Toughest CISA Questions
As a driver of IT governance, transparency of IT's cost, value and risk is primarily achieved A. performance measurement. B. strategic alignment. C. value delivery. D. resource management.
A
Email message authenticity and confidentiality is BEST achieved by signing the message using the: A. sender's private key and encrypting the message using the receiver's public key. B. sender's public key and encrypting the message using the receiver's private key. C. receiver's private key and encrypting the message using the sender's public key. D. receiver's public key and encrypting the message using the sender's private key.
A
Results of a postimplementation review indicate that only 75 percent of the users can log in to the application concurrently. Which of the following could have BEST discovered the identified weakness of the application? A. Load testing B. Stress testing C. Recovery testing D. Volume testing
A
The MAIN purpose of the annual IS audit plan is to: A. allocate resources for audits B. reduce the impact of audit risk C. develop a training plan for auditors D. minimize the audit costs
A
The PRIMARY goal of a web site certificate is:Select an answer: A.authentication of the web site that will be surfed. B.authentication of the user who surfs through that site. C.preventing surfing of the web site by hackers. D.the same purpose as that of a digital certificate.
A
When planning an audit of a network setup, an IS auditor should give HIGHEST priority to obtaining which of the following network documentation?Select an answer: A.Wiring and schematic diagram B.Users' lists and responsibilities C.Application lists and their details D.Backup and recovery procedures
A
When reviewing system parameters, an IS auditor's PRIMARY concern should be that:Select an answer: A.they are set to meet security and performance requirements. B.changes are recorded in an audit trail and periodically reviewed. C.changes are authorized and supported by appropriate documents. D.access to parameters in the system is restricted.
A
Which of the following would be the BEST access control procedure?Select an answer: A.The data owner formally authorizes access and an administrator implements the user authorization tables. B.Authorized staff implements the user authorization tables and the data owner sanctions them. C.The data owner and an IS manager jointly create and update the user authorization tables. D.The data owner creates and updates the user authorization tables.
A
Which one of the following could be used to provide automated assurance that proper data files are being used during processing? A. Internal labeling, including file header records B. Version usage C. Parity checking D. File security controls
A
In a client-server architecture, a domain name service (DNS) is MOST important because it provides the: A. address of the domain server. B. resolution service for the name/address. C. IP addresses for the Internet. D. domain name system.
B
There are several methods of providing telecommunication continuity. The method of routing traffic through split cable or duplicate cable facilities is called:Select an answer: A.alternative routing. B.diverse routing. C.long-haul network diversity. D.last-mile circuit protection.
B
The PRIMARY benefit of an IT manager monitoring technical capacity is to: A. identify the need for new hardware and storage procurement B. determine the future capacity need based on usage C. ensure that the service level requirements are met D. ensure the systems operate at optimal capacity
C
Which of the following is the MOST effective when determining the correctness of individual account balances migrated from one database to another? A. compare the hash total before and after the migration B. verify that the number of records is the same for both databases C. perform sample testing of the migrated account balances D. compare the control totals of all of the transactions
C
A database administrator has detected a performance problem with some tables, which could be solved through denormalization. This situation will increase the risk of:Select an answer: A.concurrent access. B.deadlocks. C.unauthorized access to data. D.a loss of data integrity.
D
An IS auditor discovers a potential material finding. The BEST course of action is to:Select an answer: A.report the potential finding to business management. B.discuss the potential finding with the audit committee. C.increase the scope of the audit. D.perform additional testing.
D
An IS auditor has found that employees are emailing sensitive company information to public web-based email domains. Which of the following is the BEST remediation option for the IS auditor to recommend?Select an answer: A.Encrypted mail accounts B.Training and awareness C.Activity monitoring D.Data loss prevention (DLP)
D
An enterprise's risk appetite is BEST established by: A. the chief legal officer. B. security management. C. the audit committee. D. the steering committee.
D
An online stock trading firm is in the process of implementing a system to provide secure email exchange with its customers. What is the BEST option to ensure confidentiality, integrity and nonrepudiation? A. Symmetric key encryption B. Digital signatures C. Message digest algorithms D. Digital certificates
D
An online stock trading firm is in the process of implementing a system to provide secure email exchange with its customers. What is the BEST option to ensure confidentiality, integrity and nonrepudiation?Select an answer: A.Symmetric key encryption B.Digital signatures C.Message digest algorithms D.Digital certificates
D
An organization implemented a distributed accounting system, and the IS auditor is conducting a postimplementation review to provide assurance of the data integrity controls. Which of the following choices should the auditor perform FIRST?Select an answer: A.Review user access. B.Evaluate the change request process. C.Evaluate the reconciliation controls. D.Review the data flow diagram.
D
An organization is planning to deploy an outsourced cloud based app that is used to track job applicant data for the human resources department. Which of the following should be the GREATEST concern to an IS auditor? A. the SLA ensures strict limits for uptime and performance B. the cloud provider will not agree to an unlimited right to audit as part of the SLA C. the SLA is not explicit regarding the disaster recovery plan capabilities of the cloud provider D. the cloud provider's physical data centers are in multiple cities and countries
D
An organization's IS audit charter should specify the: A: plans for IS audit engagements B: objectives and scope of IS audit engagements C: detailed training plan for the IS audit staff D: role of the IS audit function
D
The MOST important point of consideration for an IS auditor while reviewing an enterprise's project portfolio is that it: A. does not exceed the existing IT budget. B. is aligned with the investment strategy. C. has been approved by the IT steering committee. D. is aligned with the business plan.
D
The cryptographic hash sum of a message is recalculated by the receiver. This is to ensure:Select an answer: A.the confidentiality of the message. B.nonrepudiation by the sender. C.the authenticity of the message. D.the integrity of data transmitted by the sender.
D
Which of the following BEST ensures that users have uninterrupted access to a critical, heavily utilized web-based application?Select an answer: A.Disk mirroring B.Redundant Array of Inexpensive Disks (RAID) technology C.Dynamic domain name system (DDNS) D.Load balancing
D
Which of the following has the MOST significant impact on the success of an application systems implementation? A: the prototyping application development methodology B: compliance with applicable external requirements C: the overall organizational environment D: the software reengineering technique
D
A company determined that its web site was compromised and a rootkit was installed on the server hosting the application. Which of the following choices would have MOST likely prevented the incident?Select an answer: A.A host-based intrusion prevention system (IPS) B.A network-based intrusion detection system (IDS) C.A firewall D.Operating system (OS) patching
A
A company has implemented a new client-server enterprise resource planning system. Local branches transmit customer orders to a central manufacturing facility. Which of the following would BEST ensure that the orders are processed accurately, and the corresponding products are produced? A: verifying production of customer orders B: logging all customer orders in teh ERP system C: using hash totals in the order transmitting process D: approving (production supervisor) orders prior to production
A
A consulting firm has created a File Transfer Protocol (FTP) site for the purpose of receiving financial data and has communicated the site's address, user ID and password to the financial services company in separate email messages. The company is to transmit its data to the FTP site after manually encrypting the data. The IS auditor's GREATEST concern with this process is that: A. the users may not remember to manually encrypt the data before transmission. B. the site credentials were sent to the financial services company via email. C. personnel at the consulting firm may obtain access to sensitive data. D. the use of a shared user ID to the FTP site does not allow for user accountability.
A
A database administrator (DBA) who needs to make emergency changes to a database after normal working hours should log in: A: with their named account to make the changes B: with the shared DBA account to make the changes C: to the server administrative account to make the changes D: to the user's account to make the changes
A
After a disaster declaration, the media creation date at a warm recovery site is based on the:Select an answer: A.recovery point objective (RPO). B.recovery time objective (RTO). C.service delivery objective (SDO). D.maximum tolerable outage (MTO).
A
An IS auditor examining a biometric user authentication system establishes the existence of a control weakness that would allow an unauthorized individual to update the centralized database on the server that is used to store biometric templates. Of the following, which is the BEST control against this risk?Select an answer: A.Kerberos B.Vitality detection C.Multimodal biometrics D.Before-image/after-image logging
A
An IS auditor has been asked to look at past projects to determine how future projects can better meet business requirements. With which of the following would the auditors MOST likely consult?Select an answer: A.Project sponsors B.Project managers C.End-user groups D.Business analysts
A
An IS auditor is reviewing a corporate web server. Which of the following should be of MOST concern to the IS auditor? A. System patches are not applied. B. The server is not accessed through a virtual private network (VPN). C. Server logs are not being captured. D. The network address translation is not enabled.
A
An IS auditor is reviewing a project for the implementation of a mission-critical system and notes that, instead of parallel implementation, the team opted for an immediate cutover to the new system. Which of the following is the GREATEST concern?Select an answer: A.The implementation phase of the project has no backout plan. B.User acceptance testing (UAT) was not properly documented. C.Software functionality tests were completed, but stress testing was not performed. D.The go-live date is over a holiday weekend when key IT staff are on vacation.
A
An IS auditor is reviewing security incident management procedures for the company. Which of the following choices is the MOST important consideration? A. Chain of custody of electronic evidence B. System breach notification procedures C. Escalation procedures to external agencies D. Procedures to recover lost data
A
An IS auditor is reviewing system access and discovers an excessive number of users with privileged access. The IS auditor discusses the situation with the system administrator, who states that some personnel in other departments need privileged access and management has approved the access. Which of the following would be the BEST course of action for the IS auditor?Select an answer: A.Determine whether compensating controls are in place. B.Document the issue in the audit report. C.Recommend an update to the procedures. D.Discuss the issue with senior management.
A
An IS auditor is reviewing the backup strategy and the backup technology in use by an organization. The IS auditor would be MOST concerned if: A. data restoration tests are not being regularly performed. B. disk subsystems are being backed up to other disks, and not to tape. C. daily backup logs are purged quarterly. D. backups of critical company data are not encrypted.
A
An IS auditor is told by IS management that the organization has recently reached the highest level of the software capability maturity model (CMM). The software quality process MOST recently added by the organization is: A. continuous improvement. B. quantitative quality goals. C. a documented process. D. a process tailored to specific projects.
A
An IS auditor should recommend the use of library control software to provide reasonable assurance that: A. program changes have been authorized B. only thoroughly tested programs are released C. modified programs are automatically moved to production D. source and executable code integrity is maintained
A
An organization is proposing to establish a wireless local area network (WLAN). Management asks the IS auditor to recommend security controls for the WLAN. Which of the following would be the MOST appropriate recommendation?Select an answer: A.Physically secure wireless access points to prevent tampering. B.Use service set identifiers (SSIDs) that clearly identify the organization. C.Encrypt traffic using the Wired Equivalent Privacy (WEP) mechanism. D.Implement the Simple Network Management Protocol (SNMP) to allow active monitoring.
A
Due to resource constraints, a developer requires full access to production data to support certain problems reported by production users. Which of the following choices would be a good compensating control for controlling unauthorized changes in production? A. Provide and monitor separate login IDs that the developer will use for programming and for production support. B. Capture activities of the developer in the production environment by enabling audit trails. C. Back up all affected records before allowing the developer to make production changes. D. Ensure that all changes are approved by the change manager.
A
During an IS audit of a bank, the IS auditor is assessing whether the enterprise properly manages staff member access to the operating system. The IS auditor should determine whether the enterprise performs:Select an answer: A.periodic review of user activity logs. B.verification of user authorization at the field level. C.review of data communication access activity logs. D.periodic review of changing data files.
A
During an audit of a small enterprise, the IS auditor noted that the IS director has superuser-privilege access that allows the director to process requests for changes to the application access roles (access types). Which of the following should the IS auditor recommend? A: Implement a properly documented process for application role change requests B: Hire additional staff to provide a segregation of duties (SoD) for application role changes C: Implement an automated process for changing application roles D: Document the current procedure in detail, and make it available on the enterprise intranet
A
During the planning stage of an IS audit, the PRIMARY goal of an IS auditor is to: A: address audit objectives B: collect sufficient evidence C: specify appropriate tests D: minimize audit resources
A
Email message authenticity and confidentiality is BEST achieved by signing the message using the: A. sender's private key and encrypting the message using the receiver's public key. B. sender's public key and encrypting the message using the receiver's private key. C. receiver's private key and encrypting the message using the sender's public key. D. receiver's public key and encrypting the message using the sender's private key
A
Facilitating telecommunications continuity by providing redundant combinations of local carrier T-1 lines (E-1 lines in Europe), microwaves and/or coaxial cables to access the local communication loop is: A. last-mile circuit protection. B. long-haul network diversity. C. diverse routing. D. alternative routing.
A
Recovery procedures for an information processing facility are BEST based on: A. recovery time objective (RTO). B. recovery point objective (RPO). C. maximum tolerable outage (MTO). D. information security policy.
A
Recovery procedures for an information processing facility are BEST based on:Select an answer: A.recovery time objective (RTO). B.recovery point objective (RPO). C.maximum tolerable outage (MTO). D.information security policy.
A
The PRIMARY benefit of an enterprise architecture initiative is to: A: enable the organization to invest in the most appropriate technology B: ensure security controls are implemented on critical platforms C: allow development teams to be more responsive to business requirements D: provide business units with greater autonomy to select IT solutions that fit their needs
A
The computer security incident response team (CSIRT) of an organization disseminates detailed descriptions of recent threats. an IS auditor's GREATEST concern should be that the users may: A: use this information to launch attacks B: forward the security alert C: implement individual solutions D: fail to understand the threat
A
The frequent updating of which of the following is key to the continued effectiveness of a disaster recovery plan (DRP)? A. Contact information of key personnel B. Server inventory documentation C. Individual roles and responsibilities D. Procedures for declaring a disaster
A
The use of object-oriented design and development techniques would MOST likely: A: facilitate the ability to reuse modules B: improve system performance C: enhance control effectiveness D: speed up the system development life cycle
A
To ensure message integrity, confidentiality and nonrepudiation between two parties, the MOST effective method would be to create a message digest by applying a cryptographic hashing algorithm against: A. the entire message, enciphering the message digest using the sender's private key, enciphering the message with a symmetric key and enciphering the key by using the receiver's public key. B. any part of the message, enciphering the message digest using the sender's private key, enciphering the message with a symmetric key and enciphering the key using the receiver's public key. C. the entire message, enciphering the message digest using the sender's private key, enciphering the message with a symmetric key and enciphering both the encrypted message and digest using the receiver's public key. D. the entire message, enciphering the message digest using the sender's private key and enciphering the message using the receiver's public key.
A
Use of asymmetric encryption in an Internet e-commerce site, where there is one private key for the hosting server and the public key is widely distributed to the customers, is MOST likely to provide comfort to the: A. customer over the authenticity of the hosting organization. B. hosting organization over the authenticity of the customer. C. customer over the confidentiality of messages from the hosting organization. D. hosting organization over the confidentiality of messages passed to the customer.
A
What is the MAJOR benefit of conducting a control self-assessment (CSA) over a traditional audit?Select an answer: A.It detects risk sooner. B.It replaces the audit function. C.It reduces audit workload. D.It reduces audit resources.
A
What is the MOST prevalent security risk when an organization implements remote virtual private network (VPN) access to its network?Select an answer: A.Malicious code could be spread across the network. B.The VPN logon could be spoofed. C.Traffic could be sniffed and decrypted. D.The VPN gateway could be compromised.
A
When auditing security for a data center, an IS auditor should look for the presence of a voltage regulator to ensure that the:Select an answer: A.hardware is protected against power surges. B.integrity is maintained if the main power is interrupted. C.immediate power will be available if the main power is lost. D.hardware is protected against long-term power fluctuations.
A
Which of the following is the BEST method to ensure that the business continuity plan (BCP) remains up to date? A. The group walks through the different scenarios of the plan, from beginning to end. B. The group ensures that specific systems can actually perform adequately at the alternate offsite facility. C. The group is aware of full-interruption test procedures. D. Interdepartmental communication is promoted to better respond in the case of a disaster.
A
Which of the following is the BEST method to ensure that the business continuity plan (BCP) remains up to date?Select an answer: A.The group walks through the different scenarios of the plan from beginning to end. B.The group ensures that specific systems can actually perform adequately at the alternate offsite facility. C.The group is aware of full-interruption test procedures. D.Interdepartmental communication is promoted to better respond in the case of a disaster.
A
Which of the following is the BEST way to satisfy a two-factor user authentication? A.A smart card requiring the user's personal identification number (PIN) B.User ID along with password C.Iris scanning plus fingerprint scanning D.A magnetic card requiring the user's PIN
A
Which of the following is the MOST important critical success factor (CSF) of implementing a risk-based approach to the IT system life cycle?Select an answer: A.Adequate involvement of stakeholders B.Selection of a risk management framework C.Identification of risk mitigation strategies D.Understanding of the regulatory environment
A
Which of the following is widely accepted as one of the critical components in networking management?Select an answer: A.Configuration management B.Topological mappings C.Application of monitoring tools D.Proxy server troubleshooting
A
Which of the following represents the GREATEST potential risk in an electronic data interchange (EDI) environment? A. lack of transaction authorization B. loss or duplication of EDI transmissions C. transmission delay D. deletion or manipulation of transactions prior to, or after, establishment of application controls
A
Which of the following should an IS auditor recommend for the protection of specific sensitive information stored in the data warehouse?Select an answer: A.Implement column- and row-level permissions B.Enhance user authentication via strong passwords C.Organize the data warehouse into subject matter-specific databases D.Log user access to the data warehouse
A
Which of the following should be considered FIRST when implementing a risk management program? A.An understanding of the organization's threat, vulnerability and risk profile B.An understanding of the risk exposures and the potential consequences of compromise C.A determination of risk management priorities based on potential consequences D.A risk mitigation strategy sufficient to keep risk consequences at an acceptable level
A
Which of the following situations would increase the likelihood of fraud?Select an answer: A.Application programmers are implementing changes to production programs. B.Administrators are implementing vendor patches to vendor-supplied software without following change control procedures. C.Operations support staff members are implementing changes to batch schedules. D.Database administrators are implementing changes to data structures.
A
Which of the following would BEST ensure continuity of a wide area network (WAN) across the organization? A: Built-in alternative routing B: completing full system backup daily C: a repair contract with a service provider D: a duplicate machine alongside each server
A
Which of the following would be BEST prevented by a raised floor in the computer machine room?Select an answer: A.Damage of wires around computers and servers B.A power failure from static electricity C.Shocks from earthquakes D.Water flood damage
A
Which of the following would be the BEST approach to ensure that sufficient test coverage will be achieved for a project with a strict end date and a fixed time to perform testing? A: requirements should be tested in terms of importance and frequency of use B: test coverage should be restricted to functional requirements C: automated tests should be performed through the use of scripting D: the number of required tests should be reduced by retesting only defect fixes
A
Which of the following would be the BEST overall control for an Internet business looking for confidentiality, reliability and integrity of data?Select an answer: A.Secure Sockets Layer (SSL) B.Intrusion detection system (IDS) C.Public key infrastructure (PKI) D.Virtual private network (VPN)
A
While conducting an audit of a service provider, an IS auditor observes that the service provider has outsourced a part of the work to another provider. Because the work involves confidential information, the IS auditor's PRIMARY concern should be that the: A.requirement for protecting confidentiality of information could be compromised. B.contract may be terminated because prior permission from the outsourcer was not obtained. C.other service provider to whom work has been outsourced is not subject to audit. D.outsourcer will approach the other service provider directly for further work.
A
A development team has developed and is currently maintaining a customer-facing web application which is hosted at their regional office versus at the central data center. The GREATEST risk in this scenario is that the:Select an answer: A.additional traffic of the web site would slow down Internet access for the regional office. B.development team may lack the expertise and staffing to manage and maintain a hosted application environment. C.regional office may not have the same level of fire detection and suppression that exists at the main data center. D.regional office may not have a firewall or network that is sufficiently secure for a web server.
B
A financial institution with multiple branch offices has an automated control that requires the branch manager to approve transactions more than a certain amount. What type of audit control is this?Select an answer: A.Detective B.Preventive C.Corrective D.Directive
B
A new application has been purchased from a vendor and is about to be implemented. Which of the following choices is a key consideration when implementing the application? A. Preventing the compromise of the source code during the implementation process B. Ensuring that vendor default accounts and passwords have been disabled C. Removing the old copies of the program from escrow to avoid confusion D. Verifying that the vendor is meeting support and maintenance agreements
B
A new business application has been designed in a large, complex organization and the business owner has requested that the various reports be viewed on a "need to know" basis. Which of the following access control methods would be the BEST method to achieve this requirement?Select an answer: A.Mandatory B.Role-based C.Discretionary D.Single sign-on (SSO)
B
After the merger of two organizations, multiple self-developed legacy applications from both organizations are to be replaced by a new common platform. Which of the following would be the GREATEST risk? A. Project management and progress reporting is combined in a project management office which is driven by external consultants. B. The replacement effort consists of several independent projects without integrating the resource allocation in a portfolio management approach. C. The resources of each of the organizations are inefficiently allocated while they are being familiarized with the other company's legacy systems. D. The new platform will force the business areas of both organizations to change their work processes, which will result in extensive training needs.
B
An IS auditor is conducting a postimplementation review of an enterprise's network. Which of the following findings would be of MOST concern?Select an answer: A.Wireless mobile devices are not password-protected. B.Default passwords are not changed when installing network devices. C.An outbound web proxy does not exist. D.All communication links do not utilize encryption.
B
An IS auditor is reviewing Secure Sockets Layer (SSL) enabled web sites for the company. Which of the following choices would be the HIGHEST risk? A. Expired digital certificates B. Self-signed digital certificates C. Using the same digital certificate for multiple web sites D. Using 56-bit digital certificates
B
An IS auditor is reviewing a third-party agreement for a new cloud-based accounting service provider. Which of the following considerations is the MOST important with regard to the privacy of the accounting data?Select an answer: A.Data retention, backup and recovery B.Return or destruction of information C.Network and intrusion detection D.A patch management process
B
An IS auditor is reviewing the most recent disaster recovery plan (DRP) of an organization. Which approval is the MOST important when determining the availability of system resources required for the plan? A: executive management B: IT management C: board of directors D: steering committee
B
An IS auditor is reviewing the network infrastructure of a call center and determines that the internal telephone system is based on Voice-over Internet Protocol (VoIP) technology. Which of the following is the GREATEST concern? A. Voice communication uses the same equipment that is used for data communication. B. Ethernet switches are not protected by uninterrupted power supply (UPS) units. C. Voice communication is not encrypted on the local network. D. The team that supports the data network also is responsible for the telephone system.
B
An IS auditor of a health care organization is reviewing contractual terms and conditions of a third-party cloud provider being considered to host patient health information (PHI). Which of the follow contractual terms would be the GREATEST risk to the customer organization? A. Data ownership is retained by the customer organization. B. The third-party provider reserves the right to access data to perform certain operations. C. Bulk data withdrawal mechanisms are undefined. D. The customer organization is responsible for backup, archive and restore.
B
An IS auditor performing a data center review for a large company discovers that the data center has a lead-acid battery room to provide power to its uninterruptable power supply (UPS) during short-term outages and a diesel generator to provide long-term power backup. Which of the following items would cause the IS auditor the GREATEST concern?Select an answer: A.The service contract on the diesel generator is not current. B.The battery room does not contain hydrogen sensors. C.The door to the battery room is kept locked. D.The battery room is next to the diesel generator yard.
B
An IS auditor performing a telecommunication access control review should be concerned PRIMARILY with the:Select an answer: A.maintenance of access logs of usage of various system resources. B.authorization and authentication of the user prior to granting access to system resources. C.adequate protection of stored data on servers by encryption or other means. D.accountability system and the ability to identify any terminal accessing system resources.
B
An IS auditor recommends that an initial validation control be programmed into a credit card transaction capture application. The initial validation process would MOST likely: A: check to ensure that the type of transaction is valid for the card type B: verify the format of the number entered, then locate it on the database C: ensure that the transaction entered is within the cardholder's credit limit D: confirm that the card is not shown as lost or stolen on the master file
B
An IS auditor reviewing an organization's disaster recovery plan should PRIMARILY verify that it is:Select an answer: A.tested every six months. B.regularly reviewed and updated. C.approved by the chief executive officer (CEO). D.communicated to every department head in the organization.
B
An IS auditor reviewing the information security policies should verify whether information security management roles and responsibilities are communicated to which of the following? A. Functional heads B. Organizational users C. The IT steering committee D. IS security management
B
An organization has a well-established risk management process. Which of the following risk management practices would MOST likely expose the organization to the greatest amount of compliance risk?Select an answer: A.Risk reduction B.Risk transfer C.Risk avoidance D.Risk mitigation
B
An organization's IT director has approved the installation of a wireless local area network (WLAN) access point in a conference room for a team of consultants to access the Internet with their laptop computers. The BEST control to protect the corporate servers from unauthorized access is to ensure that:Select an answer: A.encryption is enabled on the access point. B.the conference room network is on a separate virtual local area network (VLAN). C.antivirus signatures and patch levels are current on the consultants' laptops. D.default user IDs are disabled and strong passwords are set on the corporate servers.
B
Digital signatures require the: A. Signer to have a public key and the receiver to have a private key B. signer to have a private key and the receiver to have a public key C. signer and receiver to have a public key D. signer and receiver to have a private key
B
Digital signatures require the:Select an answer: A.signer to have a public key and the receiver to have a private key. B.signer to have a private key and the receiver to have a public key. C.signer and receiver to have a public key. D.signer and receiver to have a private key.
B
Doing which of the following during peak production hours could result in unexpected downtime?Select an answer: A.Performing data migration or tape backup B.Performing preventive maintenance on electrical systems C.Promoting applications from development to the staging environment D.Reconfiguring a standby router in the data center
B
During a review of intrusion detection logs, an IS auditor notices traffic coming from the Internet, which appears to originate from the internal IP address of the company payroll server. Which of the following malicious activities would MOST likely cause this type of result? A. A denial-of-service (DoS) attack B. Spoofing C. Port scanning D. A man-in-the-middle attack
B
During an audit of an enterprise that is dedicated to ecommerce, the IS manager states that digital signatures are used when receiving communications from customers. To substantiate this, an IS auditor must prove that which of the following is used? A. A biometric, digitalized and encrypted parameter with the customer's public key B. A hash of the data that is transmitted and encrypted with the customer's private key C. A has of the data that is transmitted and encrypted with the customer's public key D. The customer's scanned signature encrypted with the customer's public key
B
During which of the following phases in system development would user acceptance test plans normally be prepared? A. Feasibility study B. Requirements definition C. Implementation planning D. Postimplementation review
B
In addition to the backup considerations for all systems, which of the following is an important consideration in providing backup for online systems? A. Maintaining system software parameters B. Ensuring periodic dumps of transaction logs C. Ensuring grandfather-father-son file backups D. Maintaining important data at an offsite location
B
Information for detecting unauthorized input from a user workstation would be BEST provided by the: A: Console log printout B: Transaction journal C: Automated suspense file listing D: User error report
B
Naming conventions for system resources are important for access control because they: A: ensure that resource names are not ambiguous B: reduce the number of rules required to adequately protect resources C: ensure that user access to resources is clearly and uniquely identified D: ensure that internationally recognized names are used to protect resources
B
Of the following alternatives, the FIRST approach to developing a disaster recovery strategy would be to assess whether: A.all threats can be completely removed. B.a cost-effective, built-in resilience can be implemented. C.the recovery time objective (RTO) can be optimized. D.the cost of recovery can be minimized.
B
Of the following alternatives, the FIRST approach to developing a disaster recovery strategy would be to assess whether: A. all threats can be completely removed. B. a cost-effective, built-in resilience can be implemented. C. the recovery time objective (RTO) can be optimized. D. the cost of recovery can be minimized.
B
The MOST effective biometric control system is the one:Select an answer: A.which has the highest equal-error rate (EER). B.which has the lowest EER. C.for which the false-rejection rate (FRR) is equal to the false-acceptance rate (FAR). D.for which the FRR is equal to the failure-to-enroll rate (FER).
B
The PRIMARY benefit of implementing a security program as part of a security governance framework is the: A.alignment of the IT activities with IS audit recommendations. B.enforcement of the management of security risk. C.implementation of the chief information security officer's (CISO's) recommendations. D.reduction of the cost for IT security.
B
The PRIMARY reason for using digital signatures is to ensure data:Select an answer: A.confidentiality. B.integrity. C.availability. D.timeliness.
B
What is the GREATEST risk of a bank outsourcing its data center? A. Loss or leakage of information B. Noncompliance with regulatory requirements C. Vendor failure or bankruptcy D. Loss of internal knowledge and experience
B
When reviewing an intrusion detection system (IDS), an IS auditor should be MOST concerned about which of the following?Select an answer: A.Number of nonthreatening events identified as threatening B.Attacks not being identified by the system C.Reports/logs being produced by an automated tool D.Legitimate traffic being blocked by the system
B
When reviewing the procedures for the disposal of computers, which of the following should be the GREATEST concern for the IS auditor? A: hard disks are overwritten several times at the sector level but are not reformatted before leaving the organization B: all files and folders on hard disks are separately deleted, and the hard disks are formatted before leaving the organization C: hard disks are rendered unreadable by hole-punching through the platters at specific positions before leaving the organization D: the transport of hard disks is escorted by internal security staff to a nearby metal recycling company, where the hard disks are registered and then shredded
B
Which of the following BEST reduces the ability of one device to capture the packets that are meant for another device? A. Hubs B. Switches C. Routers D. Firewalls
B
Which of the following BEST reduces the ability of one device to capture the packets that are meant for another device?Select an answer: A.Hubs B.Switches C.Routers D.Firewalls
B
Which of the following choices is the PRIMARY benefit of requiring a steering committee to oversee IT investment? A: to conduct a feasibility study to demonstrate IT value B: to ensure that investments are made according to business requirements C: to ensure that proper security controls are enforced D: to ensure that a standard development methodology is implemented
B
Which of the following controls would provide the GREATEST assurance of database integrity?Select an answer: A.Audit log procedures B.Table link/reference checks C.Query/table access time checks D.Rollback and rollforward database features
B
Which of the following is MOST important when an operating system (OS) patch is to be applied to a production environment?Select an answer: A.Successful regression testing by the developer B.Approval from the information asset owner C.Approval from the security officer D.Patch installation at alternate sites
B
Which of the following is the BEST enabler for strategic alignment between business and IT? A: a maturity model B: goals and metrics C: control objectives D: a responsible, accountable, consulted, and informed (RACI) chart
B
Which of the following is the BEST indicator that a newly developed system will be used after it is in production?Select an answer: A.Regression testing B.User acceptance testing (UAT) C.Sociability testing D.Parallel testing
B
Which of the following is the MOST important IS audit consideration when an organization outsources a customer credit review system to a third-party service provider? The provider:Select an answer: A.claims to meet or exceed industry security standards. B.agrees to be subject to external security reviews. C.has a good market reputation for service and experience. D.complies with security policies of the organization.
B
Which of the following is the MOST important aspect of effective business continuity management? A: the recovery site is secure and located an appropriate distance from the primary site B: the recovery plans are periodically tested C: fully tested backup hardware is available at the recovery site D: network links are available from multiple service providers
B
Which of the following is the MOST significant function of a corporate public key infrastructure (PKI) and certificate authority (CA) employing X.509 digital certificates?Select an answer: A.It provides the public/private key set for the encryption and signature services used by email and file space. B.It binds a digital certificate and its public key to an individual subscriber's identity. C.It provides the authoritative source for employee identity and personal details. D.It provides the authoritative authentication source for object access.
B
Which of the following is the PRIMARY requirement in reporting results of an IS audit? The report is: A: prepared according to a predefined and standard template B: backed by sufficient and appropriate audit evidence C: comprehensive in coverage of enterprise processes D: reviewed and approved by audit management
B
Which of the following is the initial step in creating a firewall policy? A: a cost-benefit analysis of methods for securing the applications B: identification of network applications to be externally accessed C: identification of vulnerabilities associated with network applications to be externally accessed D: creation of an application traffic matrix showing protection methods
B
Which of the following processes will be MOST effective in reducing the risk that unauthorized software on a backup server is distributed to the production server? A. manually copy files to accomplish replication B. review changes in the software version control system C. ensure that developers do not have access to the backup server D. review the access control log of the backup server
B
Which of the following processes will be MOST effective in reducing the risk that unauthorized software on a backup server is distributed to the production server?Select an answer: A.Manually copy files to accomplish replication. B.Review changes in the software version control system. C.Ensure that developers do not have access to the backup server. D.Review the access control log of the backup server.
B
Which of the following provides the GREATEST assurance for database password encryption?Select an answer: A.Secure hash algorithm-256 (SHA-256) B.Advanced encryption standard (AES) C.Secure Shell (SSH) D.Triple data encryption standard (DES)
B
Which of the following provides the GREATEST assurance of message authenticity? A. The hash code is derived mathematically from the message being sent. B. The hash code is encrypted using the sender's private key. C. The hash code and the message are encrypted using the secret key. D. The sender attains the recipient's public key and verifies the authenticity of its digital certificate with a certificate authority.
B
Which of the following would an ISA use to determine if unauthorized modifications were made to production programs? A. system log analysis B. compliance testing C. forensic analysis D. analytical review
B
Which of the following would be the MOST cost-effective recommendation for reducing the number of defects encountered during software development projects? A. Increase the time allocated for system testing. B. Implement formal software inspections. C. Increase the development staff. D. Require the sign-off of all project deliverables.
B
While reviewing a quality management system (QMS) the IS auditor should PRIMARILY focus on collecting evidence to show that:Select an answer: A.quality management systems (QMSs) comply with good practices. B.continuous improvement targets are being monitored. C.standard operating procedures of IT are updated annually. D.key performance indicators (KPIs) are defined.
B
A business unit has selected a new accounting application and did not consult with IT early in the selection process. The PRIMARY risk is that:Select an answer: A.the security controls of the application may not meet requirements. B.the application may not meet the requirements of the business users. C.the application technology may be inconsistent with the enterprise architecture (EA). D.the application may create unanticipated support issues for IT.
C
A certificate authority (CA) can delegate the processes of: A: revocation and suspension of a subscriber's certificate B: generation and distribution of the CA public key C: establishing a link between the requesting entity and its public key D: issuing and distributing subscriber certificates
C
A decision support system (DSS) is used to help high-level management: A. solve highly structured problems. B. combine the use of decision models with predetermined criteria. C. make decisions based on data analysis and interactive models. D. support only structured decision-making tasks.
C
A team conducting a risk analysis is having difficulty projecting the financial losses that could result from a risk. To evaluate the potential impact, the team should:Select an answer: A.compute the amortization of the related assets. B.calculate a return on investment (ROI). C.apply a qualitative approach. D.spend the time needed to define the loss amount exactly.
C
An IS auditor assesses the project management process for an internal software development project. In respect to the software functionality, the IS auditor should look for sign-off by: A. the project manager. B. systems development management. C. business unit management. D. the quality assurance (QA) team.
C
An IS auditor is assessing a biometric system used to protect physical access to a data center containing regulated data. Which of the following observations is the GREATEST concern to the auditor? A.Administrative access to the biometric scanners or the access control system is permitted over a virtual private network (VPN). B.Biometric scanners are not installed in restricted areas. C.Data transmitted between the biometric scanners and the access control system do not use a securely encrypted tunnel. D.Biometric system risk analysis was last conducted three years ago.
C
An IS auditor is assessing services provided by an Internet service provider (ISP) during an IS compliance audit of a nationwide corporation that operates a governmental program. Which of the following is MOST important?Select an answer: A.Review the request for proposal (RFP). B.Review monthly performance reports generated by the ISP. C.Review the service level agreement (SLA). D.Research other clients of the ISP.
C
An IS auditor is evaluating the controls around provisioning visitor access cards to the organization's IT facility. The IS auditor notes that daily reconciliation of visitor card inventory is not carried out as mandated. However, an inventory count carried out by the IS auditor reveals no missing access cards. In this context, the IS auditor should: A. disregard the lack of reconciliation because no discrepancies were discovered B. recommend regular physical inventory counts be performed in lieu of daily reconciliation. C. report the lack of daily reconciliation as an exception. D. recommend the implementation of a biometric access system.
C
An IS auditor is evaluating the effectiveness of the organization's change management process. What is the MOST important control that the IS auditor should look for to ensure system availability?Select an answer: A.Changes are authorized by IT managers at all times. B.User acceptance testing (UAT) is performed and properly documented. C.Test plans and procedures exist and are closely followed. D.Capacity planning is performed as part of each development project.
C
An IS auditor is reviewing the change management process for an enterprise resource planning (ERP) application. Which of the following is the BEST method for testing program changes?Select an answer: A.Select a sample of change tickets and review them for authorization. B.Perform a walk-through by tracing a program change from start to finish. C.Trace a sample of modified programs to supporting change tickets. D.Use query software to analyze all change tickets for missing fields.
C
An IS auditor needs to review the procedures used to restore a software application to its state prior to an upgrade. Therefore, the auditor needs to assess:Select an answer: A.problem management procedures. B.software development procedures. C.fallback procedures. D.incident management procedures.
C
An IS auditor reviewing an outsourcing contract of IT facilities would expect it to define the:Select an answer: A.hardware configuration. B.access control software. C.ownership of intellectual property. D.application development methodology.
C
An IS auditor reviewing the process to monitor access logs wishes to evaluate the manual log review process. Which of the following audit techniques would the auditor MOST likely employ to fulfill this purpose?Select an answer: A.Inspection B.Inquiry C.Walk-through D.Reperformance
C
An IS auditor was asked to review a contract for a vendor being considered to provide data center services. Which is the BEST way to determine whether the terms of the contract are adhered to after the contract is signed? A: Require the vendor to provide monthly status reports B: Have periodic meetings with the client IT mgr C: Conduct periodic audit reviews of the vendor D: Require that performance parameters be stated within the contract
C
An IS auditor was hired to review e-business security. The IS auditor's first task was to examine each existing e-business application, looking for vulnerabilities. What would be the next task?Select an answer: A.Immediately report the risk to the chief information officer (CIO) and chief executive officer (CEO). B.Examine the e-business application in development. C.Identify threats and the likelihood of occurrence. D.Check the budget available for risk management.
C
An appropriate control for ensuring the authenticity of orders received in an electronic data interchange system application is to: A. acknowledge receipt of electronic orders with a confirmation message B. perform reasonableness checks on quantities ordered before filling orders C. verify the identity of senders and determine if orders correspond to contract terms D. encrypt electronic orders
C
An organization is implementing an enterprise resource planning (ERP) application. Of the following, who is PRIMARILY responsible for overseeing the project to ensure that it is progressing in accordance with the project plan and that it will deliver the expected results? A. Project sponsor B. System development project team (SDPT) C. Project steering committee D. User project team (UPT)
C
An organization is implementing an enterprise resource planning application. Of the following, who is PRIMARILY responsible for overseeing the project to ensure that it is progressing in accordance with the project plan and that it will deliver the expected results? A: project sponsor B: system development project team C: project steering committee D: user project team
C
As part of the business continuity planning (BCP) process, which of the following should be identified FIRST in the business impact analysis (BIA)? A. Risk such as single point-of-failure and infrastructure risk B. Threats to critical business processes C. Critical business processes for ascertaining the priority for recovery D. Resources required for resumption of business
C
As part of the business continuity planning (BCP) process, which of the following should be identified FIRST in the business impact analysis (BIA)?Select an answer: A.Risk such as single point-of-failure and infrastructure risk B.Threats to critical business processes C.Critical business processes for ascertaining the priority for recovery D.Resources required for resumption of business
C
During a human resources (HR) audit, an IS auditor is informed that there is a verbal agreement between the IT and HR departments as to the level of IT services expected. In this situation, what should the IS auditor do FIRST? A. Postpone the audit until the agreement is documented. B. Report the existence of the undocumented agreement to senior management. C. Confirm the content of the agreement with both departments. D. Draft a service level agreement (SLA) for the two departments.
C
During the review of an enterprise's preventive maintenance process for systems at a data center, the IS auditor has determined that adequate maintenance is being performed on all critical computing, power and cooling systems. Additionally, it is MOST important for the IS auditor to ensure that the organization:Select an answer: A.has performed background checks on all service personnel. B.escorts service personnel at all times when performing their work. C.performs maintenance during noncritical processing times. D.independently verifies that maintenance is being performed.
C
During which phase of software application testing should an organization perform the testing of architectural design?Select an answer: A.Acceptance testing B.System testing C.Integration testing D.Unit testing
C
For effective implementation after a business continuity plan (BCP) has been developed, it is MOST important that the BCP be:Select an answer: A.stored in a secure, offsite facility. B.approved by senior management C.communicated to appropriate personnel. D.made available through the enterprise's intranet.
C
From a risk management point of view, the BEST approach when implementing a large and complex IT infrastructure is: A. a major deployment after proof of concept. B. prototyping and a one-phase deployment. C. a deployment plan based on sequenced phases. D. to simulate the new infrastructure before deployment.
C
In an online banking application, which of the following would BEST protect against identity theft?Select an answer: A.Encryption of personal password B.Restricting the user to a specific terminal C.Two-factor authentication D.Periodic review of access logs
C
In determining the acceptable time period for the resumption of critical business processes:Select an answer: A.only downtime costs need to be considered. B.recovery operations should be analyzed. C.both downtime costs and recovery costs need to be evaluated. D.indirect downtime costs should be ignored.
C
Management observed that the initial phase of a multiphase implementation was behind schedule and over budget. Prior to commencing with the next phase, an IS auditor's PRIMARY suggestion for a postimplementation focus should be to: A. assess whether the planned cost benefits are being measured, analyzed and reported. B: review control balances and verify that the system is processing data accurately. C. review subsequent program change requests for the first phase. D. determine whether the system's objectives were achieved.
C
The reason for establishing a stop or freezing point on the design of a new system is to: A. prevent further changes to a project in process. B. indicate the point at which the design is to be completed. C. require that changes after that point be evaluated for cost-effectiveness. D. provide the project management team with more control over the project design.
C
The reason for establishing a stop or freezing point on the design of a new system is to:Select an answer: A.prevent further changes to a project in process. B.indicate the point at which the design is to be completed. C.require that changes after that point be evaluated for cost-effectiveness. D.provide the project management team with more control over the project design.
C
The sender of a public key would be authenticated by a: A. certificate revocation list (CRL). B. digital signature. C. digital certificate. D. receiver's private key.
C
The specific advantage of white box testing is that it:Select an answer: A.verifies a program can operate successfully with other parts of the system. B.ensures a program's functional operating effectiveness without regard to the internal program structure. C.determines procedural accuracy or conditions of a program's specific logic paths. D.examines a program's functionality by executing it in a tightly controlled or virtual environment with restricted access to the host system.
C
To ensure compliance with a security policy requiring that passwords be a combination of letters and numbers, an IS auditor should recommend that:Select an answer: A.the company policy be changed. B.passwords are periodically changed. C.an automated password management tool be used. D.security awareness training is delivered.
C
To ensure structured disaster recovery, it is MOST important that the business continuity plan (BCP) and disaster recovery plan (DRP) are:Select an answer: A.stored at an alternate location. B.communicated to all users. C.tested regularly. D.updated regularly.
C
Transmitting redundant information with each character or frame to facilitate detection and correction of errors is called a: A. feedback error control. B. block sum check. C. forward error control. D. cyclic redundancy check.
C
Two months after a major application implementation, management, who assume that the project went well, requests that an IS auditor perform a review of the completed project. The IS auditor's PRIMARY focus should be to:Select an answer: A.determine user feedback on the system has been documented. B.assess whether the planned cost benefits are being measured, analyzed and reported. C.review controls built into the system to assure that they are operating as designed. D.review subsequent program change requests.
C
When auditing a proxy-based firewall, an IS auditor should: A. verify that the firewall is not dropping any forwarded packets. B. review Address Resolution Protocol (ARP) tables for appropriate mapping between media access control (MAC) and Internet protocol (IP) addresses. C. verify that the filters applied to services such as hypertext transmission protocol (HTTP) are effective. D. test whether routing information is forwarded by the firewall.
C
When evaluating the controls of an electronic data interchange (EDI) application, an IS auditor should PRIMARILY be concerned with the risk of:Select an answer: A.excessive transaction turnaround time. B.application interface failure. C.improper transaction authorization. D.nonvalidated batch totals.
C
When reviewing the desktop software compliance of an org, the ISA should be MOST concerned if the installed software: A. was installed, but not documented in the IT dept records B. was being used by users not properly trained in its use C. is not listed in the approved software standards document D. license will expire in the next 15 days
C
When two or more systems are integrated, the IS auditor must review input/output controls in the:Select an answer: A.systems receiving the output of other systems. B.systems sending output to other systems. C.systems sending and receiving data. D.interfaces between the two systems.
C
When using public key encryption to secure data being transmitted across a network: A. both the key used to encrypt and decrypt the data are public. B. the key used to encrypt is private, but the key used to decrypt the data is public. C. the key used to encrypt is public, but the key used to decrypt the data is private. D. both the key used to encrypt and decrypt the data are private.
C
Which of the following backup techniques is the MOST appropriate when an organization requires extremely granular data restore points, as defined in the recovery point objective (RPO)?Select an answer: A.Virtual tape libraries B.Disk-based snapshots C.Continuous data backup D.Disk-to-tape backup
C
Which of the following choices is MOST important for an IS auditor to understand when auditing an e-commerce environment?Select an answer: A.The technology architecture of the e-commerce environment B.The policies, procedure and practices that form the internal control environment C.The nature and criticality of the business process supported by the application D.Continuous monitoring of control measures for system availability and reliability
C
Which of the following is a MAJOR concern during a review of help desk activities?Select an answer: A.Certain calls could not be resolved by the help desk team. B.A dedicated line is not assigned to the help desk team. C.Resolved incidents are closed without reference to end users. D.The help desk instant messaging has been down for over six months.
C
Which of the following is a continuity plan test that simulates a system crash and uses actual resources to cost-effectively obtain evidence about the plan's effectiveness? A. Paper test B. Posttest C. Preparedness test D. Walk-through
C
Which of the following is a continuity plan test that simulates a system crash and uses actual resources to cost-effectively obtain evidence about the plan's effectiveness?Select an answer: A.Paper test B.Posttest C.Preparedness test D.Walk-through
C
Which of the following is the BEST way to ensure that incident response activities are consistent with the requirements of business continuity? A. Draft and publish a clear practice for enterprise-level incident response. B. Establish a cross-departmental working group to share perspectives. C. Develop a scenario and perform a structured walk-through. D. Develop a project plan for end-to-end testing of disaster recovery.
C
Which of the following is the GREATEST concern to an IS auditor reviewing an organization's use of third-party-provided cloud services to store health care billing information? A. Disparate backup requirements B. Availability of infrastructure C. Segregation of client data D. Integrity of data
C
Which of the following is the MOST effective type of antivirus software to detect an infected application? A. Scanners B. Active monitors C. Integrity checkers D. Vaccines
C
Which of the following is the MOST effective type of antivirus software to detect an infected application?Select an answer: A.Scanners B.Active monitors C.Integrity checkers D.Vaccines
C
Which of the following is the PRIMARY objective of the business continuity plan (BCP) process?Select an answer: A.To provide assurance to stakeholders that business operations will continue in the event of disaster B.To establish an alternate site for IT services to meet predefined recovery time objectives (RTOs) C.To manage risk while recovering from an event that adversely affected operations D.To meet the regulatory compliance requirements in the event of natural disaster
C
Which of the following should be a MAJOR concern for an IS auditor reviewing a business continuity plan (BCP)?Select an answer: A.The plan is approved by the chief information officer (CIO). B.The plan contact lists have not been updated. C.Test results are not adequately documented. D.The training schedule for recovery personnel is not included.
C
Which of the following should be included in a feasibility study for a project to implement an electronic data interchange process? A: the encryption algorithm format B: the detailed internal control procedures C: the necessary communication protocols D: the proposed trusted third party agreement
C
A large chain of shops with electronic funds transfer (EFT) at point-of-sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communications processor? A. Offsite storage of daily backups B. Alternative standby processor onsite C. Installation of duplex communication links D. Alternative standby processor at another network node
D
A legacy payroll application is migrated to a new application. Which of the following stakeholders should be PRIMARILY responsible for reviewing and signing-off on the accuracy and completeness of the data before going live?Select an answer: A. IS auditor B. Database administrator C. Project manager D. Data owner
D
A medium-sized organization, whose IT disaster recovery measures have been in place and regularly tested for years, has just developed a formal business continuity plan (BCP). A basic BCP tabletop exercise has been performed successfully. Which testing should an IS auditor recommend be performed NEXT to verify the adequacy of the new BCP? A. Full-scale test with relocation of all departments, including IT, to the contingency site B. Walk-through test of a series of predefined scenarios with all critical personnel involved C. IT disaster recovery test with business departments involved in testing the critical applications D. Functional test of a scenario with limited IT involvement
D
A proposed transaction processing application will have many data capture sources and outputs in paper and electronic form. To ensure that transactions are not lost during processing, an IS auditor should recommend the inclusion of: A. validation controls. B. internal credibility checks. C. clerical control procedures. D. automated systems balancing.
D
After discovering a security vulnerability in a third-party application that interfaces with several external systems, a patch is applied to a significant number of modules. Which of the following tests should an IS auditor recommend?Select an answer: A.Stress B.Black box C.Interface D.System
D
An IS audit group has been involved in the integration of an automated audit tool kit with an existing enterprise resource planning (ERP) system. Due to performance issues, the audit tool kit is not permitted to go live. What should the IS auditor's BEST recommendation be?Select an answer: A.Review the implementation of selected integrated controls. B.Request additional IS audit resources. C.Request vendor technical support to resolve performance issues. D.Review the results of stress tests during user acceptance testing (UAT).
D
An IS auditor is auditing an IT disaster recovery plan (DRP). The IS auditor should PRIMARILY ensure that the plan covers:Select an answer: A.a resilient IT infrastructure. B.alternate site information. C.documented disaster recovery (DR) test results. D.analysis and prioritization of business functions.
D
An IS auditor is reviewing an organization to ensure that evidence related to a data breach case is preserved. Which of the following choices would be of MOST concern to the IS auditor?Select an answer: A.End users are not aware of incident reporting procedures. B.Log servers are not on a separate network. C.Backups are not performed consistently. D.There is no chain of custody policy.
D
An IS auditor is reviewing an organization's controls related to email encryption. The company's policy states that all sent email must be encrypted to protect the confidentiality of the message because the organization shares nonpublic information through email. In a public-key infrastructure implementation prperly configured to provide confidentiality, email is: A. encrypted with the sender's private key and decrypted with the sender's public key B. encrypted with the recipient's private key and decrypted with the sender's private key C. encrypted with the sender's private key and decrypted with the recipient's private key D. encrypted with the recipient's public key and decrypted with the recipient's private key
D
An IS auditor is reviewing the risk management process. Which of the following is the MOST important consideration during this review?Select an answer: A.Controls are implemented based on cost-benefit analysis. B.The risk management framework is based on global standards. C.The approval process for risk response is in place. D.IT risk is presented in business terms.
D
An IS auditor observed brute force attacks on the administrator account. The BEST recommendation to prevent a successful brute force attack would be to: A. increase the password length for the user. B. configure a session timeout mechanism C. perform periodic vulnerability scans. D. configure a hard-to-guess username.
D
An IS auditor reviewing a proposed application software acquisition should ensure that the: A: operating system (OS) being used is compatible with the existing hardware platform B: planned OS updates have been scheduled to minimize negative impacts on company needs C: OS has the latest versions and updates D: products are compatible with the current or planned OS
D
An IS auditor reviewing the implementation of an intrusion detection system (IDS) should be MOST concerned if:Select an answer: A.IDS sensors are placed outside of the firewall. B.a behavior-based IDS is causing many false alarms. C.a signature-based IDS is weak against new types of attacks. D.the IDS is used to detect encrypted traffic.
D
An IS auditor should ensure that review of online electronic funds transfer (EFT) reconciliation procedures should include: A. vouching. B. authorizations. C. corrections. D. tracing.
D
An ISA is evaluating network performance for an organization that is considering increasing its Internet bandwidth due to a performance degradation during business hours. Which of the following is MOST likely the cause of the performance degradation? A: malware on servers B: firewall misconfiguration C: increased spam received by the email server D: unauthorized network activities
D
An org stores and transmits sensitive customer information within a secure wired network. It has implemented an additional wireless local area network to support general purpose staff computing needs. A few employees with WLAN access have legitimate business reasons for also accessing customer information. Which of the following represents the BEST control to ensure separation of the two networks? A. Establish two physically separate networks B. implement virtual local area network segmentation C. install a dedicated router between the two networks D. install a firewall between the networks
D
By evaluating application development projects against the capability maturity model (CMM), an IS auditor should be able to verify that: A. reliable products are guaranteed. B. programmers' efficiency is improved. C. security requirements are designed. D. predictable software processes are followed.
D
Confidentiality of transmitted data can best be delivered by encrypting the: A. message digest with the sender's private key B. session key with the sender's public key C. messages with the receiver's private key D. session key with the receiver's public key
D
During a compliance audit of a small bank, the IS auditor notes that both the IT and accounting functions are being performed by the same user of the financial system. Which of the following reviews conducted by the user's supervisor would represent the BEST compensating control? A: Audit trails that show the date and time of the transaction B: A daily report with the total numbers and dollar amounts of each transaction C: User account administration D: Computer log files that show individual transactions
D
During an audit, the IS auditor notes that the application developer also performs quality assurance testing on a particular application. Which of the following should the IS auditor do?Select an answer: A.Recommend compensating controls. B.Review the code created by the developer. C.Analyze the quality assurance dashboards. D.Report the identified condition.
D
Event log entries related to failed local administrator logon attempts are observed by the IS auditor. Which of the following is the MOST likely cause of multiple failed login attempts? A. Synchronize (SYN) flood attacks B. Social engineering C. Buffer overflow attacks D. Malicious code attacks
D
In transport mode, the use of the Encapsulating Security Payload (ESP) protocol is advantageous over the Authentication Header (AH) protocol because it provides:Select an answer: A.connectionless integrity. B.data origin authentication. C.antireplay service. D.confidentiality.
D
The implementation of which of the following would MOST effectively prevent unauthorized access to a system administration account? A: host intrusion detection software B: automatic password expiration policy C: password complexity rules D: two-factor authentication
D
What should an organization do before providing an external agency physical access to its information processing facilities (IPFs)? A. The processes of the external agency should be subjected to an IS audit by an independent agency. B. Employees of the external agency should be trained on the security procedures of the organization. C. Any access by an external agency should be limited to the demilitarized zone (DMZ). D. The organization should conduct a risk assessment and design and implement appropriate controls.
D
When developing a disaster recovery plan (DRP), the criteria for determining the acceptable downtime should be the:Select an answer: A.annual loss expectancy (ALE). B.service delivery objective. C.quantity of orphan data. D.maximum tolerable outage.
D
Which of the following BEST helps ensure that deviations from the project plan are identified? A: a project management framework B: a project management approach C: a project resource plan D: project performance criteria
D
Which of the following antispam filtering techniques would BEST prevent a valid, variable-length email message containing a heavily-weighted spam keyword from being labeled as spam?Select an answer: A.Heuristic (rule-based) B.Signature-based C.Pattern matching D.Bayesian (statistical)
D
Which of the following components is responsible for the collection of data in an intrusion detection system (IDS)? A. Analyzer B. Administration console C. User interface D. Sensor
D
Which of the following is the BEST control to mitigate the risk of pharming attacks to an Internet banking application?Select an answer: A.User registration and password policies B.User security awareness C.Use of intrusion detection/intrusion prevention systems (IDSs/IPSs) D.Domain name system (DNS) server security hardening
D
Which of the following is the MAIN reason an organization should have an incident response plan? The plan helps to: A: ensure prompt recovery from system outages B: contain costs related to maintaining disaster recovery plan (DRP) capabilities C: ensure that customers are promptly notified of issues such as security breaches D: minimize the impact of an adverse event
D
Which of the following is the PRIMARY purpose for conducting parallel testing? A: to determine if the system is cost-effective B: to enable comprehensive unit and system testing C: to highlight errors in the program interfaces with files D: to ensure the new system meets user requirements
D
Which of the following should be the FIRST action of an IS auditor during a dispute with a department manager over audit findings? A. Retest the control to validate the finding. B. Engage a third party to validate the finding. C. Include the finding in the report with the department manager's comments. D. Revalidate the supporting evidence for the finding.
D
Which of the following should be the MOST important criterion in evaluating a backup solution for sensitive data that must be retained for a long period of time due to regulatory requirements? A. Full backup window B. Media costs C. Restore window D. Media reliability
D
Which of the following should the IS auditor review to ensure that servers are optimally configured to support processing requirements?Select an answer: A.Benchmark test results B.Server logs C.Downtime reports D.Server utilization data
D
Which of the following test techniques would the IS auditor use to identify specific program logic that has not been tested? A. A snapshot B. Tracing and tagging C. Logging D. Mapping
D
Which of the following would an IS auditor consider to be the MOST important to review when conducting a disaster recovery audit?Select an answer: A.A hot site is contracted for and available as needed. B.A business continuity manual is available and current. C.Insurance coverage is adequate and premiums are current. D.Media backups are performed on a timely basis and stored offsite.
D
While conducting an audit on the customer relationship management (CRM) application, the IS auditor observes that it takes a significantly long time for users to log on to the system during peak business hours as compared with other times of the day. Once logged on, the average response time for the system is within acceptable limits. Which of the following choices should the IS auditor recommend?Select an answer: A.The IS auditor should recommend nothing because the system is compliant with current business requirements. B.IT should increase the network bandwidth to improve performance. C.Users should be provided with detailed manuals to use the system properly. D.The IS auditor should recommend establishing performance measurement criteria for the authentication servers.
D