D4 IS Operations, Maintenance, Svc Mgt. 5/16/2017

hich of the following assures an enterprise of the existence and effectiveness of internal controls relative to the service provided by a third party? Incorrect A. The current service level agreement (SLA) B. A recent external audit report C. The current business continuity plan (BCP) procedures D. A recent disaster recovery plan (DRP) test report

You answered A. The correct answer is B. A. A service level agreement (SLA) defines the contracted level of service; however, it would not provide assurance related to internal controls. B. An independent third-party audit report such as Statements on Standards for Attestation Engagements (SSAE) 16 would provide assurance of the existence and effectiveness of internal controls at the third party. C. While a business continuity plan (BCP) is essential, it would not provide assurance related to internal controls. D. While a disaster recovery plan (DRP) is essential, it would not provide assurance related to internal controls.

There are several methods of providing telecommunication continuity. The method of routing traffic through split cable or duplicate cable facilities is called: Incorrect A. alternative routing. B. diverse routing. C. long-haul network diversity. D. last-mile circuit protection.

You answered A. The correct answer is B. A. Alternative routing is a method of routing information via an alternate medium such as copper cable or fiber optics. This involves the use of different networks, circuits or end points should the normal network be unavailable. B. Diverse routing routes traffic through split-cable facilities or duplicate-cable facilities. This can be accomplished with different and/or duplicate cable sheaths. If different cable sheaths are used, the cable may be in the same conduit and, therefore, subject to the same interruptions as the cable it is backing up. The communication service subscriber can duplicate the facilities by having alternate routes, although the entrance to and from the customer premises may be in the same conduit. The subscriber can obtain diverse routing and alternate routing from the local carrier, including dual-entrance facilities. This type of access is time consuming and costly. C. Long-haul network diversity is a diverse, long-distance network utilizing different packet switching circuits among the major long-distance carriers. It ensures long-distance access should any carrier experience a network failure. D. Last-mile circuit protection is a redundant combination of local carrier T-1s (E-1s in Europe), microwave and/or coaxial cable access to the local communications loop. This enables the facility to have access during a local carrier communication disaster. Alternate local-carrier routing is also utilized.

An IS auditor finds that database administrators (DBAs) have access to the log location on the database server and the ability to purge logs from the system. What is the BEST audit recommendation to ensure that DBA activity is effectively monitored? Incorrect A. Change permissions to prevent DBAs from purging logs. B. Forward database logs to a centralized log server. C. Require that critical changes to the database are formally approved. D. Back up database logs to tape.

You answered A. The correct answer is B. A. Changing the database administrator (DBA) permissions to prevent DBAs from purging logs may not be feasible and does not adequately protect the availability and integrity of the database logs. B. To protect the availability and integrity of the database logs, it is most feasible to forward the database logs to a centralized log server to which the DBAs do not have access. C. Requiring that critical changes to the database are formally approved does not adequately protect the availability and integrity of the database logs. D. Backing up database logs to tape does not adequately protect the availability and integrity of the database logs.

In a relational database with referential integrity, the use of which of the following keys would prevent deletion of a row from a customer table as long as the customer number of that row is stored with live orders on the orders table? Incorrect A. Foreign key B. Primary key C. Secondary key D. Public key

You answered A. The correct answer is B. A. In a relational database with referential integrity, the use of foreign keys would prevent events such as primary key changes and record deletions, resulting in orphaned relations within the database. B. It should not be possible to delete a row from a customer table when the customer number (primary key) of that row is stored with live orders on the orders table (the foreign key to the customer table). A primary key works in one table, so it is not able to provide/ensure referential integrity by itself. C. Secondary keys that are not foreign keys are not subject to referential integrity checks. D. Public key is related to encryption and not linked in any way to referential integrity.

Which of the following choices would MOST likely ensure that a disaster recovery (DR) effort is successful? Incorrect A. The tabletop test was performed. B. Data restoration was completed. C. Recovery procedures are approved. D. Appropriate staff resources are committed.

You answered A. The correct answer is B. A. Performing a tabletop test is extremely helpful, but does not ensure that the recovery process is working properly. B. The most reliable method to determine whether a backup is valid would be to restore it to a system. A data restore test should be performed at least annually to verify that the process is working properly. C. Approved recovery procedures will not ensure that data can be successfully restored. D. While having appropriate staff resources is appropriate, without data the recovery would not be successful.

A programmer maliciously modified a production program to change data and then restored the original code. Which of the following would MOST effectively detect the malicious activity? Incorrect A. Comparing source code B. Reviewing system log files C. Comparing object code D. Reviewing executable and source code integrity

You answered A. The correct answer is B. A. Source code comparisons are ineffective because the original programs were restored and the changed program does not exist. B. Reviewing system log files is the only trail that may provide information about the unauthorized activities in the production library. C. Object code comparisons are ineffective because the original programs were restored and the changed program does not exist. D. Reviewing executable and source code integrity is an ineffective control, because the source code was changed back to the original and will agree with the current executable.

Which of the following would help to ensure the portability of an application connected to a database? Incorrect A. Verification of database import and export procedures B. Usage of a structured query language (SQL) C. Analysis of stored procedures/triggers D. Synchronization of the entity-relation model with the database physical schema

You answered A. The correct answer is B. A. Verification of import and export procedures with other systems ensures better interfacing with other systems but does not contribute to the portability of an application connecting to a database. B. The use of structured query language (SQL) facilitates portability because it is an industry standard used by many systems. C. Analyzing stored procedures/triggers ensures proper access/performance but does not contribute to the portability of an application connecting to a database. D. Reviewing the design entity-relation model will be helpful but does not contribute to the portability of an application connecting to a database.

While reviewing the IT infrastructure, an IS auditor notices that storage resources are continuously being added. The IS auditor should: Incorrect A. recommend the use of disk mirroring. B. review the adequacy of offsite storage. C. review the capacity management process. D. recommend the use of a compression algorithm.

You answered A. The correct answer is C. A. A disk mirroring solution would increase storage requirements. This would not be advisable until a proper capacity management plan is in place. B. Offsite storage is unrelated to the problem. C. Capacity management is the planning and monitoring of computer resources to ensure that available IT resources are used efficiently and effectively. This will look at capacity from a strategic viewpoint and allow a plan to forecast and purchase additional equipment in a planned manner. D. Though data compression may save disk space, it could affect system performance. This is not the first choice—the auditor should recommend more investigation into the increased demand for storage before providing any recommended solutions.

Which of the following is a continuity plan test that simulates a system crash and uses actual resources to cost-effectively obtain evidence about the plan's effectiveness? Incorrect A. Paper test B. Posttest C. Preparedness test D. Walk-through .

You answered A. The correct answer is C. A. A paper test is a walk-through of the plan, involving major players, who attempt to determine what might happen in a particular type of service disruption in the plan's execution. A paper test usually precedes the preparedness test. B. A posttest is actually a test phase and is comprised of a group of activities such as returning all resources to their proper place, disconnecting equipment, returning personnel and deleting all company data from third-party systems. C. A preparedness test is a localized version of a full test, wherein resources are expended in the simulation of a system crash. This test is performed regularly on different aspects of the plan and can be a cost-effective way to gradually obtain evidence about the plan's effectiveness. It also provides a means to improve the plan in increments. D. A walk-through is a test involving a simulated disaster situation that tests the preparedness and understanding of management and staff rather than the actual resources

An IS auditor is reviewing an organization's disaster recovery plan (DRP) implementation. The project was completed on time and on budget. During the review, the auditor uncovers several areas of concern. Which of the following presents the GREATEST risk? Incorrect A. Testing of the DRP has not been performed. B. The disaster recovery strategy does not specify use of a hot site. C. The business impact analysis (BIA) was conducted, but the results were not used. D. The disaster recovery project manager for the implementation has recently left the organization.

You answered A. The correct answer is C. A. Although testing a disaster recovery plan (DRP) is a critical component of a successful disaster recovery strategy, this is not the biggest risk; the biggest risk comes from a plan that is not properly designed. B. Use of a hot site is a strategic determination based on tolerable downtime, cost and other factors. Although using a hot site may be considered a good practice, this is a very costly solution that may not be required for the organization. C. The risk of not using the results of the business impact analysis (BIA) for disaster recovery planning means that the DRP may not be designed to recover the most critical assets in the correct order. As a result, the plan may not be adequate to allow the organization to recover from a disaster. D. If the DRP is designed and documented properly, the loss of an experienced project manager should have minimal impact. The risk of a poorly designed plan that may not meet the requirements of the business is much more significant than the risk posed by loss of the project manager.

While reviewing the process for continuous monitoring of the capacity and performance of IT resources, an IS auditor should PRIMARILY ensure that the process is focused on: Incorrect A. adequately monitoring service levels of IT resources and services. B. providing data to enable timely planning for capacity and performance requirements. C. providing accurate feedback on IT resource availability. D. properly forecasting performance, capacity and throughput of IT resources.

You answered A. The correct answer is C. A. Continuous monitoring helps to ensure that service level agreements (SLAs) are met, but this would not be the primary focus of monitoring. It is possible that even if a system were offline, it would meet the requirements of an SLA. Therefore, accurate availability monitoring is more important. B. While data gained from capacity and performance monitoring would be an input to the planning process, the primary focus would be to monitor availability. C. Accurate availability monitoring of IT resources would be the most critical element of a continuous monitoring process. D. While continuous monitoring would help management to predict likely IT resource capabilities, the more critical issue would be that availability monitoring is accurate.

Which of the following is the BEST reason for integrating the testing of noncritical systems in disaster recovery plans (DRPs) with business continuity plans (BCPs)? Incorrect A. To ensure that DRPs are aligned to the business impact analysis (BIA). B. Infrastructure recovery personnel can be assisted by business subject matter experts. C. BCPs may assume the existence of capabilities that are not in DRPs. D. To provide business executives with knowledge of disaster recovery capabilities.

You answered A. The correct answer is C. A. Disaster recovery plans (DRPs) should be aligned with the business impact analysis (BIA); however, this has no impact on integrating the testing of noncritical systems in DRPs with business continuity plans (BCPs). B. Infrastructure personnel will be focused on restoring the various platforms that make up the infrastructure, and it is not necessary for business subject matter experts to be involved. C. BCPs may assume the existence of capabilities that are not part of the DRPs, such as allowing employees to work from home during the disaster; however, IT may not have made sufficient provisions for these capabilities (e.g., they cannot support a large number of employees working from home). While the noncritical systems are important, it is possible that they are not part of the DRPs. For example, an organization may use an online system that does not interface with the internal systems. If the business function using the system is a critical process, the system should be tested, and it may not be part of the DRP. Therefore, DRP and BCP testing should be integrated. D. While business executives may be interested in the benefits of disaster recovery, testing is not the best way to accomplish this task.

During an audit of a small company that provides medical transcription services, an IS auditor observes several issues related to the backup and restore process. Which of the following should be the auditor's GREATEST concern? Incorrect A. Restoration testing for backup media is not performed; however, all data restore requests have been successful. B. The policy for data backup and retention has not been reviewed by the business owner for the past three years. C. The company stores transcription backup tapes offsite using a third-party service provider, which inventories backup tapes annually. D. Failed backup alerts for the marketing department data files are not followed up on or resolved by the IT administrator.

You answered A. The correct answer is C. A. Lack of restoration testing does not increase the risk of unauthorized leakage of information. Not performing restoration tests on backup tapes poses a risk; however, this risk is somewhat mitigated because past data restore requests have been successful. B. Lack of review of the data backup and retention policy may be of a concern if systems and business processes have changed in the past three years. The IS auditor should perform additional procedures to verify the validity of existing procedures. In addition, lack of this control does not introduce a risk of unauthorized leakage of information. C. For a company working with confidential patient data, the loss of a backup tape is a significant incident. Privacy laws specify severe penalties for such an event, and the company's reputation could be damaged due to mandated reporting requirements. To gain assurance that tapes are being handled properly, the organization should perform audit tests that include frequent physical inventories and an evaluation of the controls in place at the third-party provider. D. Failed backup alerts that are not followed up on and resolved imply that certain data or files are not backed up. This is a concern if the files/data being backed up are critical in nature, but, typically, marketing data files are not regulated in the same way as medical transcription files. Lack of this control does not introduce a risk of unauthorized leakage of sensitive information.

In a small organization, an employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend? Incorrect A. Automated logging of changes to development libraries B. Additional staff to provide separation of duties C. Procedures that verify that only approved program changes are implemented D. Access controls to prevent the operator from making program modifications

You answered A. The correct answer is C. A. Logging of changes to production libraries would be good practice, but because the administrator could alter the logs, this would not be a sufficient control. B. While it would be preferred that strict separation of duties be adhered to and that additional staff is recruited, this practice is not always possible in small organizations. C. An IS auditor must consider recommending a better process. An IS auditor should recommend a formal change control process that manages and could detect changes to production source and object code, such as code comparisons, so the changes can be reviewed on a regular basis by a third party. This would be a compensating control process. D. Requiring a third party to do the changes may not be practical in a small organization where another person with adequate expertise may not be available.

In a contract with a hot, warm or cold site, contractual provisions should PRIMARILY cover which of the following considerations? Incorrect A. Physical security measures B. Total number of subscribers C. Number of subscribers permitted to use a site at one time D. References by other users

You answered A. The correct answer is C. A. Physical security measures are not always part of the contract, although they are an important consideration when choosing a third-party site. B. The total number of subscribers is a consideration, but more important is whether the agreement limits the number of subscribers in a building or in a specific area. It is also good to know if other subscribers are competitors. C. The contract should specify the number of subscribers permitted to use the site at any one time. The contract can be written to give preference to certain subscribers. D. The references that other users can provide are a consideration taken before signing the contract; it is by no means part of the contractual provisions.

Which of the following is the BEST way to ensure that incident response activities are consistent with the requirements of business continuity? Incorrect A. Draft and publish a clear practice for enterprise-level incident response. B. Establish a cross-departmental working group to share perspectives. C. Develop a scenario and perform a structured walk-through. D. Develop a project plan for end-to-end testing of disaster recovery.

You answered A. The correct answer is C. A. Publishing an enterprise-level incident response plan is effective only if business continuity aligned itself to incident response. Incident response supports business continuity, not the other way around. B. Sharing perspectives is valuable, but a working group does not necessarily lead to ensuring that the interface between plans is workable. C. A structured walk-through including both incident response and business continuity personnel provides the best opportunity to identify gaps or misalignments between the plans. D. A project plan developed for disaster recovery will not necessarily address deficiencies in business continuity or incident response.

Which of the following backup techniques is the MOST appropriate when an organization requires extremely granular data restore points, as defined in the recovery point objective (RPO)? Incorrect A. Virtual tape libraries B. Disk-based snapshots C. Continuous data backup D. Disk-to-tape backup

You answered A. The correct answer is C. A. Virtual tape libraries would require time to complete the backup, while continuous data backup happens online (in real time). B. Disk-based snapshots would require time to complete the backup and would lose some data between the times of the backup and the failure, while continuous data backup happens online (in real time). C. Recovery point objective (RPO) is based on the acceptable data loss in the case of a disruption. In this scenario the organization needs a short RPO and continuous data backup is the best option. D. Disk-to-tape backup would require time to complete the backup, while continuous data backup happens online (in real time).

An enterprise uses privileged accounts to process configuration changes for mission-critical applications. Which of the following would be the BEST and appropriate control to limit the risk in such a situation? Incorrect A. Ensure that audit trails are accurate and specific. B. Ensure that personnel have adequate training. C. Ensure that personnel background checks are performed for critical personnel. D. Ensure that supervisory approval and review are performed for critical changes.

You answered A. The correct answer is D. A. Audit trails are a detective control and, in many cases, can be altered by those with privileged access. B. Staff proficiency is important and good training may be somewhat of a deterrent, but supervisory approval and review is the best choice. C. Performing background checks is a very basic control and will not effectively prevent or detect errors or malfeasance. D. Supervisory approval and review of critical changes by the accountable managers in the enterprise are required to avoid and detect any unauthorized change. In addition to authorization, supervision enforces a separation of duties and prevents an unauthorized attempt by any single employee.

Which of the following database controls would ensure that the integrity of transactions is maintained in an online transaction processing system's database? Incorrect A. Authentication controls B. Data normalization controls C. Read/write access log controls D. Commitment and rollback controls

You answered A. The correct answer is D. A. Authentication controls would ensure that only authorized personnel can make changes but would not ensure the integrity of the changes. B. Data normalization is not used to protect the integrity of online transactions. C. Log controls are a detective control but will not ensure the integrity of the data in the database. D. Commitment and rollback controls are directly relevant to integrity. These controls ensure that database operations that form a logical transaction unit will be completed entirely or not at all, (i.e., if, for some reason, a transaction cannot be fully completed, then incomplete inserts/updates/deletes are rolled back so that the database returns to its pretransaction state).

Which of the following processes should an IS auditor recommend to assist in the recording of baselines for software releases? Incorrect A. Change management B. Backup and recovery C. Incident management D. Configuration management

You answered A. The correct answer is D. A. Change management is important to control changes to the configuration, but the baseline itself refers to a standard configuration. B. Backup and recovery of the configuration are important, but not used to create the baseline. C. Incident management will determine how to respond to an adverse event, but is not related to recording baseline configurations. D. The configuration management process may include automated tools that will provide an automated recording of software release baselines. Should the new release fail, the baseline will provide a point to which to return.

Online banking transactions are being posted to the database when processing suddenly comes to a halt. The integrity of the transaction processing is BEST ensured by: Incorrect A. database integrity checks. B. validation checks. C. input controls. D. database commits and rollbacks.

You answered A. The correct answer is D. A. Database integrity checks are important to ensure database consistency and accuracy. These include isolation, concurrency and durability controls, but the most important issue here is atomicity—the requirement for transactions to complete entirely and commit or else roll back to the last known good point. B. Validation checks will prevent introduction of corrupt data but will not address system failure. C. Input controls are important to protect the integrity of input data but will not address system failure. D. Database commits ensure that the data are saved after the transaction processing is completed. Rollback ensures that the processing that has been partially completed as part of the transaction is reversed back and not saved if the entire transaction does not complete successfully.

During an application audit, the IS auditor finds several problems related to corrupt data in the database. Which of the following is a corrective control that the IS auditor should recommend? Incorrect A. Define the standards, and closely monitor them for compliance. B. Ensure that only authorized personnel can update the database. C. Establish controls to handle concurrent access problems. D. Proceed with restore procedures.

You answered A. The correct answer is D. A. Establishing standards is a preventive control, and monitoring for compliance is a detective control. B. Ensuring that only authorized personnel can update the database is a preventive control. C. Establishing controls to handle concurrent access problems is a preventive control. D. Proceeding with restore procedures is a corrective control. Restore procedures can be used to recover databases to their last-known archived version.

Which of the following controls will MOST effectively detect the presence of bursts of errors in network transmissions? Incorrect A. Parity check B. Echo check C. Block sum check D. Cyclic redundancy check (CRC)

You answered A. The correct answer is D. A. Parity check (known as vertical redundancy check) also involves adding a bit (known as the parity bit) to each character during transmission. In this case, where there is a presence of bursts of errors (i.e., impulsing noise during high transmission rates), it has a reliability of approximately 50 percent. In higher transmission rates, this limitation is significant. B. Echo checks detect line errors by retransmitting data to the sending device for comparison with the original transmission. C. A block sum check is a form of parity checking and has a low level of reliability. D. The cyclic redundancy check (CRC) can check for a block of transmitted data. The workstations generate the CRC and transmit it with the data. The receiving workstation computes a CRC and compares it to the transmitted CRC. If both of them are equal, then the block is assumed error free. In this case (such as in parity error or echo check), multiple errors can be detected. In general, CRC can detect all single-bit and double-bit errors.

When reviewing a hardware maintenance program, an IS auditor should assess whether: Incorrect A. the schedule of all unplanned maintenance is maintained. B. it is in line with historical trends. C. it has been approved by the IS steering committee. D. the program is validated against vendor specifications.

You answered A. The correct answer is D. A. Unplanned maintenance cannot be scheduled. B. Hardware maintenance programs do not necessarily need to be in line with historic trends. C. Maintenance schedules normally are not approved by the steering committee. D. Although maintenance requirements vary based on complexity and performance workloads, a hardware maintenance schedule should be validated against the vendor-provided specifications.

During an implementation review of a recent application deployment, it was determined that several incidents were assigned incorrect priorities and, because of this, failed to meet the business service level agreement (SLA). What is the GREATEST concern? Incorrect A. The support model was not approved by senior management. B. The incident resolution time specified in the SLA is not realistic. C. There are inadequate resources to support the applications. D. The support model was not properly developed and implemented.

You answered A. The correct answer is D. A. While senior management involvement is important, the more critical issue is whether the support model was not properly developed and implemented. B. While the incident resolution time specified in the service level agreement (SLA) may not always be attainable, the more critical issue is whether the support model was not properly developed and implemented. C. While adequate support resources are important, the more critical issue is whether the support model was not properly developed and implemented. D. The greatest concern for the IS auditor is that the support model was not developed and implemented correctly to prevent or react to potential outages. Incidents could cost the business a significant amount of money and a support model should be implemented with the project. This should be a step within the system development life cycle (SDLC) and procedures and, if it is missed on one project, it may be a symptom of an overall breakdown in process.

Which of the following is widely accepted as one of the critical components in networking management? A. Configuration management Incorrect B. Topological mappings C. Application of monitoring tools D. Proxy server troubleshooting

You answered B. The correct answer is A. A. Configuration management is widely accepted as one of the key components of any network because it establishes how the network will function internally and externally. It also deals with the management of configuration and monitoring performance. Configuration management ensures that the setup and management of the network is done properly, including managing changes to the configuration, removal of default passwords and possibly hardening the network by disabling unneeded services. B. Topological mappings provide outlines of the components of the network and its connectivity. This is important to address issues such as single points of failure and proper network isolation but is not the most critical component of network management. C. Application monitoring is not a critical part of network management. D. Proxy server troubleshooting is used for troubleshooting purposes, and managing a proxy is only a small part of network management.

Which of the following represents the GREATEST risk created by a reciprocal agreement for disaster recovery made between two companies? A. Developments may result in hardware and software incompatibility. Incorrect B. Resources may not be available when needed. C. The recovery plan cannot be tested. D. The security infrastructures in each company may be different.

You answered B. The correct answer is A. A. If one organization updates its hardware and software configuration, it may mean that it is no longer compatible with the systems of the other party in the agreement. This may mean that each company is unable to use the facilities at the other company to recover their processing following a disaster. B. Resources being unavailable when needed are an intrinsic risk in any reciprocal agreement, but this is a contractual matter and is not the greatest risk. C. The plan can be tested by paper-based walk-throughs and possibly by agreement between the companies. D. The difference in security infrastructures, while a risk, is not insurmountable.

During a data center audit, an IS auditor observes that some parameters in the tape management system are set to bypass or ignore tape header records. Which of the following is the MOST effective compensating control for this weakness? A. Staging and job setup Incorrect B. Supervisory review of logs C. Regular backup of tapes D. Offsite storage of tapes .

You answered B. The correct answer is A. A. If the IS auditor finds that there are effective staging and job setup processes, this can be accepted as a compensating control. Not reading header records may otherwise result in loading the wrong tape and deleting or accessing data on the loaded tape. B. Supervisory review of logs is a detective control that would not prevent loading of the wrong tapes. C. Regular tape backup is not related to bypassing tape header records. D. Offsite storage of tapes would not prevent loading the wrong tape because of bypassing header records

Which of the following disaster recovery testing techniques is the MOST efficient way to determine the effectiveness of the plan? A. Preparedness tests Incorrect B. Paper tests C. Full operational tests D. Actual service disruption

You answered B. The correct answer is A. A. Preparedness tests involve simulation of the entire environment (in phases) at relatively low cost and help the team to better understand and prepare for the actual test scenario. B. Paper tests in a walk-through test the entire plan, but there is no simulation and less is learned. It also is difficult to obtain evidence that the team has understood the test plan. C. Full operational tests would require approval from management, are not easy or practical to test in most scenarios and may trigger a real disaster. D. An actual service disruption is not recommended in most cases unless required by regulation or policy.

Which of the following situations would increase the likelihood of fraud? A. Application programmers are implementing changes to production programs. Incorrect B. Administrators are implementing vendor patches to vendor-supplied software without following change control procedures. C. Operations support staff members are implementing changes to batch schedules. D. Database administrators are implementing changes to data structures.

You answered B. The correct answer is A. A. Production programs are used for processing an enterprise's data. It is imperative that controls on changes to production programs are stringent. Lack of control in this area could result in application programs being modified to manipulate the data. B. The lack of change control is a serious risk—but if the changes are only vendor-supplied patches to vendor software then the risk is minimal. C. The implementation of changes to batch schedules by operations support staff will affect the scheduling of the batches only; it does not impact the live data unless jobs are run in the wrong sequence. D. Database administrators are required to implement changes to data structures. This is required for reorganization of the database to allow for additions, modifications or deletions of fields or tables in the database.

Due to resource constraints, a developer requires full access to production data to support certain problems reported by production users. Which of the following choices would be a good compensating control for controlling unauthorized changes in production? A. Provide and monitor separate login IDs that the developer will use for programming and for production support. Incorrect B. Capture activities of the developer in the production environment by enabling audit trails. C. Back up all affected records before allowing the developer to make production changes. D. Ensure that all changes are approved by the change manager.

You answered B. The correct answer is A. A. Providing separate login IDs that would only allow a developer privileged access when required is a good compensating control, but it must also be backed up with monitoring and supervision of the activity of the developer. B. While capturing activities of the developer via audit trails or logs would be a good practice, the control would not be effective unless these audit trails are reviewed on a periodic basis. C. Creating a backup of affected records before making the change would allow for rollback in case of an error, but would not prevent or detect unauthorized changes. D. Even though changes are approved by the change manager, a developer with full access can easily circumvent this control.

During an IS audit of the disaster recovery plan (DRP) of a global enterprise, the auditor observes that some remote offices have very limited local IT resources. Which of the following observations would be the MOST critical for the IS auditor? A. A test has not been made to ensure that local resources could maintain security and service standards when recovering from a disaster or incident. Incorrect B. The corporate business continuity plan (BCP) does not accurately document the systems that exist at remote offices. C. Corporate security measures have not been incorporated into the test plan. D. A test has not been made to ensure that tape backups from the remote offices are usable.

You answered B. The correct answer is A. A. Regardless of the capability of local IT resources, the most critical risk would be the lack of testing, which would identify quality issues in the recovery process. B. The corporate business continuity plan (BCP) may not include disaster recovery plan (DRP) details for remote offices. It is important to ensure that the local plans have been tested. C. Security is an important issue because many controls may be missing during a disaster. However, not having a tested plan is more important. D. The backups cannot be trusted until they have been tested. However, this should be done as part of the overall tests of the DRP.

A review of wide area network (WAN) usage discovers that traffic on one communication line between sites, synchronously linking the master and standby database, peaks at 96 percent of the line capacity. An IS auditor should conclude that: A. analysis is required to determine if a pattern emerges that results in a service loss for a short period of time. Incorrect B. WAN capacity is adequate for the maximum traffic demands because saturation has not been reached. C. the line should immediately be replaced by one with a larger capacity to provide approximately 85 percent saturation. D. users should be instructed to reduce their traffic demands or distribute them across all service hours to flatten bandwidth consumption.

You answered B. The correct answer is A. A. The peak at 96 percent could be the result of a one-off incident (e.g., a user downloading a large amount of data); therefore, analysis to establish whether this is a regular pattern and what causes this behavior should be carried out before expenditure on a larger line capacity is recommended. B. A peak traffic load of 96 percent is approaching a critical level, and the auditor should not assume that capacity is adequate at this time or for the foreseeable future. Further investigation is required. C. If the peak is established to be a regular occurrence without any other opportunities for mitigation (usage of bandwidth reservation protocol or other types of prioritizing network traffic), the line should be replaced because there is the risk of loss of service as the traffic approaches 100 percent. At this point, further research is required. D. If the peak traffic load is a rare one-off occurrence or if traffic can be reengineered to transfer at other time frames, then user education may be an option. Further investigation will be required.

Which of the following is of GREATEST concern to an IS auditor when performing an audit of a client relationship management (CRM) system migration project? A. The technical migration is planned for a Friday preceding a long weekend, and the time window is too short for completing all tasks. Incorrect B. Employees pilot-testing the system are concerned that the data representation in the new system is completely different from the old system. C. A single implementation is planned, immediately decommissioning the legacy system. D. Five weeks prior to the target date, there are still numerous defects in the printing functionality of the new system's software.

You answered B. The correct answer is C. A. A weekend can be used as a time buffer so that the new system will have a better chance of being up and running after the weekend. B. A different data representation does not mean different data presentation at the front end. Even when this is the case, this issue can be solved by adequate training and user support. C. Major system migrations should include a phase of parallel operation or a phased cut-over to reduce implementation risk. Decommissioning or disposing of the old hardware would complicate any fallback strategy, should the new system not operate correctly. D. The printing functionality is commonly one of the last functions to be tested in a new system because it is usually the last step performed in any business event. Thus, meaningful testing and the respective error fixing are only possible after all other parts of the software have been successfully tested.

An IS auditor observed that users are occasionally granted the authority to change system data. This elevated system access is not consistent with company policy yet is required for smooth functioning of business operations. Which of the following controls would the IS auditor MOST likely recommend for long-term resolution? A. Redesign the controls related to data authorization. Incorrect B. Implement additional segregation of duties controls. C. Review policy to see if a formal exception process is required. D. Implement additional logging controls.

You answered B. The correct answer is C. A. Data authorization controls should be driven by the policy. While there may be some technical controls that could be adjusted, if the data changes happen infrequently, then an exception process would be the better choice. B. While adequate segregation of duties is important, it is simpler to fix the policy versus adding additional controls to enforce segregation of duties. C. If the users are granted access to change data in support of the business requirements, but the policy forbids this, then perhaps the policy needs some adjustment to allow for policy exceptions to occur. D. Audit trails are needed, but this is not the best long-term solution to address this issue. Additional resources would be required to review logs.

***A benefit of quality of service (QoS) is that the: A. entire network's availability and performance will be significantly improved. Incorrect B. telecom carrier will provide the company with accurate service-level compliance reports. C. participating applications will have bandwidth guaranteed. D. communications link will be supported by security controls to perform secure online transactions.

You answered B. The correct answer is C. A. Quality of service (QoS) will not guarantee that the communication itself will be improved. While the speed of data exchange for specific applications could be faster, availability will not be improved. B. The QoS tools that many carriers are using do not provide reports of service levels; however, there are other tools that will generate service-level reports. C. The main function of QoS is to optimize network performance by assigning priority to business applications and end users through the allocation of dedicated parts of the bandwidth to specific traffic. D. Even when QoS is integrated with firewalls, virtual private networks (VPNs), encryption tools and others, the tool itself is not intended to provide security controls.

To ensure structured disaster recovery, it is MOST important that the business continuity plan (BCP) and disaster recovery plan (DRP) are: A. stored at an alternate location. Incorrect B. communicated to all users. C. tested regularly. D. updated regularly.

You answered B. The correct answer is C. A. Storing the business continuity plan (BCP) at an alternate location is useful in the case of complete site outage; however, the BCP is not useful during a disaster without adequate tests. B. Communicating to users is not of much use without actual tests. C. If the BCP is tested regularly, the BCP and disaster recovery plan (DRP) team is adequately aware of the process and that helps in structured disaster recovery. D. Even if the plan is updated regularly, it is of less use during an actual disaster if it is not adequately tested.

When performing a database review, an IS auditor notices that some tables in the database are not normalized. The IS auditor should next: A. recommend that the database be normalized. Incorrect B. review the conceptual data model. C. review the stored procedures. D. review the justification.

You answered B. The correct answer is D. A. The IS auditor should not recommend normalizing the database until further investigation takes place. B. Reviewing the conceptual data model will not provide information about normalization or the justification for the level of normalization. C. Reviewing the stored procedures will not provide information about normalization. D. If the database is not normalized, the IS auditor should review the justification because, in some situations, denormalization is recommended for performance reasons.

An organization is planning to deploy an outsourced cloud-based application that is used to track job applicant data for the human resources (HR) department. Which of the following should be the GREATEST concern to an IS auditor? A. The service level agreement (SLA) ensures strict limits for uptime and performance. Incorrect B. The cloud provider will not agree to an unlimited right-to-audit as part of the SLA. C. The SLA is not explicit regarding the disaster recovery plan (DRP) capabilities of the cloud provider. D. The cloud provider's data centers are in multiple cities and countries.

You answered B. The correct answer is D. A. While this application may have strict requirements for availability, it is assumed that the service level agreement (SLA) would contain these same elements; therefore, this is not a concern. B. The right-to-audit clause is good to have, but there are limits on how a cloud service provider may interpret this requirement. The task of reviewing and assessing all the controls in place at a multinational cloud provider would likely be a costly and time-consuming exercise; therefore, such a requirement may be of limited value. C. Because the SLA would normally specify uptime requirements, the means used to achieve those goals (which would include the specific disaster recovery plan (DRP) capabilities of the provider) are typically not reviewed in-depth by the customer, nor are they typically specified in a SLA. D. Having data in multiple countries is the greatest concern because human resources (HR) applicant data could contain personally identifiable information (PII). There may be legal compliance issues if these data are stored in a country with different laws regarding data privacy. While the organization would be bound by the privacy laws where it is based, it may not have legal recourse if a data breach happens in a jurisdiction where the same laws do not apply.

Which one of the following could be used to provide automated assurance that proper data files are being used during processing? A. File header record B. Version usage Incorrect C. Parity checking D. File security controls

You answered C. The correct answer is A. A. A file header record provides assurance that proper data files are being used, and it allows for automatic checking. B. Although version usage provides assurance that the correct file and version are being used, it does not allow for automatic checking. C. Parity checking is a data integrity validation method typically used by a data transfer program. While parity checking may help to ensure that data and program files are transferred successfully, it does not help to ensure that the proper data or program files are being used. D. File security controls cannot be used to provide assurance that proper data files are being used and cannot allow for automatic checking.

A vendor has released several critical security patches over the past few months and this has put a strain on the ability of the administrators to keep the patches tested and deployed in a timely manner. The administrators have asked if they could reduce the testing of the patches. What approach should the organization take? A. Continue the current process of testing and applying patches. B. Reduce testing and ensure that an adequate backout plan is in place. Incorrect C. Delay patching until resources for testing are available. D. Rely on the vendor's testing of the patches.

You answered C. The correct answer is A. A. Applying security software patches promptly is critical to maintain the security of the servers; further, testing the patches is important because the patches may affect other systems and business operations. Because the vendor has recently released several critical patches in a short time, it can be hoped that this is a temporary problem and does not need a revision to policy or procedures. B. Reduced testing increases the risk of business operation disruption due to a faulty or incompatible patch. While a backout plan does help mitigate this risk, a thorough testing up front would be the more appropriate option. C. Applying security software patches promptly is critical to maintain the security of the servers. Delaying patching would increase the risk of a security breach due to system vulnerability. D. The testing done by the vendor may not be applicable to the systems and environment of the organization that needs to deploy the patches.

Management considered two projections for its disaster recovery plan (DRP): plan A with two months to fully recover and plan B with eight months to fully recover. The recovery point objectives are the same in both plans. It is reasonable to expect that plan B projected higher: A. downtime costs. B. resumption costs. Incorrect C. recovery costs. D. walk-through costs.

You answered C. The correct answer is A. A. Because management considered a longer time window for recovery in plan B, downtime costs included in the plan are likely to be higher. B. Because the recovery time for plan B is longer, resumption costs can be expected to be lower. C. Because the recovery time for plan B is longer, recovery costs can be expected to be lower. D. Walk-through costs are not a part of disaster recovery.

Which of the following groups is the BEST source of information for determining the criticality of application systems as part of a business impact analysis (BIA)? A. Business processes owners B. IT management Incorrect C. Senior business management D. Industry experts

You answered C. The correct answer is A. A. Business process owners have the most relevant information to contribute because the business impact analysis (BIA) is designed to evaluate criticality and recovery time lines, based on business needs. B. While IT management must be involved, they may not be fully aware of the business processes that need to be protected. C. While senior management must be involved, they may not be fully aware of the criticality of applications that need to be protected. D. The BIA is dependent on the unique business needs of the organization and the advice of industry experts is of limited value.

An IS auditor notes during an audit that an organization's business continuity plan (BCP) does not adequately address information confidentiality during the recovery process. The IS auditor should recommend that the plan be modified to include: A. the level of information security required when business recovery procedures are invoked. B. information security roles and responsibilities in the crisis management structure. Incorrect C. information security resource requirements. D. change management procedures for information security that could affect business continuity arrangements.

You answered C. The correct answer is A. A. Business should consider whether information security levels required during recovery should be the same, lower or higher than when business is operating normally. In particular, any special rules for access to confidential data during a crisis need to be identified. B. During a time of crisis, the security needs of the organization may increase because many usual controls such as separation of duties are missing. Having security roles in the crisis management plan is important, but that is not the best answer to this scenario. C. Identifying the resource requirements for information security, as part of the business continuity plan (BCP), is important, but it is more important to set out the security levels that would be required for protected information. D. Change management procedures can help keep a BCP up to date but are not relevant to this scenario.

The purpose of code signing is to provide assurance that: A. the software has not been subsequently modified. B. the application can safely interface with another signed application. Incorrect C. the signer of the application is trusted. D. the private key of the signer has not been compromised.

You answered C. The correct answer is A. A. Code signing ensures that the executable code came from a reputable source and has not been modified after being signed. B. The signing of code will not ensure that it will integrate with other applications. C. Code signing will provide assurance of the source but will not ensure that the source is trusted. The code signing will, however, ensure that the code has not been modified. D. The compromise of the sender's private key would result in a loss of trust and is not the purpose of code signing.

Due to changes in IT, the disaster recovery plan (DRP) of a large organization has been changed. What is the PRIMARY risk if the new plan is not tested? A. Catastrophic service interruption B. High consumption of resources Incorrect C. Total cost of the recovery may not be minimized D. Users and recovery teams may face severe difficulties when activating the plan

You answered C. The correct answer is A. A. If a new disaster recovery plan (DRP) is not tested, the possibility of a catastrophic service interruption that the organization cannot recover from is the most critical of all risk. B. A DRP that has not been tested may lead to a higher consumption of resources than expected, but that is not the most critical risk. C. An untested DRP may be inefficient and lead to extraordinary costs, but the most serious risk is the failure of critical services. D. Testing educates users and recovery teams so that they can effectively execute the DRP, but the most critical risk is the failure of core business services.

While designing the business continuity plan (BCP) for an airline reservation system, the MOST appropriate method of data transfer/backup at an offsite location would be: A. shadow file processing. B. electronic vaulting. Incorrect C. hard-disk mirroring. D. hot-site provisioning.

You answered C. The correct answer is A. A. In shadow file processing, exact duplicates of the files are maintained at the same site or at a remote site. The two files are processed concurrently. This is used for critical data files such as airline booking systems. B. Electronic vaulting electronically transmits data either to direct access storage, an optical disc or another storage medium; this is a method used by banks. This is not usually in real time as much as a shadow file system is. C. Hard-disk mirroring provides redundancy in case the primary hard disk fails. All transactions and operations occur on two hard disks in the same server. D. A hot site is an alternate site ready to take over business operations within a few hours of any business interruption and is not a method for backing up data.

An IS auditor is performing a review of a network, and users report that the network is slow and web pages periodically time out. The IS auditor confirms the users' feedback and reports the findings to the network manager. The most appropriate action for the network management team should be to FIRST: A. use a protocol analyzer to perform network analysis and review error logs of local area network (LAN) equipment. B. take steps to increase the bandwidth of the connection to the Internet. Incorrect C. create a baseline using a protocol analyzer and implement quality of service (QoS) to ensure that critical business applications work as intended. D. implement virtual LANs (VLANs) to segment the network and ensure performance.

You answered C. The correct answer is A. A. In this case, the first step is to identify the problem through review and analysis of network traffic. Using a protocol analyzer and reviewing the log files of the related switches or routers will determine whether there is a configuration issue or hardware malfunction. B. While increasing Internet bandwidth may be required, this may not be needed if the performance issue is due to a different problem or error condition. C. While creating a baseline and implementing quality of service (QoS) will ensure that critical applications have the appropriate bandwidth, in this case the performance issue could be related to misconfiguration or equipment malfunction. D. While implementing virtual local area networks (VLANs) may be a good practice for ensuring adequate performance, in this case the issue could be related to misconfigurations or equipment malfunction.

When reviewing a disaster recovery plan (DRP), an IS auditor should be MOST concerned with the lack of: A. process owner involvement. B. well-documented testing procedures. Incorrect C. an alternate processing facility. D. a well-documented data classification scheme.

You answered C. The correct answer is A. A. Process owner involvement is a critical part of the business impact analysis (BIA), which is used to create the disaster recovery plan (DRP). If the IS auditor determined that process owners were not involved, this would be a significant concern. B. While well-documented testing procedures are important, unless process owners are involved there is no way to know whether the priorities and critical elements of the plan are valid. C. An alternate processing facility may be a requirement to meet the needs of the business; however, such a decision needs to be based on the BIA. D. A data classification scheme is important to ensure that controls over data are appropriate; however, this is a lesser concern than a lack of process owner involvement.

An IS auditor is assisting in the design of the emergency change control procedures for an organization with a limited budget. Which of the following recommendations BEST helps to establish accountability for the system support personnel? A. Production access is granted to the individual support ID when needed. B. Developers use a firefighter ID to promote code to production. Incorrect C. A dedicated user promotes emergency changes to production. D. Emergency changes are authorized prior to promotion.

You answered C. The correct answer is A. A. Production access should be controlled and monitored to ensure segregation of duties. During an emergency change, a user who normally does not have access to production may require access. The best process to ensure accountability within the production system is to have the information security team create a production support group and add the user ID to that group to promote the change. When the change is complete the ID can be removed from the group. This process ensures that activity in production is linked to the specific ID that was used to make the change. B. Some organizations may use a firefighter ID, which is a generic/shared ID, to promote changes to production. When needed, the developer can use this ID to access production. It may still be difficult to determine who made the change; therefore, although this process is commonly used, the use of a production support ID is a better choice. C. Having a dedicated user who promotes changes to production in an emergency is ideal but is generally not cost-effective and may not be realistic for emergency changes. D. Emergency changes are, by definition, unauthorized changes. Approvals usually are obtained following promotion of the change to production. All changes should be auditable, and that can best be accomplished by having a user ID added/removed to the production support group as needed.

Which of the following is the MOST critical element of an effective disaster recovery plan (DRP)? A. Offsite storage of backup data B. Up-to-date list of key disaster recovery contacts Incorrect C. Availability of a replacement data center D. Clearly defined recovery time objective (RTO)

You answered C. The correct answer is A. A. Remote storage of backups is the most critical disaster recovery plan (DRP) element of the items listed because access to backup data is required to restore systems. B. Having a list of key contacts is important but not as important as having adequate data backup. C. A DRP may use a replacement data center or some other solution such as a mobile site, reciprocal agreement or outsourcing agreement. D. Having a clearly defined recovery time objective (RTO) is especially important for business continuity planning (BCP), but the core element of disaster recovery (the recovery of IT infrastructure and capability) is data backup.

An IS auditor performing an application maintenance audit would review the log of program changes for the: A. authorization of program changes. B. creation date of a current object module. Incorrect C. number of program changes actually made. D. creation date of a current source program.

You answered C. The correct answer is A. A. The auditor wants to ensure that only authorized changes have been made to the application. The auditor would therefore review the log of program changes to verify that all changes have been approved. B. The creation date of the current object module will not indicate earlier changes to the application. C. The auditor will review the system to notice the number of changes actually made but then will verify that all the changes were authorized. D. The creation date of the current source program will not identify earlier changes.

Recovery procedures for an information processing facility are BEST based on: A. recovery time objective (RTO). B. recovery point objective (RPO). Incorrect C. maximum tolerable outage (MTO). D. information security policy.

You answered C. The correct answer is A. A. The recovery time objective (RTO) is the amount of time allowed for the recovery of a business function or resource after a disaster occurs; the RTO is the desired recovery timeframe based on maximum tolerable outage (MTO) and available recovery alternatives. B. The recovery point objective (RPO) has the greatest influence on the recovery strategies for given data. It is determined based on the acceptable data loss in case of a disruption of operations. The RPO effectively quantifies the permissible amount of data loss in case of interruption. C. MTO is the amount of time allowed for the recovery of a business function or resource after a disaster occurs; it represents the time by which the service must be restored before the organization is faced with the threat of collapse. D. An information security policy does not address recovery procedures.

During an assessment of software development practices, an IS auditor finds that open source software components were used in an application designed for a client. What is the GREATEST concern the auditor would have about the use of open source software? A. The client did not pay for the open source software components. B. The organization and client must comply with open source software license terms. Incorrect C. Open source software has security vulnerabilities. D. Open source software is unreliable for commercial use.

You answered C. The correct answer is B. A. A major benefit of using open source software is that it is free. The client is not required to pay for the open source software components; however, both the developing organization and the client should be concerned about the licensing terms and conditions of the open source software components that are being used. B. There are many types of open source software licenses and each has different terms and conditions. Some open source software licensing allows use of the open source software component freely, but requires that the completed software product must also allow the same rights. This is known as viral licensing, and if the development organization is not careful, its products could violate licensing terms by selling the product for profit. The IS auditor should be most concerned with open source software licensing compliance to avoid unintended intellectual property risk or legal consequences. C. Open source software, just like any software code, should be tested for security flaws and should be part of the normal system development life cycle (SDLC) process. This is not more of a concern than licensing compliance. D. Open source software does not inherently lack quality. Like any software code, it should be tested for reliability and should be part of the normal SDLC process. This is not more of a concern than licensing compliance.

Once an organization has finished the business process reengineering (BPR) of all its critical operations, an IS auditor would MOST likely focus on a review of: A. pre-BPR process flowcharts. B. post-BPR process flowcharts. Incorrect C. BPR project plans. D. continuous improvement and monitoring plans.

You answered C. The correct answer is B. A. An IS auditor must review the process as it is today, not as it was in the past. B. An IS auditor's task is to identify and ensure that key controls have been incorporated into the reengineered process. C. Business process reengineering (BPR) project plans are a step within a BPR project. D. Continuous improvement and monitoring plans are steps within a BPR project.

Which of the following processes will be MOST effective in reducing the risk that unauthorized software on a backup server is distributed to the production server? A. Manually copy files to accomplish replication. B. Review changes in the software version control system. Incorrect C. Ensure that developers do not have access to the backup server. D. Review the access control log of the backup server.

You answered C. The correct answer is B. A. Even if replication is be conducted manually with due care, there still remains a risk to copying unauthorized software from one server to another. B. It is common practice for software changes to be tracked and controlled using version control software. An IS auditor should review reports or logs from this system to identify the software that is promoted to production. Only moving the versions on the version control system (VCS) program will prevent the transfer of development or earlier versions. C. If unauthorized code was introduced onto the backup server by developers, controls on the production server and the software version control system should mitigate this risk. D. Review of the access log will identify staff access or the operations performed; however, it may not provide enough information to detect the release of unauthorized software.

Doing which of the following during peak production hours could result in unexpected downtime? A. Performing data migration or tape backup B. Performing preventive maintenance on electrical systems Incorrect C. Promoting applications from development to the staging environment D. Reconfiguring a standby router in the data center

You answered C. The correct answer is B. A. Performing data migration may impact performance but would not cause downtime. B. Preventive maintenance activities should be scheduled for non-peak times of the day, and preferably during a maintenance window time period. A mishap or incident caused by a maintenance worker could result in unplanned downtime. C. Promoting applications into a staging environment (not production) should not affect systems operations in any significant manner. D. Reconfiguring a standby router should not cause unexpected downtime because the router is not operational and any problems should not affect network traffic.

An IS auditor reviewing a cloud computing environment managed by a third party should be MOST concerned when: A. the organization is not permitted to assess the controls in the participating vendor's site. B. the service level agreement (SLA) does not address the responsibility of the vendor in the case of a security breach. Incorrect C. laws and regulations are different in the countries of the organization and the vendor. D. the organization is using an older version of a browser and is vulnerable to certain types of security risk.

You answered C. The correct answer is B. A. The IS auditor has no role to play if the contract between the parties does not provide for assessment of controls in the other vendor's site. B. Administration of cloud computing occurs over the Internet and involves more than one participating entity. It is the responsibility of each of the partners in the cloud computing environment to take care of security issues in their own environments. When there is a security breach, the party responsible for the breach should be identified and made accountable. This is not possible if the service level agreement (SLA) does not address the responsibilities of the partners during a security breach. C. The IS auditor should ensure that the contract addresses the differing laws and regulations in the countries of the organization and the vendor, but having different laws and regulations is not a problem in itself. D. The IS auditor can make suggestions to the audited entity to use appropriate patches or to switch over to safer browsers, and the IS auditor can follow up on the action taken.

An IS auditor of a health care organization is reviewing contractual terms and conditions of a third-party cloud provider being considered to host patient health information (PHI). Which of the follow contractual terms would be the GREATEST risk to the customer organization? A. Data ownership is retained by the customer organization. B. The third-party provider reserves the right to access data to perform certain operations. Incorrect C. Bulk data withdrawal mechanisms are undefined. D. The customer organization is responsible for backup, archive and restore.

You answered C. The correct answer is B. A. The customer organization would want to retain data ownership and, therefore, this would not be a risk. B. Some service providers reserve the right to access customer information (third-party access) to perform certain transactions and provide certain services. In the case of protected health information (PHI), regulations may restrict certain access. Organizations must review the regulatory environment in which the cloud provider operates because it may have requirements or restrictions of its own. Organizations must then determine whether the cloud provider provides appropriate controls to ensure that data are appropriately secure. C. An organization may eventually wish to discontinue its service with a third-party cloud-based provider. The organization would then want to remove its data from the system and ensure that the service provider clears the system (including any backups) of its data. Some providers do not offer automated or bulk data withdrawal mechanisms, which the organization needs to migrate its data. These aspects should be clarified prior to using a third-party provider. D. An organization may need to plan its own data recovery processes and procedures if the service provider does not make this available or the organization has doubts about the service provider's processes. This would only be a risk if the customer organization was unable to perform these activities itself.

Which of the following is the BEST reference for an IS auditor to determine a vendor's ability to meet service level agreement (SLA) requirements for a critical IT security service? A. Compliance with the master agreement B. Agreed-on key performance metrics Incorrect C. Results of business continuity tests D. Results of independent audit reports

You answered C. The correct answer is B. A. The master agreement typically includes terms, conditions and costs but does not typically include service levels. B. Metrics allow for a means to measure performance. Service level agreements (SLAs) are statements related to expected service levels. For example, an Internet service provider (ISP) may guarantee that their service will be available 99.99 percent of the time. C. If applicable to the service, results of business continuity tests are typically included as part of the due diligence review. D. Independent audits report on the financial condition of an organization or the control environment. Reviewing audit reports is typically part of the due diligence review. Even audits must be performed against a set of standards or metrics to validate compliance.

An organization has implemented an online customer help desk application using a software as a service (SaaS) operating model. An IS auditor is asked to recommend the best control to monitor the service level agreement (SLA) with the SaaS vendor as it relates to availability. What is the BEST recommendation that the IS auditor can provide? A. Ask the SaaS vendor to provide a weekly report on application uptime. B. Implement an online polling tool to monitor the application and record outages. Incorrect C. Log all application outages reported by users and aggregate the outage time weekly. D. Contract an independent third party to provide weekly reports on application uptime.

You answered C. The correct answer is B. A. Weekly application availability reports are useful, but these reports represent only the vendor's perspective. While monitoring these reports, the organization can raise concerns of inaccuracy; however, without internal monitoring, such concerns cannot be substantiated. B. Implementing an online polling tool to monitor and record application outages is the best option for an organization to monitor application availability. Comparing internal reports with the vendor's service level agreement (SLA) reports would ensure that the vendor's monitoring of the SLA is accurate and that all conflicts are appropriately resolved. C. Logging the outage times reported by users is helpful, but does not give a true picture of all outages of the online application. Some outages may go unreported, especially if the outages are intermittent. D. Contracting a third party to implement availability monitoring is not a cost-effective option. Additionally, this results in a shift from monitoring the SaaS vendor to monitoring the third party.

A disaster recovery plan (DRP) for an organization's financial system specifies that the recovery point objective (RPO) is zero and the recovery time objective (RTO) is 72 hours. Which of the following is the MOST cost-effective solution? A. A hot site that can be operational in eight hours with asynchronous backup of the transaction logs B. Distributed database systems in multiple locations updated asynchronously Incorrect C. Synchronous updates of the data and standby active systems in a hot site D. Synchronous remote copy of the data in a warm site that can be operational in 48 hours

You answered C. The correct answer is D. A. A hot site would meet the recovery time objective (RTO) but would incur higher costs than necessary. B. Asynchronous updates of the database in distributed locations do not meet the recovery point objective (RPO). C. Synchronous updates of the data and standby active systems in a hot site meet the RPO and RTO requirements, but are more costly than a warm site solution. D. The synchronous copy of the data storage achieves the RPO, and a warm site operational in 48 hours meets the required RTO.

Which of the following is the GREATEST risk when storage growth in a critical file server is not managed properly? A. Backup time would steadily increase. B. Backup operational costs would significantly increase. Incorrect C. Storage operational costs would significantly increase. D. Server recovery work may not meet the recovery time objective (RTO).

You answered C. The correct answer is D. A. Backup time may increase, but that can be managed. The most important issue is the time taken to recover the data. B. The backup cost issues are not as significant as not meeting the recovery time objective (RTO). C. The storage cost issues are not as significant as not meeting the RTO. D. In case of a crash, recovering a server with an extensive amount of data could require a significant amount of time. If the recovery cannot meet the RTO, there will be a discrepancy in IT strategies. It is important to ensure that server restoration can meet the RTO.

During a disaster recovery test, an IS auditor observes that the performance of the disaster recovery site's server is slow. To find the root cause of this, the IS auditor should FIRST review the: A. event error log generated at the disaster recovery site. B. disaster recovery test plan. Incorrect C. disaster recovery plan (DRP). D. configurations and alignment of the primary and disaster recovery sites.

You answered C. The correct answer is D. A. If the issue cannot be clarified, the IS auditor should then review the event error log. B. The disaster recovery test plan would not identify any issues related to system performance unless the test was poorly designed and inefficient, but that would come after checking the configuration. C. Reviewing the disaster recovery plan (DRP) would be unlikely to provide any information about system performance issues. D. Because the configuration of the system is the most probable cause, the IS auditor should review that first.

After discovering a security vulnerability in a third-party application that interfaces with several external systems, a patch is applied to a significant number of modules. Which of the following tests should an IS auditor recommend? A. Stress B. Black box Incorrect C. Interface D. System

You answered C. The correct answer is D. A. Stress testing relates to capacity and availability and does not apply in these circumstances. B. Black box testing would be performed on the individual modules, but the entire system should be tested because more than one module was changed. C. Interface testing would test the interaction with external systems but would not validate the performance of the changed system. D. Given the extensiveness of the patch and its interfaces to external systems, system testing is most appropriate. System testing will test all the functionality and interfaces between modules.

If a database is restored using before-image dumps, where should the process begin following an interruption? A. Before the last transaction B. After the last transaction C. As the first transaction after the latest checkpoint Incorrect D. As the last transaction before the latest checkpoint

You answered D. The correct answer is A. A. If before images are used, the last transaction in the dump will not have updated the database prior to the dump being taken. B. The last transaction will not have updated the database and must be reprocessed. C. Program checkpoints are irrelevant in this situation. Checkpoints are used in application failures. D. Program checkpoints are irrelevant in this situation. Checkpoints are used in application failures.

An IS auditor should recommend the use of library control software to provide reasonable assurance that: A. program changes have been authorized. B. only thoroughly tested programs are released. C. modified programs are automatically moved to production. Incorrect D. source and executable code integrity is maintained.

You answered D. The correct answer is A. A. Library control software should be used to separate test from production libraries in mainframe and/or client server environments. The main objective of library control software is to provide assurance that program changes have been authorized. B. Library control software is concerned with authorized program changes and cannot determine whether programs have been thoroughly tested. C. Programs should not be moved automatically into production without proper authorization. D. Library control software provides reasonable assurance that the source code and executable code are matched at the time a source code is moved to production. Access control will ensure the integrity of the software, but the most important benefit of version control software is to ensure that all changes are authorized.

An IS auditor is reviewing the most recent disaster recovery plan (DRP) of an organization. Which approval is the MOST important when determining the availability of system resources required for the plan? A. Executive management B. IT management C. Board of directors Incorrect D. Steering committee

You answered D. The correct answer is B. A. Although executive management's approval is essential, the IT department is responsible for managing system resources and their availability as related to disaster recovery (DR). B. Because a disaster recovery plan (DRP) is based on the recovery and provisioning of IT services, IT management's approval would be most important to verify that the system resources will be available in the event that a disaster event is triggered. C. The board of directors may review and approve the DRP, but the IT department is responsible for managing system resources and their availability as related to DR. D. The steering committee would determine the requirements for disaster recovery (recovery time objective [RTO] and recovery point objective [RPO]); however, the IT department is responsible for managing system resources and their availability as related to DR.

Which of the following controls would provide the GREATEST assurance of database integrity? A. Audit log procedures B. Table link/reference checks C. Query/table access time checks Incorrect D. Rollback and rollforward database features

You answered D. The correct answer is B. A. Audit log procedures enable recording of all events that have been identified and help in tracing the events. However, they only point to the event and do not ensure completeness or accuracy of the database contents. B. Performing table link/reference checks serves to detect table linking errors (such as completeness and accuracy of the contents of the database), and thus provides the greatest assurance of database integrity. C. Querying/monitoring table access time checks helps designers improve database performance but not integrity. D. Rollback and rollforward database features ensure recovery from an abnormal disruption. They assure the integrity of the transaction that was being processed at the time of disruption, but do not provide assurance on the integrity of the contents of the database.

An organization is reviewing its contract with a cloud computing provider. For which of the following reasons would the organization want to remove a lock-in clause from the contract? A. Availability B. Portability C. Agility Incorrect D. Scalability

You answered D. The correct answer is B. A. Removing the customer lock-in clause will not secure availability of the systems resources stored in a cloud computing environment. B. When drawing up a contract with a cloud service provider, the ideal practice is to remove the customer lock-in clause. It may be important for the client to secure portability of their system assets (i.e., the right to transfer from one vendor to another). C. Agility refers to efficiency of solutions enabling organizations to respond to business needs faster. This is a desirable quality of cloud computing. D. Scalability is the strength of cloud computing through the ability to adjust service levels according to changing business circumstances. Therefore, this is not the best option.

During fieldwork, an IS auditor experienced a system crash caused by a security patch installation. To provide reasonable assurance that this event will not recur, the IS auditor should ensure that: A. only systems administrators perform the patch process. B. the client's change management process is adequate. C. patches are validated using parallel testing in production. Incorrect D. an approval process of the patch, including a risk assessment, is developed.

You answered D. The correct answer is B. A. While system administrators would normally install patches, it is more important that changes be made according to a formal procedure that includes testing and implementing the change during nonproduction times. B. The change management process, which would include procedures regarding implementing changes during production hours, helps to ensure that this type of event does not recur. An IS auditor should review the change management process, including patch management procedures, to verify that the process has adequate controls and to make suggestions accordingly. C. While patches would normally undergo testing, it is often impossible to test all patches thoroughly. It is more important that changes be made during nonproduction times, and that a backout plan is in place in case of problems. D. An approval process alone could not directly prevent this type of incident from happening. There should be a complete change management process that includes testing, scheduling and approval.

An IS auditor is evaluating the effectiveness of the organization's change management process. What is the MOST important control that the IS auditor should look for to ensure system availability? A. Changes are authorized by IT managers at all times. B. User acceptance testing (UAT) is performed and properly documented. C. Test plans and procedures exist and are closely followed. Incorrect D. Capacity planning is performed as part of each development project. .

You answered D. The correct answer is C. A. Changes are usually required to be signed off by a business analyst, member of the change control board or other authorized representative, not necessarily by IT management. B. User acceptance testing (UAT) is important but not a critical element of change control and would not usually address the topic of availability as asked in the question. C. The most important control for ensuring system availability is to implement a sound test plan and procedures that are followed consistently. D. While capacity planning should be considered in each development project, it will not ensure system availability, nor is it part of the change control process

The PRIMARY benefit of an IT manager monitoring technical capacity is to: A. identify the need for new hardware and storage procurement. B. determine the future capacity need based on usage. C. ensure that the service level agreement (SLA) requirements are met. Incorrect D. ensure that systems operate at optimal capacity.

You answered D. The correct answer is C. A. This is one benefit of monitoring technical capacity because it can help forecast future demands, not just react to system failures. However, the primary responsibility of the IT manager is to meet the overall requirement to ensure that IT is meeting the service level expectations of the business. B. Determining future capacity is one definite benefit of technical capability monitoring. C. Capacity monitoring has multiple objectives; however, the primary objective is to ensure compliance with the internal service level agreement (SLA) between the business and IT. D. IT management is interested in ensuring that systems are operating at optimal capacity, but their primary obligation is to ensure that IT is meeting the service level requirements of the business.

IT management has decided to install a level 1 Redundant Array of Inexpensive Disks (RAID) system in all servers to compensate for the elimination of offsite backups. The IS auditor should recommend: A. upgrading to a level 5 RAID. B. increasing the frequency of onsite backups. C. reinstating the offsite backups. Incorrect D. establishing a cold site in a secure location.

You answered D. The correct answer is C. A. Upgrading to level 5 Redundant Array of Inexpensive Disks (RAID) will not address the problem of catastrophic failure of the data center housing all the data. B. Increasing the frequency of onsite backups is not relevant to RAID 1 because all data are being mirrored already. C. A RAID system, at any level, will not protect against a natural disaster. The problem will not be alleviated without offsite backups. D. A cold site is an offsite recovery location, but will not provide for data recovery because a cold site is not used to store data.

An IS auditor reviewing the application change management process for a large multinational company should be MOST concerned when: A. test systems run different configurations than do production systems. B. change management records are paper based. C. the configuration management database is not maintained. Incorrect D. the test environment is installed on the production server.

You answered D. The correct answer is C. A. While, ideally, production and test systems should be configured identically, there may be reasons why this does not occur. The more significant concern is whether the configuration management database was not maintained. B. Paper-based change management records are inefficient to maintain and not easy to review in large volumes; however, they do not present a concern from a control point of view as long as they are properly and diligently maintained. C. The configuration management database (CMDB) is used to track configuration items (CIs) and the dependencies between them. An out-of-date CMDB in a large multinational company could result in incorrect approvals being obtained, or leave out critical dependencies during the test phase. D. While it is not ideal to have the test environment installed on the production server, it is not a control-related concern. As long as the test and production environments are kept separate, they can be installed on the same physical server(s).

A new business requirement required changing database vendors. Which of the following areas should the IS auditor PRIMARILY examine in relation to this implementation? Correct A. Integrity of the data B. Timing of the cutover C. Authorization level of users D. Normalization of the data

You are correct, the answer is A. A. A critical issue when migrating data from one database to another is the integrity of the data and ensuring that the data are migrated completely and correctly. B. The timing of the cutover is important, but because the data are being migrated to a new database, duplication should not be an issue. C. The authorization of the users is not as relevant as the authorization of the application because the users will interface with the database through an application, and the users will not directly interface with the database. D. Normalization is used to design the database and is not necessarily related to database migration.

Which of the following is the MOST efficient strategy for the backup of large quantities of mission-critical data when the systems need to be online to take sales orders 24 hours a day? Correct A. Implementing a fault-tolerant disk-to-disk backup solution B. Making a full backup to tape weekly and an incremental backup nightly C. Creating a duplicate storage area network (SAN) and replicating the data to a second SAN D. Creating identical server and storage infrastructure at a hot site

You are correct, the answer is A. A. Disk-to-disk backup, also called disk-to-disk-to-tape backup or tape cache, is when the primary backup is written to disk instead of tape. That backup can then be copied, cloned or migrated to tape at a later time (hence the term "disk-to-disk-to-tape"). This technology allows the backup of data to be performed without impacting system performance and allows a large quantity of data to be backed up in a very short backup window. In case of a failure, the fault-tolerant system can transfer immediately to the other disk set. B. While a backup strategy involving tape drives is valid, because many computer systems must be taken offline so that backups can be performed, there is the need to create a backup window, typically during each night. For a system that must remain online at all times, the only feasible way to back up the data is to either duplicate the data to a server that gets backed up to tape, or deploy a disk-to-disk solution, which is effectively the same thing. C. While creating a duplicate storage area network (SAN) and replicating the data to a second SAN provides some redundancy and data protection, this is not really a backup solution. If the two systems are at the same site, there is a risk that an incident such as a fire or flood in the data center could lead to data loss. D. While creating an identical server and storage infrastructure at a hot site provides a great deal of redundancy, there is still the need to create a backup of the data, and typically there is the need to archive certain data for long-term storage. A cutover to a hot site cannot usually be performed in a short enough time for a continuous availability system. Therefore, this is not the best strategy.

Segmenting a highly sensitive database results in: Correct A. reduced exposure. B. reduced threat. C. less criticality. D. less sensitivity.

You are correct, the answer is A. A. Segmenting data reduces the quantity of data exposed as a result of a particular event. B. The threat may remain constant, but each segment may represent a different vector against which it must be directed. C. Criticality (availability) of data is not affected by the manner in which it is segmented. D. Sensitivity of data is not affected by the manner in which it is segmented.

Which of the following specifically addresses how to detect cyberattacks against an organization's IT systems and how to recover from an attack? Correct A. An incident response plan (IRP) B. An IT contingency plan C. A business continuity plan (BCP) D. A continuity of operations plan (COOP)

You are correct, the answer is A. A. The incident response plan (IRP) determines the information security responses to incidents such as cyberattacks on systems and/or networks. This plan establishes procedures to enable security personnel to identify, mitigate and recover from malicious computer incidents such as unauthorized access to a system or data, denial of service (DoS) or unauthorized changes to system hardware or software. B. The IT contingency plan addresses IT system disruptions and establishes procedures for recovering from a major application or general support system failure. The contingency plan deals with ways to recover from an unexpected failure, but it does not address the identification or prevention of cyberattacks. C. The business continuity plan (BCP) addresses business processes and provides procedures for sustaining essential business operations while recovering from a significant disruption. While a cyberattack could be severe enough to require use of the BCP, the IRP would be used to determine which actions should be taken—both to stop the attack as well as to resume normal operations after the attack. D. The continuity of operations plan (COOP) addresses the subset of an organization's missions that are deemed most critical and contains procedures to sustain these functions at an alternate site for a short time period.

After a disaster declaration, the media creation date at a warm recovery site is based on the: Correct A. recovery point objective (RPO). B. recovery time objective (RTO). C. service delivery objective (SDO). D. maximum tolerable outage (MTO).

You are correct, the answer is A. A. The recovery point objective (RPO) is determined based on the acceptable data loss in case of a disruption of operations. It indicates the earliest point in time that is acceptable to recover the data. The RPO effectively quantifies the permissible amount of data loss in case of interruption. The media creation date will reflect the point to which data are to be restored or the RPO. B. The recovery time objective (RTO) is the amount of time allowed for the recovery of a business function or resource after a disaster occurs. C. The service delivery objective (SDO) is directly related to the business needs, and is the level of service to be reached during the alternate process mode until the normal situation is restored. D. The maximum tolerable outage (MTO) is the maximum time that an organization can support processing in alternate mode.

During maintenance of a relational database, several values of the foreign key in a transaction table have been corrupted. The consequence is that: Correct A. the detail of involved transactions may no longer be associated with master data, causing errors when these transactions are processed. B. there is no way of reconstructing the lost information, except by deleting the dangling tuples and reentering the transactions. C. the database will immediately stop execution and lose more information. D. the database will no longer accept input data.

You are correct, the answer is A. A. When the external key of a transaction is corrupted or lost, the application system will normally be incapable of directly attaching the master data to the transaction data. Normally, this will cause the system to undertake a sequential search and slow down the processing. If the concerned files are big, this slowdown will be unacceptable. This is a violation of referential integrity. B. A system can recover the corrupted external key by re-indexing the table. C. The corruption of a foreign key will not stop program execution. D. The corruption of a foreign key will not affect database input.

The objective of concurrency control in a database system is to: A. restrict updating of the database to authorized users. Correct B. prevent integrity problems when two processes attempt to update the same data at the same time. C. prevent inadvertent or unauthorized disclosure of data in the database. D. ensure the accuracy, completeness and consistency of data.

You are correct, the answer is B. A. Access controls restrict updating of the database to authorized users. B. Concurrency controls prevent data integrity problems, which can arise when two update processes access the same data item at the same time. C. Controls such as passwords prevent the inadvertent or unauthorized disclosure of data from the database. D. Quality controls such as edits ensure the accuracy, completeness and consistency of data maintained in the database.

Which of the following BEST reduces the ability of one device to capture the packets that are meant for another device? A. Hubs Correct B. Switches C. Routers D. Firewalls

You are correct, the answer is B. A. Hubs will broadcast all data to all network ports. B. Switches are at a low level of network security and transmit a packet to the device to which it is addressed. This reduces the ability of one device to capture the packets that are meant for another device. C. Routers allow packets to be given or denied access based on the addresses of the sender and receiver, and the type of packet. D. Firewalls are a collection of computer and network equipment used to allow communications to flow out of the organization and restrict communications flowing into the organization.

In auditing a database environment, an IS auditor will be MOST concerned if the database administrator (DBA) is performing which of the following functions? A. Performing database changes according to change management procedures Correct B. Installing patches or upgrades to the operating system C. Sizing table space and consulting on table join limitations D. Performing backup and recovery procedures

You are correct, the answer is B. A. Performing database changes according to change management procedures would be a normal function of the database administrator (DBA) and would be compliant with the procedures of the organization. B. Installing patches or upgrades to the operating system is a function that should be performed by a systems administrator, not by a DBA. If a DBA were performing this function, there would be a risk based on inappropriate segregation of duties. C. A DBA is expected to support the business through helping design, create and maintain databases and the interfaces to the databases. D. The DBA often performs or supports database backup and recovery procedures.

An IS auditor reviewing an organization's disaster recovery plan should PRIMARILY verify that it is: A. tested every six months. Correct B. regularly reviewed and updated. C. approved by the chief executive officer (CEO). D. communicated to every department head in the organization.

You are correct, the answer is B. A. The plan must be subjected to regular testing, but the period between tests will depend on the nature of the organization, the amount of change in the organization and the relative importance of IS. Three months, or even annually, may be appropriate in different circumstances. B. The plan should be reviewed at appropriate intervals, depending on the nature of the business and the rate of change of systems and personnel. Otherwise, it may become out of date and may no longer be effective. C. Although the disaster recovery plan should receive the approval of senior management, it need not be the chief executive officer (CEO) if another executive officer is equally or more appropriate. For a purely IS-related plan, the executive responsible for technology may have approved the plan. D. Although a business continuity plan is likely to be circulated throughout an organization, the IS disaster recovery plan will usually be a technical document and only relevant to IS and communication staff.

Which of the following is MOST important when an operating system (OS) patch is to be applied to a production environment? A. Successful regression testing by the developer Correct B. Approval from the information asset owner C. Approval from the security officer D. Patch installation at alternate sites

You are correct, the answer is B. A. While testing is important for any patch, in this case it should be assumed that the operating system (OS) vendor tested the patch before releasing it. Before this OS patch is put into production, the organization should do system testing to ensure that no issues will occur. B. It is most important that information owners approve any changes to production systems to ensure that no serious business disruption takes place as the result of the patch release. C. The security officer does not normally need to approve every OS patch. D. Security patches need to be deployed consistently across the organization, including alternate sites. However, approval from the information asset owner is still the most important consideration.

It is MOST appropriate to implement an incremental backup scheme when: A. there is limited recovery time for critical data. B. online disk-based media are preferred. Correct C. there is limited media capacity. D. a random selection of backup sets is required.

You are correct, the answer is C. A. A full backup or differential backup is preferred in this situation. B. Incremental backup could be used irrespective of the media adopted. C. In an incremental backup, after the full backup, only the files that have changed are backed up, thus minimizing media storage. D. A random selection of backup sets may not be possible with an incremental backup scheme because only fragments of the data are backed up on a daily basis.

Which of the following is an object-oriented technology characteristic that permits an enhanced degree of security over data? A. Inheritance B. Dynamic warehousing Correct C. Encapsulation D. Polymorphism

You are correct, the answer is C. A. In object-oriented systems an object is called by another module and inherits its data from the calling module. This does not affect security. B. Dynamic warehousing is not related to the security of object-oriented technology. C. Encapsulation is a property of objects, and it prevents accessing either properties or methods that have not been previously defined as public. This means that any implementation of the behavior of an object is not accessible. An object defines a communication interface with the exterior and only that which belongs to that interface can be accessed. D. Polymorphism is the principle of creating different objects that will behave differently depending on the input. This is not a security feature.

An IS auditor notes that patches for the operating system used by an organization are deployed by the IT department as advised by the vendor. The MOST significant concern an IS auditor should have with this practice is that IT has NOT considered: A. the training needs for users after applying the patch. B. any beneficial impact of the patch on the operational systems. Correct C. delaying deployment until testing the impact of the patch. D. the necessity of advising end users of new patches.

You are correct, the answer is C. A. Normally, there is no need for training users when a new operating system patch has been installed. B. Any beneficial impact is less important than the risk of unavailability, which could be avoided with proper testing. C. Deploying patches without testing exposes an organization to the risk of system disruption or failure. D. Normally, there is no need for advising users when a new operating system patch has been installed except to ensure that the patch is applied at a time that will have minimal impact on operations.

An IS auditor finds that the data warehouse query performance decreases significantly at certain times of the day. Which of the following controls would be MOST relevant for the IS auditor to review? A. Permanent table-space allocation B. Commitment and rollback controls Correct C. User spool and database limit controls D. Read/write access log controls

You are correct, the answer is C. A. Table-space allocation will not affect performance at different times of the day. B. Commitment and rollback will only apply to errors or failures and will not affect performance at different times of the day. C. User spool limits restrict the space available for running user queries. This prevents poorly formed queries from consuming excessive system resources and impacting general query performance. Limiting the space available to users in their own databases prevents them from building excessively large tables. This helps to control space utilization which itself acts to help performance by maintaining a buffer between the actual data volume stored and the physical device capacity. Additionally, it prevents users from consuming excessive resources in ad hoc table builds (as opposed to scheduled production loads that often can run overnight and are optimized for performance purposes). In a data warehouse, because you are not running online transactions, commitment and rollback does not have an impact on performance. D. Read/write access log controls will not affect performance at different times of the day.

During a human resources (HR) audit, an IS auditor is informed that there is a verbal agreement between the IT and HR departments as to the level of IT services expected. In this situation, what should the IS auditor do FIRST? A. Postpone the audit until the agreement is documented. B. Report the existence of the undocumented agreement to senior management. Correct C. Confirm the content of the agreement with both departments. D. Draft a service level agreement (SLA) for the two departments.

You are correct, the answer is C. A. There is no reason to postpone an audit because a service agreement is not documented, unless that is all that is being audited. The agreement can be documented after it has been established that there is an agreement in place. B. Reporting to senior management is not necessary at this stage of the audit because this is not a serious immediate vulnerability. C. An IS auditor should first confirm and understand the current practice before making any recommendations. Part of this will be to ensure that both parties are in agreement with the terms of the agreement. D. Drafting a service level agreement (SLA) is not the IS auditor's responsibility.

Which of the following would an IS auditor consider to be the MOST important to review when conducting a disaster recovery audit? A. A hot site is contracted for and available as needed. B. A business continuity manual is available and current. C. Insurance coverage is adequate and premiums are current. Correct D. Media backups are performed on a timely basis and stored offsite.

You are correct, the answer is D. A. A hot site is important, but it is of no use if there are no data backups for it. B. A business continuity manual is advisable but not most important in a disaster recovery audit. C. Insurance coverage should be adequate to cover costs, but is not as important as having the data backup. D. Without data to process, all other components of the recovery effort are in vain. Even in the absence of a plan, recovery efforts of any type would not be practical without data to process.

A company with a limited budget has a recovery time objective (RTO) of 72 hours and a recovery point objective (RPO) of 24 hours. Which of the following would BEST meet the requirements of the business? A. A hot site B. A cold site C. A mirrored site Correct D. A warm site

You are correct, the answer is D. A. Although a hot site enables the business to meets its recovery point objective (RPO) and recovery time objective (RTO), the cost to maintain a hot site is more than the cost to maintain a warm site, which could also meet the objectives. B. A cold site, although providing basic infrastructure, lacks the required hardware to meet the business objectives. C. A mirrored site provides fully redundant facilities with real-time data replication. It can meet the business objectives, but it is not as cost-effective a solution as a warm site. D. A warm site is the most appropriate solution because it provides basic infrastructure and most of the required IT equipment to affordably meet the business requirements. The remainder of the equipment needed can be provided through vendor agreements within a few days. The RTO is the amount of time allowed for the recovery of a business function or resource after a disaster occurs. The RPO is determined based on the acceptable data loss in case of a disruption of operations. The RPO indicates the earliest point in time that is acceptable to recover the data, and it effectively quantifies the permissible amount of data loss in case of interruption.

Which of the following security measures BEST ensures the integrity of information stored in a data warehouse? A. Validated daily backups B. Change management procedures C. Data dictionary maintenance Correct D. A read-only restriction

You are correct, the answer is D. A. Backups address availability, not integrity. Validated backups ensure that the backup will work when needed. B. Adequate change management procedures protect the data warehouse and the systems with which the data warehouse interfaces from unauthorized changes but are not usually concerned with the data. C. Data dictionary maintenance procedures provide for the definition and structure of data that are input to the data warehouse. This will not affect the integrity of data already stored. D. Because most data in a data warehouse are historic and do not need to be changed, applying read-only restrictions prevents data manipulation.

Which of the following activities should the business continuity manager perform FIRST after the replacement of hardware at the primary information processing facility? A. Verify compatibility with the hot site B. Review the implementation report C. Perform a walk-through of the disaster recovery plan (DRP) Correct D. Update the IT asset inventory

You are correct, the answer is D. A. Before validating that the new hardware is compatible with the recovery site, the business continuity manager should update the listing of all equipment and IT assets included in the business continuity plan (BCP). B. The implementation report will be of limited value to the business continuity manager because the equipment has been installed. C. The walk-through of the plan should only be done after the asset inventory has been updated. D. An IT assets inventory is the basic input for the business continuity/disaster recovery plan, and the plan must be updated to reflect changes in the IT infrastructure.

Which of the following BEST ensures that users have uninterrupted access to a critical, heavily utilized web-based application? A. Disk mirroring B. Redundant Array of Inexpensive Disks (RAID) technology C. Dynamic domain name system (DDNS) Correct D. Load balancing

You are correct, the answer is D. A. Disk mirroring provides real-time replication of disk drives, but does not ensure uninterrupted system availability in the event a server crashes. B. Redundant Array of Inexpensive Disks (RAID) technology improves resiliency but does not protect against failure of a network interface card (NIC) or central processing unit (CPU) processor failure. C. Dynamic domain name system (DDNS) is a method used to assign a host name to an Internet protocol (IP) address that is dynamic. This is a useful technology, but does not help ensure availability. D. Load balancing best ensures uninterrupted system availability by distributing traffic across multiple servers. Load balancing helps ensure consistent response time for web applications. Also, if a web server fails, load balancing ensures that traffic will be directed to a different, functional server.

Which of the following is a network diagnostic tool that monitors and records network information? A. Online monitor B. Downtime report C. Help desk report Correct D. Protocol analyzer

You are correct, the answer is D. A. Online monitors measure telecommunication transmissions and determine whether transmissions were accurate and complete. B. Downtime reports track the availability of telecommunication lines and circuits. C. Help desk reports are prepared by the help desk, which is staffed or supported by IS technical support personnel trained to handle problems occurring during the course of IS operations. D. Protocol analyzers are network diagnostic tools that monitor and record network information from packets traveling in the link to which the analyzer is attached.

The MAIN criterion for determining the severity level of a service disruption incident is: A. cost of recovery. B. negative public opinion. C. geographic location. Correct D. downtime. `

You are correct, the answer is D. A. The cost of recovery could be minimal, yet the service downtime could have a major impact. B. Negative public opinion is a symptom of an incident; it is a factor in determining impact but not the most important one. C. Geographic location does not determine the severity of the incident. D. The longer the period of time a client cannot be serviced, the greater the severity (impact) of the incident.

An IS auditor is evaluating network performance for an organization that is considering increasing its Internet bandwidth due to a performance degradation during business hours. Which of the following is MOST likely the cause of the performance degradation? A. Malware on servers B. Firewall misconfiguration C. Increased spam received by the email server Correct D. Unauthorized network activities

You are correct, the answer is D. A. The existence of malware on the organization's server could contribute to network performance issues, but the degraded performance would not likely be restricted to business hours. B. Firewall misconfiguration could contribute to network performance issues, but the degraded performance would not likely be restricted to business hours. C. The existence of spam on the organization's email server could contribute to network performance issues, but the degraded performance would not likely be restricted to business hours. D. Unauthorized network activities—such as employee use of file or music sharing sites or online gambling or personal email containing large files or photos—could contribute to network performance issues. Because the IS auditor found the degraded performance during business hours, this is the most likely cause.

Which of the following controls would be MOST effective in ensuring that production source code and object code are synchronized? A. Release-to-release source and object comparison reports B. Library control software restricting changes to source code C. Restricted access to source code and object code Correct D. Date and time-stamp reviews of source and object code

You are correct, the answer is D. A. Using version control software and comparing source and object code is good practice, but may not detect a problem where the source code is a different version than the object code. B. All production libraries should be protected with access controls, and this may protect source code from tampering. However, this will not ensure that source and object codes are based on the same version. C. It is a good practice to protect all source and object code—even in development. However, this will not ensure the synchronization of source and object code. D. Date and time-stamp reviews of source and object code would ensure that source code, which has been compiled, matches the production object code. This is the most effective way to ensure that the approved production source code is compiled and is the one being used.