CISA Practice Exam

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

An IS auditor conducting a review of software usage and licensing discovers that numerous PCs contain unauthorized software. Which of the following actions should the IS auditor take? Report the use of the unauthorized software and the need to prevent recurrence to auditee management. Personally delete all copies of the unauthorized software. Inform the auditee of the unauthorized software, and follow up to confirm deletion. Take no action, as it is a commonly accepted practice and operations management is responsible for monitoring such use.

During a review of a customer master file, an IS auditor discovered numerous customer name duplications arising from variations in customer first names. To determine the extent of the duplication, the IS auditor would use: generalized audit software to search for address field duplications. generalized audit software to search for account field duplications. test data to determine system sort capabilities. test data to validate data input.

Gimmes often work through: email attachment SMS news file download IRC chat

In an IS audit of several critical servers, the IS auditor wants to analyze audit trails to discover potential anomalies in user or system behavior. Which of the following tools are MOST suitable for performing that task? Trend/variance detection tools Embedded data collection tools Heuristic scanning tools CASE tools

The MOST important reason for an IS auditor to obtain sufficient and appropriate audit evidence is to: provide a basis for drawing reasonable conclusions. ensure complete audit coverage. comply with regulatory requirements. perform the audit according to the defined scope.

The MOST likely effect of the lack of senior management commitment to IT strategic planning is: technology not aligning with the organization's objectives. a lack of a methodology for systems development. an absence of control over technology contracts. a lack of investment in technology.

The final decision to include a material finding in an audit report should be made by the: IS auditor. auditee's manager. CEO of the organization audit committee.

To minimize costs and improve service levels an outsourcer should seek which of the following contract clauses? Gain-sharing performance bonuses Charges tied to variable cost metrics Penalties for noncompliance O/S and hardware refresh frequencies

Which of the following BEST ensures the integrity of a server's operating system? Hardening the server configuration Setting a boot password Implementing activity logging Protecting the server in a secure location

Which of the following concerns associated with the World Wide Web would be addressed by a firewall? Unauthorized access from outside the organization Unauthorized access from within the organization A delay in downloading using File Transfer Protocol (FTP) A delay in Internet connectivity

Within a virus, which component is responsible for what the virus does to the victim file? the payload the trigger the premium None of the choices. the signature

A "A virus typically consist of three parts, which are a mechanism that allows them to infect other files and reproduce a trigger that activates delivery of a ""payload"" and the payload from which the virus often gets its name. The payload is what the virus does to the victim file."

Codes from exploit programs are frequently reused in: trojan horses and computer viruses. computer viruses only. OS patchers. eavedroppers. trojan horses only.

A "The term ""exploit"" generally refers to small programs designed to take advantage of a software flaw that has been discovered, either remote or local. The code from the exploit program is frequently reused in trojan horses and computer viruses. In some cases, a vulnerability can lie in a certain programs processing of a specific file type, such as a non-executable media file."

Which of the following terms generally refers to small programs designed to take advantage of a software flaw that has been discovered? exploit service pack quick fix malware patch

A "The term ""exploit"" generally refers to small programs designed to take advantage of a software flaw that has been discovered, either remote or local.The code from the exploit program is frequently reused in trojan horses and computer viruses. In some cases, a vulnerability can lie in a certain programs processing of a specific file type, such as a non-executable media file."

Which of the following are examples of tools for launching Distributed DoS Attack (choose all that apply): TFN TFN2K Trin00 Tripwire Stacheldracht

A, B, C , E Distributed DoS Attack is a network-based attack from many servers used remotely to send packets. Examples of tools for conducting such attack include TFN, TFN2K, Trin00, Stacheldracht, and variants. The best defense is to make sure all systems patches are up-to-date. Also make sure your firewalls are configured appropriately.

An IS auditor interviewing a payroll clerk finds that the answers do not support job descriptions and documented procedures. Under these circumstances, the IS auditor should: suspend the audit. expand the scope to include substantive testing. place greater reliance on previous audits. conclude that the controls are inadequate.

An IS auditor is reviewing access to an application to determine whether the 10 most recent "new user" forms were correctly authorized. This is an example of: variable sampling. compliance testing. substantive testing. stop-or-go sampling.

Digital signatures require the: signer and receiver to have a private key. signer to have a private key and the receiver to have a public key. signer to have a public key and the receiver to have a private key. signer and receiver to have a public key

Human error is being HEAVILY relied upon on by which of the following types of attack? DoS Social Engineering Eavedropping DDoS ATP

In the course of performing a risk analysis, an IS auditor has identified threats and potential impacts. Next, the IS auditor should: identify and assess the risk assessment process used by management. identify and evaluate the existing controls. identify information assets and the underlying systems. disclose the threats and impacts to management.

Squid is an example of: connection proxy caching proxy dialer security proxy IDS

The decisions and actions of an IS auditor are MOST likely to affect which of the following risks? Inherent Detection Business Control

The success of control self-assessment (CSA) highly depends on: the implementation of supervision and the monitoring of controls of assigned duties. having line managers assume a portion of the responsibility for control monitoring. the implementation of a stringent control policy and rule-driven controls. assigning staff managers the responsibility for building, but not monitoring, controls.

When an organization is outsourcing their information security function, which of the following should be kept in the organization? Implementing the corporate security policy Accountability for the corporate security policy Defining security procedures and guidelines Defining the corporate security policy

Which of the following is a substantive test? Ensuring approval for parameter changes Using a statistical sample to inventory the tape library Reviewing password history reports Checking a list of exception reports

Back Orifice is an example of: a virus. a backdoor that takes the form of an installed program. a legitimate remote control software. None of the choices. an eavedropper.

B "A backdoor may take the form of an installed program (e.g., Back Orifice) or could be in the form of an existing ""legitimate"" program, or executable file. A specific form of backdoors are rootkits, which replaces system binaries and/or hooks into the function calls of the operating system to hide the presence of other programs, users, services and open ports."

What is wrong with a Black Box type of intrusion detection system? you cannot test it you cannot examine its internal workings from outside. None of the choices. you cannot tune it you cannot patch it

B "An intrusion detection system should to able to run continually without human supervision. The system must be reliable enough to allow it to run in the background of the system being observed.However, it should not be a ""black box"", coz you want to ensure its internal workings are examinable from outside."

A substantive test to verify that tape library inventory records are accurate is: checking if receipts and issues of tapes are accurately recorded. determining whether the movement of tapes is authorized. conducting a physical count of the tape inventory. determining whether bar code readers are installed.

A successful risk-based IT audit program should be based on: an effective departmental brainstorm session. an effective organization-wide brainstorm session. an effective scoring system. an effective PERT diagram. an effective yearly budget.

An IS auditor attempting to determine whether access to program documentation is restricted to authorized persons would MOST likely: review data file access records to test the librarian function. evaluate the record retention plans for off-premises storage. interview programmers about the procedures currently being followed. compare utilization records to operations schedules.

An offsite information processing facility: should be easily identified from the outside so that, in the event of an emergency, it can be easily found. need not have the same level of environmental monitoring as the originating site. should have the same amount of physical access restrictions as the primary processing site. should be located in proximity to the originating site, so it can quickly be made operational.

During the collection of forensic evidence, which of the following actions would MOST likely result in the destruction or corruption of evidence on a compromised system? Generating disk images of the compromised system Dumping the memory content to a file Rebooting the system Removing the system from the network

The PRIMARY reason for using digital signatures is to ensure data: timeliness. confidentiality. integrity. availability.

The security level of a private key system depends on the number of: messages sent. keys. encryption key bits. channels used.

The technique used to ensure security in virtual private networks (VPNs) is: encryption. transform. encapsulation. wrapping.

Which of the following IT governance best practices improves strategic alignment? A structure is provided that facilitates the creation and sharing of business information. Supplier and partner risks are manage Top management mediate between the imperatives of business and technology. A knowledge base on customers, products, markets and processes is in place.

Which of the following antivirus software implementation strategies would be the MOST effective in an interconnected corporate network? Workstation antivirus software Virus signature updating Virus walls Server antivirus software

Which of the following is a technique that could be used to capture network user passwords? Encryption Data destruction Sniffing Spoofing

Which of the following is the MOST likely reason why e-mail systems have become a useful source of evidence for litigation? Within the enterprise, a clear policy for using e-mail ensures that evidence is available. Data classification regulates what information should be communicated via e-mail. Multiple cycles of backup files remain available. Access controls establish accountability for e-mail activity.

Which of the following would be the MOST effective audit technique for identifying segregation of duties violations in a new enterprise resource planning (ERP) implementation? Reviewing a report of security rights in the system Reviewing the complexities of authorization objects Building a program to identify conflicts in authorization Examining recent access rights violation cases

A computer system is no more secure than the human systems responsible for its operation. Malicious individuals have regularly penetrated well-designed, secure computer systems by taking advantage of the carelessness of trusted individuals, or by deliberately deceiving them. zombie computers are being HEAVILY relied upon on by which of the following types of attack? ATP Social Engineering DDoS Eavedropping DoS

C "Distributed denial of service (DDoS) attacks are common, where a large number of compromised hosts (""zombie computers"") are used to flood a target system with network requests, thus attempting to render it unusable through resource exhaustion."

Default permit is only a good approach in an environment where: security threats are serious and severe. None of the choices. security threats are non-existent or negligible. security threats are non-negligible. users are trained.

C "Everything not explicitly permitted is forbidden (default deny) improves security at a cost in functionality. This is a good approach if you have lots of security threats. On the other hand., ""Everything not explicitly forbidden is permitted"" (default permit) allows greater functionality by sacrificing security. This is only a good approach in an environment where security threats are non- existent or negligible."

IS management has decided to install a level 1 Redundant Array of Inexpensive Disks (RAID) system in all servers to compensate for the elimination of offsite backups. The IS auditor should recommend: establishing a cold site in a secure location. increasing the frequency of onsite backups. reinstating the offsite backups. upgrading to a level 5 RAID.

C A RAID system, at any level, will not protect against a natural disaster. The problem will not be alleviated without offsite backups, more frequent onsite backups or even setting up a cold site. Choices A, B and D do not compensate for the lack of offsite backup.

An IS auditor has imported data from the client's database. The next step-confirming whether the imported data are complete-is performed by: filtering data for different categories and matching them to the original data. sorting the data to confirm whether the data are in the same order as the original data. reviewing the printout of the first 100 records of original data with the first 100 records of imported data. matching control totals of the imported data to control totals of the original dat

An IS auditor is evaluating a corporate network for a possible penetration by employees. Which of the following findings should give the IS auditor the GREATEST concern? Users can install software on their desktops. There are a number of external modems connected to the network. Network monitoring is very limited. Many user IDs have identical passwords.

An IS steering committee should: be briefed about new trends and products at each meeting by a vendor. include a mix of members from different departments and staff levels. ensure that IS security policies and procedures have been executed properly. have formal terms of reference and maintain minutes of its meetings.

An organization has outsourced its help desk. Which of the following indicators would be the best to include in the SLA? Number of incidents reported to the help desk Number of agents answering the phones Percentage of incidents solved in the first call Overall number of users supported

An organization's IS audit charter should specify the: objectives and scope of IS audit engagements. short- and long-term plans for IS audit engagements detailed training plan for the IS audit staff. role of the IS audit function.

Applying a retention date on a file will ensure that: backup copies are not retained after that date. datasets having the same name are differentiated. data cannot be read until the date is set. data will not be deleted before that date.

As updates to an online order entry system are processed, the updates are recorded on a transaction tape and a hard copy transaction log. At the end of the day, the order entry files are backed up on tape. During the backup procedure, a drive malfunctions and the order entry files are lost. Which of the following is necessary to restore these files? The current transaction tape and the current hard copy transaction log The current hard copy transaction log and the previous day's transaction file The previous day's transaction file and the current transaction tape The previous day's backup file and the current transaction tape

Corrective action has been taken by an auditee immediately after the identification of a reportable finding. The auditor should: not include the finding in the final report, because corrective action can be verified by the IS auditor during the audit. not include the finding in the final report, because the audit report should include only unresolved findings. include the finding in the closing meeting for discussion purposes only. include the finding in the final report, because the IS auditor is responsible for an accurate report of all findings.

During an exit interview, in cases where there is disagreement regarding the impact of a finding, an IS auditor should: report the disagreement to the audit committee for resolution. accept the auditee's position since they are the process owners. ask the auditee to sign a release form accepting full legal responsibility. elaborate on the significance of the finding and the risks of not correcting

Involvement of senior management is MOST important in the development of: IS policies. standards and guidelines. IS procedures. strategic plans.

The extent to which data will be collected during an IS audit should be determined based on the: auditee's ability to find relevant evidence. availability of critical and required information. auditor's familiarity with the circumstances. purpose and scope of the audit being done.

Though management has stated otherwise, an IS auditor has reasons to believe that the organization is using software that is not licensed. In this situation, the IS auditor should: include the statement of management in the audit report. discuss the issue with senior management since reporting this could have a negative impact on the organization. reconfirm with management the usage of the software. identify whether such software is, indeed, being used by the organization.

Which of the following refers to any program that invites the user to run it but conceals a harmful or malicious payload? spyware rootkits virus trojan horse worm

Which of the following should an IS auditor use to detect duplicate invoice records within an invoice master file? Integrated test facility (ITF) Test data Attribute sampling Generalized audit software (GAS)

The Trojan.Linux.JBellz Trojan horse runs as a malformed file of what format? MS Office. e-mails. Word template. MP3. None of the choices.

D "Most trojan horse programs are spread through e-mails. Some earlier trojan horse programs were bundled in ""Root Kits"". For example, the Linux Root Kit version 3 (lrk3) which was released in December 96 had tcp wrapper trojans included and enhanced in the kit. Portable devices that run Linux can also be affected by trojan horse. The Trojan.Linux.JBellz Trojan horse runs as a malformed .mp3 file."

Which of the following is a good time frame for making changes to passwords? every 30 to 45 days every 180 to 365 days None of the choices. every 10 to 20 days every 90 to 120 days

D "Passwords are the first defensive line in protecting your data and information. Your users need to be made aware of what a password provides them and what can be done with their password. They also need to be made aware of the things that make up a good password versus a bad password. A good password has mixed-case alphabetic characters, numbers, and symbols. Do use a password that is at least eight or more characters. You may want to run a ""password cracker"" program periodically, and require users to immediately change any easily cracked passwords. In any case ask them to change their passwords every 90 to 120 days."

Phishing attack works primarily through: chat news email attachment email and hyperlinks SMS

D "Phishing applies to email appearing to come from a legitimate business, requesting ""verification"" of information and warning of some dire consequence if it is not done. The letter usually contains a link to a fradulent web page that looks legitimate and has a form requesting everything from a home address to an ATM card's PIN."

Control self-assessment (CSA) is an assessment of controls made by the first line of defense in any organization. Identify from the following which is not a benefit of CSA. [WTCSFHBDZCISA] Reduction in control cost More effective and improved internal controls Early detection of risks Improved audit rating process Possible replacement for the audit function

The PRIMARY purpose of an IT forensic audit is: to participate in investigations related to corporate fraud. to determine that there has been criminal activity. to assess the correctness of an organization's financial statements the systematic collection of evidence after a system irregularity.

Which of the following refers to the act of creating and using an invented scenario to persuade a target to perform an action? None of the choices. Backgrounding Check making Bounce checking Pretexting

Which of the following will replace system binaries and/or hook into the function calls of the operating system to hide the presence of other programs (choose the most precise answer)? tripwire virus None of the choices. trojan rootkits

E "A backdoor may take the form of an installed program (e.g., Back Orifice) or could be in the form of an existing ""legitimate"" program, or executable file. A specific form of backdoors are rootkits, which replaces system binaries and/or hooks into the function calls of the operating system to hide the presence of other programs, users, services and open ports."

Everything not explicitly permitted is forbidden has which of the following kinds of tradeoff? None of the choices. it improves functionality at a cost in security. it improves performance at a cost in functionality. it improves security at a cost in system performance. it improves security at a cost in functionality.

E "Everything not explicitly permitted is forbidden (default deny) improves security at a cost in functionality. This is a good approach if you have lots of security threats. On the other hand., ""Everything not explicitly forbidden is permitted"" (default permit) allows greater functionality by sacrificing security. This is only a good approach in an environment where security threats are non- existent or negligible."

A major portion of what is required to address nonrepudiation is accomplished through the use of: strong methods for authorization and ensuring data integrity. None of the choices. strong methods for authentication and ensuring data validity strong methods for authentication and ensuring data reliability. strong methods for authentication and ensuring data integrity

E A major portion of what is required to address nonrepudiation is accomplished through the use of strong methods for authentication and ensuring data integrity.

Which of the following types of firewall treats each network frame or packet in isolation? packet filtering firewall statefull firewall hardware firewall combination firewall stateless firewall

E A stateless firewall treats each network frame or packet in isolation. Such a firewall has no way of knowing if any given packet is part of an existing connection, is trying to establish a new connection, or is just a rogue packet.

Integer overflow occurs primarily with: input verifications debug operations output formatting string formatting arithmetic operations

E An integer overflow occurs when an arithmetic operation attempts to create a numeric value that is larger than can be represented within the available storage space. On some processors the result saturates - once the maximum value is reached attempts to make it larger simply return the maximum result.

As part of the IEEE 802.11 standard ratified in September 1999, WEP uses the CRC- 32 checksum for: confidentiality. accuracy. validity. None of the choices. integrity.

E As part of the IEEE 802.11 standard ratified in September 1999, WEP uses the stream cipher RC4 for confidentiality and the CRC-32 checksum for integrity. Many WEP systems require a key in hexadecimal format. If one chooses keys that spell words in the limited 0-9, A-F hex character set, these keys can be easily guessed.

The sophistication and formality of IS audit programs may vary significantly depending on which of the following factors? the target's budget. the target's head count. the target's location. the target's management hands-on involvement. the target's size and complexity.

E Properly planned risk-based audit programs shall increase audit efficiency and effectiveness. The sophistication and formality of this kind of audit do vary a lot depending on the target's size and complexity.

Wi-Fi Protected Access implements the majority of which IEEE standard? 802.11g 802.11x 802.11v None of the choices. 802.11i

E Wi-Fi Protected Access (WPA / WPA2) is a class of systems to secure wireless computer networks. It implements the majority of the IEEE 802.11i standard, and is designed to work with all wireless network interface cards (but not necessarily with first generation wireless access points). One major improvement in WPA over WEP is the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used.

An IS auditor is assigned to perform a postimplementation review of an application system. Which of the following situations may have impaired the independence of the IS auditor? The IS auditor: implemented a specific control during the development of the application system. provided consulting advice concerning application system best practices. designed an embedded audit module exclusively for auditing the application system. participated as a member of the application system project team, but did not have operational responsibilities.An IS auditor is assigned to perform a postimplementation review of an application system. Which of the following situations may have impaired the independence of the IS auditor? The IS auditor:

Under the concept of ""defense in depth"", subsystems should be designed to:" ""fail secure""" ""react to attack""" ""react to failure""" None of the choices. ""fail insecure"""

A "With 0″"defense in depth"", more than one subsystem needs to be compromised to compromise the security of the system and the information it holds. Subsystems should default to secure settings, and wherever possible should be designed to ""fail secure"" rather than ""fail insecure""."

Which of the following BEST describes the concept of ""defense in depth""?" more than one subsystem needs to be compromised to compromise the security of the system and the information it holds. multiple firewalls are implemented. intrusion detection and firewall filtering are required. None of the choices. multiple firewalls and multiple network OS are implemented.

Creating which of the following is how a hacker can insure his ability to return to the hacked system at will? backdoors CRC None of the choices. checksum rootsec

A A backdoor refers to a generally undocumented means of getting into a system, mostly for programming and maintenance/troubleshooting needs. Most real world programs have backdoors. Creating backdoors is how a hacker can insure his ability to return to the hacked system at will.

Why is it not preferable for a firewall to treat each network frame or packet in isolation? Such a firewall has no way of knowing if any given packet is part of an existing connection, is trying to establish a new connection, or is just a rogue packet. Such a firewall is too complicated to maintain. Such a firewall offers poor compatibility. Such a firewall is CPU hungry. Such a firewall is costly to setup.

A A stateless firewall treats each network frame or packet in isolation. Such a firewall has no way of knowing if any given packet is part of an existing connection, is trying to establish a new connection, or is just a rogue packet.

Super Systems intends to implement an intrusion detection system (IDS) to strengthen their perimeter defenses. Identify a valid benefit of such system from the following? [AEC] Forensic evidencing External harmful websites blacklisting Exclusion rules for users from accessing specific sensitive network assets Policy definition weakness detection

A An intrusion detection system (IDS) provides a detective control by detecting exploitation attempts and creating an audit trail assisting in forensic evidencing.

Introducing inhomogeneity to your network for the sake of robustness would have which of the following drawbacks? high costs in terms of training and maintenance. poor scalability. weak infrastructure. poorer performance. None of the choices.

A An oft-cited cause of vulnerability of networks is homogeneity or software monoculture. In particular, Microsoft Windows has such a large share of the market that concentrating on it will enable a cracker to subvert a large number of systems. Introducing inhomogeneity purely for the sake of robustness would however bring high costs in terms of training and maintenance.

IS audits should be selected through a risk analysis process to concentrate on: those areas of greatest risk and opportunity for improvements. random events. those areas of the greatest financial value. areas led by the key people of the organization. those areas of least risk and opportunity for improvements.

A Audits are typically selected through a risk analysis process to concentrate on those areas of greatest risk and opportunity for improvements. Audit topics are supposed to be chosen based on potential for cost savings and service improvements.

Identify the correct option from the following that uses test data as part of a comprehensive test of program controls for ongoing accurate operation of the system. [AGB] Base-Case System Evaluation (BCSE) System Integration Test Parallel Run Test Data

A Base case system evaluation (BCSE) uses a standardized body of data created for testing purposes. Users normally establish the data. Base cases validate production application systems and test the ongoing accurate operation of the system.

The Federal Information Processing Standards (FIPS) are primarily for use by (choose all that apply): all non-military government agencies None of the choices. US government contractors all private and public colleges in the US all military government agencies

A C Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States Federal government for use by all nonmilitary government agencies and by government contractors. Many FIPS standards are modified versions of standards used in the wider community.

Which of the following types of attack works by taking advantage of the unenforced and unchecked assumptions the system makes about its inputs? code injection integer overflow None of the choices. format string vulnerabilities command injection

A Code injection is a technique to introduce code into a computer program or system by taking advantage of the unenforced and unchecked assumptions the system makes about its inputs.

You may reduce a cracker's chances of success by (choose all that apply): keeping your systems up to date using a security scanner. using multiple firewalls. using multiple firewalls and IDS. hiring competent people responsible for security to scan and update your systems. None of the choices.

A D Only a small fraction of computer program code is mathematically proven, or even goes through comprehensive information technology audits or inexpensive but extremely valuable computer security audits, so it is quite possible for a determined cracker to read, copy, alter or destroy data in well secured computers, albeit at the cost of great time and resources. You may reduce a cracker's chances by keeping your systems up to date, using a security scanner or/and hiring competent people responsible for security.

Which of the following refers to an important procedure when evaluating database security (choose the BEST answer)? performing vulnerability assessments against the database. performing dictionary check against the database. performing data check against the database. None of the choices. performing capacity check against the database system.

A Databases provide many layers and types of security, including Access control, Auditing, Authentication, Encryption and Integrity controls. An important procedure when evaluating database security is performing vulnerability assessments against the database. Database administrators or Information security administrators run vulnerability scans on databases to discover misconfiguration of controls within the layers mentioned above along with known vulnerabilities within the database software.

What is the best defense against Distributed DoS Attack? patch your systems. run a virus checker. find the DoS program and kill it. None of the choices. run an anti-spy software.

A Distributed DoS Attack is a network-based attack from many servers used remotely to send packets. Examples of tools for conducting such attack include TFN, TFN2K, Trin00, Stacheldracht, and variants. The best defense is to make sure all systems patches are up-to-date. Also make sure your firewalls are configured appropriately.

The technique of rummaging through commercial trash to collect useful business information is known as: Information diving Identity diving System diving Intelligence diving Program diving

A Dumpster diving in the form of information diving describes the practice of rummaging through commercial trash to find useful information such as files, letters, memos, passwords ...etc.

Cocoa Payroll Services has an ongoing employee education program whereby they cross-train their employees. Identify a potential issue security risk with these practices from the following. [BBC] Employees may acquire excessive knowledge of a system Disruption of operations Ambiguity in succession planning Roles and responsibilities are intermingled

A Employees may acquire excessive knowledge of a system leading to potential misuse. While cross-training is a good process and is often helpful to organizations in succession planning and recovering in event of disruption of services, the due care be taken to ensure rules for segregation of duties are not violated.

Which of the following kinds of function are particularly vulnerable to format string attacks? C functions that perform output formatting SQL functions that perform string conversion VB functions that perform integer conversion C functions that perform integer computation C functions that perform real number subtraction

A Format string attacks are a new class of vulnerabilities recently discovered. It can be used to crash a program or to execute harmful code. The problem stems from the use of unfiltered user input as the format string parameter in certain C functions that perform formatting, such as printf(). A malicious user may use the %s and %x format tokens, among others, to print data from the stack or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using the %n format token.

Which of the following types of attack makes use of unfiltered user input as the format string parameter in the printf() function of the C language? format string vulnerabilities command injection buffer overflows code injection integer overflow

Which of the following may be deployed in a network as lower cost surveillance and early-warning tools? Honeypots Hardware IPSs Stateful inspection firewalls Botnets Hardware IDSs

A Honeypots, essentially decoy network-accessible resources, could be deployed in a network as surveillance and early-warning tools. Techniques used by the attackers that attempt to compromise these decoy resources are studied during and after an attack to keep an eye on new exploitation techniques.

Which of the following is the MOST important criterion when selecting a location for an offsite storage facility for IS backup files? The offsite facility must be: physically separated from the data center and not subject to the same risks. outsourced to a reliable third party. equipped with surveillance capabilities. given the same level of protection as that of the computer data center.

A It is important that there be an offsite storage location for IS files and that it be in a location not subject to the same risks as the primary data center. The other choices are all issues that must be considered when establishing the offsite location, but they are not as critical as the location selection

Which of the following encryption methods uses a matching pair of key-codes, securely distributed, which are used once-and-only-once to encode and decode a single message? one-time pad certificate Blowfish DES Tripwire

A It's possible to protect messages in transit by means of cryptography. One method of encryption -the one-time pad -has been proven to be unbreakable when correctly used. This method uses a matching pair of key- codes, securely distributed, which are used once- and-only-once to encode and decode a single message. Note that this method is difficult to use securely, and is highly inconvenient as well.

Which of the following types of spyware was originally designed for determining the sources of error or for measuring staff productivity? Keystroke logging Password logging None of the choices. Keywords logging Directory logging

A Keystroke logging (in the form of spyware) was originally a function of diagnostic tool deployed by software developers for capturing user's keystrokes. This is done for determining the sources of error or for measuring staff productivity.

Lorena, an information systems auditor with the Town Bank, while reviewing the disaster recovery plan (DRP) observed the following. (a) a system analyst in the IT department compiled the plan two years earlier, and not been updated since then (b) the plan includes transaction flow projections by the operations department (c) the plan awaits approval and formal issuance from the CIO - hence not tested or circulated to staff (d) interviews with management and staff show that each would know their actions in the event of a disruptive incident (e) the plan aims to re-establish live processing at an alternative site (f) the alternative site with a similar hardware configuration (but not identical) is already established Identify the next step for Lorena to take from here. [BCA] Perform a review to verify that the alternate site can support live processing Conclude the outcome of audit as ineffective due to lack of an approved DR plan Conclude that the investment on the alternative site is wasted without an effective plan Recommend that the hardware configuration at the alternate site is identical to the primary site

A Lorena should review the arrangements at the alternate site to determine if that is able to support live processing in event of a disaster. Lack of a formal and approved plan is a concern but not as grave as not having an alternate site itself.

What is the recommended minimum length of a good password? 8 characters 6 characters 12 characters 18 characters 22 characters

A Passwords are the first defensive line in protecting your data and information. Your users need to be made aware of what a password provides them and what can be done with their password. They also need to be made aware of the things that make up a good password versus a bad password. A good password has mixed-case alphabetic characters, numbers, and symbols. Do use a password that is at least eight or more characters.

Implementing Enterprise Governance of Information and Technology (EGIT) framework entails the implementation of IT performance monitoring and reporting process. Identify the main objective of this process? [AFC] Performance Optimization Performance Benchmarking IT Error Reduction Performance Trend Analysis

A Performance optimization is the main objective for any organization implementing an IT performance monitoring and reporting process. Performance optimization includes both improving perceived service performance and improving information system productivity to the highest level possible without unnecessary additional investment in the IT infrastructure.

Pretexting is an act of: social engineering eavedropping DoS soft coding hard coding

A Pretexting is the act of creating and using an invented scenario to persuade a target to release information or perform an action and is usually done over the telephone. It is more than a simple lie as it most often involves some prior research or set up and the use of pieces of known information.

Organizations leverage public key infrastructure (PKI) for online transaction security. Identify the key feature that helps to trace an online transaction back to the origin unrefutably from the following. [BBD] Nonrepudiation Integrity Encryption Authentication

A Public key infrastructure (PKI) is a series of processes and technologies for the association of cryptographic keys with the entity to whom those keys were issued. Nonrepudiation is achieved through the use of digital signatures to trace an online transaction back to the origin unrefutably. This mechanism ensures undeniable digital evidence.

The PRIMARY purpose of implementing Redundant Array of Inexpensive Disks (RAID) level 1 in a file server is to: ensure availability of data. provide user authentication. achieve performance improvement. ensure the confidentiality of data.

A RAID level 1 provides disk mirroring. Data written to one disk are also written to another disk. Users in the network access data in the first disk; if disk one fails, the second disk takes over. This redundancy ensures the availability of datA. RAID level 1 does not improve performance, has no relevance to authentication and does nothing to provide for data confidentiality.

Which of the following refers to a primary component of corporate risk management with the goal of minimizing the risk of prosecution for software piracy due to use of unlicensed software? Software audit Test audit System audit Mainframe audit Application System audit

A Software audits are a component of corporate risk management, with the goal of minimizing the risk of prosecution for software piracy due to use of unlicensed software. From time to time internal or external audits may take a forensic approach to establish what is installed on the computers in an organization with the purpose of ensuring that it is all legal and authorized and to ensure that its process of processing transactions or events is correct.

Andrew, CFO of Fair Lending, has requested parallel testing to be conducted for an upcoming critical application upgrade. Identify the main purpose of such testing from the following. [BDJ] Ensure meeting key business user requirements Identify application program interface errors Determine the cost-effectiveness of the system Ensure comprehensive unit and system testing

A The main purpose of requesting parallel testing is to ensure that business users can compare previous software with the newly delivered upgrade to ensure a greater assurance over meeting key business user requirements. Identification of application program interface errors or performance of the unit and system testing must be completed prior to reaching the parallel testing phase. A comparison of the cost-effectiveness of the new and old system may not be the main purpose of parallel testing.

Which of the following ensures the availability of transactions in the event of a disaster? Transmit transactions offsite in real time. Send tapes daily containing transactions offsite. Send tapes hourly containing transactions offsite, Capture transactions to multiple storage devices.

A The only way to ensure availability of all transactions is to perform a real-time transmission to an offsite facility. Choices A and B are not in real time and, therefore, would not include all the transactions. Choice C does not ensure availabilityat an offsite location.

Quick Microsystems has contracted an external cybersecurity services company to conduct a penetration test on its network to ascertain the robustness of currently deployed controls and identify if there are any vulnerabilities. The external contractor would need to conduct the test by remaining undetected on Quick Microsystems' network. Identify the best approach from the following for the contractor to use. [AJJ] Perform the network scanning activity at certain intervals for avoiding detection Perform the network scanning activity using multiple scanning tools since each tool has different characteristics Perform the network scanning activity during evening hours when no one is logged-in Masquerade itself as Quick Microsystems' existing file server or domain controller

A The penetration tester is likely to pause its network scanning activity every few minutes to avoid detection by allowing network monitoring thresholds to reset thus avoiding the detection. Masquerade may not work as it is likely to be identified by the monitoring tools, similarly performing the network scanning activity using multiple tools or performing in the after office hours is likely to picked by the network monitoring tools.

Julio, IT Head at Quick Micropayments, conducts logical access control review on a pre-defined periodicity. Identify the primary objective of the review from the following. [AGH] Ensure access is granted per the organization's authorizations Develop a realistic view of all access needed to the IT environment Provide assurance that computer systems are adequately protected against abuse Validate access controls provided by the application are functioning properly

A The primary objective of a logical access control review is to determine whether or not access is granted per the organization's authorizations.

Which of the following results in a denial-of-service attack? Ping of death Leapfrog attack Negative acknowledgement (NAK) attack Brute force attack

A The use of Ping with a packet size higher than 65 KB and no fragmentation flag on will cause a denial of service. A brute force attack is typically a text attack that exhausts all possible key combinations. A leapfrog attack, the act of telneting through one or more hosts to preclude a trace, makes use of user ID and password information obtained illicitly from one host to compromise another host. A negative acknowledgement attack is a penetration technique that capitalizes on a potential weakness in an operating system that does not handle asynchronous interrupts properly, leaving the system in an unprotected state during such interrupts.

Identify the name for a recovery alternative facility that has space, basic infrastructure, and IT and communications equipment required to support the critical applications and operations, along with office equipment and furniture for use by the staff. [WTCSFHAXXCISA] Hot sites Cold sites Mirrored sites Warm sites

A This is the definition of a hot site.

Which of the following is a tool you can use to simulate a big network structure on a single computer? honeyd None of the choices. honeytube honeymoon honeytrap

A honeyd is a GPL licensed software you can use to simulate a big network structure on a single computer.

Well-written risk assessment guidelines for IS auditing should specify which of the following elements at the least (choose all that apply): Guidelines for handling special cases. A maximum length for audit cycles. None of the choices. Documentation requirements. The timing of risk assessments.

A,B,C,D A well-written risk assessment guidelines should specify a maximum length for audit cycles based on the risk scores and the timing of risk assessments for each department or activity. There should be documentation requirements to support scoring decisions. There should also be guidelines for overriding risk assessments in special cases and the circumstances under which they can be overridden.

Why is one-time pad not always preferable for encryption (choose all that apply): it is highly inconvenient to use. it requires internet connectivity. it is Microsoft only. it is difficult to use securely. it requires licensing fee.

A, D It's possible to protect messages in transit by means of cryptography. One method of encryption -the one-time pad -has been proven to be unbreakable when correctly used. This method uses a matching pair of key- codes, securely distributed, which are used once- and-only-once to encode and decode a single message. Note that this method is difficult to use securely, and is highly inconvenient as well.

In-house personnel performing IS audits should posses which of the following knowledge and/or skills (choose 2): information systems knowledge commensurate with the scope of the IT environment in question sufficient knowledge on secure platform development sufficient knowledge on secure system coding information systems knowledge commensurate outside of the scope of the IT environment in question sufficient analytical skills to determine root cause of deficiencies in question

A, E Personnel performing IT audits should have information systems knowledge commensurate with the scope of the institution's IT environment. They should also possess sufficient analytical skills to determine the root cause of deficiencies.

An accurate biometric system usually exhibits (choose all that apply): low EER low CER None of the choices. high EER high CER

A,B One most commonly used measure of real-world biometric systems is the rate at which both accept and reject errors are equal: the equal error rate (EER), also known as the cross-over error rate (CER). The lower the EER or CER, the more accurate the system is considered to be.

A virus typically consists of what major parts (choose all that apply): a payload a mechanism that allows them to infect other files and reproduce" a trigger that activates delivery of a ""payload""" a signature None of the choices.

A,B,C "A virus typically consist of three parts, which are a mechanism that allows them to infect other files and reproduce a trigger that activates delivery of a ""payload"" and the payload from which the virus often gets its name. The payload is what the virus does to the victim file."

Effective transactional controls are often capable of offering which of the following benefits (choose all that apply): shortened contract cycle times reduced administrative and material costs enhanced procurement decisions diminished legal risk None of the choices.

A,B,C,D Transactional systems provide a baseline necessary to measure and monitor contract performance and provide a method for appraising efficiency against possible areas of exposure. Effective transactional controls reduce administrative and material costs, shorten contract cycle times, enhance procurement decisions, and diminish legal risk.

Enterprise Governance of Information and Technology (EGIT) is the responsibility of the board of directors and executive management. Identify the two key issues that EGIT is concerned with from the following. (Select Two) [BEA] IT risk is managed IT delivers value to the business Organization's strategies and objectives extend the IT strategy Business strategy is derived from an IT strategy

A.B The Enterprise Governance of Information and Technology (EGIT) is concerned with two key issues: (1) that IT delivers value to the business which is driven by the strategic alignment of IT with the business and (2) that IT risk is managed which is driven by the need for embedding accountability into the enterprise.

Talking about biometric authentication, physical characteristics typically include (choose all that apply): hand measurements fingerprints eye retinas irises facial patterns

ALL Biometric authentication refers to technologies that measure and analyze human physical and behavioral characteristics for authentication purposes. Physical characteristics include fingerprints, eye retinas and irises, facial patterns and hand measurements, while behavioral characteristics include signature, gait and typing patterns. Voice is often considered as a mix of both physical and behavioral characteristics.

Talking about application system audit, focus should always be placed on: changes to the system are properly authorized input of data are processed correctly output of data are processed correctly performance and controls of the system the ability to limit unauthorized access and manipulation

ALL Talking about application system audit, focus should be placed on the performance and controls of the system, its ability to limit unauthorized access and manipulation, that input and output of data are processed correctly on the system, that any changes to the system are authorized, and that users have access to the system.

The majority of software vulnerabilities result from a few known kinds of coding defects, such as (choose all that apply): integer overflow buffer overflows code injection command injection format string vulnerabilities

ALL The majority of software vulnerabilities result from a few known kinds of coding defects. Common software defects include buffer overflows, format string vulnerabilities, integer overflow, and code/command injection. Some common languages such as C and C++ are vulnerable to all of these defects. Languages such as Java are immune to some of these defects but are still prone to code/ command injection and other software defects which lead to software vulnerabilities.

Which of the following exposures associated with the spooling of sensitive reports for offline printing should an IS auditor consider to be the MOST serious? Sensitive data can be read by operators. Unauthorized report copies can be printed. Data can be amended without authorization. Output can be lost in the event of system failure.

Which of the following forms of evidence for the auditor would be considered the MOST reliable? An oral statement from the auditee A confirmation letter received from an outside source An internally generated computer accounting report The results of a test performed by an IS auditor

Most trojan horse programs are spread through: None of the choices. e-mails. MS Office. Word template. MP3.

B "Most trojan horse programs are spread through e-mails. Some earlier trojan horse programs were bundled in ""Root Kits"". For example, the Linux Root Kit version 3 (lrk3) which was released in December 96 had tcp wrapper trojans included and enhanced in the kit. Portable devices that run Linux can also be affected by trojan horse. The Trojan.Linux.JBellz Trojan horse runs as a malformed .mp3 file."

Which of the following is a good tool to use to help enforcing the deployment of good passwords? remote windowing tool password cracker None of the choices. network hacker local DoS attacker

B "Passwords are the first defensive line in protecting your data and information. Your users need to be made aware of what a password provides them and what can be done with their password. They also need to be made aware of the things that make up a good password versus a bad password. A good password has mixed-case alphabetic characters, numbers, and symbols. Do use a password that is at least eight or more characters. You may want to run a ""password cracker"" program periodically, and require users to immediately change any easily cracked passwords. In any case ask them to change their passwords every 90 to 120 days."

Identify the purpose of Enterprise Governance of Information and Technology (EGIT) from the following. (Select Two) [AIH] Decentralize IT resources across the organization Realization of promised benefits Centralize control of IT Support the organizations' objectives

B , C Enterprise Governance of Information and Technology (EGIT) must support the organizations' objectives and help to realize the promised benefits.

Which of the following refers to a method of bypassing normal system authentication procedures? trojan horse Backdoor virus rootkits worm

B A backdoor is a method of bypassing normal authentication procedures. Many computer manufacturers used to preinstall backdoors on their systems to provide technical support for customers. Hackers typically use backdoors to secure remote access to a computer, while attempting to remain hidden from casual inspection. To install backdoors, hackers prefer to use either Trojan horse or computer worm.

Which of the following is an oft-cited cause of vulnerability of networks? single line of defense software monoculture None of the choices. software diversification multiple DMZ

B An oft-cited cause of vulnerability of networks is homogeneity or software monoculture. In particular, Microsoft Windows has such a large share of the market that concentrating on it will enable a cracker to subvert a large number of systems. Introducing inhomogeneity purely for the sake of robustness would however bring high costs in terms of training and maintenance.D

As part of the IEEE 802.11 standard ratified in September 1999, WEP uses which stream cipher for confidentiality? CRC-64 RC4 3DES DES CRC-32

B As part of the IEEE 802.11 standard ratified in September 1999, WEP uses the stream cipher RC4 for confidentiality and the CRC-32 checksum for integrity.

In the context of physical access control, what is known as the process of verifying user identities? Authorization Authentication Accounting Encryption Compression

B Authentication is the process of verifying a user's claimed identity. It is based on at least one of these three factors: Something you know, Something you have, or Something you are.

Lorena, an information systems auditor with the Town Bank, conducted a review of the bank's core banking system and observed anomalous data attributes in some accounting tables. Identify the most effective control that the IT department implements to avoid such anomalies in the future. [AFF] Implement sample review by IT department Implement database integrity constraints Implement logging controls for all tables Implement before-and-after image reporting

B Database integrity constraints are automated and preventive controls to ensure the integrity of the data attributes, tables, and the entire database. The constraints can help to validate the data against the predefined master data, against the predefined ruleset and the tables against each other for referential integrity. The remaining options are either not effective or not efficient.

With Deep packet inspection, which of the following OSI layers are involved? Layer 3 through Layer 7 Layer 2 through Layer 7 Layer 3 through Layer 6 Layer 2 through Layer 5 Layer 2 through Layer 6

B Deep packet inspection (DPI) is a form of computer network packet filtering that examines the data part of a through-passing packet, searching for non- protocol compliance or predefined criteria to decide if the packet can pass. DPI devices have the ability to look at Layer 2 through Layer 7 of the OSI model.

Which of the following types of attack almost always requires physical access to the targets? Wireless attack Direct access attack Window attack System attack Port attack

B Direct access attacks make use of common consumer devices that can be used to transfer data surreptitiously. Someone gaining physical access to a computer can install all manner of devices to compromise security, including operating system modifications, software worms, keyboard loggers, and covert listening devices. The attacker can also easily download large quantities of data onto backup media or portable devices.

Which of the following types of attack makes use of common consumer devices that can be used to transfer data surreptitiously? Social attack Direct access attacks Indirect access attacks Port attack Window attack

Physical access controls are usually implemented based on which of the following means (choose all that apply): None of the choices. guards transaction applications operating systems mechanical locks

B E In physical security, access control refers to the practice of restricting entrance to authorized persons. Human means of enforcement include guard, bouncer, receptionist ... etc. Mechanical means may include locks and keys.

Relatively speaking, firewalls operated at the physical level of the seven-layer OSI model are: almost always less effective. None of the choices. almost always less costly to setup. almost always less secure. almost always less efficient.

B Early attempts at producing firewalls operated at the application level of the seven-layer OSI model but this required too much CPU processing power. Packet filters operate at the network layer and function more efficiently because they only look at the header part of a packet. NO FIREWALL operates at the physical level.

Malicious actors employ various attack techniques over the internet. Identify a passive attack technique from the following. [AIB] Brute force attack Eavesdropping Message modification Packet replay

B Eavesdropping is a passive attack technique where the intruder gathers the information flowing through the network with the intent of acquiring and releasing the message contents for either personal analysis or for third parties. Examples of passive attacks that gather network information include network analysis, eavesdropping and traffic analysis.

In addition to the backup considerations for all systems, which of the following is an important consideration in providing backup for online systems? Ensuring grandfather-father-son file backups Ensuring periodic dumps of transaction logs Maintaining important data at an offsite location Maintaining system software parameters

B Ensuring periodic dumps of transaction logs is the only safe way of preserving timely historical datA. The volume of activity usually associated with an online system makes other more traditional methods of backup impractical.

Which of the following is not a good tactic to use against hackers? Enticement Entrapment

B Enticement occurs after somebody has gained unlawful access to a system and then subsequently lured to a honey pot. Entrapment encourages the commitment of unlawful access. The latter is not a good tactic to use as it involves encouraging someone to commit a crime.

An information systems auditor at Super Systems is auditing the logical security. Identify the greatest concern of the auditor from the following. [WTCSFHBCXCISA] Lack of enforcement for periodic password rotation Excessive permissions to the network administrator account Lack of a formal written policy on privileges management Common knowledge of system administrator account IDs

B Excessive permission to the network administrator account is the greatest concern in this scenario. Common knowledge of system administrator account ID is a concern too but not grave enough since no passwords are shared. Lack of periodic password rotation and lack of formal written privileges management policy is also an important observation but may not be the greatest concern.

Fault-tolerance is a feature particularly sought-after in which of the following kinds of computer systems (choose all that apply): desktop systems business-critical systems handheld PDAs None of the choices. laptop systems

B Fault-tolerance enables a system to continue operating properly in the event of the failure of some parts of it. It avoids total breakdown, and is particularly sought-after in high-availability environment full of businesscritical systems.

In order to coordinate the activity of many infected computers, attackers have used coordinating systems known as: trojannets botnets wormnets spynets rootnets

B In order to coordinate the activity of many infected computers, attackers ave used coordinating systems known as botnets. In a botnet, the malware or malbot logs in to an Internet Relay Chat channel or other chat system. The attacker can then give instructions to all the infected systems simultaneously.

In a botnet, malbot logs into a particular type of system for making coordinated attack attempts. What type of system is this? SMS system Chat system Email system Log system Kernel system

B In order to coordinate the activity of many infected computers, attackers have used coordinating systems known as botnets. In a botnet, the malware or malbot logs in to an Internet Relay Chat channel or other chat system. The attacker can then give instructions to all the infected systems simultaneously.

Which of the following methods of encryption has been proven to be almost unbreakable when correctly used? Oakley one-time pad 3-DES key pair certificate

B It's possible to protect messages in transit by means of cryptography. One method of encryption -the one-time pad -has been proven to be unbreakable when correctly used. This method uses a matching pair of key- codes, securely distributed, which are used once- and-only-once to encode and decode a single message. Note that this method is difficult to use securely, and is highly inconvenient as well.

Which of the following are valid examples of Malware (choose all that apply): spyware All of the above worms viruses trojan horses

B Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. Software is considered malware based on the intent of the creator rather than any particular features. It includes computer viruses, worms, trojan horses, spyware, adware, and other malicious and unwanted software.

James, an information security architect with the Town Bank, is tasked to implement a multi-factor authentication (MFA) strategy for the bank's online banking platform. However, James is concerned about a type of attack, which has the potential of leaving the MFA unuseful. Identify the attack type that James is concerned about from the following. Key logging Man-in-the-middle (MITM) Traffic analysis Distributed denial of service (DDOS)

B Man-in-the-middle (MITM) attack is conducted by a malicious actor by exploiting a vulnerability in the network by replacing the original network packet with a tempered packet. The MITM attack when successful circumvents the MFA controls thus leaving them unuseful. Traffic analysis is a passive attack performed by a malicious actor prior to performing a MITM attack. Key logging may reveal users' login id and passwords but not effective against MFA. DDOS may affect the availability of the system but may not be able to circumvent MFA controls.

Which of the following are often considered as the first defensive line in protecting a typical data and information environment? certificates password None of the choices. biometrics security token

Which of the following are the characteristics of a good password? None of the choices. It has mixed-case alphabetic characters, numbers, and symbols. It has mixed-case alphabetic characters and numbers. It has mixed-case alphabetic characters and symbols. It has mixed-case alphabetic characters, numbers, and binary codes.

B Passwords are the first defensive line in protecting your data and information. Your users need to be made aware of what a password provides them and what can be done with their password. They also need to be made aware of the things that make up a good password versus a bad password. A good password has mixed-case alphabetic characters, numbers, and symbols. Do use a password that is at least eight or more characters.

An information systems auditor noted data integrity issues in certain attributes of a transaction table. This issue can be prevented by implementing the following key: [BEF] Private key Foreign key Primary key Public key

B Relational databases offer foreign key control feature to ensure referential integrity between master and child records. Implementing a foreign key arrangement may resolve the issue highlighted in the question. The primary key helps to ensure the uniqueness of records. Public and private keys are used in cryptographic protection which has no relation to the question

Your final audit report should be issued: None of the choices. after an agreement on the observations is reached. if an agreement on the observations cannot reached. before an agreement on the observations is reached. without mentioning the observations.

B Reporting can take the forms of verbal presentation, an issue paper or a written audit report summarizing observations and management's responses. After agreement is reached on the observations, a final report can be issued.

Cocoa Payroll Services initiated an internal audit to review payroll processes to meet the internal control requirements and the commitments to its clients. Brenda, an internal auditor with the organization, observed a mismatch in payroll processing clerk's answers and the documented job description and procedures. Identify a valid step from the following for Brenda to choose. [AGI] Review the previous successful audit report and place reliance on it In order to conclude on the audit, the scope must be extended to include substantive testing In the absence of non-cooperation from the auditee, the audit must be suspended In absence of any concrete evidence of wrongdoing, conclude that the controls are inadequate

B The auditor should expand the scope of testing the controls and include additional substantive tests as the auditee's answers do not match with the documented job description and procedures. In order to conclude on the audit, the auditor should conduct evidence best testing to support the conclusions.

Screening router inspects traffic through examining: virus payload message header. attachment type None of the choices. message content

B The simplest and almost cheapest type of firewall is a packet filter that stops messages with inappropriate network addresses. It usually consists of a screening router and a set of rules that accept or reject a message based on information in the message header.

Talking about the different approaches to security in computing, the principle of regarding the computer system itself as largely an untrusted system emphasizes: None of the choices. least privilege full privilege most privilege null privilege

B There are two different approaches to security in computing. One focuses mainly on external threats, and generally treats the computer system itself as a trusted system. The other regards the computer system itself as largely an untrusted system, and redesigns it to make it more secure in a number of ways. This technique enforces the principle of least privilege to great extent, where an entity has only the privileges that are needed for its function.

Which of the following is by far the most common prevention system from a network security perspective? Hardened OS Firewall IPS IDS Tripwire

B User account access controls and cryptography can protect systems files and data, respectively. On the other hand, firewalls are by far the most common prevention systems from a network security perspective as they can shield access to internal network services, and block certain kinds of attacks through packet filtering.

Which of the following measures can protect systems files and data, respectively? IDS and cryptography User account access controls and cryptography User account access controls and firewall User account access controls and IPS Firewall and cryptography

Montero Automotives is conducting a series of cyber awareness education sessions for its engineers. Cyber defense includes vulnerability assessment (VA) and penetration test (PT) as key activities. Identify a valid difference between the two from the following. [AHF] VA is executed by commercial tools, whereas PT is executed by public processes VA is a mostly non-intrusive activity, whereas PT may involve intrusive techniques exploit the discovered vulnerabilities VA is executed by automated tools, whereas PT is a totally manual process Both are one and the same

B Vulnerability assessment (VA) is mostly non-intrusive activity. The objective of VA is to identify security holes in IT infrastructure. Penetration testing (PT), on the other hand, as the name suggests may involve intrusive techniques to exploit the discovered vulnerabilities to identify what damage a hacker may be able to cause by imitating their actions.

Which of the following correctly describe the potential problem of deploying Wi-Fi Protected Access to secure your wireless network? potential performance problems with wireless network interface cards. potential compatibility problems with wireless access points. potential compatibility problems with wireless network interface cards. None of the choices. potential performance problems with wireless access points.

One major improvement in WPA over WEP is the use of a protocol which dynamically changes keys as the system is used. What protocol is this? EKIP TKIP OKIP SKIP RKIP

B Wi-Fi Protected Access (WPA / WPA2) is a class of systems to secure wireless computer networks. It implements the majority of the IEEE 802.11i standard, and is designed to work with all wireless network interface cards (but not necessarily with first generation wireless access points). One major improvement in WPA over WEP is the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used.

Which of the following typically consists of a computer, some real looking data and/or a network site that appears to be part of a production network but which is in fact isolated and well prepared? IPS honeypot IDS superpot firewall

B You may use a honeypot to detect and deflect unauthorized use of your information systems. A typical honeypot consists of a computer, some real looking data and/or a network site that appears to be part of a production network but which is in fact isolated and well prepared for trapping hackers.

You should keep all computer rooms at reasonable humidity levels, which are in between: 10 - 70 percent. 20 - 70 percent. 60 - 80 percent. 10 - 60 percent. 70 - 90 percent.

B You should keep all computer rooms at reasonable temperatures, which is in between 60 - 75 degrees Fahrenheit or 10 - 25 degrees Celsius. You should also keep humidity levels at 20 - 70 percent.

You should know the difference between an exploit and a vulnerability. Which of the following refers to a weakness in the system? exploit vulnerability both

B You should know the difference between an exploit and a vulnerability. An exploit refers to software, data, or commands capable of taking advantage of a bug, glitch or vulnerability in order to cause unintended behavior. Vulnerability in this sense refers to a weakness in the system.

Performance of a biometric measure is usually referred to in terms of (choose all that apply): None of the choices. false accept rate failure to enroll rate failure to reject rate false reject rate

B,C E Performance of a biometric measure is usually referred to in terms of the false accept rate (FAR), the false non match or reject rate (FRR), and the failure to enroll rate (FTE or FER). The FAR measures the percent of invalid users who are incorrectly accepted in, while the FRR measures the percent of valid users who are wrongly rejected.

Common implementations of strong authentication may use which of the following factors in their authentication efforts (choose all that apply): something you have installed on this same system' something you have' something you are' something you know' something you have done in the past on this same system'

B,C,D Two-factor authentication (T-FA) refers to any authentication protocol that requires two independent ways to establish identity and privileges. Common implementations of two-factor authentication use 'something you know' as one of the two factors, and use either 'something you have' or 'something you are' as the other factor. In fact, using more than one factor is also called strong authentication. On the other hand, using just one factor is considered by some weak authentication.

Sophisticated database systems provide many layers and types of security, including (choose all that apply): Compression controls Encryption Integrity controls Access control Auditing

B,C,D,E Sophisticated database systems provide many layers and types of security, including Access control, Auditing, Authentication, Encryption and Integrity controls. An important procedure when evaluating database security is performing vulnerability assessments against the database. Database administrators or Information security administrators run vulnerability scans on databases to discover misconfiguration of controls within the layers mentioned above along with known vulnerabilities within the database software.

Buffer overflow aims primarily at corrupting: network firewall None of the choices. system memory disk storage system processor

C A buffer overflow is an anomalous condition where a process attempts to store data beyond the boundaries of a fixed length buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include other buffers, variables and program flow data.

Which of the following correctly describes the purpose of an Electronic data processing audit? to verify data accuracy. to ensure document validity. to collect and evaluate evidence of an organization's information systems, practices, and operations. to collect and evaluate benefits brought by an organization's information systems to its bottomline. None of the choices.

C An Electronic data processing (EDP) audit is an IT audit. It is the process of collecting and evaluating evidence of an organization's information systems, practices, and operations.

TEMPEST is a hardware for which of the following purposes? Social engineering Virus scanning Eavedropping Firewalling None of the choices.

C Any data that is transmitted over a network is at some risk of being eavesdropped, or even modified by a malicious person. Even machines that operate as a closed system can be eavesdropped upon via monitoring the faint electromagnetic transmissions generated by the hardware such as TEMPEST.

Which of the following measures can effectively minimize the possibility of buffer overflows? Sufficient memory Sufficient processing capability Sufficient bounds checking None of the choices. Sufficient code injection

C Buffer overflows may cause a process to crash or produce incorrect results. They can be triggered by inputs specifically designed to execute malicious code or to make the program operate in an unintended way. As such, buffer overflows cause many software vulnerabilities and form the basis of many exploits. Sufficient bounds checking by either the programmer or the compiler can prevent buffer overflows.

The Federal Information Processing Standards (FIPS) were developed by: IEEE IANA the United States Federal government ANSI ISO

C Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States Federal government for use by all nonmilitary government agencies and by government contractors. Many FIPS standards are modified versions of standards used in the wider community.

Which of the following types of attack often take advantage of curiosity or greed to deliver malware? Soft coding Tripwire Gimmes Pretexting Icing

C Gimmes take advantage of curiosity or greed to deliver malware. Also known as a Trojan Horse, gimmes can arrive as an email attachment promising anything. The recipient is expected to give in to the need to the program and open the attachment. In addition, many users will blindly click on any attachments they receive that seem even mildly legitimate.

Lorena, an information systems auditor with the Town Bank, noted that a recently installed security patch crashed the production webserver. Lorena should recommend the following to minimize the probability of this occurring again. [AEA] Ensure that the patches are approved after an adequate a risk assessment Ensure that the patches are applied according to the patch's release notes Ensure that a good change management process is in place Ensure that patches are thoroughly tested before applying to production

C Lorena should recommend IT management to ensure that a good change management process is in place which includes the patch management procedure. Other options represent a good patch management procedure.

Which of the following software tools is often used for stealing money from infected PC owner through taking control of the modem? System patcher T1 dialer Porn dialer T3 dialer War dialer

C One way of stealing money from infected PC owner is to take control of the modem and dial an expensive toll call. Dialer such as porn dialer software dials up a premium-rate telephone number and leave the line open, charging the toll to the infected user.

Which of the following terms is used more generally for describing concealment routines in a malicious program? trojan horse worm rootkits virus spyware

C Rootkits can prevent a malicious process from being reported in the process table, or keep its files from being read. Originally, a rootkit was a set of tools installed by a human attacker on a Unix system where the attacker had gained administrator access. Today, the term is used more generally for concealment routines in a malicious program.

All Social Engineering techniques are based on flaws in: device logic. hardware logic. software logic. human logic. group logic.

C Social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access. All Social Engineering techniques are based on flaws in human logic known as cognitive biases. These bias flaws are used in various combinations to create attack techniques.

The ability of the internal IS audit function to achieve desired objectives depends largely on: the performance of audit personnel the training of audit personnel the independence of audit personnel the background of audit personnel None of the choices

C The ability of the internal audit function to achieve desired objectives depends largely on the independence of audit personnel. Top management should ensure that the audit department does not participate in activities that may compromise its independence.

During the design of a business continuity plan, the business impact analysis (BIA) identifies critical processes and supporting applications. This will PRIMARILY influence the: criteria for selecting a recovery site provider. responsibilities of key personnel. recovery strategy. responsibility for maintaining the business continuity plan.

C The most appropriate strategy is selected based on the relative risk level and criticality identified in the business impact analysis (BIA.) The other choices are made after the selection or design of the appropriate recovery strategy.

To provide protection for media backup stored at an offsite location, the storage site should be: clearly labeled for emergency access. located on a different floor of the building. protected from unauthorized access. easily accessible by everyone.

C The offsite storage site should always be protected against unauthorized access and have at least the same security requirements as the primary site. Choice A is incorrect because, if the backup is in the same building, it may suffer the same event and may be inaccessible. Choices B and C represent access risks.

James, an information security architect with the Town Bank, is tasked to implement a continuity strategy for WAN. Identify the best option from the following. [AHG] Service Provider Maintenance Contract Daily Full System Backups Alternative Routing Redundant Host Arrangement

C The subscriber can obtain alternate routing from the network service provider. This type of access is time-consuming and costly but useful in designing a continuity strategy and meet the uptime requirements. Other options do not present a valid solution to WAN continuity requirements.

Iptables is based on which of the following frameworks? NetDoom NetCheck Netfilter NetSecure None of the choices.

C ipchains is a free software based firewall running on earlier Linux. It is a rewrite of ipfwadm but is superseded by iptables in Linux 2.4 and above. Iptables controls the packet filtering and NAT components within the Linux kernel. It is based on Netfilter, a framework which provides a set of hooks within the Linux kernel for intercepting and manipulating network packets.

Which of the following is a rewrite of ipfwadm? None of the choices. iptables ipchains Netfilter ipcook

You should keep all computer rooms at reasonable temperatures, which is in between (choose all that apply): 1 - 15 degrees Celsius 20 - 35 degrees Fahrenheit 10 - 25 degrees Celsius 30 - 45 degrees Fahrenheit 60 - 75 degrees Fahrenheit

CDE You should keep all computer rooms at reasonable temperatures, which is in between 60 - 75 degrees Fahrenheit or 10 - 25 degrees Celsius. You should also keep humidity levels at 20 - 70 percent.

James, an information security architect with the Town Bank, is tasked to implement an anti-DDOS strategy for the IT infrastructure. There is a concern that compromised hosts may be used to launch/join the concerted DDOS attack attempt. Identify the best option from the following to prevent such a scenario. [AHD] Deny all incoming traffic with discernible spoofed IP source addresses Deny all incoming traffic with IP options set Deny all outgoing traffic with IP source addresses external to the network Deny all incoming traffic to critical hosts

C, Organizations should carefully review and set allow/deny rules on the firewall based on their requirements. Organizations can implement a "deny all" rule outgoing traffic targetted for unidentified IP ranges. Restricting the incoming traffic will not address this specific concern.

Which of the following refers to an anomalous condition where a process attempts to store data beyond the boundaries of a fixed length buffer? integer misappropriation None of the choices. code injection buffer overflow format string vulnerabilities

D A buffer overflow is an anomalous condition where a process attempts to store data beyond the boundaries of a fixed length buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include other buffers, variables and program flow data.

Identify the characterstic of a decision support system (DSS) from the following. [AFJ] DSS only supports highly structured decision making tasks DSS helps to solve structured problems DSS combines the use of models with nontraditional data access and retrieval functions DSS supports semistructured decision-making tasks

D A decision support system (DSS) is an interactive system that provides the user with easy access to decision models and data, to support semistructured decision-making tasks.

The use of risk assessment tools for classifying risk factors should be formalized in your IT audit effort through: using computer assisted audit technology tools. the use of computer assisted functions. the use of risk controls. the development of written guidelines. None of the choices.

D A successful risk-based IT audit program could be based on an effective scoring system. In establishing a scoring system, management should consider all relevant risk factors and avoid subjectivity. Auditors should develop written guidelines on the use of risk assessment tools and risk factors and review these guidelines with the audit committee.

An IS auditor performing a review of the backup processing facilities should be MOST concerned that: adequate fire insurance exists. regular hardware maintenance is performed. backup processing facilities are fully tested. offsite storage of transaction and master files exists.

D Adequate fire insurance and fully tested backup processing facilities are important elements for recovery, but without the offsite storage of transaction and master files, it is generally impossible to recover. Regular hardware maintenance does not relate to recovery.

Identify the activity relevant to short-term information systems planning by the IT department of any organization. [BBI] Define a remediation plan for technology obsolescence Define a remediation plan for control gaps identified Perform hardware capacity planning such as servers, storage, network, etc. Allocate resources such as storage, memory, etc.

D Allocation of information systems resources such as storage, memory, etc. is considered short-term planning. Defining a remediation plan for control gaps and technology obsolescence is expected to take longer since the plan needs to consider many factors. Similarly, performing hardware capacity planning needs to take a mid to long term view in order to address the current and future needs of the business.

Many WEP systems require a key in a relatively insecure format. What format is this? 256 bit format. None of the choices. 128 bit format. hexadecimal format. binary format.

D As part of the IEEE 802.11 standard ratified in September 1999, WEP uses the stream cipher RC4 for confidentiality and the CRC-32 checksum for integrity. Many WEP systems require a key in hexadecimal format. If one chooses keys that spell words in the limited 0-9, A-F hex character set, these keys can be easily guessed.

Which of the following findings should an IS auditor be MOST concerned about when performing an audit of backup and recovery and the offsite storage vault? There are three individuals with a key to enter the are Paper documents are also stored in the offsite vault. The offsite vault is located in a separate facility. Data files that are stored in the vault are synchronized.

D Choice A is incorrect because more than one person would typically need to have a key to the vault to ensure that individuals responsible for the offsite vault can take vacations and rotate duties. Choice B is not correct because an IS auditor would not be concerned with whether paper documents are stored in the offsite vault. In fact, paper documents, such as procedural documents and a copy of the contingency plan, would most likely be stored in the offsite vault, and the location of the vault is important, but not as important as the files being synchronized.

In a security server audit, focus should be placed on (choose all that apply): adequate user training system stability proper application licensing proper segregation of duties continuous and accurate audit trail

D E Security server audit always takes high priority because the security administrators who manage this not only have elevated privilege, but also model and create the user passwords. Are proper segregation of duties implemented and enforced and is technology and procedures in place to make sure there is a continuous and accurate audit trail?

If a database is restored using before-image dumps, where should the process begin following an interruption? After the last transaction As the last transaction before the latest checkpoint As the first transaction after the latest checkpoint Before the last transaction

D If before images are used, the last transaction in the dump will not have updated the database prior to the dump being taken. The last transaction will not have updated the database and must be reprocessed. Program checkpoints are irrelevant in this situation.

Which of the following refers to a symmetric key cipher which operates on fixedlength groups of bits with an unvarying transformation? stream cipher check cipher None of the choices. block cipher string cipher

D In cryptography, a block cipher is a symmetric key cipher which operates on fixed-length groups of bits, termed blocks, with an unvarying transformation. A stream cipher, on the other hand, operates on individual digits one at a time.

Host Based ILD&P primarily addresses the issue of: information accuracy information validity information leakage information integrity None of the choices.

D Information Leakage Detection and Prevention (ILD&P) is a computer security term referring to systems designed to detect and prevent the unauthorized transmission of information from the computer systems of an organization to outsiders. Network ILD&P are gateway-based systems installed on the organization's internet network connection and analyze network traffic to search for unauthorized information transmissions. Host Based ILD&P systems run on end-user workstations to monitor and control access to physical devices and access information before it has been encrypted.

Which of the following terms refers to systems designed to detect and prevent the unauthorized transmission of information from the computer systems of an organization to outsiders? None of the choices. ILP&C ILR&D ILD&P ICT&P

What is the best defense against Local DoS attacks? run a virus checker. run an anti-spy software. patch your systems. find this program and kill it. None of the choices.

D Local DoS attacks can be a program that creates an infinite loop, makes lots of copies of itself, and continues to open lots of files. The best defense is to find this program and kill it.

Software is considered malware based on: its particular features. None of the choices. its compatibility. the intent of the creator. its location.

D Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. Software is considered malware based on the intent of the creator rather than any particular features. It includes computer viruses, worms, trojan horses, spyware, adware, and other malicious and unwanted software.

Which of the following is one most common way that spyware is distributed? as a device driver. as a macro. as an Adware. as a trojan horse. as a virus.

D One of the most common ways that spyware is distributed is as a Trojan horse, bundled with a piece of desirable software that the user downloads off the Web or a peer-to-peer file-trading network. When the user installs the software, the spyware is installed alongside.

Talking about biometric measurement, which of the following measures the percent of invalid users who are incorrectly accepted in? false reject rate failure to enroll rate failure to reject rate false accept rate None of the choices.

D Performance of a biometric measure is usually referred to in terms of the false accept rate (FAR), the false non match or reject rate (FRR), and the failure to enroll rate (FTE or FER). The FAR measures the percent of invalid users who are incorrectly accepted in, while the FRR measures the percent of valid users who are wrongly rejected.

An information systems auditor at Super Systems is testing program change management. How should the sample be selected in this case? [WTCSFHBBYCISA] Select the sample of production code changes and trace back to system-produced logs to ascertain the date-time of the change Select the change management documents based on system criticality and examine for appropriateness Randomly select the change management documents and examine for appropriateness Select the sample of production code changes and trace to appropriate authorizing documentation

D Starting from production code changes and tracing them back to appropriate authorization documentation is the best option. In addition, traceback using system-produced logs to ascertain the date-time of the change is also usefu

Julio, head of information technology architecture with the Palm Trading Company, mandated database administrators to takeup a database efficiency enhancement initiative. There is a proposal on the table to denormalize some frequently accessed reporting data related tables to improve the speed of data retrieval in users' reports. Identify the likely negative impact on system/data out of the denormalization initiative. [AIG] Loss of data confidentiality Compromised data integrity Reporting system malfunctions Increased data redundancy

D Structuring a relational database in accordance with a series of normal forms in order to reduce data redundancy and improve data integrity following Codd rules is called database normalization. Normalization reduces the data redundancy for better utilization of database resources. On the other hand, denormalization is generally performed for functional needs such as making reports faster, which is likely to cause increased data redundancy.

The 'trusted systems' approach has been predominant in the design of: the IBM AS/400 series the SUN Solaris series None of the choices. many earlier Microsoft OS products most OS products in the market

D The 'trusted systems' approach has been predominant in the design of many Microsoft OS products, due to the long-standing Microsoft policy of emphasizing functionality and 'ease of use'.

Information systems audit at Super Systems is conducting a review of IT department practices. Identify the most important statement from the following. [BED] IT department must be actively planning new hardware and software acquisition IT department must have the vision to implement leading-edge technology IT department must follow a low-cost philosophy IT department must have long- and short-range plan

D The IT department should have long- and short-range plans to ensure that they align with the corporate objectives. Low-cost philosophy and implementation of leading-edge technology are dependent on business and corporate objectives. Likewise, the plans to acquire new hardware and software also dependent on business and corporate objectives.

Fair Lending has implemented a business continuity plan (BCP) in place to provide coverage for its business and operations across North America. Andrew, CFO of Fair Lending, requests the information systems audit department to review the BCP arrangements and provide their report. Lorena, the information systems auditor, makes some observations. Identify the most concerning observations from the following. [BCJ] Unavailability of manual procedures in case of physical access system failure Data stored on users' desk computer is not replicated to the BCP site One day delay in reporting product profit and loss to senior management Lack of alternate arrangement cover for the potential network outage

D The impact of a network outage is greatest in all listed scenarios and not having an alternate arrangement may bring entire business and operation to a halt. Other issues are important too but not as critical as the unavailability of the network itself.

Lorena, an information systems auditor with the Town Bank, is conducting a review of network security arrangements. Lorena should obtain which of the following network documentation at first. [BDF] Network ACLs Application lists and their details Users lists and responsibilities Wiring and schematic diagram

D The information systems auditor should request the wiring and schematic diagram of the network. This is a necessary piece of documentation to carry out a network audit. All other documents are important but not as important as the wiring and schematic diagram.

Lorena, an information systems auditor with the Town Bank, is conducting a review of network security arrangements. Lorena should be most concerned with the following if observed. [BAJ] The network administrator is responsible for voice networks The network administrator performs planning, implementation, and maintenance of network infrastructure The network administrator maintains local area network (LAN) and assists end-users Network administrator tracks problems resulting from network changes

D The network administrator is usually responsible for planning, implementing and maintaining the telecommunications infrastructure. Additionally, the administrator may also be responsible for voice networks, a local area network (LAN) and assist end-users. However, tracking problems arising from network changes may not rightly fit into the administrator's job role.

Which of the following can be thought of as the simplest and almost cheapest type of firewall? stateful firewall hardware firewall None of the choices. packet filter PIX firewall

D The simplest and almost cheapest type of firewall is a packet filter that stops messages with inappropriate network addresses. It usually consists of a screening router and a set of rules that accept or reject a message based on information in the message header.

What should be done to determine the appropriate level of audit coverage for an organization's IT environment? define an effective system upgrade methodology. determine the company's quarterly budget requirement. calculate the company's yearly budget requirement. define an effective network implementation methodology. define an effective assessment methodology.

D To determine the appropriate level of audit coverage for the organization's IT environment, you must define an effective assessment methodology and provide objective information to prioritize the allocation of audit resources properly.

Which of the following refers to any authentication protocol that requires two independent ways to establish identity and privileges? Strong-factor authentication Two-passphrases authentication Dual-keys authentication Two-factor authentication Dual-password authentication

D Two-factor authentication (T-FA) refers to any authentication protocol that requires two independent ways to establish identity and privileges. Common implementations of two-factor authentication use 'something you know' as one of the two factors, and use either 'something you have' or 'something you are' as the other factor. In fact, using more than one factor is also called strong authentication. On the other hand, using just one factor is considered by some weak authentication.

To install backdoors, hackers generally prefer to use: None of the choices. either Trojan horse or eavedropper. either eavedropper or computer worm. either Trojan horse or computer worm. either Tripwire or computer virus.

D support for customers. Hackers typically use backdoors to secure remote access to a computer, while attempting to remain hidden from casual inspection. To install backdoors, hackers prefer to use either Trojan horse or computer worm.

Which of the following refers to the proving of mathematical theorems by a computer program? Automated technology proving Automated theorem processing None of the choices. Analytical theorem proving Automated theorem proving

E Automated theorem proving (ATP) is the proving of mathematical theorems by a computer program. Depending on the underlying logic, the problem of deciding the validity of a theorem varies from trivial to impossible. Commercial use of automated theorem proving is mostly concentrated in integrated circuit design and verification.

Talking about biometric authentication, which of the following is often considered as a mix of both physical and behavioral characteristics? Signature Finger measurement None of the choices. Body measurement Voice

E Biometric authentication refers to technologies that measure and analyze human physical and behavioral characteristics for authentication purposes. Physical characteristics include fingerprints, eye retinas and irises, facial patterns and hand measurements, while behavioral characteristics include signature, gait and typing patterns. Voice is often considered as a mix of both physical and behavioral characteristics.

Online banking transactions are being posted to the database when processing suddenly comes to a halt. The integrity of the transaction processing is BEST ensured by: validation checks. input controls. database integrity checks. database commits and rollbacks.

E Database commits ensure the data are saved to disk, while the transaction processing is underway or complete. Rollback ensures that the already completed processing is reversed back, and the data already processed are not saved to the disk in the event of the failure of the completion of the transaction processing. All other options do not ensure integrity while processing is underway.

Attack amplifier is often being HEAVILY relied upon on by which of the following types of attack? ToS Wiretapping ATP Packet dropping DDoS

E Distributed denial of service (DDoS) attacks are common, where a large number of compromised hosts are used to flood a target system with network requests. One technique to exhaust victim resources is though the use of an attack amplifier - where the attacker takes advantage of poorly designed protocols on 3rd party machines in order to instruct these hosts to launch the flood.

Relatively speaking, firewalls operated at the application level of the sevenlayer OSI model are: almost always less costly to setup. almost always less secure. None of the choices. almost always less effective. almost always less efficient.

E Early attempts at producing firewalls operated at the application level of the seven-layer OSI model but this required too much CPU processing power. Packet filters operate at the network layer and function more efficiently because they only look at the header part of a packet.

For application acquisitions with significant impacts, participation of your IS audit team should be encouraged: None of the choices. at the budget preparation stage. at the final approval stage. at the testing stage. early in the due diligence stage.

E For acquisitions with significant IT impacts, participation of IS audit is often necessary early in the due diligence stage as defined in the audit policy.

Cisco IOS based routers perform basic traffic filtering via which of the following mechanisms? stateful inspection datagram scanning state checking link progressing access lists

E In addition to deploying stateful firewall, you may setup basic traffic filtering on a more sophisticated router. As an example, on a Cisco IOS based router you may use ip access lists (ACL) to perform basic filtering on the network edge. Note that if they have denied too much traffic, something is obviously being too restrictive and you may want to reconfigure them.

Network ILD&P are typically installed: on each end user stations. None of the choices. on the organization's internal network connection. on the firewall. on the organization's internet network connection.

E Information Leakage Detection and Prevention (ILD&P) is a computer security term referring to systems designed to detect and prevent the unauthorized transmission of information from the computer systems of an organization to outsiders. Network ILD&P are gateway-based systems installed on the organization's internet network connection and analyze network traffic to search for unauthorized information transmissions. Host Based ILD&P systems run on end-user workstations to monitor and control access to physical devices and access information before it has been encrypted.

Which of the following are designed to detect network attacks in progress and assist in post-attack forensics? Audit trails Tripwire None of the choices. System logs Intrusion Detection Systems

E Intrusion Detection Systems are designed to detect network attacks in progress and assist in post- attack forensics, while audit trails and logs serve a similar function for individual systems.

Which of the following types of attack involves a program that creates an infinite loop, makes lots of copies of itself, and continues to open lots of files? Distributed DoS attacks Remote DoS attacks None of the choices. Local Virus attacks Local DoS attacks

E Local DoS attacks can be a program that creates an infinite loop, makes lots of copies of itself, and continues to open lots of files. The best defense is to find this program and kill it.

Which of the following procedures would BEST determine whether adequate recovery/restart procedures exist? Reviewing program documentation Reviewing program code Turning off the UPS, then the power Reviewing operations documentation

E Operations documentation should contain recovery/restart procedures, so operations can return to normal processing in a timely manner. Turning off the uninterruptible power supply (UPS) and then turning off the power might create a situation for recovery and restart, but the negative effect on operations would prove this method to be undesirable. The review of program code and documentation generally does not provide evidence regarding recovery/restart procedures.

Properly planned risk-based audit programs are often capable of offering which of the following benefits? audit transparency and effectiveness. audit efficiency only. audit transparency only. audit effectiveness only. audit efficiency and effectiveness.

A comprehensive IS audit policy should include guidelines detailing what involvement the internal audit team should have? in the development and coding of major OS applications. in the acquisition and maintenance of major WEB applications. in the human resource management cycle of the application development project. None of the choices. in the development, acquisition, conversion, and testing of major applications.

E The audit policy should include guidelines detailing what involvement internal audit will have in the development, acquisition, conversion, and testing of major applications. Such a policy must be approved by top management for it to be effective.

Which of the following should be seen as one of the most significant factors considered when determining the frequency of IS audits within your organization? The cost of risk analysis The income generated by the business function Resource allocation strategy None of the choices. The nature and level of risk

E You use a risk assessment process to describe and analyze the potential audit risks inherent in a given line of business. You should update such risk assessment at least annually to reflect changes. The level and nature of risk should be the most significant factors to be considered when determining the frequency of audits.

What would be the major purpose of rootkit? to encrypt files for system administrators. to corrupt files for system administrators. to hijack system sessions. None of the choices. to hide evidence from system administrators.

E rootkit originally describes those recompiled Unix tools that would hide any trace of the intruder. You can say that the only purpose of rootkit is to hide evidence from system administrators so there is no way to detect malicious special privilege access attempts.

Super Systems has implemented a virtual private network (VPN) solution on laptops issued to its employees for them to be able to access organization email and other systems remotely over an internet-based secured channel to ensure data integrity and confidentiality. Identify the technique employed by the VPN to deliver a secured channel. [BAD] Digital signatures Transport Layer Security (TLS) Secure Sockets Layer (SSL) Tunneling

E, Tunneling is a method by which one network protocol encapsulates another protocol within itself. VPNs secure data in transit by encapsulating traffic. Other options are not relevant to VPN solutions.

Machines that operate as a closed system can NEVER be eavesdropped. TRUE FALSE

F Any data that is transmitted over a network is at some risk of being eavesdropped, or even modified by a malicious person. Even machines that operate as a closed system can be eavesdropped upon via monitoring the faint electromagnetic transmissions generated by the hardware such as TEMPEST.

Broadly speaking, a Trojan horse is any program that invites the user to run it, but conceals a harmful or malicious payload. The payload may take effect immediately and can lead to immediate yet undesirable effects, or more commonly it may install further harmful software into the user's system to serve the creator's longer-term goals. A Trojan horse's payload would almost always take damaging effect immediately. TRUE FALSE

F Broadly speaking, a Trojan horse is any program that invites the user to run it, but conceals a harmful or malicious payload. The payload may take effect immediately and can lead to immediate yet undesirable effects, or more commonly it may install further harmful software into the user's system to serve the creator's longer-term goals.

Security should ALWAYS be an all or nothing issue. TRUE True for trusted systems only FALSE True for untrusted systems only None of the choices.

F Security should not be an all or nothing issue. The designers and operators of systems should assume that security breaches are inevitable in the long term. Full audit trails should be kept of system activity, so that when a security breach occurs, the mechanism and extent of the breach can be determined.

ALL computer programming languages are vulnerable to command injection attack. TRUE FALSE

F The majority of software vulnerabilities result from a few known kinds of coding defects. Common software defects include buffer overflows, format string vulnerabilities, integer overflow, and code/command injection. Some common languages such as C and C++ are vulnerable to all of these defects. Languages such as Java are immune to some of these defects but are still prone to code/ command injection and other software defects which lead to software vulnerabilities.

A trojan horse simply cannot operate autonomously. FALSE TRUE

T As a common type of Trojan horses, a legitimate software might have been corrupted with malicious code which runs when the program is used. The key is that the user has to invoke the program in order to trigger the malicious code. In other words, a trojan horse simply cannot operate autonomously. You would also want to know that most but not all trojan horse payloads are harmful - a few of them are harmless.

Nowadays, computer security comprises mainly "preventive"" measures." True only for trusted networks FALSE True only for untrusted networks TRUE None of the choices.

TRUE "Nowadays, computer security comprises mainly ""preventive"" measures, like firewalls or an Exit Procedure. A firewall can be defined as a way of filtering network data between a host or a network and another network and is normally implemented as software running on the machine or as physical integrated hardware."

Identify the basic networking management tasks from the following. (Select Two) [AHE] Accounting resources Topological mappings Application of monitoring tools Configuration management

A , D Configuration Management is for letting users know, define and change, remotely, the configuration of any device. Accounting Resources is about the records of the resource usage in the WAN (who uses what). The other basic networking management tasks, according to ISO/IEC 10040, are Fault Management, Performance Management, and Security Management.

Lorena, an information systems auditor with the Town Bank, is reviewing backup processing facility arrangements. Lorena should be most concerned with the following if observed. (Select Two) [BAB] Offsite storage covers master files only Fire insurance is valid for the next 3 months Backup processing facility tested annually only Offsite storage covers transaction files only

A , C In a catastrophic event, restoration using backups from offsite storage will be necessary. Such a restoration will only be successful if both master and transaction files are included in the offsite storage.

Lorena, an information systems auditor with the Town Bank, conducted a review of the bank's network usage. The review discovers that traffic on one communication line, that synchronously links the database between the primary and secondary data centres, peaks at 90 percent of the line capacity. This finding should lead Lorena to conclude the following Further detailed study is required to identify a potential service disrupting weakness IT management must immediately act to reduce the traffic demands or equally distribute the workload across the service hours No further action is necessary as the network capacity is adequate IT management must immediately augment the network capacity to lower the saturation levels

A A further detailed study is required to ascertain the root cause of a sudden spike in network usage and to identify if there a pattern that may potentially lead to a service disrupting incident in the future. A decision on the need for network augmentation or workload distribution can only be taken once the root cause and the potential impact is well understood.

Frank, an information security analyst at Micro Lending Inc, has been tasked to handle a windows web server compromise incident. Identify from following the first task for Frank to perform Isolate the compromised server from the network Restart the compromised server in a fail-safe mode Take a dump of server memory and volatile storage data to a disk Power down the compromised server

A As part of incident handling procedures, isolation of the compromised server from the network is the immediate first step to contain the damage.

Identify the true statement from below to correctly define Governance and Management as per COBIT's view. (Select Two) [WTCSFHAVXCISA] Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body Governance ensures that stakeholder needs, conditions, and options are evaluated to determine balanced, agreed-on enterprise objectives Governance plans, builds, runs and monitors activities in alignment with the direction set by the governance body Management ensures that stakeholder needs, conditions, and options are evaluated to determine balanced, agreed-on enterprise objectives

A B COBIT's view on this key distinction between governance and management is: • Governance: Ensures that stakeholder needs, conditions, and options are evaluated to determine balanced, agreed-on enterprise objectives; direction is set through prioritization and decision-making; and performance and compliance are monitored against agreed-on direction and objectives • Management: Plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives

Lorena, an information systems auditor with the Town Bank, is conducting a review of a business application. She requested a data flow diagram (DFD) from the auditee. How does a DFD assist Lorena in her work? Establish a summary graphical view of data paths and storage Establish a step-by-step data generation flow Establish a hierarchical data model Establish high-level data definitions

A Data flow diagrams (DFD) provide a view of data flow between upstream and downstream systems. The DFD also provides an understanding of where the data gets stored. Using this information a useful summary of data flow paths and storage can be established that helps to provide an easy to understand the succinct view of systems being audited.

Jim, an information security architect with the Cocoa Exports Company, is tasked to suggest protection for the wireless networks. Identify the best option from the following. Disable Dynamic Host Configuration Protocol (DHCP) at all wireless access points Enable Dynamic Host Configuration Protocol (DHCP) at selected wireless access points Enable Dynamic Host Configuration Protocol (DHCP) at all wireless access points Remove all wireless access points from the organization network

A Dynamic Host Configuration Protocol (DHCP) is used for assigning IP addresses, subnet mask and other parameters for networked computers and devices. This process, however, can be exploited by a malicious actor to understand the internal IP ranges of the organization. Disabling DHCP is the best option since the connecting computers and devices will be having a static IP and be less risky as compared to the dynamic allocation. Enabling DHCP at all wireless access points is the complete opposite of the best option. Selective enable/disable still has the risk. Completely removing wireless access points is not a feasible solution since it affects functionality.

Identify the most important action from the below for an employee who is terminated from service recently. [AFB] Removal of the organization's data from employee-owned devices Send internal communication to notify other employees Complete a backup of the employee's local files and emails Complete handover of employee's work files to another colleague

A For the prevention of data leakage and the misuse, an organization's data must be removed immediately from employee-owned devices upon termination. While other options are important as well, however, they can be conducted in the order of priority.

Frank, an information security analyst at Micro Lending Inc, has been tasked to classify enterprise information assets. Identify from following the primary control objective for this classification. Establish information assets access controls guidelines Ensure all information assets have the same level of rigorous access controls Input to a risk assessment performed by the management and auditors Determine information assets be insured

A Information asset classification helps to establish information assets access controls guidelines in the firm. Information assets need to have access control based on the sensitivity and criticality of systems and data in order to meet business objectives and regulatory requirements.

James, an information security architect with the Town Bank, is tasked to suggest protection against identity theft in the online banking application. Identify the best option from the following. [AFG] Implement multi-factor authentication (MFA) for customers Periodic review of customer access logs One-way hashing of customer passwords Allowing customer access only from pre-identified devices

A Multi-factor authentication (MFA) is an authentication method in which a user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows) e.g. a PIN or a password, possession (something the user and only the user has) e.g. token, and inherence (something the user and only the user is) e.g. biometric. The remaining options do not provide robust and effective protection against identity theft or may be impractical to implement.

Palm Trading Company has seen a gradual increase in phishing and spear-phishing attacks on its corporate network recently. Identify the best control from the following to address this threat. Strong authentication A web application firewall (WAF) An intrusion detection system (IDS) User education

A Phishing and spear-phishing attacks can be mounted in various innovative ways, and user education may work as the best defense against such attacks. Organizations conduct test drills to simulate phishing attacks to see organization preparedness to deal with these on a regular basis. Other controls do not provide sufficient defense against phishing attacks. Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user's computer.

Fair Lending is developing a resumption procedure in a cyberattack scenario. Identify the most critical action from the following in such a scenario. Quickly resume business by invoking business continuity plan Form an incident response team to deal with experts from Business, IT and Legal departments Perform loss and impact analysis and submit the insurance claim Engage external cyber forensic investigators company to gain a full understanding of the impact

A Quickly resumption of business operations is of utmost importance. The business continuity plan must include the procedure to be executed to cover cyberattack scenario. While other actions are important, they need to be conducted in the order of their criticality.

Identify control from following to help address a referential integrity issue a relational database management system Key constraints Database backup Real application cluster Domain constraints

A Referential integrity issues result in orphan records in child tables also known as dangling tuples. These are records in the referencing relation that do not have "counterparts" in the referenced relation i.e. parent table. Referential integrity issues can be addressed by establishing foreign key constraints. A key constraint limits the values that an attribute or a set of attributes can take. A foreign key constraint ensures that all child records do have a valid parent record. Domain constraints operate at the database schema level and do not help in referential integrity issues. Clustering and backups are important - however, not useful in this situation.

Lisa, an information systems auditor at a non-profit charitable organization, is reviewing organizational preparedness to effectively fight against social engineering attempts. Identify the right protection from following for Lisa to recommend as the most effective measure against such attacks. Security Awareness Training Social Media Monitoring Policy Intrusion Detection Systems (IDS) Anti-SPAM Digital Controls

A Security Awareness Training is the best defense against social engineering attempts. Social engineering thrives on weakness in human behavior and exploits the weaknesses. Other controls provide limited defense against such attack attempts but may not be comprehensive. Amongst the available options, security education and awareness provide the best coverage against attacks.

Identify from following an important parameter for determining an adequate disaster recovery strategy. Service delivery objective Software development methodology Funding availability Management awareness

A Service delivery objective (SDO) means the level of services to be reached during the alternate process mode until the normal situation is restored. This is directly related to business needs.

The sender A sends a message to the receiver B. The message hash and the message itself is encrypted by A's private key. Identify from the following the purpose of this encryption arrangement. Authenticity and Integrity Authenticity and Privacy Integrity and Privacy Privacy and Nonrepudiation

A Since the message can be decrypted by the sender's public key. this method won't ensure the privacy of the message. However, this encryption arrangement is helpful in ensuring the authenticity of the sender and the message integrity.

The firm's in-house financial management application data is migrated to a new vendor supported off-the-shelf industry renown financial management product. Which of the following stakeholders should be primarily responsible for reviewing and signing-off on the accuracy and completeness of the data before going live? Data Owner Firm's Migration Project Manager Internal Audit Department Vendor's Implementation Manager

A The "data owner", usually from the business leadership, is the rightful owner of the underlying business data - therefore is responsible for making sure the data accuracy and completeness

Audit documentation provides the support for the representations in the auditor's report includes: 1. Demonstrate that the engagement complied with the standards. 2. Support the basis for the auditor's conclusions. Identify the non-mandatory information from the following to be included in the audit documentation. [WTCSFHBFXCISA] Last five years result of control self-assessments Audit steps performed and audit evidence gathered Audit findings, conclusions, and recommendations Planning and preparation of the audit scope and objectives

A The audit documentation may not include the results of CSAs performed in the last fine years unless absolutely necessary. Remaining are mandatory inclusion in the audit documentation.

Bily is an information systems auditor at Easy Micropayments. The organization has been recently downsized. In addition, an organizational restacking exercise has also taken place. Identify Bily's primary focus in a logical access controls review initiated soon after this event The auditor is concerned about all system access is authorized and appropriate for an individual's role and responsibilities considering the leavers/movers in the organization The auditor wants to ensure that the management has authorized appropriate access for all newly-hired individuals The auditor wants to ensure that the existing process of access authorization forms, that is used to grant or modify access to individuals, remains operational The auditor wants to ensure that only the system administrators have the authority to grant or modify access to individuals

A The auditor's primary focus will be test logical access control to ensure that access for all leavers have been revoked and those who have changed is concerned about all system access is authorized and appropriate for an individual's role and responsibilities considering the leavers/movers in the organization would have increased significantly due to the downsizing and restacking exercises.

The IT team of SmallBank Inc has taken necessary corrective action following an indication of a reportable finding. The information systems auditor should: include the finding in the final report with closed status, because the auditor is responsible for an accurate report of all findings not include the finding in the report because the audit report should only include unresolved findings not include the finding in the report because the corrective action can be verified by the auditor during the audit include the finding as a discussion point for the closure meeting

A The closed findings will be reported in the final report to reflect the accurate status of the audit work. This finding will, however, be reflecting the closed status.

Identify the valid predetermined criteria for the business continuity plan (BCP) activation from the following. duration of the outage type of outage cause of the outage probability of the outage

A The duration of the outage is the valid predetermined criteria for the business continuity plan (BCP) activation. Type, cause, and the probability of the outage are usually factored in the development of the BCP - but may not be relevant to activation.

Identify the correct feature of a digital signature from below that confirms the authorizer of a transaction or sender of a message unrefutable Nonrepudiation Confidentiality Encryption Authorization Integrity Authentication

A The feature that ensures undeniability is called nonrepudiation. Digital signatures are used to sign the transactions to confirm the authorization which cannot be denied later.

Manuel, CFO at Evergreen Bank, has requested reviewing and updating business continuity plans (BCP) as needed. As part of this exercise business impact analysis (BIA) is also being reviewed and re-validated. Identify from following the primary purpose of BIA in business continuity planning. Identify business and operational continuity impacting events Ensuring adequate coverage to diverse operations resumption requirements Senior management emphasis on physical and logical security Emphasize information security and data privacy requirements

A, Business impact analysis (BIA) is a key step in the business continuity strategy development and implementation of countermeasures, known as the business continuity plan (BCP) altogether. BIA identifies business and operational continuity impacting events that are then used in the development of an effective business continuity plan

Andrew, CFO of Fair Lending, is working on a business expansion plan to have a street presence across North America. Andrew wants to ensure the disaster recovery plan is comprehensive and provides adequate coverage in a potential business interrupting scenario. The other consideration for Andrew is to have an adequate and cost-effective evaluation method. Identify suitable evaluation methods from the following Preparedness Test Full Operational Test Desk-based Evaluation Annual Tape Backup Recovery

A. A preparedness test is a localized version of a full operational test, wherein actual resources are expended in the simulation of a system crash. This test is performed regularly on different aspects of the disaster recovery plan and can be a cost-effective way to gradually obtain evidence about how good the plan is whereas a full operational test is one step away from an actual service disruption and may not be cost-effective. The desk-based evaluation also called a paper test, may not be sufficient to test all necessary aspects of a disaster recovery plan.

Quick Micropayments has recently commissioned a critical online customer platform. The CIO requested the information systems audit department to conduct an independent review of the system. Identify the priority for the auditor to plan and initiate an audit. Review the audit charter and plan the audit Review the impact of the implementation of the new system on the IT operations Review prior audit reports on the system and plan the audit Review the HR reports on employee turnover to identify any impact on the system

A. The auditor should review the audit charter and plan the audit accordingly. Since this is a newly implemented system, prior audit reports are not available. A review of employee turnover and the impact on the IT operational environment is of limited value at this stage.

Palm Trading Company uses Cocoa Payroll Services to process its employee timesheets and manage monthly payouts. Identify the most effective and efficient way for Cocoa Payroll Services to ensure the accuracy of services being rendered. [AFE] Randomly selected sample payouts be compared to payout reports Payout reports to be compared to employee timesheets Sum of all payouts be recalculated outside the computer system Randomly selected sample payouts to be compared to employee timesheets

B The most effective and efficient way to verify the accuracy of the processing is by comparing the input data (reports) with output data (reports). Therefore, in this case, the comparison of payout reports with employee timesheets is the best option. The remaining options are either not effective or not efficient.

Identify the correct answer from the following to be included in an organization's information systems security policy? Relevant software security features Criteria for access authorization Inventory of key IT resources to be secured Identity of sensitive security features

B The security policy provides the broad framework of security including a definition of those authorized to grant access and the basis for granting the access. Other choices are more detailed and are likely candidates for inclusion in standards/procedures.

Super Systems has made an integrated development environment (IDE) available to its IT department. Identify the strength of the IDE from the following. [BAE] Increases program and processing integrity Expands the programming resources and aids available Controls the proliferation of multiple versions of programs Prevents valid changes from being overwritten by others

B The strength of an IDE is that it expands the programming resources and aids available.

Technology auditors perform a functional walk-through during the preliminary phase of an audit assignment. Identify the primary reason: Comply with audit methodology and standards Identify potential control weaknesses Plan substantive testing Develop and validate the business process understanding

D Auditors need to understand the business process and/or validate their understanding by performing a walk-through at the early stage of an audit assignment.

An information systems auditor is testing developers access to a Loan System in Super Finance Inc. The auditor selected a sample of current employees from the list provided by the auditee. In such a situation, which of the following evidence is most reliable to support the audit testing. Human Resources records signed by people managers Spreadsheet list provided by the database administrator System-generated list of accounts with access levels Desktop review performed with the system administrator

C A system-generated list of accounts with access levels is most reliable to support the audit testing in the described scenario.

Merlin, head of information systems audit at Cocoa Payroll Services, was invited to a development project meeting. During the meeting, Merlin noted that no project risks were documented and raised this issue with the head of IT. The IT project manager opined that it was too early to identify risks and that they intend to hire a risk manager if risks do start impacting the project. Identify the likely response from Merlin from the following. Express the willingness to work with the risk manager when one is appointed Emphasize the importance of identifying and documenting risks, and to develop contingency plans Since the project manager is accountable for the outcome of the project, it is reasonable to accept his position Inform the project manager of intent to conduct a review of the risks at the completion of the requirements definition phase of the project

B An experienced project manager must be able to identify the majority of key project risks at the beginning of the project, and plan to deal with them when they do materialize

Johnson, Head of the Audit Department at Guava Trading Company, intends to implement a suitable tool/mechanism to store, correlate and aggregate logs and events. The tool/mechanism be able to provide regular reports to auditors to assist in their work. Identify the best tool/mechanism from the following to achieve Lisa's objectives. An extract, transform, load (ETL) system A security information event management (SIEM) product An industry-standard big data warehouse A log management tool

D Lisa is most likely to choose a log management tool to achieve her objectives of log processing and reporting. All other options, while having similar sounding capabilities, may not be the best fit for the given purpose.

Jim, an information security architect with the Cocoa Exports Company, is overseeing the implementation of an intrusion detection system (IDS) in the organization. Identify the most important aspect of IDS implementation from the following. The resilience of the IDS system Placement within the enterprise network Adequate threat intelligence Protection against DDoS attacks

B An intrusion detection system (IDS) secures networks and complements firewalls by monitoring network usage anomalies on routers and firewalls. Placement of the intrusion detection systems (IDS) within the enterprise network is most crucial amongst the available options. Improper placement of an IDS may not provide sufficient coverage of key network parts thus becoming less effective.

Quick Microsystems has implemented an online payment system whereby customers can initiate payment transactions in the system. The newly implemented system is expected to generate a large volume of transactions on a daily basis. Quick Microsystem has implemented a backup scheme for all systems prior to the implementation of the new system. Identify an important consideration from the following in providing backup for the newly implemented system. [AHC] Ensuring grandfather-father-son file backups Ensuring periodic dumps of transaction logs Maintaining system software parameters Maintaining important data at an offsite location

B As the newly implemented online payment system is expected to generate a large set of volumes on a daily basis, it is important to consider periodic dumps of transaction logs. Periodic dumps of transaction logs are a safe, efficient and effective way of preserving timely historical data.

The primary control objective of classifying information assets is to assist management and auditors in risk assessment establish guidelines for the level of access controls to be assigned ensure access controls are assigned to all information assets identification of assets for insurance against losses

B In order to establish guidelines for the level of access controls to be assigned, information assets must be classified.

Julio, head of information technology architecture with the Palm Trading Company, is tasked to implement radio frequency identification (RFID) tags to create unique serial numbers for it's palm plantations. Identify the primary concern with the implementation from the following. [AGC] RFID technology is obsolete RFID are prone to data integrity issues RFID are prone to data confidentiality issues Wavelength can be absorbed by the human body

C Radio frequency identification (RFID) uses radio waves to identify tagged objects within a limited radius - however, this technology is suceptible to unauthorized reads leading to data confidentiality concerns. Additional, mitigating controls will be advisable to provide protection against this inherent weakness in the underlying technology.

Quick Microsystems has initiated a postincident review following the resolution of a service outage that it suffered recently. Identify the main objective of such a review from the following Improve employee awareness of the incident response process Improve internal control procedures Identify network hardening opportunities to industry best practices Identify network and application hardening opportunities to industry best practices

B Incidents occur due to inadequately identified and addressed vulnerabilities. A postincident review phase helps to determine the vulnerabilities not addressed and the root cause of the same. This works as an input for improvement to the policies, procedures and internal controls. Identification of network and application hardening opportunities is valid but may not be the primary objective of the postincident review process. Lessons from the postincident review process may be used for improving employee awareness later on.

Lorena, an information systems auditor with the Town Bank, is planning for an audit. Lorena requests an organizational chart from the auditee. Identify the main purpose of the auditor's request. Understand the business workflows Understand the roles, responsibilities, and authority of key individuals Understand the available communication channels Understand the organizational networked systems

B Information systems auditors would usually request an organizational chart during the audit planning process to develop an understanding of roles, responsibilities, and authority of key people in the auditee organization. The auditor may also develop an understanding of the segregation of duties controls at this stage and will identify the potential control objectives for the audit.

Identify the best way for an information systems auditor to determine the effectiveness of a security awareness and training program. Interview the system administrator Conduct interviews on a sample of employees Review the security reminders sent to the employees Review the security training program

B Interviewing a carefully selected set of employees may provide good view of effectiveness of security awareness and training program. The interviews need to be conducted in an adequate manner so as to obtain unbiased and untempered views.

Identify from the following the best technique to assist in project duration estimation. Component-based development Program evaluation and review technique (PERT) chart Artificial intelligence (AI) Software cost estimation

B Program Evaluation and Review Technique (PERT) is a project management technique used in the planning and control of system projects. A PERT chart helps in identifying the duration of the project once all the activities and the work involved are known.

Manuel, CFO at Evergreen Bank, has requested reviewing and updating business continuity plans (BCP) that also require gaining/re-validating the understanding of organizational business processes. Identify from following the tools for doing so. Structured walk-through Risk assessment Full interruption test Business process re-engineering

B Risk assessment, together with the business impact analysis (BIA), is used to gain an understanding of organizational business processes in order to develop an adequate business continuity plan (BCP). Structured walk-through and full interruption tests are methods to test the effectiveness of a BCP. Business process re-engineering (BPR) is about changing existing business processes to suit the changing business needs and the environment.

Lawrence, an information security architect with the Quick Micropayments, is tasked to identify a suitable biometric system that has a very high-security requirement. Identify a useful performance indicator from the following to help in this case. Equal Error Rate (EER) False Acceptance Rate (FAR) False Identification Rate (FIR) False Rejection Rate (FRR)

B Since the biometric system has a very high-security requirement, protection against false acceptance is paramount. The performance indicator of FAR is useful in measuring the false acceptance rate.

Who among the following is "ultimately responsible" for the development of an adequate information security policy in the organization: [BDD] 3rd Line of Defense (Group Head of Internal Audit) Board of Directors 2nd Line of Defense (Group Chief Risk Officer) 1st Line of Defense (Group Chief Information Officer)

B The Board of Directors is ultimately responsible for the development of an adequate information security policy in the organization as they are accountable to regulators and statutory authorities. Usually, the board then delegates the responsibility to develop and implement to 2nd line of defense and 1st line of defense teams respectively, with 3rd line of defense providing an independent view of the adequacy and sufficiency of such a policy. However, the delegation does not take the responsibility away from the board.

Identify the two characteristics of an integrated audit from the following. (Select Two) [WTCSFHBEYCISA] Business unit heads must develop an understanding of audit methodology to perform control testing Business auditors must develop an understanding of IT control structures Business unit heads must approve the finalized audit report Information systems auditors must develop an understanding of the business control structures

B , D The integrated audit requires business and information systems auditors to work in a joint team to deliver on common objectives. This requires them to develop a cross-understanding of business and IT control structures.

James, an information security architect with the Town Bank, is tasked to implement an antivirus software strategy in a large corporate network comprising of various sub-networks. Identify the best option from the following. [AFH] Workstation Antivirus Virus Walls Server-side Antivirus Virus Signature Updates

B A Virus Wall, a program used to block the transmission of files "infected" by a Virus, can prove handy in an interconnected network by scanning incoming traffic to detect and remove viruses before they enter the protected network. A Virus Wall is usually implemented as a WWW Proxy or Mail Relay, and may be considered to be a part of a Firewall. Implementation of server-side or workstation antivirus software may co-exist with the implementation of a Virus Wall strategy. Likewise, Virus signature updates are necessary for all of these.

Biometrics is a security technique used in modern systems and implementations to verify identity by analyzing a unique physical attribute of an individual such as a handprint. Identify a valid example of a biometric replay attack from the following. Use in multi-factor authentication (MFA) to authorize access Using a copy of the impression left on the thumbprint scanner Use of stolen biometric information to launch a brute force Use of shoulder surfing to gain unauthorized access

B A biometric replay attack is carried out using residual biometric information such as a thumb impression on a biometric scanner. Other options are incorrect.

Merlin, head of information systems audit at Cocoa Payroll Services, wants to implement an adequate control over unauthorized use of data files collected during an audit as pieces of evidence. Identify the most effective method of meeting the objective from the following. Automated access trails Access control software Appoint data custodian within the audit department Permanently revoke library access upon audit completion

B Access control software provides effective and efficient protection against the threat. It is an active control designed to prevent unauthorized access to data. The automated access trail is a detective control. Appointing data custodian is a manual process and may not be the most efficient. Permanently revoking library access may affect functionality.

Identify from the following an invalid software testing method. Alpha testing Gama testing Black-box testing Pilot testing Beta testing White-box testing

B All but gama testing are valid software testing methods. Alpha testing is the first end-to-end testing of a product to ensure it meets the business requirements and functions correctly. It is typically performed by internal employees and conducted in a lab/stage environment. An alpha test ensures the product really works and does everything it's supposed to do. Beta testing is a type of user acceptance testing where the product team gives a nearly finished product to a group of target users to evaluate product performance in the real world. There is no standard for what a beta test should look like and how to set up beta testing. Black box testing is the Software testing method which is used to test the software without knowing the internal structure of code or program. White box testing is the software testing method in which internal structure is being known to tester who is going to test the software.

Super Systems wants to prevent leakage of confidential and restricted information from laptops issued to its employees. Identify the best method to do so from the following. [BAI] Enable the hardware-based boot password Full hard disk encryption using the owner's public key Implement two-factor login authentication Implement a strong biometric authentication control

B All of these controls are useful, however, only encryption with public key prevents the data leakage. Since the encryption is performed using the owner's public key, the decryption can only be carried out using the owner's private key which is not shared with anyone.

James, an information security architect with the Town Bank, is tasked to implement protection against hacking for connecting a critical desktop-based system to the Internet. Identify the best option from the following. [AGA] A remote access server (RAS) An application-level firewall A bastion host A proxy serve

B An application gateway or application-level gateway is a firewall proxy that provides network security is the best way to protect against hacking because it can define with allow/deny rules for users and connections. It filters incoming node traffic to certain specifications which means that only transmitted network application data is filtered including OSI layers 5, 6 and 7 i.e. protocols such as HTTP, FTP, SNMP, etc.

Identify from the following that is not one of five key steps of incident response Containment and Neutralization Education and Awareness Detection and Reporting Post-incident Activity Triage and Analysis Preparation

B The five key steps of incident response are (1) Preparation, (2) Detection and Reporting, (3) Triage and Analysis, (4) Containment and Neutralization, and (5) Post-incident Activity.

Identify the most critical element from the following for the successful implementation and ongoing regular maintenance of an information security policy. [BAC] A.Management support and approval for the information security policy B. Understanding of the information security policy by all appropriate parties C. Punitive actions for any violation of information security rules D. Stringent access control monitoring of information security rules

B. An information security policy comprises of processes, procedures, and rules in an organization. The most important aspect of a successful implementation of an information security policy is the assimilation by all appropriate parties such as employees, service providers, and business partners. Punitive actions for any violations are related to the education and awareness of the policy.

IT risk management process comprises of following 5 steps listed in no particular sequence. (b) Asset Identification (e) Evaluation of Threats and Vulnerabilities to Assets (a) Evaluation of the Impact (c) Calculation of Risk (d) Evaluation of and Response to Risk Identify the correct sequence from the following b, a, e, c, d b, e, a, c, d b, e, a, d, c a, b, c, d, e

B. IT risk management process comprises of following 5 steps: Step 1: Asset Identification Step 2: Evaluation of Threats and Vulnerabilities to Assets Step 3: Evaluation of the Impact Step 4: Calculation of Risk Step 5: Evaluation of and Response to Risk

Fair Lending has implemented a disaster recovery plan. Andrew, CFO of Fair Lending, wants to ensure that the implemented plan is adequate. Identify the immediate next step from the following. Initiate the Full Operational Test Initiate the Desk-based Evaluation Initiate the Preparedness Test Socialize with the Senior Management and Obtain Sponsorship

B. The immediate next step to evaluate the adequacy of a disaster recovery plan once it has been implemented is to conduct a desk-based evaluation which is also known as a paper test. The paper test involves walking through the plan and discussion on what might happen in a particular type of service disruption with the major stakeholders. As per the best practice, the paper test precedes the preparedness test.

Identify from following options that a malicious actor could primarily achieve by password sniffing carried out via the Internet. Password sniffers can comprise the transaction integrity Password sniffers can masquerade the identity of the malicious attacker Sniffed passwords can be successfully exploited to gain unauthorized access Sniffed passwords can be successfully exploited to impact transaction initiation system availability

C A sniffed password could "first" be used to gain unauthorized access to systems and data. Once the access is established, further malicious actions to affect confidentiality, integrity or availability of system/data can be carried out. Using a sniffed password, the malicious attacker could also log in as another user and also clean the audit trail to hide its identity.

Dave, CFO at Herman Foundry, expresses his concern over the risky nature of the implementation approach proposed by the IT Head to replace a legacy system with the new system. Identify an implementation/conversion approach from following that carries the greatest risk Parallel Run Phased Approach Direct Cutover Pilot Run

C Direct cutover, also known as the big bang approach, implies shorter time-window but carries the greatest risk. It means shutting down the legacy system and going live with the new system immediately. Shutting down the legacy system is usually irreversible. Other listed approaches are less risky. Parallel testing is testing multiple applications or subcomponents of one application concurrently to reduce the test time. Phased implementation is a method of System Changeover from an existing system to a new one that takes place in stages. PILOT TESTING is defined as a type of Software Testing that verifies a component of the system or the entire system under a real-time operating condition.

Organizations implemented Electronic Data Interchange (EDI) to replace their traditional paper document exchange. Identify a potential risk in such implementation from the following. Increased operational costs Removal of robust manual controls Transaction authorization Employee dissatisfaction

C Electronic Data Interchange (EDI) replaced the traditional paper document exchange. Therefore, proper controls and edits, such as transaction authorization, need to be built within each organization's application system to allow this communication to take place in a trusted manner. Other options may not be valid.

James, an information security architect with the Town Bank, is reviewing architecture to be able to support continuous operations in the event of a disruption or disaster. Identify the valid option from the following that may be helpful in such an event. [BAG] High-availability Computing Distributed Backup Fault-tolerant Hardware Load Balancer

C Fault-tolerant hardware enables continuous, uninterrupted service in the event of a disruption or disaster. Load balancers are used to split the workload between several servers to improve the performance. High-availability computing provides a quick but not continuous recovery. Distributed backups require longer recovery times.

An information systems auditor, while reviewing the IT strategic plan, should ensure that the plan: identifies and addresses the required operational controls recognizes the need and incorporates cutting edge technology a long-term plan describing how IT resources will contribute to the enterprise's strategic objectives clearly sets out project management practices

C IT strategic plan is a long-term plan (i.e. three to five-year horizon) in which business and IT management cooperatively describe how IT resources will contribute to the enterprise's strategic objectives (goals).

The ABC System has initiated a data privacy compliance audit. The information systems auditor must review the following as a first step: Technology infrastructure inventory and diagrams Adherence to enterprise risk management framework Statutory and regulatory requirements Enterprise risk management framework

C In order to provide a comprehensive and independent view on data privacy compliance, the information systems auditor must first start from review of applicable statutory and regulatory requirements.

The team at Evergreen Bank tasked to establish a business continuity plan (BCP) is performing the risk analysis but having difficulty in arriving at the potential financial loss in certain events that would require the BCP to be invoked. Identify a suitable approach from following for the team to adopt to complete the exercise. Use the present value of underlying assets to determine financial loss The team should spend the time needed to determine exact financial loss In such a scenario the team should adopt a qualitative approach Obtain historical financial loss values from the accounting department

C In such a scenario when the team is facing difficulty in determining the potential financial loss, they should adopt a qualitative approach. The qualitative approach is useful with non-numerical or un-computable data. The experienced managers could determine the financial losses by their experience and sense of judgment.

Peter, a system administrator, needs to select a control to provide the greatest assurance of server's operating system integrity. Identify the correct answer from the following Strong boot password for strong security Logging of events and activites, and appropriate monitoring Server configuration hardening Physical security control by protecting the server in a secure location

C OS security hardening guidelines can be developed that define how the OS should be configured. Hardening a system means to configure it in the most secure manner to prevent nonprivileged users from gaining the right to execute privileged instructions and thus take control of the entire machine, jeopardizing the OS's integrity. Protecting the server in a secure location and setting a boot password are good practices, but do not ensure that a user will not try to exploit logical vulnerabilities and compromise the OS. Activity logging has two weaknesses in this scenario: (i) it is a detective control (not a preventive one), and (ii) the attacker who already gained privileged access can modify logs or disable them.

Guava Trading Company has implemented an access card entry system for the physical security of its data center. Identify the most important control from the following. Failed and successful access card entry attempts are logged and protected Access card entry system installed in locations in most risk-prone places Promptly deactivate lost/stolen access cards and cards belonging to leavers System data backed up frequently to ensure continuity of the access card entry system

C Promptly deactivating lost/stolen access cards and the cards that belong to an employee who has left the organization is the most important control in the list. Logging of all access attempts and back up of system data are important as well - however not as important as preventing unauthorized entry. Access card entry system would generally cover the perimeter i.e. main entry into the facility, and also the other more critical areas within the facility.

Cocoa Exports is exploring an online business model to boost their revenue. Jim, an information security architect, is tasked to adequately protect the online platform's confidentiality, authentication, non-repudiation, and integrity. Identify the best control mechanism from the following Virtual Private Network (VPN) Transport Layer Security (TLS) Public Key Infrastructure (PKI) Secure Sockets Layer (SSL)

C Public key infrastructure (PKI) provides the best overall protection ensuring confidentiality, integrity, and reliability

Jaime, an information systems auditor at Evergreen Bank, discovered unauthorized transactions during a review of enterprise data interchange platform. Identify from following the most likely recommendation for Jaime to make Improvement of operational controls at transaction origination systems Improvement of project management and change control procedures Improvement of authentication mechanism for sending and receiving transactional messages Review of operational and service level agreements between transaction origination systems and consuming systems

C Since the observation is related to unauthorized transactions, information systems auditor is most likely concerned about weak authentication mechanism for sending and receiving transactional messages. Review of operational and service level agreements between transaction origination systems and consuming systems can also be conducted - however that could only be an additional recommendation.

Computer forensics comprises of four major considerations as below: (a) Preserve (b) Identify (c) Present (d) Analyze Identify the correct sequence from the following a, b, d, c a, b, c, d b, a, d, c b, a, c, d

C The four major considerations in the chain of events for evidence in computer forensics are: (i) Identify: Identification of information that is available and might form the evidence of an incident (ii) Preserve: Retrieving identified information and preserving it as evidence (iii) Analyze: Extracting, processing and interpreting the evidence (iv) Present: Presentation to various audiences, such as management, attorneys, court, etc.

Julio, IT Head at Quick Micropayments, is an auditee for a software development project which is more than 80 percent complete but has already overrun time by 10 percent and costs by 25 percent. The information systems auditor informs him that this observation may lead to the conclusion that the organization does not have effective project management. Identify the ideal next step at this juncture. [BBE] Information systems auditor to recommend replacement of the project manager Information systems auditor to conclude an ineffective project management process Information systems auditor to review the conduct of the project and the business case Information systems auditor to perform a review of IT governance structure

C The immediate next step at this juncture is for the information systems auditor to seek out more information to understand the factors that have contributed to making the project over budget and over schedule. Based on the outcome of the necessary recommendations can be made.

Julio, head of information technology architecture with the Palm Trading Company, thinks that transaction audit trails are essential for a well-designed system. Identify the main consideration of Julio in this case. Transaction audit trails are for information systems auditors to help them in transactions tracing Transaction audit trails help to make capacity planning more accurate by providing useful data for planning Transaction audit trails are essential for ensuring non-repudiation Transaction audit trails help to improve the efficiency of the backup process

C The main consideration for Julio to think the usefulness of transaction audit trails is that they help to determine accountability and responsibility for processed transactions, and ensuring non-repudiation

"Their security responsibilities include authorizing access, ensuring that access rules are updated when personnel changes occur, and regularly review access rules for the data for which they are responsible." Identify the appropriate role for the above mentioned responsibility. Data Users Data Custodians Data Owners Security Administrator

C The mentioned responsibility falls under the remit of data owners. Data owners are usually business leaders responsible for using information for running and controlling the business. Data custodians are people responsible for storing and safeguarding the data and include IT personnel. Data users include the user communities with access levels authorized by the data owners. Security administrators have the responsibility to provide physical and logical security for data, software, and hardware.

Lorena, an information systems auditor with the Town Bank, observed an inadequate coverage of potential risks in the security policy likely arising from an inadequate security policy development process. Lorena should recommend the following. Asset identification be ensured as part of security policy development Business objectives are considered while developing the security policy The outcome of the risk management process be considered while developing the security policy The software design decisions are made based on the security policy and guidelines

C The outcome of the risk management process is considered while developing the security policy to ensure adequate coverage to underlying risks.

Montero Automotives is embarking on its journey to implement enterprise governance of information and technology (EGIT) framework. What is the most important goal of an organization in implementing the EGIT framework? [ADJ] IT investments return enhancement Accountability Aligning IT with the business IT value realization

C The purpose of EGIT is to direct IT endeavors to ensure that IT aligns with and supports the enterprise's objectives and its realization of promised benefits. In addition, IT should enable the enterprise by exploiting opportunities and maximizing benefits. Resources should be used responsibly, and IT-related risk should be managed appropriately.

Guava Trading Company is running a variety of access points. These include a mix of access points with an obsolete security algorithm that does not have any upgrades available from the vendor, and the newer access points having advanced wireless security. Lisa, an information systems auditor with the organization, wants to recommend IT to replace the obsolete access points. Identify the best justification from following to support Lisa's recommendation. Centralize and easier management of new access points Performance concerns with the old access points The security chain is only as strong as its weakest link New access points have become more affordable recently

C The security chain is only as strong as its weakest link is probably the best justification to support Lisa's recommendation to replace the access points. Performance concerns, easier management, and affordability are secondary in this situation.

Lisa, an information systems auditor at the AZ Systems, while conducting the implementation review of a multiuser distributed application, finds finds minor weaknesses in three areas-the initial setting of parameters is improperly installed, weak passwords are being used and some vital reports are not being checked properly. Identify the right option for Lisa to choose while preparing the audit report advise the information systems audit manager of probable risks without recording the observations, as the control weaknesses are minor ones record the three (3) separate observations with the impact of each of them marked against each respective finding record the three (3) observations and the risk arising from the collective weaknesses apprise the auditee departmental heads concerned with each observation and properly capture it in the report

C The weaknesses, individually, may be minor; however, together they have the potential to substantially weaken the overall control structure - therefore it needs to be addressed in the audit report accordingly. Other choices are incorrect.

Identify the risk type from the following that exists when a risk cannot be prevented or detected on a timely basis by control. Inherent risk Absolute risk Control risk Residual risk

C When risk cannot be prevented or detected on a timely basis by controls, it culminates into a control risk.

Blue Xylo Systems, a software development startup, intends to implement a suitable testing method to test the effectiveness of software program logic and determine the procedural accuracy of a program's specific logic paths. Identify from following the right testing method to meet this objective. Black box test Structured walkthrough White box test Paper test

C White box testing is a test type that focuses on the effectiveness of software program logic and uses test data to determine the procedural accuracy of a program's specific logic paths.

Blue Xylo Systems, a software development startup, intends to implement a suitable testing method to test the functional operating effectiveness of the information system without regard to any specific internal program structure. Identify from following the right testing method to meet this objective. Alpha test Beta test Black box test White box test

C, Black box testing is a test type that does not require knowledge of internal working or program logic and is usually a tool-driven testing form. It is a testing method to focus on the information system's functional operating effectiveness without regard to any specific internal program structure.

Fair Lending has implemented a disaster recovery plan. In order to implement the optimum business continuity strategy, what would Fair Lending have considered: [AJC] Mean of the combined downtime and recovery cost Lowest recovery cost despite the highest downtime cost Lowest downtime cost despite the highest recovery cost The lowest sum of downtime cost and recovery cost

D Ideally, businesses would want to minimize both the downtime cost and recovery cost. The optimum business continuity strategy aims to keep both of them at the lowest possible mark. Highest recovery cost cannot be the optimum strategy, similarly, the highest downtime cost cannot be the optimum strategy either. The average of the combined downtime and recovery cost is a distractor.

Jamaica Foundry has installed Ethernet cable (an unshielded twisted pair (UTP) network) that is more than 100 meters long. Identify the potential negative effect caused by the length of the cable? Cross-talk Electromagnetic interference (EMI) Dispersion Attenuation

D Attenuation is the weakening of signals during transmission. Upon weakening of signlas, it begins to read a 1 for a 0, and the user may experience communication problems. UTP faces attenuation around 100 meters. UTP implementations are susceptible to other negative effects as well, however not due to the length of the UTP cable.

James, an information security architect with the Town Bank, is tasked to implement defense-in-depth security. Identify a valid example of the same from the following. [AJH] Implementing separate firewalls for segregated network segments Implementing strong network controls to segregate the corporate network from the data centre network Implementing two firewall products from two different vendors to ensure they provide the best coverage Implementing logical access management controls in addition to network firewalls

D A good cybersecurity architecture employs defense-in-depth principles which means a series of defensive mechanisms are layered in such an order to protect valuable data and information that if one mechanism fails, another steps up. Implementing logical access management controls in addition to network firewalls is a good example of this.

Jacob is a business continuity manager with Guava Trading Company. Identify the first step for Jacob to perform soon after the replacement of hardware at the primary data centre? Conduct a review the implementation report Conduct compatibility check with the hot site Walk-through the disaster recovery plan to ensure the plan is relevant Add the records for new hardware in the assets inventory and update the old one's status

D Assets inventory is the basic input for the business continuity/disaster recovery plan, and the plan must be updated to reflect changes in the information systems infrastructure.

Lorena, an information systems auditor with the Town Bank, is conducting a review of backup and batch processing outsourced to a managed service provider. Identify the next step for Lorena. Review service delivery report to the service level agreement (SLA) Conduct a full independent review of backup and batch processing Place reliance upon 3rd party audit report on service provider's operations Review the service provider contract with the organization

D Lorena should first review the service provider's contract with the organization for the right-to-audit clause, service level agreements, and performance of 3rd party audits on the service provider's operations. Based on the outcome of this step, the next steps can be identified which may very well range from placing reliance upon the audit report submitted by the MSP to conducting a full-scale independent audit on the MSP.

Lisa, an information systems auditor at a non-profit charitable organization, is reviewing the perimeter security controls. Lisa wants to verify if the firewall is configured in compliance with an organization's security policy. Identify the most effective method from the following to verify Review of firewall log files Review of firewall administration procedures Attestation by the firewall administrator Review of firewall parameter settings

D Perimeter security plays a vital role in effectively preventing and detecting most attacks on their networks. The proper implementation and maintenance of firewalls are of paramount importance for having a robust and effective perimeter security mechanism and compliance with the organization's security policy. Therefore, a review of firewall parameter settings is the best method to determine if the firewall is configured in compliance with an organization's security policy.

Julio, IT Head at Quick Micropayments, wants to ensure the independence of a quality assurance (QA) team. Identify an activity to be avoided to achieve the objective. Ensure compliance with software development methodology Check the testing assumptions Perform code review to ensure proper documentation Correct coding errors during the testing process

D Quality assurance (QA) team should not be made responsible for correcting coding errors during the testing / QA process as correction of code is not the responsibility of the QA team. Doing so would result in a violation of segregation of duties principles and would impair the team's independence.

Lorena, an information systems auditor with the Town Bank, is reviewing the adequacy of the bank's security awareness training program. Identify the best performance evaluation criterion from the following. Number of incidents with business or reputational impact Adequate funding for security initiatives commensurating with the level of risk and business impact Board-level awareness of critical information assets and focus on their protection Roles and responsibilities include accountability for information security

D Roles and responsibilities including a clear statement of accountability for information security is the best evaluation measure of the bank's security awareness training program.

Michelle is an information systems auditor at AZ Systems. She is reviewing the information systems tactical plan. While doing so, she should determine whether a strategic information technology planning methodology is in place there is a clear definition of the information systems mission and vision the plan correlates business objectives to information systems goals and objectives there is an integration of information systems and business staffs within projects

D The integration of IS and business staff in projects is an operational issue and should be considered while reviewing the short-range plan. A strategic plan would provide a framework for the IS short-range plan.

Identify from following a relevant parameter corresponding business appetite for the data loss. Service delivery objective Recovery time objective Maximum tolerable outages Recovery point objective

D The recovery point objective (RPO) is determined based on business acceptable data loss appetite in an operational disruption event. RPO indicates the earliest point in time in which it is acceptable to recover the data. Recovery Time Objective (RTO) is the amount of time allowed for the recovery of a business function or resource to an acceptable level after a disaster occurs. Service Delivery Objective (SDO) is the minimal level of services to be reached during the alternate process mode until the normal situation is restored. It is directly related to business needs. Maximum Tolerable Outage (MTO) is the maximum time the organization can support processing in alternate mode.

Identify the correct answer from the following to be included in an organization's information systems security policy? Identity of sensitive security features Inventory of key IT resources to be secured Relevant software security features Criteria for access authorization

D The security policy provides the broad framework of security including a definition of those authorized to grant access and the basis for granting the access. Other choices are more detailed and are likely candidates for inclusion in standards/procedures.

There are various methods of suppressing a data center fire. Identify the MOST effective and environmentally friendly method from the following. Water-based systems (sprinkler systems) Argonite systems Carbon dioxide systems Dry-pipe sprinkling systems

D, Dry-pipe sprinkling systems are the most effective and environmentally friendly from the available options. In this system, the water does not flow until the fire alarm activates a pump. Water-based systems (sprinkler systems) are environmentally friendly but may not present the most effective option. In this system, the water is always present in the piping, which can potentially leak, causing damage to equipment.

An information systems auditor with Super Systems wants review arrangements to protect against non-privileged users be able to escalate their access level to enter supervisory state. Identify the artifact that is useful to review for the identification of such arrangement/controls. Access control violations logs System access logs Access control software parameters System configuration files for control options used

D, The information systems auditor should review system configuration files for control options used to protect the supervisory state. These options, if uncontrolled, provide a nonprivileged user a way to gain access to the OS's supervisory state. A review of systems access logs and access violations logs is a detective control in nature. Access control software is run under the operating system.

The information system auditor discovers that both the technology and accounting functions are being performed by the same user of the financial system during a compliance audit of a small local cooperative bank. Identify the best supervisor review control from the following: Database table dump containing audit trails of date/time of each transaction Daily summary of number of transactions and sum total of value of each transaction User account administration report Computer log files that show individual transactions in the financial system

D, While other supervisory review controls are important, the most important in this situation is to review the computer log files that show individual transactions in the financial system

Lisa, an information systems auditor at the AZ Systems, while conducting the review of the UNIX system administration function, observed that shared user id is used by the team of ten administrators. Identify the concern that Lisa may have with this observation Risk of passwords not being reset on the desired frequency Risk of an outsider be able to gain unauthorized access No concern since the user ids are only shared amongst the administrators Difficulty in tracing admin actions and dilution of accountability

D. If one user id is shared amongst multiple administrators, there is no clear traceability of performed activities to an identifiable individual. This leads to the dilution of accountability and is a risk. Additionally, this may lead to weak account lifecycle management and also exposes to the risk of passwords being leaked to an outsider due to dilution of accountability.

Andrew, CFO of Palm Trading Company, a relatively smaller organization, wants to implement segregation of duties for information processing facility (IPF) roles. Considering this requirement, identify a false statement from the following A network administrator normally would be restricted from reporting to the end-user manager A network administrator normally would be restricted from having additional end-user responsibilities A network administrator normally would be restricted from being responsible for network security administration A network administrator normally would be restricted from having programming responsibilities

D. The computer room and support areas in any organization usually make up the information processing facility (IPF). many organizations have widely dispersed IPFs in addition to a central IPF. The dispersed IPFs include the management of network at branches and geographically remote locations. Under these circumstances, a network administrator may have additional network security administration and end-user responsibilities and may report to an end-user manager. However, a network administrator is not allowed to have programming responsibilities to ensure objectives of segregation of duties are met.

Palm Trading Company has implemented digital signatures to protect email communication with their customers. Identify the benefit of using a digital signature from the following. Protects email content from unauthorized reading Protects email content from data theft Ensure timely delivery of email content Ensures integrity of the email content

D. The digital signature is used for verifying the identity of the sender and the integrity of the content.

Identify an example of an overlapping control from the following. Access controls via the use of electronic badges and visual verification by a security guard Identification badges (photo IDs) to be worn and displayed at all times Identification badges containing biometric data in a smart-chip in addition to the name and photo of the bearer Access controls via the use of electronic badges and strong system password

Overlapping control is when more than one control in place and either of the control is adequate to achieve the objective. For example, if a facility controls physical access via the use of electronic badges followed by the visual verification by a security guard.

Easy Micropayments has an online payment platform for customers to on-demand initiate payments during business hours. As the new payments are processed, the transactions are recorded on the disk as well as on the tape. The payment files at the end of the day are backed up on the tape. However, it was observed that during the backup process the files in hard disk as well as in the tape were corrupted due to the malfunction of the backup mechanism. Identify from following the best option to quickly and accurately restore the payment data to resume the online payment operations. The previous day's payment file from the disk and the today's transactions from tape The previous day's payment file from tape and today's payment transaction from the disk Today's payment transactions from the disk and the previous day's payment file from the tape Today's payment file from tape and the today's payment transactions from the disk

Restoring the previous day's payment files from the tape is the latest reliable backup on the tape. Today's transactions are easily and reliably retrievable from the disk. These two together will provide the best option to reliably and quickly re-create the most up to date and accurate data set for the system to resume operations.

Identify from following valid disk-based backup systems. Real application cluster Log shipping Host-based replication Virtual tape libraries

Virtual tape libraries (VTLs) systems consist of disk storage and software that control backup and recovery data sets. Host-based replication is executed at the host level by a special software running on this server and on the target server. Log shipping and real application cluster are not relevant to disk-based backup systems.

Identify a false statement pertaining to Wi-Fi Protected Access (WPA) in wireless networks from the following. WPA-PSK uses preshared keys for simpler implementation and management WPA allows unencrypted source addresses for backward compatibility WPA-EAP uses more stringent 802.1x authentication with the Extensible Authentication Protocol (EAP) WPA depends on a central authentication server to authenticate each user

WPA does not allow unencrypted source addresses. Rest are true statements about WPA.

CISA Practice Exam

Set pelajaran terkait

Chapter 6 Homework

Interval Estimation

American Lit Final

algebra 2b - unit 1: exponential and logarithmic functions, part 1

Basic computer images exam

Chapter 5

Lewis Med-Surg Ch 17 Fluid, Electrolytes + Acid-Base Imbalances

Napoleon Terms

PSYC 2000 FINAL EXAM

Health

mktg exam 2 ALL

Physics chapter 17- electric potential

Accounting Financial Chapter 4

M08 Final Exam

Gov final

Administrative Law Final

chapter 7 the cell

Delirium and Dementia Disorders

Anthro Final

Ch 28 Respiratory dysfunction