access
control
tables to
manage and
update the
Security A. B. C. D. B. Explanation:
administrati access security log logging user profiles. security log Security
on control files. options. files. administrati
procedures tables. on
require procedures
read-only require
access to: read-only
access to
security log
files to
ensure that,
once
generated,
the logs are
not
modified.
Logs provide
evidence
and track
suspicious
transactions
and
activities.
Security
administrati
on
procedures
require
write access
to access
control
tables to
manage and
update the
Electromagn A. B. C. D. D. Explanation:
etic affect noise disrupt produce can be can be Emissions
emissions pollution. processor dangerous detected detected can be
from a functions. levels of and and detected by
terminal electric displayed. displayed. sophisticate
represent an current. d equipment
exposure and
because displayed,
they: thus giving
unauthorize
d persons
access
to data. They
should not
cause
disruption of
CPUs or
effect noise
pollution.
Electromagn A. B. C. D. D. Explanation:
etic affect noise disrupt produce can be can be Emissions
emissions pollution. processor dangerous detected detected can be
from a functions. levels of and and detected by
terminal electric displayed. displayed. sophisticate
represent an current. d equipment
exposure and
because displayed,
they: thus giving
unauthorize
d persons
access
to data. They
should not
cause
disruption of
CPUs or
effect noise
pollution.
Which of the A. B. C. D. A. Explanation:
following Unauthorize Excessive Lockout of Multiplexor Unauthorize Line
exposures d data CPU cycle terminal control d data grabbing will
could be access usage polling dysfunction access enable
caused by a eavesdroppi
line grabbing ng, thus
technique? allowing
unauthorize
d data
access, it will
not
necessarily
cause
multiplexor
dysfunction,
excessive
CPU usage
or lockout of
terminal
polling.
Which of the A. B. C. D. A. Explanation:
following Unauthorize Excessive Lockout of Multiplexor Unauthorize Line
exposures d data CPU cycle terminal control d data grabbing will
could be access usage polling dysfunction access enable
caused by a eavesdroppi
line grabbing ng, thus
technique? allowing
unauthorize
d data
access, it will
not
necessarily
cause
multiplexor
dysfunction,
excessive
CPU usage
or lockout of
terminal
polling.
Naming A. B. C. D. B. Explanation:
conventions ensure that reduce the ensure that ensure that reduce the Naming
for system resource number of user access international number of conventions
resources names are rules to resources ly rules for system
are not required to is clearly and recognized required to resources
important ambiguous. adequately uniquely names are adequately are
for access protect identified. used to protect important
control resources. protect resources. for the
because resources. efficient
they: administrati
on of
security
controls. The
conventions
can be
structured,
so resources
beginning
with the
same high-
level
qualifier can
be governed
by
one or more
generic
rules. This
reduces the
number of
rules
required to
adequately
protect
resources,
Naming A. B. C. D. B. Explanation:
conventions ensure that reduce the ensure that ensure that reduce the Naming
for system resource number of user access international number of conventions
resources names are rules to resources ly rules for system
are not required to is clearly and recognized required to resources
important ambiguous. adequately uniquely names are adequately are
for access protect identified. used to protect important
control resources. protect resources. for the
because resources. efficient
they: administrati
on of
security
controls. The
conventions
can be
structured,
so resources
beginning
with the
same high-
level
qualifier can
be governed
by
one or more
generic
rules. This
reduces the
number of
rules
required to
adequately
protect
resources,
The A. B. C. D. B. Explanation:
PRIMARY review ensure walk provide ensure The scope of
objective of access access is through and assurance access is a logical
a logical controls granted per assess the that granted per access
access provided the access computer the control
control through organization’ provided in hardware is organization’ review is
review is to: software. s authorities. the IT adequately s authorities. primarily to
environment protected determine
. against whether or
abuse. not access is
granted per
the
organization’
s
authorizatio
ns. Choices A
and C relate
to
procedures
of a logical
access
control
review,
rather
than
objectives.
Choice D is
relevant to a
physical
access
control
review.
The A. B. C. D. B. Explanation:
PRIMARY review ensure walk provide ensure The scope of
objective of access access is through and assurance access is a logical
a logical controls granted per assess the that granted per access
access provided the access computer the control
control through organization’ provided in hardware is organization’ review is
review is to: software. s authorities. the IT adequately s authorities. primarily to
environment protected determine
. against whether or
abuse. not access is
granted per
the
organization’
s
authorizatio
ns. Choices A
and C relate
to
procedures
of a logical
access
control
review,
rather
than
objectives.
Choice D is
relevant to a
physical
access
control
review.
Sign-on A. B. C. D. C. Explanation:
procedures change the educate build in require a build in The
include the company’s users about validations periodic validations compromise
creation of a security the risk of to prevent review of to prevent of the
unique user policy. weak this during matching this during password is
ID and passwords. user user ID and user the highest
password. creation and passwords creation and risk. The
However, an password for detection password best control
IS auditor change. and change. is a
discovers correction. preventive
that in many control
cases the through
username validation
and at the time
password the
are the password is
same. The created or
BEST control changed.
to mitigate Changing
this risk is the
to: company’s
security
policy and
educating
users
about the
risks of weak
passwords
only
provides
information
to users, but
does little to
enforce this
An IS auditor A. B. C. D. A. Explanation:
conducting exposure is operating operating user exposure is Information
an access greater, efficiency is procedures friendliness greater, in all its
control since enhanced, are more and since forms needs
review in a information since anyone effective, flexibility is information to be
client-server is available can print any since facilitated, is available protected
environment to report at any information since there to from
discovers unauthorize time. is easily is a smooth unauthorize unauthorize
that all d users. available. flow of d users. d access.
printing information Unrestricted
options are among access to the
accessible by users. report
all users. In option
this results in an
situation, exposure.
the IS Efficiency
auditor is and
MOST likely effectiveness
to conclude are not
that: relevant
factors in
this
situation.
Greater
control over
reports will
not be
accomplishe
d since
reports need
not be in a
printed form
only.
Information
To prevent A. B. C. D. D. Explanation:
unauthorize online online ID cards are online online The most
d entry to terminals terminals required to access is access is appropriate
the data are placed in are gain access terminated terminated control to
maintained restricted equipped to online after a after a prevent
in a dial-up, areas. with key terminals. specified specified unauthorize
fast locks. number of number of d entry is to
response unsuccessful unsuccessful terminate
system, an IS attempts. attempts. connection
auditor after a
should specified
recommend: number
of attempts.
This will
deter access
through the
guessing of
IDs and
passwords.
The other
choices are
physical
controls,
which are
not effective
in deterring
unauthorize
d accesses
via
telephone
lines.
When A. B. C. D. B. Explanation:
performing Read access Delete Logged Update Delete Deletion of
an audit of to data access to read/execut access to job access to transaction
access transaction e access to control transaction data files
rights, an IS data files programs language/scr data files should be a
auditor ipt files function of
should be the
suspicious of application
which of the support
following if team, not
allocated to operations
a computer staff.
operator? Read access
to
production
data is a
normal
requirement
of a
computer
operator, as
is logged
access to
programs
and access
to JCL to
control job
execution.
Passwords A. B. C. D. A. Explanation:
should be: assigned by changed reused often displayed on assigned by Initial
the security every 30 to ensure the screen the security password
administrato days at the the user so that the administrato assignment
r for first discretion of does not user can r for first should be
time logon. the user. forget the ensure that time logon. done
password. it has been discretely by
entered the security
properly. administrato
r. Passwords
should be
changed
often (e.g.,
every 30
days);
however,
changing
should not
be
voluntary, it
should be
required by
the
system.
Systems
should not
permit
previous
passwords
to be used
again. Old
passwords
may have
been
Passwords A. B. C. D. A. Explanation:
should be: assigned by changed reused often displayed on assigned by Initial
the security every 30 to ensure the screen the security password
administrato days at the the user so that the administrato assignment
r for first discretion of does not user can r for first should be
time logon. the user. forget the ensure that time logon. done
password. it has been discretely by
entered the security
properly. administrato
r. Passwords
should be
changed
often (e.g.,
every 30
days);
however,
changing
should not
be
voluntary, it
should be
required by
the
system.
Systems
should not
permit
previous
passwords
to be used
again. Old
passwords
may have
been
When A. B. C. D. B. Explanation:
reviewing an Passwords Password Redundant The Password When
organization’ are not files are not logon IDs are allocation of files are not evaluating
s logical shared. encrypted. deleted. logon IDs is encrypted. the technical
access controlled. aspects of
security, logical
which of the security,
following unencrypted
should be of files
MOST represent
concern to the greatest
an IS risk. The
auditor? sharing of
passwords,
checking for
the
redundancy
of logon IDs
and proper
logon ID
procedures
are
essential,
but they are
less
important
than
ensuring
that the
password
files are
encrypted.
Which of the A. B. C. D. A. Explanation:
following is a Provides an Can be used Permits Allows call Provides an A callback
benefit of audit trail in a unlimited forwarding audit trail feature
using a switchboard user mobility hooks into
callback environment the access
device? control
software and
logs all
authorized
and
unauthorize
d access
attempts,
permitting
the follow-
up and
further
review of
potential
breaches.
Call
forwarding
(choice D) is
a
means of
potentially
bypassing
callback
control. By
dialing
through an
authorized
phone
number
Which of the A. B. C. D. A. Explanation:
following is a Provides an Can be used Permits Allows call Provides an A callback
benefit of audit trail in a unlimited forwarding audit trail feature
using a switchboard user mobility hooks into
callback environment the access
device? control
software and
logs all
authorized
and
unauthorize
d access
attempts,
permitting
the follow-
up and
further
review of
potential
breaches.
Call
forwarding
(choice D) is
a
means of
potentially
bypassing
callback
control. By
dialing
through an
authorized
phone
number
Which of the A. B. C. D. D. Explanation:
following is Security Reading the Security Logical Logical To retain a
the awareness security committee access access competitive
PRIMARY policy controls controls advantage
safeguard and meet
for securing basic
software and business
data within requirement
an s,
information organization
processing s must
facility? ensure that
the
integrity of
the
information
stored on
their
computer
systems
preserve the
confidentiali
ty of
sensitive
data and
ensure the
continued
availability
of their
information
systems. To
meet these
goals, logical
access
What is the A. B. C. D. C. Explanation:
MOST Automated Tape Access Locked Access Access
effective file entry librarian control library control control
method of software software software is
preventing an active
unauthorize control
d use of data designed to
files? prevent
unauthorize
d access to
data.
What is the A. B. C. D. C. Explanation:
MOST Automated Tape Access Locked Access Access
effective file entry librarian control library control control
method of software software software is
preventing an active
unauthorize control
d use of data designed to
files? prevent
unauthorize
d access to
data.
Assuming A. B. C. D. D.
this diagram No firewalls Op-3 MIS (Global) SMTP SMTP
represents are needed location only and NAT2 Gateway Gateway
an internal and op-3 and op-3
facility and
the
organization
is
implementin
g a firewall
protection
program,
where
should
firewalls be
installed?
Neural A. B. C. D. C. Explanation:
networks discover solve attack make attack Neural
are effective new trends problems problems assumptions problems networks
in detecting since they where large that require about the that require can be used
fraud are and general consideratio shape of any consideratio to attack
because inherently sets of n of a large curve n of a large problems
they can: linear. training data number of relating number of that require
are not input variables to input consideratio
obtainable. variables. the output. variables. n of
numerous
input
variables.
They
are capable
of capturing
relationships
and patterns
often missed
by other
statistical
methods,
but they will
not
discover
new trends.
Neural
networks
are
inherently
nonlinear
and make no
assumption
about the
shape of any
Neural A. B. C. D. C. Explanation:
networks discover solve attack make attack Neural
are effective new trends problems problems assumptions problems networks
in detecting since they where large that require about the that require can be used
fraud are and general consideratio shape of any consideratio to attack
because inherently sets of n of a large curve n of a large problems
they can: linear. training data number of relating number of that require
are not input variables to input consideratio
obtainable. variables. the output. variables. n of
numerous
input
variables.
They
are capable
of capturing
relationships
and patterns
often missed
by other
statistical
methods,
but they will
not
discover
new trends.
Neural
networks
are
inherently
nonlinear
and make no
assumption
about the
shape of any
Which of the A. B. C. D. A. Explanation:
following Screened Application Packet Circuit-level Screened A screened
types of subnet filtering filtering gateway subnet subnet
firewalls firewall gateway router firewall firewall
would BEST would
protect a provide the
network best
from an protection.
internet The
attack? screening
router can
be a
commercial
router
or a node
with routing
capabilities
and the
ability to
allow or
avoid traffic
between
nets or
nodes based
on
addresses,
ports,
protocols,
interfaces,
etc.
Application-
level
gateways
are
Which of the A. B. C. D. A. Explanation:
following Screened Application Packet Circuit-level Screened A screened
types of subnet filtering filtering gateway subnet subnet
firewalls firewall gateway router firewall firewall
would BEST would
protect a provide the
network best
from an protection.
internet The
attack? screening
router can
be a
commercial
router
or a node
with routing
capabilities
and the
ability to
allow or
avoid traffic
between
nets or
nodes based
on
addresses,
ports,
protocols,
interfaces,
etc.
Application-
level
gateways
are
Which of the A. B. C. D. D. Explanation:
following Broadband Baseband Dial-up Dedicated Dedicated Dedicated
line media network network lines lines lines are set
would digital apart for a
provide the transmission particular
BEST user or
security for a organization.
telecommun Since there
ication is no sharing
network? of lines or
intermediate
entry points,
the risk of
interception
or disruption
of
telecommun
ications
messages is
lower.
An installed A. B. C. D. D. Explanation:
Ethernet Electromagn Cross-talk Dispersion Attenuation Attenuation Attenuation
cable run in etic is the
an interference weakening
unshielded (EMI) of signals
twisted pair during
(UTP) transmission
network is . When the
more than signal
100 meters becomes
long. weak, it
Which of the begins to
following read
could be a 1 for a 0,
caused by and the user
the length of may
the cable? experience
communicati
on
problems.
UTP faces
attenuation
around 100
meters.
Electromagn
etic
interference
(EMl)is
caused by
outside
electromagn
etic waves
affecting the
desired
Which of the A. B. C. D. C. Explanation:
following is a Restricting Monitoring Providing Establishing Providing Redundancy
control over operator and network physical network by building
component access and reviewing redundancy barriers to redundancy some form
communicati maintaining system the data of
on audit trails engineering transmitted duplication
failure/error activity over the into the
s? network network
components,
such as a
link, router
or switch
to prevent
loss, delays
or data
duplication
is a control
over
component
communicati
on failure or
error. Other
related
controls are
loop/echoch
ecks to
detect line
errors, parity
checks, error
correction
codes and
sequence
checks.
Choices A, B
Which of the A. B. C. D. C. Explanation:
following is a Restricting Monitoring Providing Establishing Providing Redundancy
control over operator and network physical network by building
component access and reviewing redundancy barriers to redundancy some form
communicati maintaining system the data of
on audit trails engineering transmitted duplication
failure/error activity over the into the
s? network network
components,
such as a
link, router
or switch
to prevent
loss, delays
or data
duplication
is a control
over
component
communicati
on failure or
error. Other
related
controls are
loop/echoch
ecks to
detect line
errors, parity
checks, error
correction
codes and
sequence
checks.
Choices A, B
When A. B. C. D. A. Explanation:
reviewing they are set changes are changes are access to they are set The primary
system to meet recorded in authorized parameters to meet concern is to
parameters, security and an audit trail and in the security and find the
an IS performance and supported system is performance balance
auditor’s requirement periodically by restricted. requirement between
PRIMARY s. reviewed. appropriate s. security and
concern documents. performance
should be . Recording
that: changes in
an audit
trail and
periodically
reviewing
them is a
detective
control;
however, if
parameters
are not set
according to
business
rules,
monitoring
of changes
may not be
an effective
control.
Reviewing
changes to
ensure they
are
supported
by
When A. B. C. D. A. Explanation:
reviewing they are set changes are changes are access to they are set The primary
system to meet recorded in authorized parameters to meet concern is to
parameters, security and an audit trail and in the security and find the
an IS performance and supported system is performance balance
auditor’s requirement periodically by restricted. requirement between
PRIMARY s. reviewed. appropriate s. security and
concern documents. performance
should be . Recording
that: changes in
an audit
trail and
periodically
reviewing
them is a
detective
control;
however, if
parameters
are not set
according to
business
rules,
monitoring
of changes
may not be
an effective
control.
Reviewing
changes to
ensure they
are
supported
by
In a client- A. B. C. D. C. Explanation:
server Diskless Data Network Authenticati Network Network
system, workstations encryption monitoring on systems monitoring monitoring
which of the techniques devices devices devices may
following be used to
control inspect
techniques activities
is used to from known
inspect or unknown
activity from users and
known or can identify
unknown client
users? addresses,
which may
assist in
finding
evidence of
unauthorize
d access.
This serves
as a
detective
control.
Diskless
workstations
prevent
access
control
software
from being
bypassed.
Data
encryption
techniques
Which of the A. B. C. D. B. Explanation:
following Filters Switches Routers Firewalls Switches Switches are
BEST at the lowest
reduces the level of
ability of one network
device to security and
capture the transmit a
packets that packet to
are meant the device to
for another which it is
device? addressed.
This reduces
the ability of
one device
to capture
the packets
that are
meant for
another
device.
Filters allow
for
some basic
isolation of
network
traffic based
on the
destination
addresses.
Routers
allow
packets to
be given
or denied
An IS auditor A. B. C. D. A. Explanation:
is compromise installs a steals a listens to the compromise In a WAP
performing a s the sniffing customer’s wireless s the gateway, the
network Wireless program in PDA. transmission Wireless encrypted
security Application front of the . Application messages
review of a Protocol server. Protocol from
telecom (WAP) (WAP) customers
company gateway. gateway. must be
that decrypted to
provides transmit
Internet over the
connection Internet
services to and vice
shopping versa.
malls for Therefore, if
their the gateway
wireless is
customers. compromise
The d, all of the
company messages
uses would be
Wireless exposed. SSL
Transport protects
Layer the
Security messages
(WTLS) and from sniffing
Secure on the
Sockets Internet,
Layer (SSL) limiting
technology disclosure of
for the
protecting customer’s
their information.
customer’s WTLS
A company A. B. C. D. D. Explanation:
is Most A packet The IP Access to a Access to a Given
implementin employees filtering address network network physical
g a dynamic use laptops. firewall is space is port is not port is not access to a
host used. smaller than restricted. restricted. port, anyone
configuratio the number can connect
n protocol of PCs. to the
(DHCP). internal
Given that network.
the The other
following choices do
conditions not present
exist, which the
represents exposure
the that access
GREATEST to a port
concern? does. DHCP
provides
convenience
(an
advantage)
to the laptop
users.
Sharing IP
addresses
and the
existence of
a firewall
can be
security
measures.
Which of the A. B. C. D. A. Explanation:
following Firewalls Routers Layer 2 VLANs Firewalls Firewall
network switches systems are
components the primary
is PRIMARILY tool that
set up to enable an
serve as a organization
security to prevent
measure by unauthorize
preventing d access
unauthorize between
d traffic networks.
between An
different organization
segments of may choose
the to deploy
network? one or more
systems that
function as
firewalls.
Routers can
filter packets
based on
parameters,
such as
source
address, but
are not
primarily a
security tool.
Based on
Media
Access
Control
An IS auditor A. B. C. D. B. Explanation:
evaluating the setup is the network a hot site is diverse the network A clustered
the geographical servers are ready for routing is servers are setup in one
resilience of ly dispersed. clustered in activation. implemente clustered in location
a high- a site. d for the a site. makes the
availability network. entire
network network
should be vulnerable
MOST to natural
concerned disasters or
if: other
disruptive
events.
Dispersed
geographical
locations
and diverse
routing
provide
backup if a
site has
been
destroyed. A
hot site
would also
be a good
alternative
for a single
point-of-
failure site.
An IS auditor A. B. C. D. B. Explanation:
evaluating the setup is the network a hot site is diverse the network A clustered
the geographical servers are ready for routing is servers are setup in one
resilience of ly dispersed. clustered in activation. implemente clustered in location
a high- a site. d for the a site. makes the
availability network. entire
network network
should be vulnerable
MOST to natural
concerned disasters or
if: other
disruptive
events.
Dispersed
geographical
locations
and diverse
routing
provide
backup if a
site has
been
destroyed. A
hot site
would also
be a good
alternative
for a single
point-of-
failure site.
Which of the A. B. C. D. A. Explanation:
following Financial Number of Percentage Number of Financial The most
would be an impact per security of business successful impact per important
indicator of security vulnerabiliti applications penetration security indicator is
the incident es that were that are tests incident the financial
effectiveness patched being impact per
of a protected security
computer incident.
security Choices B, C
incident and D could
response be
team? measures of
effectiveness
of security,
but would
not be a
measure of
the
effectiveness
of a
response
team.
The MAIN A. B. C. D. D. Explanation:
criterion for cost of negative geographic downtime. downtime. The longer
determining recovery. public location. the period of
the severity opinion. time a client
level of a cannot be
service serviced, the
disruption greater the
incident is: severity of
the incident.
The cost of
recovery
could be
minimal yet
the service
downtime
could have a
major
impact.
Negative
public
opinion is a
symptom of
an incident.
Geographic
location
does not
determine
the severity
of the
incident.
The MAIN A. B. C. D. D. Explanation:
criterion for cost of negative geographic downtime. downtime. The longer
determining recovery. public location. the period of
the severity opinion. time a client
level of a cannot be
service serviced, the
disruption greater the
incident is: severity of
the incident.
The cost of
recovery
could be
minimal yet
the service
downtime
could have a
major
impact.
Negative
public
opinion is a
symptom of
an incident.
Geographic
location
does not
determine
the severity
of the
incident.
The A. B. C. D. A. Explanation:
computer use this forward the implement fail to use this An
security information security individual understand information organization’
incident to launch alert. solutions. the threat. to launch s computer
response attacks. attacks. security
team (CSIRT) incident
of an response
organization team (CSIRT)
disseminates should
detailed disseminate
descriptions recent
of threats,
recent security
threats. An guidelines
IS auditor’s and security
GREATEST updates to
concern the users to
should be assist them
that the in
users might: understandi
ng the
security risk
of errors
and
omissions.
However,
this
introduces
the risk that
the users
may use this
information
to launch
attacks,
The A. B. C. D. A. Explanation:
PRIMARY improve harden the highlight the improve improve A
objective of internal network to importance employee internal postincident
performing a control industry best of incident awareness control review
postincident procedures. practices. response of the procedures. examines
review is managemen incident both the
that it t to response cause and
presents an managemen process. response to
opportunity t. an incident.
to: The lessons
learned from
the
review can
be used to
improve
internal
controls.
Understandi
ng the
purpose and
structure of
postincident
reviews and
follow-up
procedures
enablesthe
information
security
manager to
continuously
improve the
security
program.
Improving
The A. B. C. D. A. Explanation:
PRIMARY improve harden the highlight the improve improve A
objective of internal network to importance employee internal postincident
performing a control industry best of incident awareness control review
postincident procedures. practices. response of the procedures. examines
review is managemen incident both the
that it t to response cause and
presents an managemen process. response to
opportunity t. an incident.
to: The lessons
learned from
the
review can
be used to
improve
internal
controls.
Understandi
ng the
purpose and
structure of
postincident
reviews and
follow-up
procedures
enablesthe
information
security
manager to
continuously
improve the
security
program.
Improving
Which of the A. B. C. D. D. Explanation:
following is Install the Block the Block the Stop the Stop the Stopping the
the MOST vendor’s protocol protocol service until service until service and
effective security fix traffic in the traffic an an installing the
method for for the perimeter between appropriate appropriate security fix is
dealing with vulnerability. firewall. internal security fix is security fix is the safest
the network installed. installed. way to
spreading of segments. prevent the
a network worm from
worm that spreading, if
exploits the
vulnerability service is not
in a stopped,
protocol? installing the
fix is not the
most
effective
method
because the
worm
continues
spreading
until the fix
becomes
effective.
Blocking the
protocol on
the
perimeter
does not
stop the
worm from
spreading to
the internal
The FIRST A. B. C. D. C. Explanation:
step in assess the evaluate the identify estimate identify The first step
managing vulnerability likelihood of critical potential critical in managing
the risk of a impact. threats. information damage. information risk is the
cyber attack assets. assets. identificatio
is to: n and
classification
of critical
information
resources
(assets).
Once the
assets have
been
identified,
the process
moves onto
the
identificatio
n of threats,
vulnerabiliti
es and
calculation
of potential
damages.
The FIRST A. B. C. D. C. Explanation:
step in assess the evaluate the identify estimate identify The first step
managing vulnerability likelihood of critical potential critical in managing
the risk of a impact. threats. information damage. information risk is the
cyber attack assets. assets. identificatio
is to: n and
classification
of critical
information
resources
(assets).
Once the
assets have
been
identified,
the process
moves onto
the
identificatio
n of threats,
vulnerabiliti
es and
calculation
of potential
damages.
After A. B. C. D. C. Explanation:
installing a Differential False- False- Less-detail False- False-
network, an reporting positive negative reporting negative negative
organization reporting reporting reporting reporting on
installed a weaknesses
vulnerability means the
assessment control
tool or weaknesses
security in the
scanner to network are
identify not
possible identified
weaknesses. and
Which is the therefore
MOST may not be
serious risk addressed,
associated leaving the
with such network
tools? vulnerable
to attack.
False-
positive
reporting is
one in
which the
controls are
in place, but
are
evaluated as
weak, which
should
prompt a
rechecking
of the
Time A. B. C. D. A. Explanation:
constraints Achieve Align the Delay the Enforce Achieve Provided
and standards data project until standard standards that data
expanded alignment definition compliance compliance alignment architecture,
needs have through an standards with by adopting through an technical,
been found increase of after standards punitive increase of and
by an IS resources completion can be measures resources operational
auditor to be devoted to of the achieved against devoted to requirement
the root the project project violators the project s are
causes for sufficiently
recent documented
violations of , the
corporate alignment to
data standards
definition could be
standards in treated as a
a new specific work
business package
intelligence assigned to
project. new project
Which of the resources.
following is The
the MOST usage of
appropriate nonstandard
suggestion data
for an definitionsw
auditor to ould lower
make? the
efficiency of
the new
developmen
t, and
increase the
risk
In a small A. B. C. D. A. Explanation:
organization, Approve and Limit Obtain Disable the Approve and It may be
developers document developer secondary compiler document appropriate
may release the change access to approval option in the the change to allow
emergency the next production before production the next programmer
changes business day to a specific releasing to machine business day s to make
directly to timeframe production emergency
production. changes as
Which of the long as they
following are
will BEST documented
control the and
risk in this approved
situation? after the
fact.
Restricting
release time
frame may
help
somewhat;
however, it
would not
apply to
emergency
changes and
cannot
prevent
unauthorize
d release of
the
programs.
Choices C
and D are
not
An IS auditor A. B. C. D. C. Explanation:
notes that the training any delaying the delaying Deploying
patches for needs for beneficial deployment necessity of deployment patches
the users after impact of until testing advising end until testing without
operating applying the the patch on the impact users of new the impact testing
system used patch. the of the patch. patches. of the patch. exposes an
by an operational organization
organization systems. to the risk of
are system
deployed by disruption or
the IT failure.
department Normally,
as advised there is no
by the need for
vendor. The training or
MOST advising
significant users when
concern an a new
IS auditor operating
should have system
with this patch has
practice is been
the installed.
nonconsider Any
ation bylT of: beneficial
impact is
less
important
than the risk
of
unavailabilit
y that could
be avoided
with proper
Which of the A. B. C. D. D. Explanation:
following Change Backup and incident Configuratio Configuratio The
processes managemen recovery managemen n n configuratio
should an IS t t managemen managemen n
auditor t t managemen
recommend t process
to assist in may include
the automated
recording of tools that
baselines for will provide
software an
releases? automated
recording
of software
release
baselines.
Should the
new release
fail, the
baseline will
provide a
point to
which to
return.
The other
choices do
not provide
the
processes
necessary
for
establishing
software
release
An IS auditor A. B. C. D. B. Explanation:
discovers Commands Hash keys Access to Software Hash keys The
that typed on the are the developmen are matching of
developers command calculated operating t tools and calculated hash keys
have line are periodically system compilers periodically over time
operator logged for programs command have been for programs would allow
access to the and line is removed and detection of
command matched granted from the matched changes to
line of a against hash through an production against hash files. Choice
production keys access environment keys A is incorrect
environment calculated restriction calculated because
operating for the most tool with for the most having a log
system. recent preapproved recent is not a
Which of the authorized rights authorized control,
following versions of versions of reviewing
controls wou the the the log is a
Id BEST programs programs control.
mitigate the Choice C is
risk of incorrect
undetected because the
and access was
unauthorize already
d program granted-it
changes to does not
the matter how.
production Choice D is
environment wrong
? because files
can be
copied to
and from the
production
environment
.
The A. B. C. D. D. Explanation:
application Rewrite the Code review Develop in- identify and identify and Suitable
systems of patches and and house test suitable test suitable patches
an apply them application patches patches patches from the
organization of available before before existing
using open- patches applying applying developers
source them them should be
software selected and
have no tested
single before
recognized applying
developer them.
producing Rewriting
patches. the patches
Which of the and applying
following them is not a
would be correct
the MOST answer
secure way because it
of updating would
open-source require
software? skilled
resources
and
time to
rewrite the
patches.
Code review
could be
possible but
tests need to
be
performed
before
To A. B. C. D. C. Explanation:
determine if examine the review examine review examine The
unauthorize change access object code change object code procedure of
d changes control control to find approved to find examining
have been system permissions instances of designations instances of object code
made to records and operating changes and established changes and files to
production trace them within the trace them within the trace them establish
code the forward to production back to change back to instances of
BEST audit object code program change control change code
procedure is files. libraries. control system. control changes and
to: records. records. tracing these
back to
change
control
system
records is a
substantive
test that
directly
addresses
the risk of
unauthorize
d code
changes. The
other
choices are
valid
procedures
to apply in a
change
control audit
but they do
not directly
address the
When A. B. C. D. A. Explanation:
reviewing allow allow do not allow allow allow There may
procedures changes, undocument any programmer changes, be situations
for which will be ed changes emergency s permanent which will be where
emergency completed directly to changes. access to completed emergency
changes to using after- the production using after- fixes are
programs, the-fact production programs. the-fact required to
the IS follow-up. library. follow-up. resolve
auditor system
should verify problems.
that the This involves
procedures: the use
of special
logon IDs
that grant
programmer
s temporary
access to
production
programs
during
emergency
situations.
Emergency
changes
should be
completed
using after-
the-fact
follow-up
procedures,
which
ensure
that normal
An A. B. C. D. B. Explanation:
organization apply the ensure that thoroughly approve the ensure that An IS auditor
has recently patch a good test the patch after a good must review
installed a according to change patch before doing a risk change the change
security the patch’s managemen sending it to assessment. managemen managemen
patch, which release t process is production. t process is t process,
crashed the notes. in place. in place. including
production patch
server. To managemen
minimize the t
probability procedures,
of this and
occurring verify that
again, an IS the process
auditor has
should: adequate
controls and
make
suggestions
accordingly.
The other
choices are
part of
a good
change
managemen
t process but
are not an IS
auditor’s
responsibilit
y.
An IS auditor A. B. C. D. A. Explanation:
should program only modified source and program Library
recommend changes thoroughly programs executable changes control
the use of have been tested are code have been software
library authorized. programs automaticall integrity is authorized. should be
control are released. y moved to maintained. used to
software to production. separate
provide test from
reasonable production
assurance libraries in
that: mainframe
and/or client
server
environment
s. The main
objective of
library
control
software is
to provide
assurance
that
program
changes
have been
authorized.
Library
control
software is
concerned
with
authorized
program
changes and
The purpose A. B. C. D. A. Explanation:
of code the software the the signer of the private the software Code signing
signing is to has not been application the key of the has not been can only
provide subsequentl can safely application signer has subsequentl ensure that
assurance y modified. interface is trusted. not been y modified. the
that: with another compromise executable
signed d. code has not
application. been
modified
after being
signed. The
other
choices are
incorrect
and actually
represent
potential
and
exploitable
weaknesses
of code
signing.
A A. B. C. D. B. Explanation:
programmer Comparing Reviewing Comparing Reviewing Reviewing Reviewing
maliciously source code system log object code executable system log system log
modified a files and source files files is the
production code only trail
program to integrity that may
change data provide
and then information
restored the about the
original unauthorize
code. d activities in
Which of the the
following production
would MOST library.
effectively Source and
detect the object code
malicious comparisons
activity? are
ineffective,
because the
original
programs
were
restored and
do not exist.
Reviewing
executable
and source
code
integrity is
an
ineffective
control,
because
An IS auditor A. B. C. D. D. Explanation:
reviewing a Analyze the Recommend Recommend Determine if Determine if An IS auditor
database need for the restoration the the the should first
application structural to the implementa modification modification determine if
discovers change. originally tion of a s were s were the
that the designed change properly properly modification
current structure. control approved. approved. s were
configuratio process. properly
n does not approved.
match the Choices A, B
originally and C are
designed possible
structure. subsequent
Which of the actions,
following should the IS
should be auditor find
the IS that the
auditor’s structural
next action? modification
had not
been
approved.
Which of the A. B. C. D. B. Explanation:
following Review identify Review Ensure that identify The most
tests software changes that change only changes that effective
performed migration have control appropriate have method is to
by an IS records and occurred documentati staff can occurred determine
auditor verify and verify on and verify migrate and verify through
would be approvals. approvals. approvals. changes into approvals. code
the MOST production. comparisons
effective in what
determining changes
compliance have been
with an made and
organization’ then
s change verify that
control they have
procedures? been
approved.
Change
control
records and
software
migration
records may
not have all
changes
listed.
Ensuring
that only
appropriate
staff can
migrate
changes into
production
is a key
An IS auditor A. B. C. D. C. Explanation:
reviewing Allow Make Use the DBA Use the Use the DBA The use of a
database changes to changes to user account normal user user account database
controls be made the database to make account to to make administrato
discovered only with after changes, log make changes, log r (DBA) user
that changes the DBA user granting the changes changes, log the changes account is
to the account. access to a and review the changes and review normally set
database normal user the change and review the change up to log all
during account. log the the change log the changes
normal following log the following made and is
working day. following day. most
hours were day. appropriate
handled for changes
through a made
standard set outside of
of normal
procedures. hours. The
However, use of a log,
changes which
made after records the
normal changes,
hours allows
required changes to
only an be reviewed.
abbreviated The use of
number of the DBA user
steps. In this account
situation, without
which of the logging
following would
would be permit
considered uncontrolled
an changes
adequate set to be made
In regard to A. B. C. D. D. Explanation:
moving an application application production production production The best
application programmer programmer control control control control
program copy the copy the group group copy group copy would be
from the source source compile the the source the source provided by
test program and program to object program to program to having the
environment compiled the module to the the production
to the object production the production production control
production module to libraries and production libraries and libraries and group copy
environment the then have libraries then then the source
, the BEST production the using the compile the compile the program to
control libraries. production source program. program. the
would be to control program in production
have the: group the test libraries and
compile the environment then
program. . compile the
program.
Change A. B. C. D. A. Explanation:
managemen control the control the ensure the verify that control the Change
t procedures movement interruption uninterrupte system movement managemen
are of of business d operation changes are of t procedures
established applications operations of the properly applications are
by IS from the from lack of business in documented from the established
managemen test attention to the event of . test by IS
t to: environment unresolved a disaster. environment managemen
to the problems. to the t to control
production production the
environment environment movement
. . of
applications
from the
test
environment
to the
production
environment
. Problem
escalation
procedures
control the
interruption
of business
operations
from lack of
attention to
unresolved
problems,
and quality
assurance
procedures
verify that
Which of the A. B. C. D. D. Explanation:
following Release-to- Library Restricted Date and Date and Date and
controls release control access to time-stamp time-stamp time-stamp
would be source and software source code reviews of reviews of reviews of
MOST object restricting and object source and source and source and
effective in comparison changes to code object code object code object code
ensuring reports source code would
that ensure that
production source code,
source code which has
and object been
code are compiled,
synchronize matches the
d? production
object code.
This is the
most
effective
way to
ensure that
the
approved
production
source code
is compiled
and is the
one being
used.
Vendors A. B. C. D. A. Explanation:
have Assess the Ask the install the Decline to Assess the The effect of
released impact of vendors for security deal with impact of installing the
patches patches a new patch these patches patch should
fixing prior to software immediately vendors in prior to be
security installation. version with . the future. installation. immediately
flaws in their all fixes evaluated
software. included. and
Which of the installation
following should occur
should an IS based on the
auditor results of
recommend the
in this evaluation.
situation? To install the
patch
without
knowing
what it
might affect
could easily
cause
problems.Ne
w software
versions
withall fixes
included are
not always
available
and a full
installation
could be
time
consuming.
In a small A. B. C. D. C. Explanation:
organization, Automated Additional Procedures Access Procedures While it
an employee logging of staff to that verify controls to that verify would be
performs changes to provide that only prevent the that only preferred
computer developmen separation approved operator approved that strict
operations t libraries of duties program from making program separation
and, when changes are program changes are of duties be
the situation implemente modification implemente adhered to
demands, d s d and that
program additional
modification staff is
s. Which of recruited as
the suggested in
following choice B,
should the IS this practice
auditor is not always
recommend possible in
? small
organization
s. An IS
auditor must
look at
recommend
ed
alternative
processes.
Of the
choices, C is
the only
practical one
that has an
impact. An IS
auditor
should
While A. B. C. D. C. Explanation:
reviewing recommend review the review the recommend review the Capacity
the IT the use of adequacy of capacity the use of a capacity managemen
infrastructur disk offsite managemen compression managemen t is the
e, an IS mirroring. storage. t process. algorithm. t process. planning and
auditor monitoring
notices that of computer
storage resources to
resources ensure that
are available IT
continuously resources
being are used
added. The efficiently
IS auditor and
should: effectively.
Business
criticality
must be
considered
before
recommendi
ng a
disk
mirroring
solution and
offsite
storage is
unrelated to
the problem.
Though data
compression
may save
disk
space, it
A review of A. B. C. D. A. Explanation:
wide area analysis is WAN the line users should analysis is The peak at
network required to capacity is should be required to 96 percent
(WAN) usage determine if adequate for immediately instructed to determine if could be the
discovers a pattern the be replaced reduce their a pattern result of a
that traffic emerges maximum by one with traffic emerges one-off
on one that results traffic a larger demands or that results incident,
communicati in a service demands capacity to distribute in a service e.g., a user
on line loss for a since provide them across loss for a downloading
between short period saturation approximate all service short period a large
sites, of time. has not been ly 85 percent hours to of time. amount of
synchronous reached. saturation. flatten data;
ly linking the bandwidth therefore,
master and consumption analysis to
standby . establish
database, whether this
peaks at 96 is a regular
percent of pattern and
the line what causes
capacity. An this behavior
IS auditor should be
should carried out
conclude before
that: expenditure
on a larger
line capacity
is
recommend
ed. Since the
link provides
for a
standby
database, a
short loss of
Which of the A. B. C. D. B. Explanation:
following is Integrity Availability Completene Confidentiali Availability In case of a
MOST ss ty disruption in
directly service, one
affected by of the key
network functions of
performance network
monitoring performance
tools? monitoring
tools is to
ensure
that the
information
has
remained
unaltered. It
is a function
of security
monitoring
to assure
confidentiali
ty by
using such
tools as
encryption.
However,
the most
important
aspect of
network
performance
is assuring
the
ongoing
Which of the A. B. C. D. C. Explanation:
following Screening Packet filter Application Circuit Application The
types of router gateway gateway gateway application
firewalls gateway is
provide the similar to a
GREATEST circuit
degree and gateway, but
granularity it has
of control? specific
proxies for
each service.
To handle
web
services, it
has an HTTP
proxy that
acts as an
intermediary
between
externals
and
internals,
but is
specifically
for HTTP.
This means
that it not
only checks
the packet IP
addresses
(layer 3) and
the ports it
is
directed to
Which of the A. B. C. D. D. Explanation:
following Parity check Echo check Block sum Cyclic Cyclic The cyclic
controls will check redundancy redundancy redundancy
MOST check check check (CRC)
effectively can check
detect the for a block
presence of of
bursts of transmitted
errors in data. The
network workstations
transmission generate the
s? CRC and
transmit it
with the
data. The
receiving
workstation
computes a
CRC and
compares it
to the
transmitted
CRC. if both
of them are
equal.then
the block is
assumed
error free, in
this case
(such as in
parity
error or
echo check),
multiple
Which of the A. B. C. D. A. Explanation:
following is Configuratio Topological Application Proxy server Configuratio Configuratio
widely n mappings of troubleshoo n n
accepted as managemen monitoring ting managemen managemen
one of the t tools t t is widely
critical accepted as
components one of the
in key
networking components
managemen of any
t? network,
since it
establishes
how the
network will
function
internally
and
externally, it
also deals
with the
managemen
t of
configuratio
n and
monitoring
performance
. Topological
mappings
provide
outlines of
the
components
of the
An IS auditor A. B. C. D. C. Explanation:
finds that, at Permanent Commitmen User spool Read/write User spool User spool
certain times table-space t and and access log and limits
of the day, allocation rollback database controls database restrict the
the data controls limit limit space
warehouse controls controls available for
query running user
performance queries. This
decreases prevents
significantly. poorly
Which of the formed
following queries from
controls consuming
would it be excessive
relevant for system
the IS resources
auditor to and
review? impacting
general
query
performance
. Limiting the
space
available
to users in
their own
databases
prevents
them from
building
excessively
large tables.
This helps to
control
Which of the A. B. C. D. D. Explanation:
following Authenticati Data Read/write Commitmen Commitmen Commitmen
database on controls normalizatio access log t and t and t and
controls n controls controls rollback rollback rollback
would controls controls controls are
ensure that directly
the integrity relevant to
of integrity.
transactions These
is controls
maintained ensure that
in an database
online operations
transaction that form a
processing logical
system’s transaction
database? unit will
complete in
its entirety
or not at all;
i.e., if, for
some
reason, a
transaction
cannot be
fully
completed,
then
incomplete
inserts/upda
tes/deletes
are rolled
back so that
the
An IS auditor A. B. C. D. C. Explanation:
finds that increase the Centralize all Change the implement Change the Keeping the
client frequency request application reconciliatio application data in one
requests for data processing in architecture n controls to architecture place is the
were replication one so that detect so that best way to
processed between the department common duplicates common ensure that
multiple different to avoid data are before data are data are
times when department parallel held in just orders are held in just stored
received systems to processing one shared processed in one shared without
from ensure of the same database for the systems. database for redundancy
different timely request. all all and that all
independent updates. departments departments users have
department . . the same
al databases, data on their
which are systems.
synchronize Although
d weekly. increasing
What would the
be the BEST frequency
recommend may help to
ation? minimize the
problem, the
risk of
duplication
cannot be
eliminated
completely
because
parallel data
entry is still
possible.
Business
requirement
s will most
A database A. B. C. D. D. Explanation:
administrato concurrent deadlocks. unauthorize a loss of a loss of Normalizatio
r has access. d access to data data n is the
detected a data. integrity. integrity. removal of
performance redundant
problem data
with some elements
tables which from the
could be database
solved structure.
through Disabling
denormaliza normalizatio
tion. This n
situation will in relational
increase the databases
risk of: will create
redundancy
and a risk of
not
maintaining
consistency
of data, with
the
consequent
loss of data
integrity.
Deadlocks
are not
caused by
denormaliza
tion. Access
to data is
controlled
by
When A. B. C. D. D. Explanation:
performing a recommend review the review the review the review the If the
database that the conceptual stored justification. justification. database is
review, an IS database be data model. procedures. not
auditor normalized. normalized,
notices that the IS
some tables auditor
in the should
database are review the
not justification
normalized. since, in
The IS some
auditor situations,
should next: denormaliza
tion is
recommend
ed for
performance
reasons. The
IS auditor
should not
recommend
normalizing
the database
until further
investigation
takes place.
Reviewing
the
conceptual
data model
or the stored
procedures
will not
In a A. B. C. D. A. Explanation:
relational Foreign key Primary key Secondary Public key Foreign key In a
database key relational
with database
referential with
integrity, the referential
use of which integrity, the
of the use of
following foreign keys
keys would would
prevent prevent
deletion of events such
a row from a as primary
customer key changes
table as long and record
as the deletions,
customer resulting in
number of orphaned
that row is relations
stored with within the
live orders database. It
on the should not
orders be possible
table? to delete a
row from a
customer
table when
the
customer
number
(primary
key) of that
row is stored
with live
During A. B. C. D. A. Explanation:
maintenance the detail of there is no the database the database the detail of When the
of a involved way of will will no involved external key
relational transactions reconstructi immediately longer transactions of a
database, may no ng the lost stop accept input may no transaction
several longer be information, execution data. longer be is corrupted
values of the associated except by and lose associated or lost, the
foreign key with master deleting the more with master application
in a data, causing dangling information. data, causing system will
transaction errors when tuples and errors when normally be
table of a these reentering these incapable of
relational transactions the transactions directly
database are transactions. are attaching
have been processed. processed. the master
corrupted. data to the
The transaction
consequenc data. This
e is that: will normally
cause the
system to
undertake a
sequential
search and
slow down
the
processing.
If the
concerned
files are big,
this
slowdown
will be
unacceptabl
e. Choice B
An IS auditor A. B. C. D. D. Explanation:
analyzing Consistency Isolation Durability Atomicity Atomicity Atomicity
the audit log guarantees
of a that either
database the entire
managemen transaction
t system is processed
(DBMS) finds or none of it
that some is.
transactions Consistency
were ensures that
partially the database
executed as is in a legal
a result of an state when
error, and the
are not transaction
rolled back. begins and
Which of the ends,
following isolation
transaction means that,
processing while in an
features has intermediate
been state, the
violated? transaction
data is
invisible to
external
operations.
Durability
guarantees
that a
successful
transaction
will persist,
Which of the A. B. C. D. B. Explanation:
following Audit log Table Query/table Rollback and Table Performing
controls procedures link/referenc access time rollforward link/referenc table
would e checks checks database e checks link/referenc
provide the features e checks
GREATEST serves to
assurance of detect table
database linking
integrity? errors (such
as
completenes
s and
accuracy of
the contents
of the
database),
and thus
provides the
greatest
assurance of
database
integrity.
Audit
log
procedures
enable
recording of
all events
that have
been
identified
and help in
tracing the
events.
The A. B. C. D. B. Explanation:
objective of restrict prevent prevent ensure the prevent Concurrency
concurrency updating of integrity inadvertent accuracy, integrity controls
control in a the database problems or completenes problems prevent data
database to when two unauthorize s and when two integrity
system is to: authorized processes d disclosure consistency processes problems,
users. attempt to of data in of data. attempt to which can
update the the update the arise when
same data at database. same data at two update
the same the same processes
time. time. access the
same data
item at the
same time.
Access
controls
restrict
updating of
the database
to
authorized
users, and
controls
such as
passwords
prevent the
inadvertent
or
unauthorize
d disclosure
of data from
the
database.
Quality
Which of the A. B. C. D. D. Explanation:
following Cyclic Domain Relational Referential Referential Referential
will prevent integrity integrity integrity integrity integrity integrity
dangling ensures that
tuples in a a foreign key
database? in one table
will equal
null or the
value of a
primary in
the other
table. For
every tuple
in a table
having a
referenced/f
oreign key,
there should
be a
correspondi
ng tuple in
another
table, i.e.,
for existence
of all foreign
keys in the
original
tables, if this
condition is
not satisfied,
then it
results in a
dangling
tuple.
Which of the A. B. C. D. D. Explanation:
following Granting Capturing Writing dual Sending log Sending log Establishing
would BEST access to log log events in logs onto information information a dedicated
maintain the information the separate to a to a third-party
integrity of a only to operating storage dedicated dedicated log server
firewall log? administrato system layer media third-party third-party and logging
rs log server log server events in it is
the best
procedure
for
maintaining
the
integrity of a
firewall log.
When access
control to
the log
server is
adequately
maintained,
the risk of
unauthorize
d log
modification
will be
mitigated,
therefore
improving
the integrity
of log
information.
To enforce
segregation
of duties,
Doing which A. B. C. D. B. Explanation:
of the Performing Performing Promoting Replacing a Performing Choices A
following data preventive applications failed power preventive and C are
during peak migration or maintenance from supply in the maintenance processing
production tape backup on electrical developmen core router on electrical events
hours could systems t to the of the data systems which may
result in staging center impact
unexpected environment performance
downtime? , but would
not cause
downtime.
Enterprise-
class routers
have
redundant
hot-
swappable
power
supplies, so
replacing a
failed power
supply
should not
be an issue.
Preventive
maintenance
activities
should be
scheduled
for non-peak
times of the
day,
and
preferably
Which of the A. B. C. D. C. Explanation:
following is A security An open- A log An extract, A log A log
the BEST information source managemen transform, managemen managemen
type of event correlation t tool load (ETL) t tool t tool is a
program for managemen engine system product
an t (SIEM) designed to
organization product aggregate
to events from
implement many log
to files (with
aggregate, distinct
correlate formats and
and store from
different log different
and event sources),
files, and store them
then and typically
produce correlate
weekly and them offline
monthly to produce
reports for IS many
auditors? reports (e.g.,
exception
reports
showing
different
statistics
including
anomalies
and
suspicious
activities),
and to
answer
To verify A. B. C. D. C. Explanation:
that the operator operator system logs. output system logs. System logs
correct problem work distribution are
version of a reports. schedules. reports. automated
data file was reports
used for a which
production identify
run, an IS most of the
auditor activities
should performed
review: on the
computer.
Programs
that analyze
the system
log have
been
developed
to report on
specifically
defined
items. The
auditor can
then
carry out
tests to
ensure that
the correct
file version
was used for
a production
run.
Operator
problem
An IS auditor A. B. C. D. A. Explanation:
observes a Staging and Supervisory Regular Offsite Staging and If the IS
weakness in job set up review of back-up of storage of job set up auditor finds
the tape logs tapes tapes that there
managemen are effective
t system at a staging and
data center job set up
in that some processes,
parameters this can be
are set to accepted as
bypass or a
ignore tape compensatin
header g control.
records. Choice B is a
Which of the detective
following is control
the MOST while
effective choices C
compensatin and D are
g corrective
control for controls,
this none of
weakness? which would
serve as
good
compensatin
g controls.
When A. B. C. D. D. Explanation:
reviewing a the schedule it is in line it has been the program the program Though
hardware of all with approved by is validated is validated maintenance
maintenance unplanned historical the IS against against requirement
program, an maintenance trends. steering vendor vendor s vary based
IS auditor is committee. specification specification on
should maintained. s. s. complexity
assess and
whether: performance
work loads,
a hardware
maintenance
schedule
should be
validated
against the
vendor-
provided
specification
s. For
business
reasons,
an
organization
may choose
a more
aggressive
maintenance
program
than the
vendor’s
program.
The
maintenance
Which of the A. B. C. D. B. Explanation:
following Redundant Clustering Dial backup Standby Clustering Clustering
BEST limits pathways lines power allows two
the impact or more
of server servers to
failures in a work as a
distributed unit, so that
environment when one of
? them fails,
the other
takes over.
Choices A
and C are
intended to
minimize the
impact of
channel
communicati
ons failures,
but not a
server
failure.
Choice D
provides an
alternative
power
source in the
event of an
energy
failure.
An IS auditor A. B. C. D. C. Explanation:
reviewing an source data file version one-for-one version For
organization’ documentati security. usage checking. usage processing
s data file on control. control. to be
control retention. correct, it is
procedures essential
finds that that the
transactions proper
are applied version of a
to the file is used.
most current Transactions
files, while should be
restart applied to
procedures the most
use earlier current
versions. database,
The IS while restart
auditor procedures
should should use
recommend earlier
the versions.
implementa Source
tion of: documentati
on should be
retained for
an adequate
time period
to enable
documentati
on retrieval,
reconstructi
on or
verification
of data, but
The BEST A. B. C. D. D. Explanation:
way to compression functional or a packet- leased leased Leased
minimize the software to message filtering asynchronou asynchronou asynchronou
risk of minimize acknowledg firewall to s transfer s transfer s transfer
communicati transmission ments. reroute mode lines. mode lines. mode lines
on failures in duration. messages. are a way to
an e- avoid using
commerce public and
environment shared
would be to infrastructur
use: es from the
carrier or
Internet
service
provider
that have a
greater
number of
communicati
on failures.
Choice A,
compression
software, is
a valid way
to reduce
the problem,
but is not as
good as
leased
asynchronou
s
transfer
mode lines.
Choice B is a
Web and e- A. B. C. D. A. Explanation:
mail filtering protect the maximize safeguard assist the protect the The main
tools are organization employee the organization organization reason for
PRIMARILY from viruses performance organization’ in from viruses investing in
valuable to and . s image. preventing and web and e-
an nonbusiness legal issues nonbusiness mail filtering
organization materials. materials. tools is that
because they
they: significantly
reduce risks
related to
viruses,
spam, mail
chains,
recreational
surfing and
recreational
e-mail.
Choice B
could be
true in some
circumstanc
es (i.e., it
would need
to be
implemente
d along with
an
awareness
program, so
that
employee
performance
can be
The A. B. C. D. B. Explanation:
database loss of increased unauthorize application increased Normalizatio
administrato confidentiali redundancy. d accesses. malfunctions redundancy. n is a design
r (DBA) ty. . or
suggests optimization
that DB process for a
efficiency relational
can be database
improved by (DB) that
denormalizin minimizes
g some redundancy;
tables. therefore,
This would denormaliza
result in: tion would
increase
redundancy.
Redundancy
which is
usually
considered
positive
when
it is a
question of
resource
availability is
negative in a
database
environment
, since it
demands
additional
and
otherwise
The MOST A. B. C. D. C. Explanation:
significant contents are data cannot data can be device may data can be Unless
security highly be backed copied. not be copied. properly
concern volatile. up. compatible controlled,
when using with other flash
flash peripherals. memory
memory provides an
(e.g., USB avenue for
removable anyone to
disk) is that copy any
the: content with
ease. The
contents
stored in
flash
memory are
not volatile.
Backing up
flash
memory
data is not a
control
concern, as
the
data are
sometimes
stored as a
backup.
Flash
memory will
be accessed
through a PC
rather than
any other
Which of the A. B. C. D. C. Explanation:
following Protecting Setting a Hardening Implementin Hardening Hardening a
BEST the server in boot the server g activity the server system
ensures the a secure password configuratio logging configuratio means to
integrity of a location n n configure it
server’s in the most
operating secure
system? manner
(install latest
security
patches,
properly
define the
access
authorizatio
n for users
and
administrato
rs, disable
insecure
options and
uninstall
unused
services) to
prevent
nonprivilege
d users from
gaining the
right to
execute
privileged
instructions
and thus
take
IT A. B. C. D. A. Explanation:
operations The The service Recently a incident logs The The lack of a
for a large outsourcing provider corrupted are not outsourcing disaster
organization contract does not database being contract recovery
have been does not have could not be reviewed. does not provision
outsourced. cover incident recovered cover presents a
An IS auditor disaster handling because of disaster major
reviewing recovery for procedures. library recovery for business
the the managemen the risk.
outsourced outsourced t problems. outsourced Incorporatin
operation IT IT g such a
should be operations. operations. provision
MOST into the
concerned contract will
about which provide the
of the outsourcing
following organization
findings? leverage
over the
service
provider.
Choices B, C
and D are
problems
that should
be
addressed
by the
service
provider, but
are not as
important as
contract
requirement
Which of the A. B. C. D. B. Explanation:
following Mirroring Simultaneou Write- Storing the Simultaneou A write-once
will help the system sly protecting backup of sly CD cannot
detect log on duplicating the directory the system duplicating be
changes another the system containing log offsite the system overwritten.
made by an server log on a the system log on a Therefore,
intruder to write-once log write-once the system
the system disk disk log
log of a duplicated
server? on the disk
could be
compared to
the original
log to detect
differences,
which could
be the result
of changes
made by an
intruder.
Write-
protecting
the system
log does not
prevent
deletion or
modification
, since the
superuser
can override
the write
protection.
Backup and
mirroring
Which of the A. B. C. D. D. Explanation:
following is a Online Downtime Help desk Protocol Protocol Protocol
network monitor report report analyzer analyzer analyzers
diagnostic are network
tool that diagnostic
monitors tools that
and records monitor and
network record
information? network
information
from packets
traveling in
the link to
which the
analyzer is
attached.
Online
monitors
(choice A)
measure
telecommun
ications
transmission
s and
determine
whether
transmission
s were
accurate and
complete.
Downtime
reports
(choice B)
track the
Applying a A. B. C. D. B. Explanation:
retention data cannot data will not backup datasets data will not A retention
date on a file be read until be deleted copies are having the be deleted date will
will ensure the date is before that not retained same name before that ensure that
that: set. date. after that are date. a file cannot
date. differentiate be
d. overwritten
before that
date has
passed. The
retention
date will
not affect
the ability to
read the file.
Backup
copies
would be
expected to
have a
different
retention
date and
therefore
may be
retained
after the file
has been
overwritten.
The creation
date, not the
retention
date, will
differentiate
Which of the A. B. C. D. C. Explanation:
following Sensitive Data can be Unauthorize Output can Unauthorize Unless
exposures data can be amended d report be lost in the d report controlled,
associated read by without copies can event of copies can spooling for
with the operators. authorizatio be printed. system be printed. offline
spooling of n. failure. printing may
sensitive enable
reports for additional
offline copies to be
printing printed.
should an Print files
IS auditor are unlikely
consider to to be
be the MOST available for
serious? online
reading by
operators.
Data on
spool files
are no easier
to amend
without
authority
than
any other
file. There is
usually a
lesser threat
of
unauthorize
d access to
sensitive
reports in
the event of
Which of the A. B. C. D. A. Explanation:
following A system Vendors’ Regularly A written A system A system
would an IS downtime reliability scheduled preventive downtime downtime
auditor log figures maintenance maintenance log log provides
consider to log schedule information
be the MOST regarding
helpful the
when effectiveness
evaluating and
the adequacy of
effectiveness computer
and preventive
adequacy of maintenance
a computer programs.
preventive
maintenance
program?
To A. B. C. D. D. Explanation:
determine System Enabled Logs of System System A review of
which users access log access access configuratio configuratio system
can gain files control control n files for n files for configuratio
access to the software violations control control n files for
privileged parameters options used options used control
supervisory options used
state, which would show
of the which users
following have access
should an to the
IS auditor privileged
review? supervisory
state. Both
systems
access log
files and logs
of access
violations
are
detective in
nature.
Access
control
software is
run under
the
operating
system.
Which of the A. B. C. D. B. Explanation:
following The use of Periodic The use of Policies that Periodic The periodic
procedures diskless checking of current result in checking of checking of
would MOST workstations hard drives antivirus instant hard drives hard drives
effectively software dismissal if would be
detect the violated the most
loading of effective
illegal method of
software identifying
packages illegal
onto software
a network? packages
loaded to
the network.
Antivirus
software will
not
necessarily
identify
illegal
software,
unless the
software
contains a
virus. Disk
less
workstations
act as a
preventive
control and
are not
effective,
since users
could still
During a A. B. C. D. C. Explanation:
human Postpone Report the Confirm the Draft a Confirm the An IS auditor
resources the audit existence of content of service level content of should first
(HR) audit, until the the the agreement the confirm and
an IS auditor agreement is undocument agreement (SLA) for the agreement understand
is informed documented ed with both two with both the current
that there is agreement departments departments departments practice
a verbal to senior before
agreement managemen making any
between the t recommend
IT ations.
and HR The
departments agreement
as to the can be
level of IT documented
services after it has
expected. In been
this established
situation, that there is
what should an
the IS agreement
auditor do in place. The
FIRST? fact
that there is
not a written
agreement
does not
justify
postponing
the audit,
and
reporting to
senior
managemen
IT best A. B. C. D. C. Explanation:
practices for minimize provide for provide produce provide It is
the costs sufficient reasonable timely reasonable important
availability associated capacity to assurance performance assurance that
and with meet the that agreed metric that agreed negotiated
continuity of disaster- agreed upon upon reports. upon and agreed
IT services resilient demands of obligations obligations commitment
should: components. the business. to customers to customers s (i.e.,
can be met. can be met. service level
agreements
[SLAs]) can
be fulfilled
all the time.
If this were
not
achievable,
IT should not
have agreed
to these
requirement
s, as
entering into
such
a
commitment
would be
misleading
to the
business. ‘All
the time’ in
this context
directly
relates to
the ‘agreed
Which of the A. B. C. D. D. Explanation:
following Minimizing Prohibiting Evaluating Determining Determining From an IS
should be of costs for the the provider the process if the if the auditor’s
PRIMARY services from for services services perspective,
concern to provided subcontracti transferring were were the primary
an IS auditor ng services knowledge provided as provided as objective of
reviewing to the IT contracted contracted auditing the
the department managemen
managemen t of service
t of external providers
IT service should
providers? be to
determine if
the services
that were
requested
were
provided in a
way that is
acceptable,
seamless
and in
line with
contractual
agreements.
Minimizing
costs, if
applicable
and
achievable
(depending
on the
customer’s
need) is
The A. B. C. D. A. Explanation:
PRIMARY define, ensure that keep the monitor and define, The
objective of agree, services are costs report any agree, objective of
service-level record and managed to associated legal record and service-level
managemen manage the deliver the with any noncomplian manage the managemen
t (SLM) is to: required highest service at a ce to required t (SLM) is to
levels of achievable minimum. business levels of negotiate,
service. level of managemen service. document
availability. t. and manage
(i.e., provide
and
monitor) the
services in
the manner
in which the
customer
requires
those
services.
This does
not
necessarily
ensure that
services are
delivered
atthe
highest
achievable
level of
availability
(e.g.,
redundancy
and
clustering).
An A. B. C. D. B. Explanation:
organization Overall Percentage Number of Number of Percentage Since it is
has number of of incidents incidents agents of incidents about
outsourced users solved in the reported to answering solved in the service level
its help desk. supported first call the help the phones first call (performanc
Which of the desk e) indicators,
following the
indicators percentage
would be of incidents
the best to solved on
include in the first call
the SLA? is the
only option
that is
relevant.
Choices A, C
and D are
not quality
measures of
the help
desk service.
A benefit of A. B. C. D. C. Explanation:
quality of entire telecom participating communicati participating The main
service network’s carrier will applications ons link will applications function of
(QoS) is that availability provide the will have be will have QoS is to
the: and company guaranteed supported guaranteed optimize
performance with service by security service network
will be accurate levels. controls to levels. performance
significantly service-level perform by assigning
improved. compliance secure priority to
reports. online business
transactions. applications
and
end users,
through the
allocation of
dedicated
parts of the
bandwidth
to specific
traffic.
Choice A is
not true
because the
communicati
on itself will
not be
improved.
While the
speed of
data
exchange for
specific
applications
could be
Which of the A. B. C. D. D. Explanation:
following Utilization Hardware System logs Availability Availability IS inactivity,
reports reports error reports reports reports such as
should an IS downtime, is
auditor use addressed
to check by
compliance availability
with a reports.
service level These
agreement’s reports
(SLA) provide the
requirement time periods
for uptime? during which
the
computer
was
available for
utilization by
users or
other
processes.
Utilization
reports
document
the use of
computer
equipment,
and can be
used by
managemen
t to predict
how/where/
when
resources
When A. B. C. D. C. Explanation:
performing The Employees A single Five weeks A single Major
an audit of a technical pilot-testing implementa prior to the implementa system
client migration is the system tion is target date, tion is migrations
relationship planned for are planned, there are planned, should
managemen a Friday concerned immediately still immediately include a
t (CRM) preceding a that the data decommissi numerous decommissi phase of
system long representati oning the defects in oning the parallel
migration weekend, on in the legacy the printing legacy operation or
project, and the time new system system. functionality system. a phased
which of the window is is of the new cut-over to
following too short completely system’s reduce
should be of for different software. implementa
GREATEST completing from the old tion risks.
concern to all tasks. system. Decommissi
an IS oning or
auditor? disposing of
the old
hardware
would
complicate
any fallback
strategy,
should the
new system
not operate
correctly. A
weekend
can be used
as a time
buffer so
that the new
system will
have a
After A. B. C. D. D. Explanation:
discovering a Stress Black box Interface System System Given the
security extensivenes
vulnerability s of the
in a third- patch and its
party interfaces to
application external
that systems,
interfaces system
with several testing is
external most
systems, appropriate.
a patch is Interface
applied to a testing is not
significant enough, and
number of stress or
modules. black box
Which of the testing are
following inadequate
tests should in these
an IS auditor circumstanc
recommend es.
?
An IS auditor A. B. C. D. A. Explanation:
performing authorizatio creation number of creation authorizatio The manual
an n of program date of a program date of a n of program log will most
application changes. current changes current changes. likely
maintenance object actually source contain
audit would module. made. program. information
review the on
log of authorized
program changes to a
changes for program.
the: Deliberate,
unauthorize
d changes
will not be
documented
by the
responsible
party. An
automated
log, found
usually in
library
managemen
t products,
and not a
change log
would most
likely
contain date
information
for the
source
and
executable
A number of A. B. C. D. B. Explanation:
system Unit testing Integration Design Configuratio Integration A common
failures are testing walkthrough n testing system
occurring s managemen maintenance
when t problem is
corrections that errors
to previously are often
detected corrected
errors are quickly
resubmitted (especially
for when
acceptance deadlines
testing. This are tight).
would Units are
indicate that tested by
the the
maintenance programmer
team is and then
probably not transferred
performing to the
adequately acceptance
which test area;
of the this often
following results in
types of system
testing? problems
that should
have been
detected
during
integration
or system
testing.
Integration
An existing A. B. C. D. D. Explanation:
system is reverse prototyping. software reengineerin reengineerin Old (legacy)
being engineering. reuse. g. g. systems that
extensively have been
enhanced by corrected,
extracting adapted and
and reusing enhanced
design and extensively
program require
components. reengineerin
This is an g to
example of: remain
maintainabl
e.
Reengineeri
ng is a
rebuilding
activity to
incorporate
new
technologies
into existing
systems.
Using
program
language
statements,
reverse
engineering
involves
reversing a
program’s
machine
code into
When A. B. C. D. A. Explanation:
reviewing an The risks The latest Due to After hours The risks Since the
organization’ associated version of licensing support is associated business
s approved with the use software is issues the offered with the use conditions
software of the listed for list does not of the surrounding
product list, products are each contain products are vendors may
which of the periodically product open source periodically change, it is
following is assessed software assessed important
the MOST for an
important organization
thing to to conduct
verify? periodic risk
assessments
of the
vendor
software list.
This might
be best
incorporated
into the IT
risk
managemen
t process.
Choices B, C
and D are
possible
consideratio
ns but would
not be the
most
important.
When A. B. C. D. C. Explanation:
evaluating excessive application improper nonvalidated improper Foremost
the controls transaction interface transaction batch totals. transaction among the
of an EDI turnaround failure. authorizatio authorizatio risks
application, time. n. n. associated
an IS auditor with
should electronic
PRIMARILY data
be interchange
concerned (EDI) is
with the improper
risk of: transaction
authorizatio
n. Since the
interaction
with the
parties is
electronic,
there is no
inherent
authenticati
on. The
other
choices,
although
risks, are not
assignificant.
An IS auditor A. B. C. D. C. Explanation:
reviewing an review the accept stress the review the stress the Experience
accounts integrity of managemen importance background importance has
payable system t’s of having a checks of of having a demonstrate
system access statement system the accounts system d that
discovers controls. that control payable control reliance
that audit effective framework staff. framework purely on
logs are not access in place. in place. preventative
being controls are controls is
reviewed. in place. dangerous.
When Preventative
this issue is controls
raised with may not
managemen prove to be
t the as strong as
response is anticipated
that or their
additional effectiveness
controls are can
not deteriorate
necessary over time.
becauseeffe Evaluating
ctive system the
access cost of
controls are controls
in place. The versus the
BEST quantum of
response the risk is a valid
auditor can managemen
make is to: t concern.
However, in
a high-risk
system a
comprehensi
The A. B. C. D. C. Explanation:
GREATEST secure improved efficient enhanced efficient Web
advantage of communicati performance interfacing. documentati interfacing. services
using web ons. . on. facilitate the
services for exchange of
the information
exchange of between
information two systems,
between regardless of
two systems the
is: operating
system
or
programmin
g language
used.
Communica
tion is not
necessarily
securer or
faster, and
there is no
documentati
on benefit in
using web
services.
A clerk A. B. C. D. A. Explanation:
changed the The system The system The system The system The system Choice A
interest rate will not generates a requires the displays a will not would
for a loan on process the weekly clerk to warning process the prevent or
a master file. change until report listing enter an message to change until detect the
The rate the clerk’s all rate approval the clerk. the clerk’s use of an
entered is manager exceptions code. manager unauthorize
outside the confirms the and the confirms the d interest
normal change by report is change by rate. Choice
range for entering an reviewed by entering an B informs
such a loan. approval the clerk’s approval the manager
Which of the code. manager. code. after
following the fact that
controls is a change
MOST was made,
effective in thereby
providing making it
reasonable possible for
assurance transactions
that the to use an
change was unauthorize
authorized? d rate prior
to
managemen
t review.
Choices C
and D do not
prevent the
clerk from
entering an
unauthorize
d rate
change.
When using A. B. C. D. B. Explanation:
an production test data are a test data master files test data are An
integrated data are isolated generator is are updated isolated integrated
test facility used for from used. with the test from test facility
(ITF), an IS testing. production data. production (ITF) creates
auditor data. data. a fictitious
should file in the
ensure that: database,
allowing for
test
transactions
to be
processed
simultaneou
sly with live
data. While
this ensures
that periodic
testing does
not require a
separate
test process,
there is a
need to
isolate test
data from
production
data. An IS
auditor is
not required
to use
production
data or a
test data
When A. B. C. D. B. Explanation:
reviewing not be ensure that verify recommend ensure that If input
input concerned overrides whether all that overrides procedures
controls, an since there are such overrides are allow
IS auditor may be automaticall overrides not be automaticall overrides of
observes other y logged and are referred permitted. y logged and data
that, in compensatin subject to to senior subject to validation
accordance g controls to review. managemen review. and editing,
with mitigate the t for automatic
corporate risks. approval. logging
policy, should
procedures occur. A
allow managemen
supervisory t individual
override of who did not
data initiate the
validation override
edits. The IS should
auditor review this
should: log. An IS
auditor
should not
assume
that
compensatin
g controls
exist. Aslong
as the
overrides
are policy-
compliant,
there is no
need for
senior
When A. B. C. D. D. Explanation:
transmitting Use of a Enciphering Deciphering A sequence A sequence When
a payment cryptographi the message the message number and number and transmitting
instruction, c hashing digest digest time stamp time stamp data, a
which of the algorithm sequence
following number
will help and/or time
verify that stamp built
the into the
instruction message to
was not make it
duplicated? unique can
be
checked by
the recipient
to ensure
that the
message
was not
intercepted
and
replayed.
This is
known as
replay
protection,
and could be
used to
verify that a
payment
instruction
was not
duplicated.
Use of a
Which of the A. B. C. D. A. Explanation:
following is Accuracy of Credibility of Accuracy of Accuracy of Accuracy of Accuracy of
the MOST the source the data the the data the source source data
critical and data source extraction transformati data is a
contributes process on prerequisite
the greatest for the
to the quality of
quality of the data in a
data in a data
data warehouse.
warehouse? Credibility of
the data
source,
accurate
extraction
processes
and accurate
transformati
on routines
are all
important,
but would
not
change
inaccurate
data into
quality
(accurate)
data.
Which of the A. B. C. D. A. Explanation:
following Transaction Loss or Transmission Deletion or Transaction Since the
represents authorizatio duplication delay manipulatio authorizatio interaction
the n of EDI n of n between
GREATEST transmission transactions parties is
potential s prior to or electronic,
risk in an EDI after there is no
environment establishme inherent
? nt of authenticati
application on
controls occurring;
therefore,
transaction
authorizatio
n is the
greatest risk.
Choices B
and D are
examples of
risks, but the
impact is not
as
great as that
of
unauthorize
d
transactions.
Transmission
delays may
terminate
the process
or hold the
line until
the normal
A company A. B. C. D. A. Explanation:
uses a bank payroll gross payroll checks checks payroll The best
to process reports should be (cheques) (cheques) reports way to
its weekly should be recalculated should be should be should be confirm data
payroll. Time compared to manually. compared to reconciled compared to accuracy,
sheets and input forms. input forms. with output input forms. when input
payroll reports. is provided
adjustment by the
forms (e.g., company
hourly and output
rate is generated
changes, by the
terminations bank, is to
) are verify the
completed data input
and (input
delivered to forms) with
the bank, the results
which of the
prepares payroll
checks reports.
(cheques) Hence,
and comparing
reports for payroll
distribution. reports with
To BEST input forms
ensure is the best
payroll data mechanism
accuracy: of verifying
data
accuracy.
Recalculatin
g gross
payroll
Once an A. B. C. D. B. Explanation:
organization pre-BPR post-BPR BPR project continuous post-BPR An IS
has finished process process plans. improvemen process auditor’s
the business flowcharts. flowcharts. t and flowcharts. task is to
process monitoring identify and
reengineerin plans. ensure that
g (BPR) of all key controls
its critical have been
operations, incorporated
an IS into the
auditor reengineere
would MOST d
likely focus process.
on a review Choice A is
of: incorrect
because an
IS auditor
must review
the process
as it is today,
not as it was
in the
past.
Choices C
and D are
incorrect
because
they are
steps within
a BPR
project.
A company A. B. C. D. D. Explanation:
has recently Key One-for-one Manual Functional Functional Acting as an
upgraded its verification checking recalculation acknowledg acknowledg audit trail
purchase s ements ements for EDI
system to transactions,
incorporate functional
EDI acknowledg
transmission ements are
s. Which of one of the
the main
following controls
controls used in
should be data
implemente mapping. All
d in the EDI the other
interface to choices are
provide for manual
efficient input
data controls,
mapping? whereas
data
mapping
deals with
automatic
integration
of data in
the receiving
company.
An IS auditor A. B. C. D. B. Explanation:
recommend check to verify the ensure that confirm that verify the The initial
s that an ensure that format of the the card is format of validation
initial the type of the number transaction not shown the number should
validation transaction entered entered is as lost or entered confirm
control be is valid for then locate within the stolen on then locate whether the
programmed the card it on the cardholder’s the master it on the card is valid.
into a credit type. database. credit limit. file. database. This validity
card is
transaction established
capture through the
application. card
The initial number and
validation PIN entered
process by the user.
would MOST Based on
likely: this initial
validation,
all other
validations
will proceed.
A
validation
control in
data capture
will ensure
that the data
entered is
valid (i.e., it
can be
processed
by the
system). If
the data
An IS auditor A. B. C. D. C. Explanation:
who has EDI trading physical authenticati program authenticati Authenticati
discovered partner controls for on change on on
unauthorize agreements. terminals. techniques control techniques techniques
d for sending procedures. for sending for sending
transactions and and and
during a receiving receiving receiving
review of messages. messages. messages
EDI play a key
transactions role in
is likely to minimizing
recommend exposure to
improving unauthorize
the: d
transactions.
The EDI
trading
partner
agreements
would
minimize
exposure to
legal issues.
What is a A. B. C. D. C. Explanation:
data Accuracy Completene Reasonablen Redundancy Reasonablen A
validation check ss check ess check check ess check reasonablen
edit control ess check is
that a data
matches validation
input data to edit control
an that
occurrence matches
rate? input data to
Choose the an
BEST occurrence
answer. rate.
Processing A. B. C. D. B. Explanation:
controls Documented Authorized Accepted Approved Authorized Processing
ensure that routines routines routines routines routines controls
data is ensure that
accurate and data is
complete, accurate and
and is complete,
processed and is
only through processed
which of the only through
following? authorized
Choose the routines.
BEST
answer.
When A. B. C. D. D. Explanation:
should an Before Immediately During run- Before an Before an An
application- transaction after an EFT to-run total EFT is EFT is application-
level edit completion is initiated testing initiated initiated level edit
check to check to
verify that verify
availability availability
of funds was of funds
completed should be
at the completed
electronic at the
funds electronic
transfer funds
(EFT) transfer
interface? (EFT)
interface
before an
EFT is
initiated.
Whenever A. B. Explanation: A.
business True False Whenever True
processes business
have been processes
re- have been
engineered, re-
the IS engineered,
auditor the IS
attempts to auditor
identify and should
quantify the attempt to
impact of identify and
any controls quantifythe
that might impact of
have been any controls
removed, or that might
controls that have been
might not removed, or
work as controls that
effectively might not
after work as
business effectively
process afterbusines
changes. s process
True or changes.
false?
Business A. B. C. D. A. Explanation:
process re- Increased; a Increased; a Less; a fewer Increased; Increased; a Business
engineering greater fewer the same greater process re-
often results engineering
in often results
__________ in increased
____ automation,
automation, which
which results in a
results in greater
__________ number of
___ number people using
of people technology.
using
technology.
Fill in the
blanks.
After A. B. C. D. C. Explanation:
identifying To evaluate To To perform a To To perform a After
potential potential implement business immediately business identifying
security countermea effective impact advise senior impact potential
vulnerabiliti sures and countermea analysis of managemen analysis of security
es, what compensato sures and the threats t of the the threats vulnerabiliti
should be ry controls compensato that would findings that would es, the IS
the IS ry controls exploit the exploit the auditor’s
auditor’s vulnerabiliti vulnerabiliti next step is
next step? es es to perform a
business
impact
analysis of
the threats
that would
exploit the
vulnerabiliti
es.
Authenticati A. B. C. D. B. Explanation:
on Unsynchroni Unauthorize Inaccurate Incomplete Unauthorize Authenticati
techniques zed d transactions transactions d on
for sending transactions transactions transactions techniques
and for sending
receiving and
data receiving
between EDI data
systems is between EDI
crucial to systems are
prevent crucial to
which of prevent
the unauthorize
following? d
Choose the transactions.
BEST
answer.
Input/output A. B. C. D. C. Explanation:
controls The The sending Both the Output on Both the Input/output
should be receiving application sending and the sending sending and controls
implemente application receiving application receiving should be
d for which applications and input on applications implemente
applications the receiving d for both
in an application the sending
integrated and
systems receiving
environment applications
? in an
integrated
systems
environment
Above A. B. C. D. A. Explanation:
almost all Failing to Lack of user Lack of Insufficient Failing to Above
other perform training for software unit, perform almost all
concerns, user the new documentati module, and user other
what often acceptance system on and run systems acceptance concerns,
results in the testing manuals testing testing failing to
greatest perform
negative user
impact on acceptance
the testing often
implementa results in the
tion of greatest
new negative
application impact on
software? the
implementa
tion of new
application
software.
When A. B. C. D. A. Explanation:
should plans In the In the In the design In the In the Plans for
for testing requirement feasibility phase of the developmen requirement testing for
for user s definition phase of the systems- t phase of s definition user
acceptance phase of the systems- developmen the systems- phase of the acceptance
be systems- developmen t project developmen systems- are usually
prepared? developmen t project t project developmen prepared in
Choose the t project t project the
BEST requirement
answer. s definition
phase of the
systemsdeve
lopment
project.
Who is A. B. C. D. B. Explanation:
responsible The project The project Senior The project The project The project
for the sponsor steering managemen team leader steering steering
overall committee t committee committee is
direction, responsible
costs, and for the
timetables overall
for systems- direction,
developmen costs, and
t projects? timetables
for
systemsdeve
lopment
projects.
Who is A. B. C. D. A. Explanation:
ultimately The project The project The project The project The project The project
responsible sponsor members leader steering sponsor sponsor is
for providing committee ultimately
requirement responsible
specification for providing
s to the requirement
software- specification
developmen s to the
t team? software-
developmen
t team.
What A. B. C. D. C. Explanation:
protects an Assigning Program Source code Internal Source code Source code
application copyright to back doors escrow programmin escrow escrow
purchaser’s the g expertise protects an
ability to fix organization application
or change an purchaser’s
application ability to fix
in case the or change an
application application
vendor in case the
goes out of application
business? vendor goes
out of
business.
What is an A. B. C. D. C. Explanation:
acceptable Off-site Electronic Shadow file Storage area Shadow file Shadow file
recovery remote vaulting processing network processing processing
mechanism journaling can be
for implemente
extremely d as a
time- recovery
sensitive mechanism
transaction for
processing? extremely
time-
sensitive
transaction
processing.
Off-site data A. B. C. D. D. Explanation:
storage Financial Sales Inventory Transaction Transaction Off-site data
should be reporting reporting reporting processing processing storage
kept should be
synchronize kept
d when synchronize
preparing d when
for recovery preparing
of time- for the
sensitive recovery of
data such as timesensitiv
that e data such
resulting as that
from which resulting
of the from
following? transaction
Choose the processing.
BEST
answer.
Mitigating A. B. Explanation: A.
the risk and True False Mitigating True
impact of a the risk and
disaster or impact of a
business disaster or
interruption business
usually takes interruption
priority over usually takes
transference priority over
of transferring
risk to a risk toa third
third party party such as
such as an an insurer.
insurer. True
or false?
How can A. B. C. D. B. Explanation:
minimizing By By By retaining By preparing By Minimizing
single points implementin geographical onsite data BCP and DRP geographical single points
of failure or g redundant ly dispersing backup in documents ly dispersing of failure or
vulnerabiliti systems and resources fireproof for resources vulnerabiliti
es of a applications vaults commonly es of a
common onsite identified common
disaster best disasters disaster is
be mitigated by
controlled? geographical
ly
dispersing
resources.
If a database A. B. C. D. B. Explanation:
is restored The system The system The system The system The system If a database
from should be should be should be should be should be is restored
information restarted restarted restarted at restarted on restarted from
backed up after the last before the the first the last before the information
before the transaction. last transaction. transaction. last backed up
last system transaction. transaction. before the
image, last system
which of the image, the
following is system
recommend should be
ed? restarted
before the
last
transaction
because the
final
transaction
must be
reprocessed.
The purpose A. B. C. D. B. Explanation:
of business Transfer the Mitigate, or Accept the Eliminate Mitigate, or The primary
continuity risk and reduce, the risk and the risk and reduce, the purpose of
planning and impact of a risk and impact of a impact of a risk and business
disaster- business impact of a business business impact of a continuity
recovery interruption business interruption business planning and
planning is or disaster interruption or disaster interruption disaster-
to: or disaster or disaster recovery
planning is
to mitigate,
or
reduce, the
risk and
impact of a
business
interruption
or disaster.
Total
elimination
of risk is
impossible.
Organization A. B. C. D. C. Explanation:
s should use Confidentiali Integrity Redundancy Concurrency Redundancy Redundancy
off-site ty is the best
storage answer
facilities to because it
maintain provides
__________ both
_______ (fill integrity and
in the blank) availability.
of current Organization
and critical s should use
information offsite
within storage
backup files. facilities to
Choose the maintain
BEST redundancy
answer. of current
and critical
information
within
backup files.
If a A. B. Explanation:I A.
programmer True False fa True
has update programmer
access to a has update
live system, access to a
IS auditors live system,
are more IS auditors
concerned are more
with the concerned
programmer with the
’s programmer
ability to ’sability to
initiate or initiate or
modify modify
transactions transactions
and the and the
ability to ability to
access access
production production
than with than with
the the
programmer programmer
’s ability to ’s ability
authorize toauthorize
transactions. transactions.
True or
false?
Rather than A. B. Explanation:I B.
simply True False nstead of False
reviewing simply
the reviewing
adequacy of the
access effectiveness
control, and
appropriate utilization of
ness of assets, an IS
access auditor is
policies, and more
effectiveness concerned
of withadequat
safeguards e access
and control,
procedures, appropriate
the IS access
auditor is policies, and
more effectiveness
concerned of
with safeguards
effectiveness and
and procedures.
utilization of
assets. True
or false?
What is A. B. C. D. A. Explanation:
often Database Database Database Database Database Database
assured integrity synchroniza normalcy accuracy integrity integrity is
through tion most often
table link ensured
verification through
and table link
reference verification
checks? and
reference
checks.
What A. B. C. D. D. Explanation:
process is Identificatio Nonrepudia Authorizatio Authenticati Authenticati Authenticati
used to n tion n on on on is used to
validate a validate a
subject’s subject’s
identity? identity.
What A. B. C. D. B. Explanation:
determines A A A Initial input A The strength
the strength combination combination combination vectors and combination of a secret
of a secret of key of key of key length the of key key within a
key within a length, length, initial and the complexity length, initial symmetric
symmetric degree of input complexity of the data- input key
key permutation vectors, and of the data- encryption vectors, and cryptosyste
cryptosyste , and the the encryption algorithm the m is
m? complexity complexity algorithm that uses the complexity determined
of the data- of the data- that uses the key of the data- by a
encryption encryption key encryption combination
algorithm algorithm algorithm of key
that that that length,
uses the key uses the key uses the key initial input
vectors, and
the
complexity
of the data-
encryption
algorithm
that uses the
key.
What is used A. B. C. D. C. Explanation:
to provide An A user A website Authenticod A website A website
authenticati organization certificate certificate e certificate certificate is
on of the al certificate used to
website and provide
can also be authenticati
used to on of the
successfully website and
authenticate can also be
keys used to
used for successfully
data authenticate
encryption? keys used
for data
encryption.
What is a A. B. C. D. C. Explanation:
common Assigning Lack of Improperly Configuring Improperly Improperly
vulnerability, access to employee configured firewall configured configured
allowing users awareness routers and access rules routers and routers and
denial-of- according to of router router router
service the principle organization access lists access lists access lists
attacks? of least al security are a
privilege policies common
vulnerability
for denial-
of-service
attacks.
Which of the A. B. C. D. C. Explanation:
following Inbound Using access Outbound Recentralizin Outbound Outbound
help(s) traffic control lists traffic g distributed traffic traffic
prevent an filtering (ACLs) to filtering systems filtering filtering can
organization’ restrict help prevent
s systems inbound an
from connection organization’
participating attempts s systems
in a from
distributed participating
denial- in a
ofservice distributed
(DDoS) denial-
attack? ofservice
Choose the (DDoS)
BEST attack.
answer.
What is an A. B. C. D. A. Explanation:
effective Creating Creating Creating Creating a Creating Creating
control for user permanent user single user user
granting accounts guest accounts shared accounts accounts
temporary that accounts for that restrict vendor that that
access to automaticall temporary logon access administrato automaticall automaticall
vendors and y expire by a use to certain r account on y expire by a y expire by a
external predetermin hours of the the basis of predetermin predetermin
support ed date day least- ed date ed date is an
personnel? privileged effective
Choose access control for
the BEST granting
answer. temporary
access to
vendors and
external
support
personnel.
Which of the A. B. C. D. B. Explanation:
following Automated Data Data Parallel Data Data
provide(s) electronic mirroring mirroring processing mirroring mirroring
near- journaling and parallel and parallel and parallel
immediate and parallel processing processing processing
recoverabilit processing are both
y for time- used to
sensitive provide
systems and near-
transaction immediate
processing? recoverabilit
y for time-
sensitive
systems and
transaction
processing.
What A. B. C. D. A. Explanation:
supports Diverse Dual routing Alternate Redundant Diverse Diverse
data routing routing routing routing routing
transmission supports
through split data
cable transmission
facilities or through split
duplicate cable
cable facilities, or
facilities? duplicate
cable
facilities.
Which of the A. B. C. D. B. Explanation:
following are Expert Neural Integrated Multitasking Neural Neural
effective in systems networks synchronize applications networks networks
detecting d systems are effective
fraud in detecting
because fraud
they have because
the they have
capability to the
consider a capability to
large consider a
number of large
variables number of
when trying variables
to resolve a when trying
problem? to resolve a
Choose the problem.
BEST
answer.
How do A. B. C. D. A. Explanation:
modems Modems Modems Modems Modems Modems Modems
(modulation convert encapsulate convert encapsulate convert (modulation
/demodulati analog analog digital digital analog /demodulati
on) function transmission transmission transmission transmission transmission on) convert
to facilitate s to digital, s within s to analog, s within s to digital, analog
analog and digital digital, and and analog analog, and and digital transmission
transmission transmission digital transmission analog transmission s to digital,
s to enter a to analog. transmission s to digital. transmission to analog. and digital
digital s within s within transmission
network? analog. digital. s to
analog, and
are required
for analog
transmission
s to enter a
digital
network.
Proper A. B. Explanation: A.
segregation True False Proper True
of duties segregation
prevents a of duties
computer prevents a
operator computer
(user) from operator
performing (user) from
security performing
administrati securityadmi
on nistration
duties. True duties.
or false?
Why is the A. B. C. D. C. Explanation:
WAP WAP is often WAP WAP WAP often WAP Functioning
gateway a configured provides functions as interfaces functions as as a
component by default weak a protocol- critical IT a protocol- protocol-
warranting settings and encryption conversion systems. conversion conversion
critical is thus for wireless gateway for gateway for gateway for
concern and insecure. traffic. wireless TLS wireless TLS wireless TLS
review for to Internet to Internet to Internet
the IS SSL. SSL. SSL, the
auditor WAP
when gateway is a
auditing component
and testing warranting
controls critical
enforcing concern and
message review for
confidentiali the IS
ty? auditor
when
auditing and
testing
controls that
enforce
message
confidentiali
ty.
When A. B. C. D. C. Explanation:
reviewing The The The The The When
print potential for potential for potential for potential for potential for reviewing
systems unauthorize unauthorize unauthorize unauthorize unauthorize print
spooling, an d deletion of d d printing of d editing of d printing of systems
IS auditor is report modification report report report spooling, an
MOST copies of report copies copies copies IS auditor is
concerned copies most
with which concerned
of the with the
following potential for
vulnerabiliti unauthorize
es? d
printing of
report
copies.
In order to A. B. C. D. B. Explanation:
properly The data The data The data The data The data To properly
protect should be should be should be should be should be protect
against deleted and demagnetize low-level deleted. demagnetize against
unauthorize overwritten d. formatted. d. unauthorize
d disclosure with binary d disclosure
of sensitive 0s. of sensitive
data, how data, hard
should hard disks should
disks be be
sanitized? demagnetize
d before
disposal or
release.
How is the A. B. C. D. D. Explanation:
risk of Risk varies. Risk is Risk is not Risk is Risk is Improper file
improper file reduced. affected. increased. increased. access
access becomes a
affected greater risk
upon when
implementin implementin
g a database g a database
system? system.
The A. B. C. D. B. Explanation:
directory The access The location The location Neither the The location The
system of a method to of data AND of data location of of data AND directory
database- the data the access data NOR the access system of a
managemen method the access method database-
t system method managemen
describes: t system
describes
the location
of data and
the access
method.
What can be A. B. C. D. A. Explanation:
implemente Layering Configuring Configuring Configuring Layering Layering
d to provide perimeter the firewall the firewall two load- perimeter perimeter
the highest network as a as the sharing network network
level of protection screened protecting firewalls protection protection
protection by host behind bastion host facilitating by by
from configuring a router VPN access configuring configuring
external the firewall from the firewall the firewall
attack? as a external as a as a
screened hosts to screened screened
host in a internal host in a host in a
screened hosts screened screened
subnet subnet subnet
behind the behind the behind the
bastion host bastion host bastion host
provides a
higher level
of protection
from
external
attack than
all other
answers.
Proper A. B. Explanation: A.
segregation True False Proper True
of duties segregation
does not of duties
prohibit a does not
quality prohibit a
control quality-
administrato control
r from also administrato
being r from also
responsible being
for responsible
change forchange
control and control and
problem problem
managemen managemen
t. True or t.
false?
When A. B. C. D. A. Explanation:
should Reviewing Reviewing Reviewing Reviewing Reviewing Reviewing
reviewing an an audit an audit an audit an audit an audit an audit
audit client’s client’s client’s client’s client’s client’s client’s
business business business business business business business
plan be plan should plan should plan should plan should plan should plan should
performed be be be be be be
relative to performed performed performed performed performed performed
reviewing an before after during the without before before
organization’ reviewing an reviewing an review of an regard to an reviewing an reviewing an
s IT organization’ organization’ organization’ organization’ organization’ organization’
strategic s IT s IT s IT strategic s IT s IT s IT strategic
plan? strategic strategic plan. strategic strategic plan.
plan. plan. plan. plan.
What A. B. C. D. C. Explanation:
process Business Risk IS Key IS IS
allows IS impact assessment assessment performance assessment assessment
managemen assessment methods indicators methods methods
t to (KPIs) allow IS
determine managemen
whether the t to
activities of determine
the whether the
organization activities of
differ from the
the organization
planned or differ
expected from the
levels? planned or
Choose the expected
BEST levels.
answer.
When A. B. Explanation: B.
performing True False When False
an IS performing
strategy an IS
audit, an IS strategy
auditor audit, an IS
should auditor
review both should
short-term review both
(one-year) short-term
and long- (one-year)
term and long-
(three-to term(three-
five-year) IS to five-year)
strategies, IS strategies,
interview interview
appropriate appropriate
corporate corporate
managemen managemen
t personnel, t personnel,
and ensure and ensure
that the that
external theexternal
environment environment
has been has been
considered. considered.
The auditor
should
especially
focus on
procedures
in an audit
of IS
strategy.
When A. B. C. D. D. Explanation:
auditing Ownership A statement A statement Ownership Ownership When
third-party of the of due care of due care of programs of programs auditing
service programs and and files, a and files, a third-party
providers, an and files confidentiali statement of statement of service
IS auditor ty, and the due care and due care and providers, an
should be capability for confidentiali confidentiali auditor
concerned continued ty, and the ty, and the should be
with which service of capability for capability for concerned
of the the service continued continued with
following? provider service of service of ownership
Choose the in the event the service the service of programs
BEST of a disaster provider in provider in and
answer. the event of the event of files, a
a disaster a disaster statement of
due care and
confidentiali
ty, and the
capability for
continued
service of
the service
provider
in the event
of a disaster.
Ensuring A. B. C. D. A. Explanation:
that security An IT A processing A software A An IT Ensuring
and control security audit audit vulnerability security that security
policies policies assessment policies and control
support audit audit policies
business and support
IT objectives business and
is a primary IT objectives
objective of: is a primary
objective of
an IT
security
policies
audit.
If an IS A. B. C. D. A. Explanation:
auditor finds To advise To reassign To Segregation To advise An IS
evidence of senior job functions implement of duties is senior auditor’s
risk involved managemen to eliminate compensato an managemen primary
in not t. potential r controls. administrati t. responsibilit
implementin fraud. ve control y is to advise
g proper not senior
segregation considered managemen
of duties, by an IS t of the risk
such as auditor. involved in
having not
the security implementin
administrato g
r perform an proper
operations segregation
function, of duties,
what is the such as
auditor’s having the
primary security
responsibilit administrato
y? r perform an
operations
function.
An A. B. Explanation:I A.
advantage of True False t is true that True
a continuous an
audit advantage of
approach is a continuous
that it can audit
improve approach is
system that it can
security improve
when used system
in time- security
sharing when used
environment intime-
s that sharing
process a environment
large s that
number of process a
transactions. large
True or number of
false? transactions.
An A. B. Explanation: B.
integrated True False An False
test facility is integrated
not test facility is
considered a considered a
useful audit useful audit
tool because tool because
it cannot it compares
compare processing
processingo output
utput with withindepen
independent dently
ly calculated calculated
datA. True datA.
or false?
Which of the A. B. C. D. A. Explanation:
following is Failure to Failure to Failure to Failure to Failure to Lack of
of greatest report a prevent a recover from detect a report a reporting of
concern to successful successful a successful successful successful a successful
the IS attack on the attack on the attack on the attack on the attack on the attack on the
auditor? network network network network network network is a
great
concern to
an IS
auditor.
The A. B. C. D. B. Explanation:
traditional Implemento Facilitator Developer Sponsor Facilitator The
role of an IS r traditional
auditor in a role of an IS
control self- auditor in a
assessment control self-
(CSA) should assessment
be that of (CSA) should
a(n): be that of a
facilitator.
An A. B. Explanation: B.
intentional True False An False
or intentional
unintentiona or
l disclosure unintentiona
of a l disclosure
password is of a
likely to be password is
evident not likely to
within be evident
control logs. within
True or control logs.
false?
A A. B. C. D. B. Explanation:
transaction Deletion Input Access Duplication Input A
journal transaction
provides the journal
information provides the
necessary information
for detecting necessary
unauthorize for detecting
d unauthorize
__________ d input from
___ a terminal.
(fill in the
blank) from
a terminal.
What is an A. B. C. D. A. Explanation:
edit check to Completene Accuracy Redundancy Reasonablen Completene A
determine ss check check check ess check ss check completenes
whether a s check is an
field edit check to
contains determine
valid data? whether a
field
contains
valid data.
Which of the A. B. C. D. A. Explanation:
following Redundancy Completene Accuracy Parity check Redundancy A
can help check ss check check check redundancy
detect check can
transmission help detect
errors by transmission
appending errors by
specially appending
calculated especially
bits onto the calculated
end bits onto the
of each end of
segment of each
data? segment of
data.
When A. B. C. D. D. Explanation:
storing data The data The data The data The data The data When
archives off- must be must be must be must be must be storing data
site, what normalized. validated. parallel- synchronize synchronize archives off-
must be tested. d. d. site, data
done with must be
the data to synchronize
ensure data d to ensure
completenes data
s? completenes
s.
What is the A. B. C. D. C. Explanation:
first step in a Identifying Forming a Defining the Reviewing Defining the Defining the
business current BPR steering scope of the scope of scope of
process re- business committee areas to be organization areas to be areas to be
engineering processes reviewed al strategic reviewed reviewed is
project? plan the first step
in a business
process re-
engineering
project.
Run-to-run A. B. C. D. B. Explanation:
totals can Initial Various Final Output Various Run-to-run
verify data totals can
through verify data
which through
stage(s) of various
application stages of
processing? application
processing.
Fourth- A. B. Explanation: A.
Generation True False Fourth- True
Languages generation
(4GLs) are languages(4
most GLs) are
appropriate most
for designing appropriate
the for designing
application’s the
graphical application’s
user graphical
interface userinterfac
(GUI). They e (GUI). They
are are
inappropriat inappropriat
e for e for
designing designing
any any
intensive intensive
data- data-
calculation calculation
procedures. procedures.
True or
false?
What often A. B. C. D. A. Explanation:
results in Inadequate Insufficient Inaccurate Project Inadequate Inadequate
project software strategic resource delays software software
scope creep baselining planning allocation baselining baselining
when often results
functional in project
requirement scope creep
s are not because
defined as functional
well as they requirement
could s are
be? not defined
as well as
they could
be.
If an IS A. B. C. D. C. Explanation:
auditor Lack of IT The auditor The auditor The auditor The auditor If an IS
observes documentati should at should at should at should at auditor
that an IS on is not least least least least observes
department usually document document document document that an IS
fails to use material to the informal the informal the informal the informal department
formal the controls standards standards standards standards fails to use
documented tested in an and policies. and policies, and policies, and policies, formal
methodologi IT audit. Furthermore and test for and test for and test for documented
es, policies, , the IS compliance. compliance. compliance. methodologi
and auditor Furthermore Furthermore Furthermore es, policies,
standards, should , the IS , the IS , the IS and
what should create auditor auditor auditor standards,
the auditor formal should should should the auditor
do? Choose documented recommend create recommend should at
the BEST policies to to formal to least
answer. be managemen documented managemen document
implemente t that formal policies to t that formal the informal
d. documented be documented standards
policies be implemente policies be and policies,
developed d. developed and test for
and and compliance.
implemente implemente Furthermore
d. d. , the IS
auditor
should
recommend
to
managemen
t that formal
documented
policies be
developed
and
Which of the A. B. C. D. D. Explanation:
following is a Function GANTT Rapid PERT PERT PERT is a
program Point Application program-
evaluation Analysis Developmen evaluation
review (FPA) t (RAD) review
technique technique
that that
considers considers
different different
scenarios for scenarios for
planning planning and
and control control
projects? projects.
What is a A. B. C. D. A. Explanation:
reliable Function Feature GANTT PERT Function A function
technique point point point point
for analysis analysis analysis analysis
estimating (FPA) (FPA) (FPA) (FPA) is a
the scope reliable
and cost of a technique
software- for
developmen estimating
t project? the scope
and cost of a
softwaredev
elopment
project.
When A. B. Explanation: B.
participating True False When False
in a systems- participating
developmen in a systems-
t project, an developmen
IS auditor t project, an
should focus IS auditor
on system should also
controls strive to
rather than ensure that
ensuring adequatean
that d complete
adequate documentati
and on exists for
complete all projects.
documentati
on exists for
all projects.
True or
false?
If an IS A. B. C. D. B. Explanation:
auditor Documentati Comprehens Full unit Full Comprehens If an IS
observes on ive testing regression ive auditor
that developmen integration testing integration observes
individual t testing testing that
modules of a individual
system modules of a
perform system
correctly in perform
developmen correctly in
t project developmen
tests, the t project
auditor tests, the
should auditor
inform should
managemen inform
t of the managemen
positive t of the
results and positive
recommend results and
further: recommend
further
comprehensi
ve
integration
testing.
Who A. B. C. D. A. Explanation:
assumes User Project IT Systems User User
ownership managemen steering managemen developers managemen managemen
of a systems- t committee t t t assumes
developmen ownership
t project and of a systems-
the resulting developmen
system? t project and
the resulting
system.
Function A. B. Explanation: B.
Point True False Function False
Analysis point
(FPA) analysis
provides an (FPA)
estimate of provides an
the size of estimate of
an the size of
information an
system information
based only system
on the based on the
number and numberand
complexity complexity
of a system’s of a system’s
inputs and inputs,
outputs. outputs, and
True or files.
false?
Library A. B. C. D. A. Explanation:
control Read-only Write-only Full access Read-write Read-only Library
software access access access access control
restricts software
source code restricts
to: source code
to read-only
access.
Obtaining A. B. Explanation: A.
user True False Obtaining True
approval of user
program approval of
changes is program
very changes is
effective for very
controlling effective for
application controlling
changes and application
maintenance changes
. True or andmainten
false? ance.
Although A. B. C. D. C. Explanation:
BCP and DRP Security Systems Board of Financial Board of Although
are often administrato auditor directors auditor directors BCP and DRP
implemente r are often
d and tested implemente
by middle d and tested
managemen by middle
t and end managemen
users, the t and end
ultimate users, the
responsibilit ultimate
y and responsibilit
accountabilit y and
y for the accountabilit
plans remain y for the
with plans remain
executive with
managemen executive
t, such as managemen
the t, such as
__________ the
_____. (fill- board of
in-the-blank) directors.
Any changes A. B. C. D. B. Explanation:
in systems IT strategic Business Business Incident Business Any changes
assets, such plan continuity impact response continuity in systems
as plan analysis plan plan assets, such
replacement as
of hardware, replacement
should be of hardware,
immediately should be
recorded immediately
within the recorded
assets within the
inventory of assets
which of the inventory of
following? a business
Choose the continuity
BEST plan.
answer.
Who is A. B. C. D. C. Explanation:
ultimately Systems Data Data owners Information Data owners Data owners
responsible security custodians systems are
and administrato auditors ultimately
accountable rs responsible
for and
reviewing accountable
user access for
to systems? reviewing
user access
to systems.
Which of the A. B. C. D. B. Explanation:
following is FAR EER ERR FRR EER When
used to evaluating
evaluate biometric
biometric access
access controls, a
controls? low equal
error rate
(EER) is
preferred.
EER is also
called the
crossover
error rate
(CER).
What A. B. C. D. D. Explanation:
benefit does The software The software It allows It allows It allows Using
using can produces users to managemen managemen capacity-
capacity- dynamically nice reports properly t to properly t to properly monitoring
monitoring readjust that really allocate allocate allocate software to
software to network impress resources resources resources monitor
monitor traffic managemen and ensure and ensure and ensure usage
usage capabilities t. continuous continuous continuous patterns and
patterns and based upon efficiency of efficiency of efficiency of trends
trends current operations. operations. operations. enables
provide to usage. managemen
managemen t to properly
t? Choose allocate
the BEST resources
answer. and ensure
continuous
efficiency of
operations.
What is the A. B. C. D. A. Explanation:
most A virtual A virtual A virtual A virtual A virtual A virtual
common private private private private private private
purpose of a network network network network network network
virtual (VPN) helps (VPN) helps (VPN) helps (VPN) helps (VPN) helps (VPN) helps
private to secure to secure to secure to secure to secure to secure
network access access access access access access
implementa between an between an within an between an between an between an
tion? enterprise enterprise enterprise enterprise enterprise enterprise
and its and its when and its and its and its
partners partners communicati partners partners partners
when when ng over a when when when
communicati communicati dedicated T1 communicati communicati communicati
ng over an ng over a connection ng over a ng over an ng over an
otherwise dedicated T1 between wireless otherwise otherwise
unsecured connection. network connection. unsecured unsecured
channel such segments channel such channel such
as the within the as the as the
Internet. same Internet. Internet.
facility.
What A. B. C. D. B. Explanation:
topology A star A mesh A bus A ring A mesh A mesh
provides the network network network network network network
greatest topology topology topology topology topology topology
redundancy with packet with packet provides a
of routes forwarding forwarding point-to-
and the enabled at enabled at point link
greatest each host each host between
network every
fault network
tolerance? host. If each
host is
configured
to route and
forward
communicati
on, this
topology
provides the
greatest
redundancy
of routes
and the
greatest
network
fault
tolerance.
Which of the A. B. C. D. A. Explanation:
following Lack of Failure to A Lack of Lack of Lack of
could lead to employee comply with momentary security employee employee
an awareness a company’s lapse of policy awareness awareness
unintentiona of a information reason enforcement of a of a
l loss of company’s security procedures company’s company’s
confidentiali information policy information information
ty? Choose security security security
the BEST policy policy policy could
answer. lead to an
unintentiona
l
loss of
confidentiali
ty.
If senior A. B. C. D. C. Explanation:
managemen IT cannot be More likely. Less likely. Strategic Less likely. A company’s
t is not implemente planning implementa
committed d if senior does not tion of IT will
to strategic managemen affect the be less likely
planning, t is not success of a to succeed if
how likely is committed company’s senior
it that a to strategic implementa managemen
company’s planning. tion of IT. t is not
implementa committed
tion of to
IT will be strategic
successful? planning.
Key A. B. C. D. A. Explanation:
verification Data is Only Input is Database Data is Key
is one of the entered authorized authorized indexing is entered verification
best controls correctly cryptographi performed correctly is one of the
for ensuring c keys are properly best controls
that: used for ensuring
that data is
entered
correctly.
Batch A. B. C. D. D. Explanation:
control Detective Corrective Preventative Compensato Compensato Batch
reconciliatio ry ry control
n is a reconciliatio
__________ ns is a
__________ compensato
_ (fill in the ry control
blank) for
control for mitigating
mitigating risk of
risk of inadequate
inadequate segregation
segregation of
of duties. duties.
A core A. B. C. D. D. Explanation:
tenant of an Be Be protected Protect Support the Support the Above all
IS strategy is inexpensive as sensitive information business business else, an IS
that it must: confidential confidentiali objectives of objectives of strategy
information ty, integrity, the the must
and organization organization support the
availability business
objectives of
the
organization.
Proper A. B. Explanation: B.
segregation True False Proper False
of duties segregation
normally of duties
does not normally
prohibit a prohibits a
LAN LAN
administrato administrato
r from also r from also
having having
programmin programmin
g gresponsibili
responsibiliti ties.
es. True or
false?
Who is A. B. C. D. A. Explanation:
ultimately The board of Middle Security Network The board of The board of
accountable directors managemen administrato administrato directors directors is
for the t rs rs ultimately
developmen accountable
t of an IS for the
security developmen
policy? t of an IS
security
policy.
What should A. B. C. D. D. Explanation:
an IS auditor Advise Create Assign Recommend Recommend If an IS
do if he or senior project- project to to auditor
she observes managemen approval leaders managemen managemen observes
that project- t to invest in procedures t that formal t that formal that project-
approval project- for future approval approval approval
procedures managemen project procedures procedures procedures
do not exist? t training for implementa be adopted be adopted do not exist,
the staff tions and and the IS
documented documented auditor
should
recommend
to
managemen
t that formal
approval
procedures
be adopted
and
documented
.
Proper A. B. Explanation: A.
segregation True False Proper True
of duties segregation
prohibits a of duties
system prohibits a
analyst from system
performing analyst from
quality- performing
assurance quality-
functions. assurance
True or functions.
false?
Who is A. B. C. D. A. Explanation:
accountable Data and Data and Data and Data and Data and Data and
for systems systems systems systems systems systems
maintaining owners users custodians auditors owners owners are
appropriate accountable
security for
measures maintaining
over appropriate
information security
assets? measures
over
information
assets.
As compared A. B. C. D. C. Explanation:
to The same Greater Lesser value. Prior audit Lesser value. Prior audit
understandi value. value. reports are reports are
ng an not relevant. considered
organization’ of lesser
s IT process value to an
from IS auditor
evidence attempting
directly to gain an
collected, understandi
how ng
valuable are of an
prior audit organization’
reports as s IT process
evidence? than
evidence
directly
collected.
controls, A. B. Explanation:I A.
they True False S auditors True
conclude are most
that control likely to
risks are perform
within the compliance
acceptable tests of
limits. True internal
or false? controls if,
after their
initial
evaluation of
thecontrols,
they
conclude
that control
risks are
within the
acceptable
limits. Think
of it this
way: If any
reliance
isplaced on
internal
controls,
that reliance
must be
validated
through
compliance
testing. High
control risk
resultsin
What is the A. B. C. D. A. Explanation:
primary Enhancemen Elimination Replacemen Integrity of Enhancemen Audit
objective of t of the audit of the audit t of the audit the audit t of the audit responsibilit
a control responsibilit responsibilit responsibilit responsibilit responsibilit y
self- y y y y y enhancemen
assessment t is an
(CSA) objective of
program? a control
self-
assessment
(CSA)
program.
A control A. B. C. D. C. Explanation:
that detects reasonablen parity check. redundancy check digits. redundancy A
transmission ess check. check. check. redundancy
errors by check
appending detects
calculated transmission
bits onto the errors by
end of each appending
segment of calculated
data is bits onto the
known as a: end of each
segment of
data.
Incorrect
answers:
A:
A
reasonablen
ess check
compares
data to
predefined
reasonability
limits or
occurrence
rates
established
for
the data.
B:
A parity
check is a
hardware
control that
Which of the A. B. C. D. B. Explanation:
following is a Hash totals Reasonablen Online Before and Reasonablen A
data ess checks access after image ess checks reasonablen
validation controls reporting ess check is
edit and a data
control? validation
edit and
control,
used to
ensure that
data
conforms to
predetermin
ed criteria.
Incorrect
answers:
A:
A hash total
is a total of
any numeric
data field or
series of
data
elements in
a data file.
This total is
checked
against a
control total
of the same
field or fields
to ensure
completenes
s of
In a public A. B. C. D. A. Explanation:
key registration issuing subject CA. policy registration A RA is an
infrastructur authority certification managemen authority entity that is
e (PKI), the (RA). authority t authority. (RA). responsible
authority (CA). for
responsible identificatio
for the n and
identificatio authenticati
n and on of
authenticati certificate
on of an subjects, but
applicant for the RA does
a digital not sign or
certificate issue
(i.e., certificates.
certificate The
subjects) is certificate
the: subject
usually
interacts
with the RA
for
completing
the process
of
subscribing
to the
services of
the
certification
authority in
terms of
getting
identity
Company.co A. B. C. D. B. Explanation:
m has Acceptance A quality Not all Prototyping A quality A quality
contracted testing is to plan is not business is being used plan is not plan is an
with an be managed part of the functions to confirm part of the essential
external by users. contracted will be that the contracted element of
consulting deliverables. available on system deliverables. all projects.
firm to initial meets It is critical
implement a implementa business that the
commercial tion. requirement contracted
financial s. supplier be
system to required to
replace its produce
existing in- such a plan.
house The quality
developed plan for the
system. In proposed
reviewing developmen
the t contract
proposed should be
developmen comprehensi
t approach, ve and
which of the encompass
following all phases of
would be of the
GREATEST developmen
concern? t and include
which
business
functions
will be
included and
when.
Acceptance
is normally
The IS A. B. C. D. B. Explanation:
auditor Relocate the Install Escort Log Install A protective
learns that shut off protective visitors. environment protective cover over
when switch. covers. al failures. covers. the switch
equipment would allow
was brought it to be
into the data accessible
center by a and visible,
vendor, the but would
emergency prevent
power accidentalac
shutoff tivation.
switch was Incorrect
accidentally Answers:
pressed and A:
the UPS was Relocating
engaged. the shut off
Which of the switch
following would
audit defeat the
recommend purpose of
ations having it
should the IS readily
auditor accessible.
suggest? C:
Escorting the
personnel
moving the
equipment
may not
have
prevented
this incident.
D:
Which of the A. B. C. D. C. Explanation:
following is a Paper test Post test Preparednes Walk- Preparednes A
continuity s test through s test preparednes
plan test s test is a
that uses localized
actual version of a
resources to full test,
simulate a wherein
system crash resources
to are
costeffective expended in
ly obtain the
evidence simulation of
about the a
plan’s system
effectiveness crash. This
? test is
performed
regularly on
different
aspects of
the plan and
can be a
cost-
effective
way
to gradually
obtain
evidence
about the
plan’s
effectiveness
. It also
provides a
An A. B. C. D. B. Explanation:
organization Full Preparednes Paper test Regression Preparednes A
having a operational s test test s test preparednes
number of test s test is
offices performed
across a by each local
wide office/area
geographical to test the
area has adequacy of
developed a the
disaster preparednes
recovery s of local
plan (DRP). operations
Using actual for the
resources, disaster
which of the recovery.
following is Incorrect
the MOST answers:
costeffective A:
test of the A full
DRP? operational
test is
conducted
after the
paper and
preparednes
s test.
C:
A paper test
is a
structured
walkthrough
of the DRP
and should
A malicious A. B. C. D. D. Explanation:
code that logic bomb. stealth virus. trojan horse. polymorphic polymorphic A
changes virus. virus. polymorphic
itself with virus has the
each file it capability of
infects is changing its
called a: own code,
enabling it
to have
many
different
variants.
Since they
have no
consistent
binary
pattern,
such viruses
are hard to
identify.
Incorrect
answers:
A:
A logic bomb
is code that
is hidden in
a program or
system
which will
cause
something
to happen
when the
user
The initial A. B. C. D. C. Explanation:
step in developmen performance adoption of purchase of adoption of A policy
establishing t and of a a corporate security a corporate statement
an implementa comprehensi information access information reflects the
information tion of an ve security security control security intent and
security information control policy software. policy support
program is security review by statement. statement. provided by
the: standards the IS executive
manual. auditor. managemen
t for proper
security and
establishes a
starting
point for
developing
the security
program.