Domain 5; 5
The MOST effective biometric control system is the one with: A.the highest equal-error rate. B.the lowest equal-error rate. C.false-rejection rate equal to the false-acceptance rate. D.a false-rejection rate equal to the failure-to-enroll rate.
B
An IS auditor discovers that the chief information officer (CIO) of an organization is using a wireless broadband modem using global system for mobile communications (GSM) technology. This modem is being used to connect the CIO's laptop to the corporate virtual private network when the CIO travels outside of the office. The IS auditor should: A.do nothing because the inherent security features of GSM technology are appropriate. B.recommend that the CIO stop using the laptop computer until encryption is enabled. C.ensure that media access control address filtering is enabled on the network so unauthorized wireless users cannot connect. D.suggest that two-factor authentication be used over the wireless link to prevent unauthorized communications.
A
An IS auditor is evaluating a virtual machine (VM)-based architecture used for all programming and testing environments. The production architecture is a three-tier physical architecture. What is the MOST important IT control to test to ensure availability and confidentiality of the web application in production? A.Server configuration has been hardened appropriately. B.Allocated physical resources are available. C.System administrators are trained to use the VM architecture. D.The VM server is included in the disaster recovery plan.
A
An IS auditor is reviewing the physical security measures of an organization. Regarding the access card system, the IS auditor should be MOST concerned that: A.nonpersonalized access cards are given to the cleaning staff, who use a sign-in sheet but show no proof of identity. B.access cards are not labeled with the organization's name and address to facilitate easy return of a lost card. C.card issuance and rights administration for the cards are done by different departments, causing unnecessary lead time for new cards. D.the computer system used for programming the cards can only be replaced after three weeks in the event of a system failure.
A
An organization has experienced a large amount of traffic being re-routed from its Voice-over Internet Protocol packet network. The organization believes it is a victim of eavesdropping. Which of the following could result in eavesdropping of VoIP traffic? A.Corruption of the Address Resolution Protocol cache in Ethernet switches B.Use of a default administrator password on the analog phone switch C.Deploying virtual local area networks without enabling encryption D.End users having access to software tools such as packet sniffer applications
A
An organization has requested that an IS auditor provide a recommendation to enhance the security and reliability of its Voice-over Internet Protocol (VoIP) system and data traffic. Which of the following would meet this objective? A.VoIP infrastructure needs to be segregated using virtual local area networks. B.Buffers need to be introduced at the VoIP endpoints. C.Ensure that end-to-end encryption is enabled in the VoIP system. D.Ensure that emergency backup power is available for all parts of the VoIP infrastructure.
A
The IS auditor is reviewing findings from a prior IT audit of a hospital. One finding indicates that the organization was using email to communicate sensitive patient issues. The IT manager indicates that to address this finding, the organization has implemented digital signatures for all email users. What should the IS auditor's response be? A.Digital signatures are not adequate to protect confidentiality. B.Digital signatures are adequate to protect confidentiality. C.The IS auditor should gather more information about the specific implementation. D.The IS auditor should recommend implementation of digital watermarking for secure email.
A
Which of the following is a form of two-factor user authentication? A.A smart card and personal identification number B.A unique user ID and complex, non-dictionary password C.An iris scan and a fingerprint scan D.A magnetic strip card and a proximity badge
A
Which of the following is the BEST way to minimize unauthorized access to unattended end-user PC systems? A.Enforce use of a password-protected screen saver B.Implement proximity-based authentication system C.Terminate user session at predefined intervals D.Adjust power management settings so the monitor screen is blank
A
Which of the following is the MOST effective control for restricting access to unauthorized Internet sites in an organization? A.Routing outbound Internet traffic through a content-filtering proxy server B.Routing inbound Internet traffic through a reverse proxy server C.Implementing a firewall with appropriate access rules D.Deploying client software utilities that block inappropriate content
A
A new business application has been designed in a large, complex organization and the business owner has requested that the various reports be viewed on a "need to know" basis. Which of the following access control methods would be the BEST method to achieve this requirement? A.Mandatory B.Role-based C.Discretionary D.Single sign-on
B
An IS auditor is reviewing a software-based firewall configuration. Which of the following represents the GREATEST vulnerability? A.An implicit deny rule as the last rule in the rule base B.Installation on an operating system configured with default settings. C.Rules permitting or denying access to systems or networks. D.Configuration as a virtual private network endpoint.
B
An organization has created a policy that defines the types of web sites that users are forbidden to access. What is the MOST effective technology to enforce this policy? A.Stateful inspection firewall B.Web content filter C.Web cache server D.Proxy server
B
An organization's IT director has approved the installation of a wireless local area network access point in a conference room for a team of consultants to access the Internet with their laptop computers. The BEST control to protect the corporate servers from unauthorized access is to ensure that: A.encryption is enabled on the access point. B.the conference room network is on a separate virtual local area network. C.antivirus signatures and patch levels are current on the consultants' laptops. D.default user IDs are disabled and strong passwords are set on the corporate servers.
B
When reviewing a digital certificate verification process, which of the following findings represents the MOST significant risk? A.There is no registration authority for reporting key compromises. B.The certificate revocation list is not current. C.Digital certificates contain a public key that is used to encrypt messages and verify digital signatures. D.Subscribers report key compromises to the certificate authority.
B
When reviewing the procedures for the disposal of computers, which of the following should be the GREATEST concern for the IS auditor? A.Hard disks are overwritten several times at the sector level but are not reformatted before leaving the organization. B.All files and folders on hard disks are separately deleted, and the hard disks are formatted before leaving the organization. C.Hard disks are rendered unreadable by hole-punching through the platters at specific positions before leaving the organization. D.The transport of hard disks is escorted by internal security staff to a nearby metal recycling company, where the hard disks are registered and then shredded.
B
Which of the following is the MOST significant function of a corporate public key infrastructure and certificate authority employing X.509 digital certificates? A.It provides the public/private key set for the encryption and signature services used by email and file space. B.It binds a digital certificate and its public key to an individual subscriber's identity. C.It provides the authoritative source for employee identity and personal details. D.It provides the authoritative authentication source for object access.
B
A human resources company offers wireless Internet access to its guests, after authenticating with a generic user ID and password. The generic ID and password are requested from the reception desk. Which of the following controls BEST addresses the situation? A.The password for the wireless network is changed on a weekly basis. B.A stateful inspection firewall is used between the public wireless and company networks. C.The public wireless network is physically segregated from the company network. D.An intrusion detection system is deployed within the wireless network.
C
An IT auditor is reviewing an organization's information security policy, which requires encryption of all data placed on universal serial bus (USB) drives. The policy also requires that a specific encryption algorithm be used. Which of the following algorithms would provide the greatest assurance that data placed on USB drives is protected from unauthorized disclosure? A.Data Encryption Standard B.Message digest 5 C.Advanced Encryption Standard D.Secure Shell
C
An organization is developing a new web-based application to process orders from customers. Which of the following security measures should be taken to protect this application from hackers? A.Ensure that ports 80 and 443 are blocked at the firewall. B.Inspect file and access permissions on all servers to ensure that all files have read-only access. C.Perform a web application security review. D.Make sure that only the IP addresses of existing customers are allowed through the firewall.
C
In wireless communication, which of the following controls allows the receiving device to verify that the received communications have not been altered in transit? A.Device authentication and data origin authentication B.Wireless intrusion detection and intrusion prevention systems C.The use of cryptographic hashes D.Packet headers and trailers
C
When using a digital signature, the message digest is computed by the: A.sender only. B.receiver only. C.sender and receiver both. D.certificate authority.
C
Which of the following is the BEST control to prevent the deletion of audit logs by unauthorized individuals in an organization? A.Actions performed on log files should be tracked in a separate log. B.Write access to audit logs should be disabled. C.Only select personnel should have rights to view or delete audit logs. D.Backups of audit logs should be performed periodically.
C
Which of the following types of penetration tests simulates a real attack and is used to test incident handling and response capability of the target? A.Blind testing B.Targeted testing C.Double-blind testing D.External testing
C
An organization is planning to replace its wired networks with wireless networks. Which of the following would BEST secure the wireless network from unauthorized access? A.Implement Wired Equivalent Privacy. B.Permit access to only authorized media access control addresses. C.Disable open broadcast of service set identifiers. D.Implement Wi-Fi Protected Access 2.
D
The IS auditor is reviewing an organization's human resources (HR) database implementation. The IS auditor discovers that the database servers are clustered for high availability, all default database accounts have been removed and database audit logs are kept and reviewed on a weekly basis. What other area should the IS auditor check to ensure that the databases are appropriately secured? A.Database administrators are restricted from access to HR data. B.Database logs are encrypted. C.Database stored procedures are encrypted. D.Database initialization parameters are appropriate.
D
The IS auditor is reviewing the implementation of a storage area network (SAN). The SAN administrator indicates that logging and monitoring is active, hard zoning is used to isolate data from different business units and all unused SAN ports are disabled. The administrator implemented the system, performed and documented security testing during implementation, and is the only user with administrative rights to the system. What should the IS auditor's initial determination be? A.There is no significant potential risk. B.Soft zoning presents a potential risk. C.Disabling of unused ports presents a potential risk. D.The SAN administrator presents a potential risk.
D
The implementation of which of the following would MOST effectively prevent unauthorized access to a system administration account on a web server? A.Host intrusion detection software installed on a server B.Password expiration and lockout policy C.Password complexity rules D.Two-factor authentication
D
When auditing a role-based access control system, the IS auditor noticed that some IT security employees have system administrator privileges on some servers, which allows them to modify or delete transaction logs. Which would be the BEST recommendation that the IS auditor should make? A.Ensure that these employees are adequately supervised. B.Ensure that backups of the transaction logs are retained. C.Implement controls to detect the changes. D.Write transaction logs in real time to Write Once and Read Many drives.
D
Which of the following would effectively verify the originator of a transaction? A.Using a secret password between the originator and the receiver B.Encrypting the transaction with the receiver's public key C.Using a portable document format to encapsulate transaction content D.Digitally signing the transaction with the source's private key
D
