Domain 5 Information Asset Security and Control Set 5
Which of the following is the MOST effective control for restricting access to unauthorized Internet sites in an organization? A. Routing outbound Internet traffic through a content-filtering proxy server B. Routing inbound Internet traffic through a reverse proxy server C. Implementing a firewall with appropriate access rules D. Deploying client software utilities that block inappropriate content
A is the correct answer. Justification A. A content-filtering proxy server will effectively monitor user access to Internet sites and block access to unauthorized web sites. B. When a client web browser makes a request to an Internet site, those requests are outbound from the corporate network. A reverse proxy server is used to allow secure remote connection to a corporate site, not to control employee web access. C. A firewall exists to block unauthorized inbound and outbound network traffic. Some firewalls can be used to block or allow access to certain sites, but the term firewall is generic—there are many types of firewalls, and this is not the best answer. D. While client software utilities do exist to block inappropriate content, installing and maintaining additional software on a large number of PCs is less effective than controlling the access from a single, centralized proxy server. Domain5Protection of Information Assets Sub-domain5A5Network and End-Point Security Task Statement30Evaluate physical and environmental controls to determine whether information assets are adequately safeguarded.
Which of the following is the BEST way to minimize unauthorized access to unattended end-user PC systems? A. Enforce use of a password-protected screen saver B. Implement proximity-based authentication system C. Terminate user session at predefined intervals D. Adjust power management settings so the monitor screen is blank
A is the correct answer. Justification A. A password-protected screen saver with a proper time interval is the best measure to prevent unauthorized access to unattended end-user systems. It is important to ensure that users lock the workstation when they step away from the machine, which is something that could be reinforced via awareness training. B. There are solutions that will lock machines when users step away from their desks, and those would be suitable here; however, those tools are a more expensive solution, which would normally include the use of smart cards and extra hardware. Therefore, the use of a password-protected screen saver would be a better solution. C. This is often done for remote login (periodic re-authentication) or after a certain amount of inactivity on a web or server session. There is more risk related to leaving the workstation unlocked; therefore, this is not the correct answer. D. Switching off the monitor would not be a solution because the monitor could simply be switched on. Domain5Protection of Information Assets Sub-domain5A5Network and End-Point Security Task Statement28Evaluate end-user computing to determine whether the processes are effectively controlled.
Which of the following is a form of two-factor user authentication? A. A smart card and personal identification number B. A unique user ID and complex, non-dictionary password C. An iris scan and a fingerprint scan D. A magnetic strip card and a proximity badge
A is the correct answer. Justification A. A smart card is something that a user has, while a personal identification number paired with the card is something the user knows. This is an example of two-factor authentication. B. Both an ID and a password are something the user knows, so this pairing provides single-factor user authentication regardless of complexity. C. Both an iris scan and a fingerprint scan are something the user is, so this pairing is not a basis for two-factor user authentication. D. Both a magnetic card and a proximity badge are examples of something a user has, so these are not adequate for two-factor authentication. Domain5Protection of Information Assets Sub-domain5A4Identity and Access Management Task Statement10Evaluate the organization's risk management policies and practices.
The IS auditor is reviewing findings from a prior IT audit of a hospital. One finding indicates that the organization was using email to communicate sensitive patient issues. The IT manager indicates that to address this finding, the organization has implemented digital signatures for all email users. What should the IS auditor's response be? A. Digital signatures are not adequate to protect confidentiality. B. Digital signatures are adequate to protect confidentiality. C. The IS auditor should gather more information about the specific implementation. D. The IS auditor should recommend implementation of digital watermarking for secure email.
A is the correct answer. Justification A. Digital signatures are designed to provide authentication and nonrepudiation for email and other transmissions but are not adequate for confidentiality. This implementation is not adequate to address the prior-year's finding. B. Digital signatures do not encrypt message contents, which means that an attacker who intercepts a message can read the message because the data are in plaintext. C. Although gathering additional information is always a good step before drawing a conclusion on a finding, in this case the implemented solution simply does not provide confidentiality. D. Digital watermarking is used to protect intellectual property rights for documents rather than to protect the confidentiality of email. Domain5Protection of Information Assets Sub-domain5A8Public Key Infrastructure (PKI) Task Statement31Evaluate logical security controls to verify the confidentiality, integrity, and availability of information.
An organization has experienced a large amount of traffic being re-routed from its Voice-over Internet Protocol packet network. The organization believes it is a victim of eavesdropping. Which of the following could result in eavesdropping of VoIP traffic? A. Corruption of the Address Resolution Protocol cache in Ethernet switches B. Use of a default administrator password on the analog phone switch C. Deploying virtual local area networks without enabling encryption D. End users having access to software tools such as packet sniffer applications
A is the correct answer. Justification A. On an Ethernet switch there is a data table known as the ARP cache, which stores mappings between media access control and IP addresses. During normal operations, Ethernet switches only allow directed traffic to flow between the ports involved in the conversation and no other ports can see that traffic. However, if the ARP cache is intentionally corrupted with an ARP poisoning attack, some Ethernet switches simply "flood" the directed traffic to all ports of the switch, which could allow an attacker to monitor traffic not normally visible to the port where the attacker was connected, and thereby eavesdrop on Voice-over Internet Protocol (VoIP) traffic. B. VoIP systems do not use analog switches and inadequate administrator security controls would not be an issue. C. VoIP data are not normally encrypted in a LAN environment because the controls regarding VLAN security are adequate. D. Most software tools such as packet sniffers cannot make changes to LAN devices, such as the VLAN configuration of an Ethernet switch used for VoIP. Therefore, the use of software utilities of this type is not a risk. Domain5Protection of Information Assets Sub-domain5A5Network and End-Point Security Task Statement31Evaluate logical security controls to verify the confidentiality, integrity, and availability of information.
An IS auditor is reviewing the physical security measures of an organization. Regarding the access card system, the IS auditor should be MOST concerned that: A. nonpersonalized access cards are given to the cleaning staff, who use a sign-in sheet but show no proof of identity. B. access cards are not labeled with the organization's name and address to facilitate easy return of a lost card. C. card issuance and rights administration for the cards are done by different departments, causing unnecessary lead time for new cards. D. the computer system used for programming the cards can only be replaced after three weeks in the event of a system failure.
A is the correct answer. Justification A. Physical security is meant to control who is entering a secured area, so identification of all individuals is of utmost importance. It is not adequate to trust unknown external people by allowing them to write down their alleged name without proof (e.g., identity card, driver's license). B. Having the name and address of the organization on the card may be a concern because a malicious finder could use a lost or stolen card to enter the organization's premises. C. Separating card issuance from technical rights management is a method to ensure the proper segregation of duties so that no single person can produce a functioning card for a restricted area within the organization's premises. The long lead time is an inconvenience but not a serious audit risk. D. System failure of the card programming device would normally not mean that the readers do not function anymore. It simply means that no new cards can be issued, so this option is minor compared to the threat of improper identification. Domain5Protection of Information Assets Sub-domain5A3Physical Access and Environmental Controls Task Statement10Evaluate the organization's risk management policies and practices.
An IS auditor discovers that the chief information officer (CIO) of an organization is using a wireless broadband modem using global system for mobile communications (GSM) technology. This modem is being used to connect the CIO's laptop to the corporate virtual private network when the CIO travels outside of the office. The IS auditor should: A. do nothing because the inherent security features of GSM technology are appropriate. B. recommend that the CIO stop using the laptop computer until encryption is enabled. C. ensure that media access control address filtering is enabled on the network so unauthorized wireless users cannot connect. D. suggest that two-factor authentication be used over the wireless link to prevent unauthorized communications.
A is the correct answer. Justification A. The inherent security features of global system for mobile communications (GSM) technology combined with the use of a virtual private network (VPN) are appropriate. The confidentiality of the communication on the GSM radio link is ensured by the use of encryption and the use of a VPN signifies that an encrypted session is established between the laptop and the corporate network. GSM is a global standard for cellular telecommunications that can be used for both voice and data. Currently deployed commercial GSM technology has multiple overlapping security features which prevent eavesdropping, session hijacking or unauthorized use of the GSM carrier network. While other wireless technologies such as 802.11 wireless local area network (LAN) technologies have been designed to allow the user to adjust or even disable security settings, GSM does not allow any devices to connect to the system unless all relevant security features are active and enabled. B. Because the CIO is using a VPN it can be assumed that encryption is enabled in addition to the security features in GSM. In addition, VPNs will not allow the transfer of data for storage on the remote device (such as the CIO's laptop). C. MAC filtering can be used on a wireless LAN but does not apply to a GSM network device. D. Because the GSM network is being used rather than a wireless LAN, it is not possible to configure settings for two-factor authentication over the wireless link. However, two-factor authentication is recommended as it will better protect against unauthorized access than single factor authentication. Domain5Protection of Information Assets Sub-domain5A11Mobile, Wireless, and Internet-of-Things (IoT) Devices Task Statement28Evaluate end-user computing to determine whether the processes are effectively controlle
An IS auditor is evaluating a virtual machine (VM)-based architecture used for all programming and testing environments. The production architecture is a three-tier physical architecture. What is the MOST important IT control to test to ensure availability and confidentiality of the web application in production? A. Server configuration has been hardened appropriately. B. Allocated physical resources are available. C. System administrators are trained to use the VM architecture. D. The VM server is included in the disaster recovery plan.
A is the correct answer. Justification A. The most important control to test in this configuration is the server configuration hardening. It is important to patch known vulnerabilities and to disable all non-required functions before production, especially when production architecture is different from development and testing architecture. B. The greatest risk is associated with the difference between the testing and production environments. Ensuring that physical resources are available is a relatively low risk and easily addressed. C. VMs are often used for optimizing programming and testing infrastructure. In this scenario, the development environment (VM architecture) is different from the production infrastructure (physical three-tier). Because the VMs are not related to the web application in production, there is no real requirement for the system administrators to be familiar with a virtual environment. D. Because the VMs are only used in a development environment and not in production, it may not be necessary to include VMs in the disaster recovery plan. Domain5Protection of Information Assets Sub-domain5A10Virtualized Environments Task Statement31Evaluate logical security controls to verify the confidentiality, integrity, and availability of information.
An organization has requested that an IS auditor provide a recommendation to enhance the security and reliability of its Voice-over Internet Protocol (VoIP) system and data traffic. Which of the following would meet this objective? A. VoIP infrastructure needs to be segregated using virtual local area networks. B. Buffers need to be introduced at the VoIP endpoints. C. Ensure that end-to-end encryption is enabled in the VoIP system. D. Ensure that emergency backup power is available for all parts of the VoIP infrastructure.
A is the correct answer. Justification A. This would best protect the VoIP infrastructure from network-based attacks, potential eavesdropping and network traffic issues (which would help to ensure uptime). B. The use of packet buffers at VoIP endpoints is a method to maintain call quality, not a security method. C. Encryption is used when VoIP calls use the Internet (not the local LAN) for transport because the assumption is that the physical security of the building as well as the Ethernet switch and VLAN security is adequate. D. The design of the network and the proper implementation of VLANs are more critical than ensuring that all devices are protected by emergency power. Domain5Protection of Information Assets Sub-domain5A5Network and End-Point Security Task Statement37Provide consulting services and guidance to the organization in order to improve the quality and control of information systems.
A new business application has been designed in a large, complex organization and the business owner has requested that the various reports be viewed on a "need to know" basis. Which of the following access control methods would be the BEST method to achieve this requirement? A. Mandatory B. Role-based C. Discretionary D. Single sign-on
B is the correct answer. Justification A. An access control system based on mandatory access control would be expensive, and difficult to implement and maintain in a large complex organization. B. Role-based access control limits access according to job roles and responsibilities and would be the best method to allow only authorized users to view reports on a need-to-know basis. C. Discretionary access control (DAC) is where the owner of the resources decides who should have access to that resource. Most access control systems are an implementation of DAC. This answer is not specific enough for this scenario. D. This is an access control technology used to manage access to multiple systems, networks and applications. This answer is not specific enough for this question. Domain5Protection of Information Assets Sub-domain5A2Privacy Principles Task Statement31Evaluate logical security controls to verify the confidentiality, integrity, and availability of information.
An IS auditor is reviewing a software-based firewall configuration. Which of the following represents the GREATEST vulnerability? A. An implicit deny rule as the last rule in the rule base B. Installation on an operating system configured with default settings. C. Rules permitting or denying access to systems or networks. D. Configuration as a virtual private network endpoint.
B is the correct answer. Justification A. Configuring a firewall with an implicit deny rule is common practice. B. Default settings of most equipment—including operating systems—are often published and provide an intruder with predictable configuration information, which allows easier system compromise. To mitigate this risk, firewall software should be installed on a system using a hardened operating system that has limited functionality, providing only the services necessary to support the firewall software. C. A firewall configuration should have rules allowing or denying access according to policy. D. A firewall is often set up as the endpoint for a virtual private network. Domain5Protection of Information Assets Sub-domain5A5Network and End-Point Security Task Statement35Perform technical security testing to identify potential threats and vulnerabilities.
An organization's IT director has approved the installation of a wireless local area network access point in a conference room for a team of consultants to access the Internet with their laptop computers. The BEST control to protect the corporate servers from unauthorized access is to ensure that: A. encryption is enabled on the access point. B. the conference room network is on a separate virtual local area network. C. antivirus signatures and patch levels are current on the consultants' laptops. D. default user IDs are disabled and strong passwords are set on the corporate servers.
B is the correct answer. Justification A. Encryption is enabled on the access point is incorrect. Enabling encryption is a good idea to prevent unauthorized network access, but it is more important to isolate the consultants from the rest of the corporate network. B. The installation of the wireless network device presents risk to the corporate servers from both authorized and unauthorized users. A separate virtual local area network is the best solution because it ensures that both authorized and unauthorized users are prevented from gaining network access to database servers, while allowing Internet access to authorized users. C. Antivirus signatures and patch levels are good practices but not as critical as preventing network access via access controls for the corporate servers. D. Protecting the organization's servers through good passwords is good practice, but it is still necessary to isolate the network being used by the consultants. If the consultants can access the rest of the network, they could use password cracking tools against other corporate machines. Domain5Protection of Information Assets Sub-domain5A11Mobile, Wireless, and Internet-of-Things (IoT) Devices Task Statement31Evaluate logical security controls to verify the confidentiality, integrity, and availability of information.
The MOST effective biometric control system is the one with: A. the highest equal-error rate. B. the lowest equal-error rate. C. false-rejection rate equal to the false-acceptance rate. D. a false-rejection rate equal to the failure-to-enroll rate.
B is the correct answer. Justification A. The biometric that has the highest EER is the most ineffective. B. The EER of a biometric system denotes the percent at which the false-acceptance rate (FAR) is equal to the false-rejection rate (FRR). The biometric that has the lowest EER is the most effective. C. For any biometric, there will be a measure at which the FRR will be equal to the FAR. This is the EER. D. FER is an aggregate measure of FRR. Domain5Protection of Information Assets Sub-domain5A3Physical Access and Environmental Controls Task Statement36Utilize data analytics tools to streamline audit processes.
When reviewing a digital certificate verification process, which of the following findings represents the MOST significant risk? A. There is no registration authority for reporting key compromises. B. The certificate revocation list is not current. C. Digital certificates contain a public key that is used to encrypt messages and verify digital signatures. D. Subscribers report key compromises to the certificate authority.
B is the correct answer. Justification A. The certificate authority (CA) can assume the responsibility if there is no registration authority. B. If the certificate revocation list is not current, there could be a digital certificate that is not revoked that could be used for unauthorized or fraudulent activities. C. This is not a risk. D. This is not a risk because reporting this to the CA enables the CA to take appropriate action. Domain5Protection of Information Assets Sub-domain5A8Public Key Infrastructure (PKI) Task Statement31Evaluate logical security controls to verify the confidentiality, integrity, and availability of information.
An organization has created a policy that defines the types of web sites that users are forbidden to access. What is the MOST effective technology to enforce this policy? A. Stateful inspection firewall B. Web content filter C. Web cache server D. Proxy server
B is the correct answer. Justification A. This is of little help in filtering web traffic because it does not review the content of the web site, nor does it take into consideration the site's classification. B. This accepts or denies web communications according to the configured rules. To help the administrator properly configure the tool, organizations and vendors have made available uniform resource locator blacklists and classifications for millions of web sites. C. This is designed to improve the speed of retrieving the most common or recently visited web pages. D. A proxy server services the request of its clients by forwarding requests to other servers. Many people incorrectly use proxy server as a synonym of web proxy server even though not all web proxy servers have content filtering capabilities. Domain5Protection of Information Assets Sub-domain5A3Physical Access and Environmental Controls Task Statement31Evaluate logical security controls to verify the confidentiality, integrity, and availability of information.
When reviewing the procedures for the disposal of computers, which of the following should be the GREATEST concern for the IS auditor? A. Hard disks are overwritten several times at the sector level but are not reformatted before leaving the organization. B. All files and folders on hard disks are separately deleted, and the hard disks are formatted before leaving the organization. C. Hard disks are rendered unreadable by hole-punching through the platters at specific positions before leaving the organization. D. The transport of hard disks is escorted by internal security staff to a nearby metal recycling company, where the hard disks are registered and then shredded.
B is the correct answer. Justification A. This would completely erase data, directories, indices and master file tables. Reformatting is not necessary because all contents are destroyed. Overwriting several times makes useless some forensic measures, which are able to reconstruct former contents of newly overwritten sectors by analyzing special magnetic features of the platter's surface. B. Deleting and formatting only marks the sectors that contained files as being free. Publicly available tools are sufficient for someone to reconstruct data from hard drives prepared this way. C. While hole-punching does not delete file contents, the hard disk cannot be used anymore, especially when head parking zones and track zero information are impacted. Reconstructing data would be extremely expensive because all analysis must be performed under a clean room atmosphere and is only possible within a short time frame or until the surface is corroded. D. Data reconstruction from shredded hard disks is virtually impossible, especially when the scrap is mixed with other metal parts. If the transport can be secured and the destruction be proved as described in the option, this is a valid method of disposal. Domain5Protection of Information Assets Sub-domain5A1Information Asset Security Frameworks, Standards, and Guidelines Task Statement33Evaluate policies and practices related to asset lifecycle management.
Which of the following is the MOST significant function of a corporate public key infrastructure and certificate authority employing X.509 digital certificates? A. It provides the public/private key set for the encryption and signature services used by email and file space. B. It binds a digital certificate and its public key to an individual subscriber's identity. C. It provides the authoritative source for employee identity and personal details. D. It provides the authoritative authentication source for object access.
B is the correct answer. Justification A. While some email applications depend on PKI-issued certificates for nonrepudiation, the purpose of PKI is to provide authentication of the individual and link an individual with their private key. The certificate authority does not ordinarily create the user's private key. B. Public key infrastructure (PKI) is primarily used to gain assurance that protected data or services originated from a legitimate source. The process to ensure the validity of the subscriber identity by linking to the digital certificate/public key is strict and rigorous. C. Personal details are not stored in or provided by components in the PKI. D. Authentication services within operating systems and applications may be built on PKI-issued certificates, but PKI does not provide authentication services for object access. Domain5Protection of Information Assets Sub-domain5A8Public Key Infrastructure (PKI) Task Statement31Evaluate logical security controls to verify the confidentiality, integrity, and availability of information.
A human resources company offers wireless Internet access to its guests, after authenticating with a generic user ID and password. The generic ID and password are requested from the reception desk. Which of the following controls BEST addresses the situation? A. The password for the wireless network is changed on a weekly basis. B. A stateful inspection firewall is used between the public wireless and company networks. C. The public wireless network is physically segregated from the company network. D. An intrusion detection system is deployed within the wireless network.
C is the correct answer. Justification A. Changing the password for the wireless network does not secure against unauthorized access to the company network, especially because a guest could gain access to the wireless local area network at any time prior to the weekly password change interval. B. A stateful inspection firewall will screen all packets from the wireless network into the company network; however, the configuration of the firewall would need to be audited and firewall compromises, although unlikely, are possible. C. Keeping the wireless network physically separate from the company network is the best way to secure the company network from intrusion. D. An intrusion detection system will detect intrusions but will not prevent unauthorized individuals from accessing the network. Domain5Protection of Information Assets Sub-domain5A11Mobile, Wireless, and Internet-of-Things (IoT) Devices Task Statement31Evaluate logical security controls to verify the confidentiality, integrity, and availability of information.
Which of the following is the BEST control to prevent the deletion of audit logs by unauthorized individuals in an organization? A. Actions performed on log files should be tracked in a separate log. B. Write access to audit logs should be disabled. C. Only select personnel should have rights to view or delete audit logs. D. Backups of audit logs should be performed periodically.
C is the correct answer. Justification A. Having additional copies of log file activity would not prevent the original log files from being deleted. B. For servers and applications to operate correctly, write access cannot be disabled. C. Granting access to audit logs to only system administrators and security administrators would reduce the possibility of these files being deleted. D. Frequent backups of audit logs would not prevent the logs from being deleted. Domain5Protection of Information Assets Sub-domain5A5Network and End-Point Security Task Statement31Evaluate logical security controls to verify the confidentiality, integrity, and availability of information.
An organization is developing a new web-based application to process orders from customers. Which of the following security measures should be taken to protect this application from hackers? A. Ensure that ports 80 and 443 are blocked at the firewall. B. Inspect file and access permissions on all servers to ensure that all files have read-only access. C. Perform a web application security review. D. Make sure that only the IP addresses of existing customers are allowed through the firewall.
C is the correct answer. Justification A. Port 80 must be open for a web application to work and port 443 for a Secured Hypertext Transmission Protocol to operate. B. For customer orders to be placed, some data must be saved to the server. No customer orders could be placed on a read-only server. C. This is a necessary effort that would uncover security vulnerabilities that could be exploited by hackers. D. Restricting IP addresses might be appropriate for some types of web applications but is not the best solution because a new customer could not place an order until the firewall rules were changed to allow the customer to connect. Domain5Protection of Information Assets Sub-domain5A9Web-Based Communication Techniques Task Statement35Perform technical security testing to identify potential threats and vulnerabilities.
When using a digital signature, the message digest is computed by the: A. sender only. B. receiver only. C. sender and receiver both. D. certificate authority.
C is the correct answer. Justification A. The message digest must be computed by the sender and the receiver to ensure message integrity. B. The receiver will compute a digest of the received message to verify integrity of the received message. C. A digital signature is an electronic identification of a person or entity. It is created by using asymmetric encryption. To verify integrity of data, the sender uses a cryptographic hashing algorithm against the entire message to create a message digest to be sent along with the message. Upon receipt of the message, the receiver will recompute the hash using the same algorithm. D. The CA issues certificates that link the public key with its owner. The CA does not compute digests of the messages to be communicated between the sender and receiver. Domain5Protection of Information Assets Sub-domain5A8Public Key Infrastructure (PKI) Task Statement31Evaluate logical security controls to verify the confidentiality, integrity, and availability of information.
In wireless communication, which of the following controls allows the receiving device to verify that the received communications have not been altered in transit? A. Device authentication and data origin authentication B. Wireless intrusion detection and intrusion prevention systems C. The use of cryptographic hashes D. Packet headers and trailers
C is the correct answer. Justification A. These allow wireless endpoints to authenticate each other to prevent man-in-the-middle attacks and masquerading. B. These have the ability to detect misconfigured devices and rogue devices and detect and possibly stop certain types of attacks. C. Calculating cryptographic hashes for wireless communications allows the receiving device to verify that the received communications have not been altered in transit. This prevents masquerading and message modification attacks. D. These alone do not ensure that the content has not been altered because an attacker could alter both the data and the trailer. Domain5Protection of Information Assets Sub-domain5A7Data Encryption and Encryption-Related Techniques Task Statement31Evaluate logical security controls to verify the confidentiality, integrity, and availability of information.
Which of the following types of penetration tests simulates a real attack and is used to test incident handling and response capability of the target? A. Blind testing B. Targeted testing C. Double-blind testing D. External testing
C is the correct answer. Justification A. This is also known as black-box testing. This refers to a test where the penetration tester is not given any information and is forced to rely on publicly available information. This test simulates a real attack, except that the target organization is aware of the test being conducted. B. This is also known as white-box testing. This refers to a test where the penetration tester is provided with information and the target organization is also aware of the testing activities. In some cases, the tester is also provided with a limited-privilege account to be used as a starting point. C. This is also known as zero-knowledge testing. This refers to a test where the penetration tester is not given any information and the target organization is not given any warning—both parties are "blind" to the test. This is the best scenario for testing response capability because the target will react as if the attack were real. D. This refers to a test where an external penetration tester launches attacks on the target's network perimeter from outside the target network (typically from the Internet). Domain5Protection of Information Assets Sub-domain5A5Network and End-Point Security Task Statement35Perform technical security testing to identify potential threats and vulnerabilities.
An IT auditor is reviewing an organization's information security policy, which requires encryption of all data placed on universal serial bus (USB) drives. The policy also requires that a specific encryption algorithm be used. Which of the following algorithms would provide the greatest assurance that data placed on USB drives is protected from unauthorized disclosure? A. Data Encryption Standard B. Message digest 5 C. Advanced Encryption Standard D. Secure Shell
C is the correct answer. Justification A. This is susceptible to brute force attacks and has been broken publicly; therefore, it does not provide assurance that data encrypted using DES will be protected from unauthorized disclosure. B. This is an algorithm used to generate a one-way hash of data (a fixed- length value) to test and verify data integrity. MD5 does not encrypt data but puts data through a mathematical process that cannot be reversed. As a result, MD5 could not be used to encrypt data on a universal serial bus (USB) drive. C. This provides the strongest encryption of all of the choices listed and would provide the greatest assurance that data are protected. Recovering data encrypted with AES is considered computationally infeasible and so AES is the best choice for encrypting sensitive data. D. This is a protocol that is used to establish a secure, encrypted, command-line shell session, typically for remote logon. Although SSH encrypts data transmitted during a session, SSH cannot encrypt data at rest, including data on USB drives. As a result, SSH is not appropriate for this scenario. Domain5Protection of Information Assets Sub-domain5A7Data Encryption and Encryption-Related Techniques Task Statement31Evaluate logical security controls to verify the confidentiality, integrity, and availability of information.
Which of the following would effectively verify the originator of a transaction? A. Using a secret password between the originator and the receiver B. Encrypting the transaction with the receiver's public key C. Using a portable document format to encapsulate transaction content D. Digitally signing the transaction with the source's private key
D is the correct answer. Justification A. Because they are a "shared secret" between the user and the system itself, passwords are considered a weaker means of authentication. B. This will provide confidentiality for the information but will not verify the source. C. This will protect the integrity of the content but not necessarily authorship. D. A digital signature is an electronic identification of a person, created by using a public key algorithm, to verify the identity of the source of a transaction and the integrity of its content to a recipient. Domain5Protection of Information Assets Sub-domain5A4Identity and Access Management Task Statement37Provide consulting services and guidance to the organization in order to improve the quality and control of information systems.
The IS auditor is reviewing an organization's human resources (HR) database implementation. The IS auditor discovers that the database servers are clustered for high availability, all default database accounts have been removed and database audit logs are kept and reviewed on a weekly basis. What other area should the IS auditor check to ensure that the databases are appropriately secured? A. Database administrators are restricted from access to HR data. B. Database logs are encrypted. C. Database stored procedures are encrypted. D. Database initialization parameters are appropriate.
D is the correct answer. Justification A. Database administrators would have access to all data on the server, but there is no practical control to prevent that; therefore, this would not be a concern. B. Database audit logs normally would not contain any confidential data; therefore, encrypting the log files is not required. C. If a stored procedure contains a security sensitive function such as encrypting data, it can be a requirement to encrypt the stored procedure. However, this is less critical than ensuring initialization parameters are correct. D. When a database is opened, many of its configuration options are governed by initialization parameters. These parameters are usually governed by a file ("init.ora" in the case of Oracle Database Management System), which contains many settings. The system initialization parameters address many "global" database settings, including authentication, remote access and other critical security areas. To effectively audit a database implementation, the IS auditor must examine the database initialization parameters. Domain5Protection of Information Assets Sub-domain5A5Network and End-Point Security Task Statement24Evaluate database management practices.
When auditing a role-based access control system, the IS auditor noticed that some IT security employees have system administrator privileges on some servers, which allows them to modify or delete transaction logs. Which would be the BEST recommendation that the IS auditor should make? A. Ensure that these employees are adequately supervised. B. Ensure that backups of the transaction logs are retained. C. Implement controls to detect the changes. D. Write transaction logs in real time to Write Once and Read Many drives.
D is the correct answer. Justification A. IT security employees cannot be supervised in the traditional sense unless the supervisor were to monitor each keystroke entered on a workstation, which is obviously not a realistic option. B. Retaining backups of the transaction logs does not prevent the files from unauthorized modification prior to backup. C. The log files themselves are the main evidence that an unauthorized change was made, which is a sufficient detective control. Protecting the log files from modification requires preventive controls such as securely writing the logs. D. Allowing IT security employees access to transaction logs is often unavoidable because having system administrator privileges is required for them to do their job. The best control in this case, to avoid unauthorized modifications of transaction logs, is to write the transaction logs to WORM drive media in real time. It is important to note that simply backing up the transaction logs to tape is not adequate because data could be modified prior (typically at night) to the daily backup job execution. Domain5Protection of Information Assets Sub-domain5A4Identity and Access Management Task Statement31Evaluate logical security controls to verify the confidentiality, integrity, and availability of information.
The implementation of which of the following would MOST effectively prevent unauthorized access to a system administration account on a web server? A. Host intrusion detection software installed on a server B. Password expiration and lockout policy C. Password complexity rules D. Two-factor authentication
D is the correct answer. Justification A. This will assist in the detection of unauthorized system access but does not prevent such access. B. While controls regarding password expiration and lockout from failed login attempts are important, two-factor authentication methods or techniques would most effectively reduce the risk of stolen or compromised credentials. Password-only based authentication may not provide adequate security. C. While controls regarding password complexity are important, two-factor authentication methods or techniques would most effectively reduce the risk of stolen or compromised credentials. D. This requires a user to use a password in combination with another identification factor that is not easily stolen or guessed by an attacker. Types of two-factor authentication include electronic access tokens that show one-time passwords on their display panels or biometric authentication systems. Domain5Protection of Information Assets Sub-domain5A5Network and End-Point Security Task Statement31Evaluate logical security controls to verify the confidentiality, integrity, and availability of information.
The IS auditor is reviewing the implementation of a storage area network (SAN). The SAN administrator indicates that logging and monitoring is active, hard zoning is used to isolate data from different business units and all unused SAN ports are disabled. The administrator implemented the system, performed and documented security testing during implementation, and is the only user with administrative rights to the system. What should the IS auditor's initial determination be? A. There is no significant potential risk. B. Soft zoning presents a potential risk. C. Disabling of unused ports presents a potential risk. D. The SAN administrator presents a potential risk.
D is the correct answer. Justification A. While the storage area network (SAN) may have been implemented with good controls, there is risk created by the combination of roles held by the SAN administrator. B. Hard zoning is more secure than soft zoning. C. Unused ports should generally be disabled to increase security. D. The potential risk in this scenario is posed by the SAN administrator. One concern is having a "single point of failure." Because only one administrator has the knowledge and access required to administer the system, the organization is susceptible to risk. For example, if the SAN administrator decided to quit unexpectedly, or was otherwise unavailable, the company may not be able to adequately administer the SAN. In addition, having a single administrator for a large, complex system such as a SAN also presents a segregation of duties risk. The organization currently relies entirely on the SAN administrator to implement, maintain, and validate all security controls; this means that the SAN administrator could modify or remove those controls without detection. Domain5Protection of Information Assets Sub-domain5A3Physical Access and Environmental Controls Task Statement28Evaluate end-user computing to determine whether the processes are effectively controlled.
An organization is planning to replace its wired networks with wireless networks. Which of the following would BEST secure the wireless network from unauthorized access? A. Implement Wired Equivalent Privacy. B. Permit access to only authorized media access control addresses. C. Disable open broadcast of service set identifiers. D. Implement Wi-Fi Protected Access 2.
D is the correct answer. Justification A. Wired Equivalent Privacy can be cracked within minutes. WEP uses a static key that has to be communicated to all authorized users, thus management is difficult. Also, there is a greater vulnerability if the static key is not changed at regular intervals. B. The practice of allowing access based on media access control is not a solution because MAC addresses can be spoofed by attackers to gain access to the network. C. This is not an effective access control because many tools can detect a wireless access point that is not broadcasting. D. This implements most of the requirements of the IEEE 802.11i standard. The Advanced Encryption Standard used in WPA2 provides better security. Also, WPA2 supports both the Extensible Authentication Protocol and the pre-shared secret key authentication model. Domain5Protection of Information Assets Sub-domain5A11Mobile, Wireless, and Internet-of-Things (IoT) Devices Task Statement37Provide consulting services and guidance to the organization in order to improve the quality and control of information systems.