Delete
94. Receiving an electronic data interchange (EDI) transaction and passing it through the communication interface stage usually requires: a) Translating and unbundling transactions 2) Passing data to the appropriate application system 3) Routing verification procedures 4) Creating a point of receipt audit log
3
136.An IS auditor at a bank is performing compliance testing and has discovered that one of the branches has virus signatures that have not been updated in over six months in this case, the IS auditor should recommend: a)Security awareness and education regarding the importance of updating antivirus software b)An automated process initiated from the main office to update anTivirus software at each branch c)Reconfiguration of the firewall to a most-restrictive policy and implementation of an intrusion prevention system (IPS) d)That the branch re-certify the machines after the updates are installed
b
107. Which of the following is the GREATEST advantage of elliptic curve encryption over RSA encryption? a) Computation speed b) Ability to support digital signatures c) Simpler key distribution d) Greater strength for a given key length
a
115.From a control perspective, the PRIMARY objective of classifying information assets is to: a)Establish guidelines for the level of access controls that should be assigned b)Ensure access controls are assigned to all information assets c)Assist management and auditors in risk assessment d)Identify which assets need to be insured against losses
a
122.A technical lead who was working on a major project has left the organization. The project manager reports suspicious system activities on one of the servers that is accessible to the whole team. What would be of GREATEST concern if discovered during a forensic investigation? a)Audit logs are not enabled for the system b)A logon ID for the technical lead still exists c)Spyware is installed on the system d)A Trojan is installed on the system
a
123.Certification of an enterprise's public key by a recognized authority is essential because: a)The publicly available key might have been revoked b)Everyone has access to the enterprise's public key c)The enterprise's private key is not published d)The enterprise's public key may not be linked to the private key used
a
127.A hacker could obtain passwords without the use of computer tools or programs through the technique of a)Social engineering b)Sniffers c)Back doors d)Trojan horses
a
129.An IS auditor reviewing the operating system integrity of a server would PRIMARILY: a)Verify that privileged programs or services cannot be invoked by user programs b)Determine whether administrator accounts have proper password controls c)Ensure that tile permissions are correct on configuration tiles d)Verify that programs or services running on the server are from valid sources
a
131.ABC Inc. offers a number of services though its web site. During one day, senior executives of ABC Inc. were surprised to discover that sensitive data on their servers were being leaked to unauthorized individuals on the Internet.Post incident investigations revealed that ABC lnc.'s key servers were infected with a Trojan. The incident occurred alter deployment of a newly acquired module from a software vendor, which was tested on test servers in accordance with functional specifications. The incident had gone unnoticed for a period of about four weeks. A potential cause of the leak may have been malware embedded in the new module: a.Intrusion detection system (IDS) b.Vulnerability scan process c. Firewall rule set review D. Access control monitoring
a
142. Certification of an enterprise's public key by a recognized authority is essential because: a)The publicly available key might have been revoked b)Everyone has access to the enterprise's public key c)The enterprise's private key is not published d)The enterprise's public key may not be linked to the private key used
a
80. An organization is proposing to establish a wireless local area network (WLAN). Management asks the IS auditor to recommend security controls for the WLAN. Which of the following would be the MOST appropriate recommendation? a) Physically secure wireless access points to prevent tampering b) Use service set identifiers (SSIDs) that clearly identify the organization. c) Encrypt traffic using the Wired Equivalent Privacy (WEP) mechanism. d) Implement the Simple Network Management Protocol (SNMP) to allow active monitoring.
a
84. The MOST important difference between hashing and encryption is that hashing: a) Is irreversible b) Outputs the same length as the original message c) Is concerned with integrity and security d) Is the same at the sending and receiving end
a
91. Which of the following attacks targets the Secure Sockets Layer (SSL)? a) Man-in-the middle b) Dictionary c) Password sniffing d) Phishing
a
96. Which of the following should an IS auditor recommend for the protection of specific sensitive information stored in the data warehouse? a) Implement column and row-level permissions b) Enhance user authentication via strong passwords c) Organize the data warehouse into subject matter-specific databases d) Log user access to the data warehouse
a
98. Which of the following is the BEST way to satisfy a two-factor user authentication? a) A smart card requiring the user's personal identification number (PIN) b) User ID along with password c) Iris scanning plus fingerprint scanning d) A magnetic card requiring the user's PIN
a
99. An organization has experienced a large amount of traffic being re-routed from its Voice-over IP (VolP) packet network. The organization believes it is a victim of eavesdropping. Which of the following could result in eavesdropping of VoIP traffic? a) Corruption of the address resolution protocol (AR?) cache in Ethernet switches b) Use of a default administrator password on the analog phone switch c) Deploying virtual local area networks (VLANs) without enabling encryption d) End users having access to software tools such as packet sniffer applications
a
102. Which of the following cryptographic systems is MOST appropriate for bulk data encryption and small devices such as smart cards? a) Data Encryption Standard (DES) b) Advanced Encryption Standard (AES) c) Triple DES d) RSA
b
104. Which of the following is the MOST effective control when granting temporary access to vendors? a) Vendor access corresponds to the service level agreement (SLA). b) User accounts are created with expiration dates and are based on services provided c) Administrator access is provided for a limited period d) User IDs are deleted when the work is completed
b
108. The logical exposure associated with the use of a checkpoint restart procedure is: a) Denial of service b) An asynchronous attack c) Wiretapping d) Computer shutdown
b
113. To ensure authentication, confidentiality and integrity of a message, the sender should encrypt the hash of the message with the sender's a) Public key and then encrypt the message with the receiver's private key b) Private key and then encrypt the message with the receiver's public key c) Public key and then encrypt the message with the receiver's public key d) Private key and then encrypt the message with the receiver's private key
b
114.When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected on the network? a)Use the IP address of an existing file server or domain controller b)Pause the scanning every few minutes to allow thresholds to reset c)Conduct the scans during evening hours when no one is logged-in d)Use multiple scanning tools since each too l has different characteristics
b
119.Which of the following wide area network (WAN) transmission techniques offers the BEST error and flow control procedures while transmitting data? a)Message switching b)Packet switching c)Circuit switching d)Virtual circuits
b
120.A business application system accesses a corporate database using a single ID and password embedded in a program. Which of the following would provide efficient access control over the organization's data? a)Introduce a secondary authentic ation method such as card swipe b)Apply role-based permissions within the application system c)Have users input the ID and password for each database transaction d) Set an expiration period for the database password embedded in the program
b
126.Naming conventions for system resources are important for access control because they a)Ensure that resource names are not ambiguous b)Reduce the number of rules required to adequately protect resources c)Ensure that user access to resources is clearly and uniquely identified d)Ensure that internationally recognized names are used to protect resources
b
128.Which of the following implementation modes would provide the GREATEST amount of security for outbound data connecting to the Internet? a)Secure Sockets Layer (SSL) mode b)Tunnel mode with AH plus ESP c)Triple Data Encryption Standard (triple DES) encryption mode d)Transport mode with authentication header (AH) plus encapsulating security payload (ESP)
b
137.In Internet Protocol Security (IPSec), which of the following PRIMARILY provides data protection? a)Semantic net b)Encapsulated security payload (ESP) c)Authentication header (AH) d)Digital signature
b
100. Which of the following would be considered an essential feature of a network management system? a) A graphical interface to map the network topology b) Capacity to Interact with the Internet to solve the problems c) Connectivity to a help desk for advice on difficult issues d) An export facility for piping data to spreadsheets
a
105. Which of the following protocols would be involved in the implementation of a router and an Interconnectivity device monitoring system? a) Simple Network Management Protocol b) File Transfer Protocol (FTP) c) Simple Mail Transfer Protocol (SMTP) d) Telnet
a
138. During a review of intrusion detection logs an IS auditor notices traffic coming from the Internet which appears to originate from the Internal IP address of the company payroll server.Which of the following malicious activities would MOST likely cause this type of result? a)Denial-of-Service (DoS) attack b)Spoofing c)Port Scanning d)A man in the middle attack
b
140.Which of the following functions should be performed by the application owners to ensure an adequate segregation of duties between IS and end users? a)System analysis b)Authorization of access to data c)Application programming d)Data administration
b
141.A new business application has been designed in a large, complex organization and the business owner has requested that the various reports be viewed on a"need to know" basis. Which of the following access control methods would be the BEST method to achieve this requirement? a)Mandatory b)Role based c)Discretionary d)Single Sign-On (SSO)
b
143.When reviewing the procedures for the disposal of computers, which of the following should be the GREATEST concern for the IS auditor? a)Hard disks are overwritten several times at the sector level, but are not reformatted before leaving the organization b)All files and folders on hard disks are separately deleted, and the hard disks are formatted before leaving the organization c)Hard disks are rendered unreadable by hole-punching through the platters at specific positions before leaving the organization d)The transport of hard disks is escorted by internal security staff to a nearby metal recycling company, where the hard disks are registered and then shredded
b
79. Which of the following biometrics has the HIGHEST reliability and lowest false acceptance rate (FAR)? a) Palm scan b) Retina scan c) Face recognition d) Hand geometry
b
82. A single sign-on (SSO) server is used to authenticate users to the network as the corporate identity system. The IS auditor has noticed that users may have multiple IDs and that there is no enforced link between the human resources (HR) system and the identity authentication system. The IS auditor will MOST be concerned by which of the following? a) User IDs are used in different applications b) There is a lack of unique user IDs c) Users may be assigned multiple system accounts d) IDs are not using a single naming standard
b
83. Which of the following would MOST effectively enhance the security of a challenge response based authentication system? a) Selecting a more robust algorithm to generate challenge strings b) Increasing the frequency of associated password changes c) Increasing the length of authentication strings d) Implementing measures to prevent session hijacking attacks
b
86. Which significant risk is introduced by running the tile transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file to an unauthorized person b) Hacker may be able to use the FTP service to bypass the firewall c) FTP could significantly reduce the performance of a DMZ server d) FTP services could allow a user to download files from unauthorized sources
b
88. What method might an 18 auditor utilize to test wireless security at branch office locations? a) Wardialing b) War driving c) Social engineering d) Password cracking
b
89. An organization's l'l' director has approved the installation of a wireless local area network (WLAN) access point in a conference room for a team of consultants to access the internet with their laptop computers. The BEST control to protect the corporate servers from unauthorized access is to ensure that: a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN) c) Antivirus signatures and patch levels are current on the consultants' laptops d) Default user IDs are disabled and strong passwords are set on the corporate servers
b
89. Which of the following would be of MOST concern to an 15 auditor reviewing a virtual private network (VPN) implementation Computers on the network that are located: a) At the backup site b) in employees homes c) At the Enterprise's remote offices d) On the enterprise's internal network
b
90. The review of router access control lists should be conducted during: a) An environmental review b) A network security review c) A business continuity review d) A data integrity review
b
135.A web server is attacked and compromised. Which of the following should be performed FIRST to handle the incident? a)Dump the volatile storage data to a disk b)Run the server in a fail-safe mode c)Disconnect the web server from the network d)Shut down the web server
c
101. An IS auditor should be MOST concerned with what aspect of an authorized honeypot? a) The data collected on attack methods b) The information offered to outsiders on the honeypot c) The risk that the honeypot could be used to launch further attacks on the organization's infrastructure d) The risk that the honeypot would be subject to a distributed denial-of-service attack
c
103. Which of the following would be the BEST overall control for an Internet business looking for confidentiality, reliability and integrity of data? a) Secure Sockets Layer (SSL) b) Intrusion detection system (IDS) c) Public key infrastructure [PKI) d) Virtual private network (VPN)
c
106.While downloading software, a hash may be provided to: a) Ensure that the software comes from a genuine source b) Ensure that the software is the correct revision number c) Ensure that the software has not been modified d) Serve as a license key for paid users of the software
c
111. An IS auditor selects a server for a penetration test that will be carried out by a technical specialist. Which of the following is MOST important? a) The tools used to conduct the test b) Certifications held by the IS auditor c) Permission from the data owner of the server d) An intrusion detection system (IDS) is enabled
c
112. Among the following controls, what is the BEST method to prevent inappropriate access to private and sensitive information through a business application? a) Two-factor authentication access control b) Encryption of authentication data c) Role-based access control (RBAC) d) Effective segregation of duties (30D)
c
116.Which of the following types of penetration tests simulates a real attack and is used to test incident handling and response capability of the target? a)Blind testing b)Targeted testing c)Double-blind testing d)External testing
c
118.Which of the following is the BEST way to handle obsolete magnetic tapes before disposing of them? a)Overwriting the tapes b)Initializing the tape labels c)Degaussing the tapes d)Erasing the tapes
c
133.Which of the following Internet security threats could compromise integrity? a)Theft of data from the client b)Exposure of network configuration information c)A Trojan horse browser d)Eavesdropping on the net which of the following should concern an
c
134.IS auditor when reviewing security in a client-server environment? a)Protecting data using an encryption technique b)Preventing unauthorized access using a diskless workstation c)Enabling users to access and modify the database directly d)Disabling floppy drives on the users' machines
c
76. A penetration test performed as part of evaluating network security: a) Provides assurance that all vulnerabilities are discovered b) Should be performed without warning the organization's management c) Exploits the existing vulnerabilities to gain unauthorized access d) Would not damage the information assets when performed at network perimeters
c
85. Which of the following satisfies a two-factor user authentication? a) iris scanning plus fingerprint scanning b) Terminal ID plus global positioning system (GPS) c) A smart card requiring the user's personal identification number [PIN] d) User ID along with password
c
93. ABC Inc. offers a number of services through its web site. During one day, senior executives of ABC Inc. were surprised to discover that sensitive data on their servers were being leaked to unauthorized individuals on the Internet. Post incident investigations revealed that ABC lnc.'s key servers were infected with a Trojan. The incident occurred after deployment of a newly acquired module from a software vendor, which was tested on test servers in accordance with functional specifications. The incident had gone unnoticed for a period of about four weeks. A potential cause of the leak may have been malware embedded in the new module. What approach might have detected this problem? a) Encryption of server data b) Updated antivirus software c) Intrusion detection/intrusion prevention systems (lDS/IPSs) d) Secure sockets layer (SSL)/transport layer security (TLS)
c
95. Which of the following is the MOST reliable sender authentication method? a) Digital signatures b) Asymmetric cryptography c) Digital certificates d) Message authentication code
c
97. During a logical access controls review, an IS auditor observes that user accounts are shared. The GREATEST risk resulting from this situation is that: a) An unauthorized user may use the ID to gain access b) User access management is time consuming c) User accountability is not established d) Passwords are easily guessed
c
92. Event log entries related to failed local administrator logon attempts are observed by the IS auditor. Which of the following is the MOST likely cause of multiple failed login attempts? a) SYN flood attacks b) Social engineering c) Buffer overflow attacks d) Malicious code attacks
d
109. Due to a recent economic downturn, an IT organization has terminated several administrators and consolidated all IT administration at its central headquarters. During an IT audit, the auditor determines that the organization has implemented remote administration connectivity to each site using low-cost digital subscriber line (DSL) connections and an automated simple network management protocol (SNMP)-based monitoring system. What would be the GREATEST concern? a] The authentication methods used for remote administration may be inadequate b) Physical security at remote sites may not be adequate c) Terminated employees may retain access to systems at remote sites d) The connection to remote sites is not using a VPN for connectivity
d
110. The cryptographic hash sum of a message is recalculated by the message's receiver. This is to ensure: a) The confidentiality of the message b) Nonrepudiation by the sender c) The authenticity of the message d) The integrity of data transmitted by the sender
d
117.Which of the following is a passive attack to a network? a)Message modification b)Masquerading c)Denial of service d)Traffic analysis
d
121.An IS Auditor has observed brute-force attacks on the administrator account.The BEST recommendation to prevent a successful brute force attack would be to: a)Increase the password length for the user b)Configure a session timeout mechanism c)Perform periodic vulnerability scans d)Configure a hard-to-guess username
d
124. Which of the following is the MOST effective method for dealing with the spreading of a network worm that exploits vulnerability in a protocol? a)Install the vendor's security fix for the vulnerability b)Block the protocol traffic in the perimeter firewall c)Block the protocol traffic between internal network segments d)Stop the service until an appropriate security fix is installed
d
125.The BEST way to minimize the risk of communication failures in an e-commerce environment would be to use a)Compression software to minimize transmission duration b)Functional or message acknowledgments c)A packet-filtering firewall to reroute messages d)Leased a synchronous transfer mode lines
d
130.An organization stores and transmits sensitive customer information within a secure wired network. IT has implemented an additional wireless local area network (WLAN)to support general-purpose staff computing needs. A few employees with WLAN access have legitimate business reasons for also accessing customer information. Which of the following represents the BEST control to ensure separation of the two networks? a)Establish two physically separate networks b)Implement virtual local area network (VLAN) segmentation c)Install a dedicated router between the two networks d)Install a firewall between the networks
d
132.What is the BEST way to verify that a digital signature is valid? a)Verify that the sender's public key certificate is from a trusted Certificate authority (CA) b)Use a hash algorithm from the CA to determine whether the message has been tampered with c)Verify the digital signature through a manual comparison of the h ash value d)Obtain the public key from the sender, and verify the digital sig nature
d
139.An employee has received a digital photo frame as a gift and has connected it to his/her work PC to transfer digital photos. The PRIMARY risk that this scenario introduces is that: a)The photo frame storage media could be used to s teal corporate data b)The drivers for the photo frame may be incompatible and crash the user's PC c)The employee may bring inappropriate photographs into the office d)The photo frame could be infected with malware/
d
77. What should an organization do before providing an external agency physical access to its information processing facilities (lPFs)? a) The processes of the external agency should be subjected to an IS audit by an independent agency b) Employees of the external agency should be trained on the security procedures of the organization c) Any access by an external agency should be limited to the demilitarized zone (DMZ) d) The organization should conduct a risk assessment and design and implement appropriate controls
d
81. Which of the following encryption mechanisms is performed at the application layer of the open systems interconnection (051) model? a) Secure sockets layer (SSL) b) IP Security (lPSec) c) Secure Shell (SSH) d) Secure Hypertext Transfer Protocol (SHTTP)
d
87. During a logical access controls review, an IS auditor observes that user accounts are shared. The GREATEST risk resulting from this situation is that: a) An unauthorized user may use the ID to gain access b) Passwords are easily guessed c) User access management is time consuming d) User accountability may not be established
d