EMT Practice Test

1. Question Content...


Question List

Question1: An IS auditor finds that user acceptance testing of a new system is being repeatedly interrupted as defect fixes are implemented by developers. Which of the following would be the BEST recommendation for an IS auditor to make?

Question2: Default permit is only a good approach in an environment where:

Question3: A sender of an e-mail message applies a digital signature to the digest of the message. This action provides assurance of the:

Question4: Which of the following would be considered an essential feature of a network management system?

Question5: Which of the following is the most important element in the design of a data warehouse?

Question6: To protect a VoIP infrastructure against a denial-of-service (DoS) attack, it is MOST important to secure the:

Question7: .When performing an IS strategy audit, an IS auditor should review both short-term (one-year) and long-term (three-to five-year) IS strategies, interview appropriate corporate management personnel, and ensure that the external environment has been considered. The auditor should especially focus on procedures in an audit of IS strategy. True or false?

Question8: The reliability of an application system's audit trail may be questionable if:

Question9: .What is an effective countermeasure for the vulnerability of data entry operators potentially leaving their computers without logging off? Choose the BEST answer.

Question10: When auditing a disaster recovery plan for a critical business area, an IS auditor finds that it does not cover all the systems. Which of the following is the MOST appropriate action for the IS auditor?

Question11: Relatively speaking, firewalls operated at the application level of the sevenlayer OSI model are:

Question12: Reconfiguring which of the following firewall types will prevent inward downloading of files through the File Transfer Protocol (FTP)?

Question13: Which of the following risks could result from inadequate software baselining?

Question14: Which of the following is the MOST important objective of data protection?

Question15: An organization is disposing of a number of laptop computers. Which of the following data destruction methods would be the MOST effective?

Question16: .Which of the following BEST characterizes a mantrap or deadman door, which is used as a deterrent control for the vulnerability of piggybacking?

Question17: The PRIMARY reason for using digital signatures is to ensure data:

Question18: Which of the following intrusion detection systems (IDSs) will MOST likely generate false alarms resulting from normal network activity?

Question19: An IS auditor who has discovered unauthorized transactions during a review of EDI transactions is likely to recommend improving the:

Question20: The GREATEST risk posed by an improperly implemented intrusion prevention system (IPS) is:

Question21: An IS auditor has audited a business continuity plan (BCP). Which of the following findings is the MOST critical?

Question22: An IS auditor's PRIMARY concern when application developers wish to use a copy of yesterday's production transaction file for volume tests is that:

Question23: To ensure message integrity, confidentiality and non repudiation between two parties, the MOST effective method would be to create a message digest by applying a cryptographic hashing algorithm against:

Question24: A digital signature contains a message digest to:

Question25: .What is the first step in a business process re-engineering project?

Question26: An IS auditor reviewing a database application discovers that the current configuration does not match the originally designed structure. Which of the following should be the IS auditor's next action?

Question27: Which of the following is an oft-cited cause of vulnerability of networks?

Question28: Which of the following would prevent unauthorized changes to information stored in a server's log?

Question29: "Nowadays, computer security comprises mainly "preventive"" measures."

Question30: During an implementation review of a multiuser distributed application, an IS auditor finds minor weaknesses in three areas-the initial setting of parameters is improperly installed, weak passwords are being used and some vital reports are not beingchecked properly. While preparing the audit report, the IS auditor should:

Question31: Upon receipt of the initial signed digital certificate the user will decrypt the certificate with the public key of the:

Question32: Which of the following BEST reduces the ability of one device to capture the packets that are meant for another device?

Question33: During an exit interview, in cases where there is disagreement regarding the impact of a finding, an IS auditor should:

Question34: Confidentiality of the data transmitted in a wireless LAN is BEST protected if the session is:

Question35: Which of the following encryption techniques will BEST protect a wireless network from a man-inthe-middle attack?

Question36: Which of the following backup techniques is the MOST appropriate when an organization requires extremely granular data restore points, as defined in the recovery point objective (RPO)?

Question37: During the development of an application, the quality assurance testing and user acceptance testing were combined. The MAJOR concern for an IS auditor reviewing the project is that there will be:

Question38: .Any changes in systems assets, such as replacement of hardware, should be immediately recorded within the assets inventory of which of the following? Choose the BEST answer.

Question39: Which of the following is the MOST likely reason why e-mail systems have become a useful source of evidence for litigation?

Question40: During a logical access controls review, an IS auditor observes that user accounts are shared. The GREATEST risk resulting from this situation is that:

Question41: Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and systems?

Question42: Which of the following is an attribute of the control self-assessment (CSA) approach?

Question43: .Obtaining user approval of program changes is very effective for controlling application changes and maintenance. True or false?

Question44: .What topology provides the greatest redundancy of routes and the greatest network fault tolerance?

Question45: An IS auditor reviewing an outsourcing contract of IT facilities would expect it to define the:

Question46: Which of the following is an advantage of the top-down approach to software testing?

Question47: .What is an acceptable recovery mechanism for extremely time-sensitive transaction processing?

Question48: An IS auditor should be concerned when a telecommunication analyst:

Question49: A hacker could obtain passwords without the use of computer tools or programs through the technique of:

Question50: The MAIN reason for requiring that all computer clocks across an organization be synchronized is to:

Question51: Which of the following is the GREATEST advantage of elliptic curve encryption over RSA encryption?

Question52: The PRIMARY advantage of a continuous audit approach is that it:

Question53: A company is implementing a dynamic host configuration protocol (DHCP). Given that the following conditions exist, which represents the GREATEST concern?

Question54: Which of the following refers to an important procedure when evaluating database security (choose the BEST answer)?

Question55: Active radio frequency ID (RFID) tags are subject to which of the following exposures?

Question56: To determine which users can gain access to the privileged supervisory state, which of the following should an IS auditor review?

Question57: Which of the following is the MOST effective type of antivirus software?

Question58: A call-back system requires that a user with an id and password call a remote server through a dial-up line, then the server disconnects and:

Question59: During a disaster recovery test, an IS auditor observes that the performance of the disaster recovery site's server is slow. To find the root cause of this, the IS auditor should FIRST review the:

Question60: .If a programmer has update access to a live system, IS auditors are more concerned with the programmer's ability to initiate or modify transactions and the ability to access production than with the programmer's ability to authorize transactions. True or false?

Question61: .Database snapshots can provide an excellent audit trail for an IS auditor. True or false?

Question62: .What would an IS auditor expect to find in the console log? Choose the BEST answer.

Question63: Which of the following is the PRIMARY advantage of using computer forensic software for investigations?

Question64: .What can be used to help identify and investigate unauthorized transactions? Choose the BEST answer.

Question65: To detect attack attempts that the firewall is unable to recognize, an IS auditor should recommend placing a network intrusion detection system (IDS) between the:

Question66: An IS auditor is reviewing a project to implement a payment system between a parent bank and a subsidiary. The IS auditor should FIRST verify that the:

Question67: An IS auditor finds out-of-range data in some tables of a database. Which of the following controls should the IS auditor recommend to avoid this situation?

Question68: In planning an audit, the MOST critical step is the identification of the:

Question69: The initial step in establishing an information security program is the:

Question70: The phases and deliverables of a system development life cycle (SDLC) project should be determined:

Question71: What method might an IS auditor utilize to test wireless security at branch office locations?

Question72: During an audit of a business continuity plan (BCP), an IS auditor found that, although all departments were housed in the same building, each department had a separate BCP. The IS auditor recommended that the BCPs be reconciled. Which of the following areas should be reconciled FIRST?

Question73: Information for detecting unauthorized input from a terminal would be BEST provided by the:

Question74: An IS auditor reviewing an organization's IT strategic plan should FIRST review:

Question75: To verify that the correct version of a data file was used for a production run, an IS auditor should review:

Question76: .Key verification is one of the best controls for ensuring that:

Question77: Electromagnetic emissions from a terminal represent an exposure because they:

Question78: Which of the following is widely accepted as one of the critical components in networking management?

Question79: To install backdoors, hackers generally prefer to use:

Question80: Sign-on procedures include the creation of a unique user ID and password. However, an IS auditor discovers that in many cases the username and password are the same. The BEST control to mitigate this risk is to:

Question81: Which of the following is a management technique that enables organizations to develop strategically important systems faster, while reducing development costs and maintaining quality?

Question82: Which of the following would have the HIGHEST priority in a business continuity plan (BCP)?

Question83: In large corporate networks having supply partners across the globe, network traffic may continue to rise. The infrastructure components in such environments should be scalable. Which of the following firewall architectures limits future scalability?

Question84: Relatively speaking, firewalls operated at the physical level of the seven-layer OSI model are:

Question85: A manager of a project was not able to implement all audit recommendations by the target date. The IS auditor should:

Question86: A hot site should be implemented as a recovery strategy when the:

Question87: An IS auditor is reviewing the physical security measures of an organization. Regarding the access card system, the IS auditor should be MOST concerned that:

Question88: Which of the following physical access controls effectively reduces the risk of piggybacking?

Question89: The MOST likely explanation for the use of applets in an Internet application is that:

Question90: During the review of a biometrics system operation, an IS auditor should FIRST review the stage of:

Question91: ALL computer programming languages are vulnerable to command injection attack.

Question92: Which of the following is a dynamic analysis tool for the purpose of testing software modules?

Question93: An IS auditor has been asked to participate in project initiation meetings for a critical project. The IS auditor's MAIN concern should be that the:

Question94: An IS auditor conducting a review of disaster recovery planning (DRP) at a financial processing organization has discovered the following:
The existing disaster recovery plan was compiled two years earlier by a systems analyst in the organization's IT department using transaction flow projections from the operations department.
The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his/her attention.
The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for its area in the event of a disruptive incident. The basis of an organization's disaster recovery plan is to reestablish live processing at an alternative site where a similar, but not identical, hardware configuration is already established. An IS auditor should:

Question95: After the merger of two organizations, multiple self-developed legacy applications from both companies are to be replaced by a new common platform. Which of the following would be the GREATEST risk?

Question96: The sender of a public key would be authenticated by a:

Question97: Time constraints and expanded needs have been found by an IS auditor to be the root causes for recent violations of corporate data definition standards in a new business intelligence project.
Which of the following is the MOST appropriate suggestion for an auditor to make?

Question98: Which of the following BEST describes the role of a directory server in a public key infrastructure (PKI)?

Question99: An IS auditor is reviewing access to an application to determine whether the 10 most recent "new user" forms were correctly authorized. This is an example of:

Question100: Corrective action has been taken by an auditee immediately after the identification of a reportable finding. The auditor should:

Question101: .What should regression testing use to obtain accurate conclusions regarding the effects of changes or corrections to a program, and ensuring that those changes and corrections have not introduced new errors?

Question102: An IS auditor performing a review of an application's controls would evaluate the:

Question103: The PRIMARY purpose for meeting with auditees prior to formally closing a review is to:

Question104: .To properly evaluate the collective effect of preventative, detective, or corrective controls within a process, an IS auditor should be aware of which of the following? Choose the BEST answer.

Question105: A virtual private network (VPN) provides data confidentiality by using:

Question106: .Which of the following is BEST characterized by unauthorized modification of data before or during systems data entry?

Question107: In the process of evaluating program change controls, an IS auditor would use source code comparison software to:

Question108: An IS auditor performing a telecommunication access control review should be concerned PRIMARILY with the:

Question109: What is the BEST approach to mitigate the risk of a phishing attack?

Question110: .The quality of the metadata produced from a data warehouse is _______________ in the warehouse's design. Choose the BEST answer.

Question111: Which of the following is a concern when data are transmitted through Secure Sockets Layer (SSL) encryption, implemented on a trading partner's server?

Question112: The initial step in establishing an information security program is the:

Question113: .The directory system of a database-management system describes:

Question114: Which of the following potentially blocks hacking attempts?

Question115: A project manager of a project that is scheduled to take 18 months to complete announces that the project is in a healthy financial position because, after 6 months, only one-sixth of the budget has been spent. The IS auditor should FIRST determine:

Question116: .________________ (fill in the blank) is/are are ultimately accountable for the functionality, reliability, and security within IT governance. Choose the BEST answer.

Question117: The PRIMARY objective of implementing corporate governance by an organization's management is to:

Question118: .A check digit is an effective edit check to:

Question119: During a review of a customer master file, an IS auditor discovered numerous customer name duplications arising from variations in customer first names. To determine the extent of the duplication, the IS auditor would use:

Question120: Which of the following antispam filtering techniques would BEST prevent a valid, variable-length e-mail message containing a heavily weighted spam keyword from being labeled as spam?

Question121: Which of the following should be included in an organization's IS security policy?

Question122: Which of the following should an IS auditor review to understand project progress in terms of time, budget and deliverables for early detection of possible overruns and for projecting estimates at completion (EACs)?

Question123: .A primary benefit derived from an organization employing control self-assessment (CSA) techniques is that it can:

Question124: An organization having a number of offices across a wide geographical area has developed a disaster recovery plan (DRP). Using actual resources, which of the following is the MOST costeffective test of the DRP?

Question125: Which of the following insurance types provide for a loss arising from fraudulent acts by employees?

Question126: Which of the following types of data validation editing checks is used to determine if a field contains data, and not zeros or blanks?

Question127: Which of the following would be an indicator of the effectiveness of a computer security incident response team?

Question128: Which of the following results in a denial-of-service attack?

Question129: To optimize an organization's business contingency plan (BCP), an IS auditor should recommend conducting a business impact analysis (BlA) in order to determine:

Question130: Which of the following implementation modes would provide the GREATEST amount of security for outbound data connecting to the internet?

Question131: An IS auditor should be MOST concerned with what aspect of an authorized honeypot?

Question132: Which of the following represents the GREATEST potential risk in an EDI environment?

Question133: Above almost all other concerns, what often results in the greatest negative impact on the implementation of new application software?

Question134: An organization currently using tape backups takes one full backup weekly and incremental backups daily. They recently augmented their tape backup procedures with a backup-to-disk solution. This is appropriate because:

Question135: .Which of the following is best suited for searching for address field duplications?

Question136: Broadly speaking, a Trojan horse is any program that invites the user to run it, but conceals a harmful or malicious payload. The payload may take effect immediately and can lead to immediate yet undesirable effects, or more commonly it may install further harmful software into the user's system to serve the creator's longer-term goals. A Trojan horse's payload would almost always take damaging effect immediately.

Question137: Which of the following is the key benefit of control self-assessment (CSA)?

Question138: .What kind of testing should programmers perform following any changes to an application or system?

Question139: What is a risk associated with attempting to control physical access to sensitive areas such as computer rooms using card keys or locks?

Question140: Your final audit report should be issued:

Question141: .Who is ultimately accountable for the development of an IS security policy?

Question142: .Which of the following best characterizes "worms"?

Question143: An organization has implemented a disaster recovery plan. Which of the following steps should be carried out next?

Question144: Which of the following is the MOST reliable sender authentication method?

Question145: When transmitting a payment instruction, which of the following will help verify that the instruction was not duplicated?

Question146: Which of the following line media would provide the BEST security for a telecommunication network?

Question147: Security administration procedures require read-only access to:

Question148: Applying a retention date on a file will ensure that:

Question149: Which of the following is a distinctive feature of the Secure Electronic Transactions (SET) protocol when used for electronic credit card payments?

Question150: An organization has just completed their annual risk assessment. Regarding the business continuity plan, what should an IS auditor recommend as the next step for the organization?

Question151: Which of the following controls would provide the GREATEST assurance of database integrity?

Question152: Which of the following is a technique that could be used to capture network user passwords?

Question153: Which of the following is an object-oriented technology characteristic that permits an enhanced degree of security over data?

Question154: An IS auditor reviews an organizational chart PRIMARILY for:

Question155: As a driver of IT governance, transparency of IT's cost, value and risks is primarily achieved through:

Question156: .Why is a clause for requiring source code escrow in an application vendor agreement important?

Question157: When two or more systems are integrated, input/output controls must be reviewed by an IS auditor in the:

Question158: Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost-effectively obtain evidence about the plan's effectiveness?

Question159: An IS auditor reviewing the key roles and responsibilities of the database administrator (DBA) is LEAST likely to expect the job description of the DBA to include:

Question160: Which of the following provides the framework for designing and developing logical access controls?

Question161: While conducting an audit, an IS auditor detects the presence of a virus. What should be the IS auditor's next step?

Question162: Which of the following is an implementation risk within the process of decision support systems?

Question163: .Test and development environments should be separated. True or false?

Question164: An IS auditor discovers that developers have operator access to the command line of a production environment operating system. Which of the following controls wou Id BEST mitigate the risk of undetected and unauthorized program changes to the production environment?

Question165: The use of a GANTT chart can:

Question166: A financial services organization is developing and documenting business continuity measures. In which of the following cases would an IS auditor MOST likely raise an issue?

Question167: .Which of the following is the dominating objective of BCP and DRP?

Question168: Which of the following would an IS auditor consider to be the MOST important when evaluating an organization's IS strategy? That it:

Question169: Which of the following correctly describes the purpose of an Electronic data processing audit?

Question170: To address the risk of operations staff's failure to perform the daily backup, management requires that the systems administrator sign off on the daily backup. This is an example of risk:

Question171: Which of the following is a substantive test?

Question172: During an audit, an IS auditor notes that an organization's business continuity plan (BCP) does not adequately address information confidentiality during a recovery process. The IS auditor should recommend that the plan be modified to include:

Question173: .Which of the following is used to evaluate biometric access controls?

Question174: During which of the following phases in system development would user acceptance test plans normally be prepared?

Question175: What control detects transmission errors by appending calculated bits onto the end of each segment of data?

Question176: The computer security incident response team (CSIRT) of an organization disseminates detailed descriptions of recent threats. An IS auditor's GREATEST concern should be that the users might:

Question177: An IS steering committee should:

Question178: While reviewing sensitive electronic work papers, the IS auditor noticed that they were not encrypted. This could compromise the:

Question179: Overall business risk for a particular threat can be expressed as:

Question180: Which of the following provides the MOST relevant information for proactively strengthening security settings?

Question181: .Which of the following provide(s) near-immediate recoverability for time-sensitive systems and transaction processing?

Question182: The PRIMARY objective of performing a postincident review is that it presents an opportunity to:

Question183: A company has recently upgraded its purchase system to incorporate EDI transmissions. Which of the following controls should be implemented in the EDI interface to provide for efficient data mapping?

Question184: In a public key infrastructure (PKI), which of the following may be relied upon to prove that an online transaction was authorized by a specific customer?

Question185: Which of the following is the BEST way to handle obsolete magnetic tapes before disposing of them?

Question186: In a contract with a hot, warm or cold site, contractual provisions should cover which of the following considerations?

Question187: A decision support system (DSS):

Question188: .What type of approach to the development of organizational policies is often driven by risk assessment?

Question189: Which of the following functions should be performed by the application owners to ensure an adequate segregation of duties between IS and end users?

Question190: .Processing controls ensure that data is accurate and complete, and is processed only through which of the following? Choose the BEST answer.

Question191: Which of the following types of data validation editing checks is used to determine if a field contains data, and not zeros or blanks?

Question192: To aid management in achieving IT and business alignment, an IS auditor should recommend the use of:

Question193: .What influences decisions regarding criticality of assets?

Question194: A perpetrator looking to gain access to and gather information about encrypted data being transmitted over the network would use:

Question195: Many WEP systems require a key in a relatively insecure format. What format is this?

Question196: .Which of the following is a passive attack method used by intruders to determine potential network vulnerabilities?

Question197: .What process allows IS management to determine whether the activities of the organization differ from the planned or expected levels? Choose the BEST answer.

Question198: To prevent IP spoofing attacks, a firewall should be configured to drop a packet if:

Question199: An efficient use of public key infrastructure (PKI) should encrypt the:

Question200: In the context of effective information security governance, the primary objective of value delivery is to:

Question201: An IS auditor should review the configuration of which of the following protocols to detect unauthorized mappings between the IP address and the media access control (MAC) address?

Question202: .Which of the following processes are performed during the design phase of the systemsdevelopment life cycle (SDLC) model?

Question203: .What is used to provide authentication of the website and can also be used to successfully authenticate keys used for data encryption?

Question204: In which of the following situations is it MOST appropriate to implement data mirroring as the recovery strategy?

Question205: What is the lowest level of the IT governance maturity model where an IT balanced scorecard exists?

Question206: Though management has stated otherwise, an IS auditor has reasons to believe that the organization is using software that is not licensed. In this situation, the IS auditor should:

Question207: Which of the following internet security threats could compromise integrity?

Question208: Performance of a biometric measure is usually referred to in terms of (choose all that apply):

Question209: .A transaction journal provides the information necessary for detecting unauthorized _____________ (fill in the blank) from a terminal.

Question210: Which of the following is the BEST practice to ensure that access authorizations are still valid?

Question211: Which of the following would an IS auditor consider to be the MOST helpful when evaluating the effectiveness and adequacy of a computer preventive maintenance program?

Question212: Host Based ILD&P primarily addresses the issue of:

Question213: To ensure compliance with a security policy requiring that passwords be a combination of letters and numbers, an IS auditor should recommend that:

Question214: Which testing approach is MOST appropriate to ensure that internal application interface errors are identified as soon as possible?

Question215: An IS auditor finds that client requests were processed multiple times when received from different independent departmental databases, which are synchronized weekly. What would be the BEST recommendation?

Question216: An IS auditor is reviewing a project that is using an Agile software development approach. Which of the following should the IS auditor expect to find?

Question217: The FIRST step in data classification is to:

Question218: An IS auditor is reviewing a software-based firewall configuration. Which of the following represents the GREATEST vulnerability? The firewall software:

Question219: In the event of a data center disaster, which of the following would be the MOST appropriate strategy to enable a complete recovery of a critical database?

Question220: What is the BEST backup strategy for a large database with data supporting online sales?

Question221: .How is the time required for transaction processing review usually affected by properly implemented Electronic Data Interface (EDI)?

Question222: .Which of the following would provide the highest degree of server access control?

Question223: .An IS auditor should carefully review the functional requirements in a systems-development project to ensure that the project is designed to:

Question224: A team conducting a risk analysis is having difficulty projecting the financial losses that could result from a risk. To evaluate the potential losses, the team should:

Question225: The MOST significant security concern when using flash memory (e.g., USB removable disk) is that the:

Question226: .________________ (fill in the blank) should be implemented as early as data preparation to support data integrity at the earliest point possible.

Question227: What is the MOST effective method of preventing unauthorized use of data files?

Question228: Which of the following ensures a sender's authenticity and an e-mail's confidentiality?

Question229: An IS auditor reviewing wireless network security determines that the Dynamic Host Configuration Protocol is disabled at all wireless access points. This practice:

Question230: In a small organization, developers may release emergency changes directly to production. Which of the following will BEST control the risk in this situation?

Question231: .What are used as a countermeasure for potential database corruption when two processes attempt to simultaneously edit or update the same information? Choose the BEST answer.

Question232: The BEST method for assessing the effectiveness of a business continuity plan is to review the:

Question233: A trojan horse simply cannot operate autonomously.

Question234: Which of the following system and data conversion strategies provides the GREATEST redundancy?

Question235: The specific advantage of white box testing is that it:

Question236: A structured walk-through test of a disaster recovery plan involves:

Question237: Which of the following is a good tool to use to help enforcing the deployment of good passwords?

Question238: Which of the following does a lack of adequate security controls represent?

Question239: Which of the following can be thought of as the simplest and almost cheapest type of firewall?

Question240: Which of the following refers to an anomalous condition where a process attempts to store data beyond the boundaries of a fixed length buffer?

Question241: Inadequate programming and coding practices introduce the risk of:

Question242: To ensure that audit resources deliver the best value to the organization, the FIRST step would be to:

Question243: A LAN administrator normally would be restricted from:

Question244: To reduce the possibility of losing data during processing, the FIRST point at which control totals should be implemented is:

Question245: .What type of risk results when an IS auditor uses an inadequate test procedure and concludes that material errors do not exist when errors actually exist?

Question246: A firm is considering using biometric fingerprint identification on all PCs that access critical datA. This requires:

Question247: The use of digital signatures:

Question248: When planning to add personnel to tasks imposing time constraints on the duration of a project, which of the following should be revalidated FIRST?

Question249: Which of the following should be a concern to an IS auditor reviewing a wireless network?

Question250: Which of the following procedures would BEST determine whether adequate recovery/restart procedures exist?

Question251: .As compared to understanding an organization's IT process from evidence directly collected, how valuable are prior audit reports as evidence?

Question252: .Ensuring that security and control policies support business and IT objectives is a primary objective of:

Question253: A major portion of what is required to address nonrepudiation is accomplished through the use of:

Question254: .What uses questionnaires to lead the user through a series of choices to reach a conclusion? Choose the BEST answer.

Question255: A company uses a bank to process its weekly payroll. Time sheets and payroll adjustment forms (e.g., hourly rate changes, terminations) are completed and delivered to the bank, which prepares checks (cheques) and reports for distribution. To BEST ensure payroll data accuracy:

Question256: The most common reason for the failure of information systems to meet the needs of users is that:

Question257: .Who assumes ownership of a systems-development project and the resulting system?

Question258: Which of the following is a tool you can use to simulate a big network structure on a single computer?

Question259: During a business continuity audit an IS auditor found that the business continuity plan (BCP) covered only critical processes. The IS auditor should:

Question260: When reviewing an organization's strategic IT plan an IS auditor should expect to find:

Question261: Documentation of a business case used in an IT development project should be retained until:

Question262: The GREATEST advantage of rapid application development (RAD) over the traditional system development life cycle (SDLC) is that it:

Question263: Machines that operate as a closed system can NEVER be eavesdropped.

Question264: Which of the following will help detect changes made by an intruder to the system log of a server?

Question265: At the completion of a system development project, a postproject review should include which of the following?

Question266: A proposed transaction processing application will have many data capture sources and outputs in paper and electronic form. To ensure that transactions are not lost during processing, an IS auditor should recommend the inclusion of:

Question267: An IS auditor has completed a network audit. Which of the following is the MOST significant logical security finding?

Question268: Which of the following refers to a symmetric key cipher which operates on fixedlength groups of bits with an unvarying transformation?

Question269: The human resources (HR) department has developed a system to allow employees to enroll in benefits via a web site on the corporate Intranet. Which of the following would protect the confidentiality of the data?

Question270: .IS auditors are MOST likely to perform compliance tests of internal controls if, after their initial evaluation of the controls, they conclude that control risks are within the acceptable limits. True or false?

Question271: A live test of a mutual agreement for IT system recovery has been carried out, including a four-hour test of intensive usage by the business units. The test has been successful, but gives only partial assurance that the:

Question272: An IS auditor conducting a review of disaster recovery planning (DRP) at a financial processing organization has discovered the following:
The existing disaster recovery plan was compiled two years earlier by a systems analyst in the organization's IT department using transaction flow projections from the operations department.
The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting their attention.
The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for its area in the event of a disruptive incident. The IS auditor's report should recommend that:

Question273: .What should an IS auditor do if he or she observes that project-approval procedures do not exist?

Question274: Which of the following presents an inherent risk with no distinct identifiable preventive controls?

Question275: In addition to the backup considerations for all systems, which of the following is an important consideration in providing backup for online systems?

Question276: An IS auditor was hired to review e-business security. The IS auditor's first task was to examine each existing e-business application looking for vulnerabilities. What would be the next task?

Question277: Talking about biometric authentication, which of the following is often considered as a mix of both physical and behavioral characteristics?

Question278: An IS auditor should recommend the use of library control software to provide reasonable assurance that:

Question279: When evaluating the collective effect of preventive, detective or corrective controls within a process, an IS auditor should be aware of which of the following?

Question280: For a discretionary access control to be effective, it must:

Question281: A large chain of shops with electronic funds transfer (EFT) at point-of-sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communications processor?

Question282: A comprehensive and effective e-mail policy should address the issues of e-mail structure, policy enforcement, monitoring and:

Question283: Which of the following is a feature of an intrusion detection system (IDS)?

Question284: IT governance is PRIMARILY the responsibility of the:

Question285: A poor choice of passwords and transmission over unprotected communications lines are examples of:

Question286: .What supports data transmission through split cable facilities or duplicate cable facilities?

Question287: The PRIMARY objective of testing a business continuity plan is to:

Question288: .Function Point Analysis (FPA) provides an estimate of the size of an information system based only on the number and complexity of a system's inputs and outputs. True or false?

Question289: An advantage of the use of hot sites as a backup alternative is that:

Question290: Accountability for the maintenance of appropriate security measures over information assets resides with the:

Question291: Which of the following components is responsible for the collection of data in an intrusion detection system (IDS)?

Question292: Failure in which of the following testing stages would have the GREATEST impact on the implementation of new application software?

Question293: When performing a computer forensic investigation, in regard to the evidence gathered, an IS auditor should be MOST concerned with:

Question294: .What are often the primary safeguards for systems software and data?

Question295: Responsibility for the governance of IT should rest with the:

Question296: .What is an edit check to determine whether a field contains valid data?

Question297: "Under the concept of ""defense in depth"", subsystems should be designed to:"

Question298: When developing a risk management program, what is the FIRST activity to be performed?

Question299: .What type of BCP test uses actual resources to simulate a system crash and validate the plan's effectiveness?

Question300: Responsibility and reporting lines cannot always be established when auditing automated systems since:

Question301: When selecting audit procedures, an IS auditor should use professional judgment to ensure that:

Question302: The PRIMARY purpose of audit trails is to:

Question303: .Which of the following is MOST is critical during the business impact assessment phase of business continuity planning?

Question304: Web and e-mail filtering tools are PRIMARILY valuable to an organization because they:

Question305: Which of the following refers to the act of creating and using an invented scenario to persuade a target to perform an action?

Question306: Which of the following is the BEST type of program for an organization to implement to aggregate, correlate and store different log and event files, and then produce weekly and monthly reports for IS auditors?

Question307: Which of the following BEST supports the prioritization of new IT projects?

Question308: Which of the following virus prevention techniques can be implemented through hardware?

Question309: .What type of fire-suppression system suppresses fire via water that is released from a main valve to be delivered via a system of dry pipes installed throughout the facilities?

Question310: An organization has a mix of access points that cannot be upgraded to stronger security and newer access points having advanced wireless security. An IS auditor recommends replacing the nonupgradeabie access points. Which of the following would BEST justify the IS auditor's recommendation?

Question311: Which of the following techniques would BEST help an IS auditor gain reasonable assurance that a project can meet its target date?

Question312: Change control for business application systems being developed using prototyping could be complicated by the:

Question313: Which of the following is the MOST critical and contributes the greatest to the quality of data in a data warehouse?

Question314: An organization has a recovery time objective (RTO) equal to zero and a recovery point objective (RPO) close to 1 minute for a critical system. This implies that the system can tolerate:

Question315: Which of the following terms refers to systems designed to detect and prevent the unauthorized transmission of information from the computer systems of an organization to outsiders?

Question316: Transmitting redundant information with each character or frame to facilitate detection and correction of errors is called a:

Question317: As an outcome of information security governance, strategic alignment provides:

Question318: Minimum password length and password complexity verification are examples of:

Question319: In an online banking application, which of the following would BEST protect against identity theft?

Question320: When reviewing an intrusion detection system (IDS), an IS auditor should be MOST concerned about which of the following?

Question321: .What can be implemented to provide the highest level of protection from external attack?

Question322: .Digital signatures require the sender to "sign" the data by encrypting the data with the sender's public key, to then be decrypted by the recipient using the recipient's private key. True or false?

Question323: Which of the following would MOST likely indicate that a customer data warehouse should remain in-house rather than be outsourced to an offshore operation?

Question324: An organization is migrating from a legacy system to an enterprise resource planning (ERP) system. While reviewing the data migration activity, the MOST important concern for the IS auditor is to determine that there is a:

Question325: While copying files from a floppy disk, a user introduced a virus into the network. Which of the following would MOST effectively detect the existence of the virus?

Question326: When performing a review of the structure of an electronic funds transfer (EFT) system, an IS auditor observes that the technological infrastructure is based on a centralized processing scheme that has been outsourced to a provider in another country. Based on this information, which of the following conclusions should be the main concern of the IS auditor?

Question327: .What is a data validation edit control that matches input data to an occurrence rate? Choose the BEST answer.

Question328: Which of the following intrusion detection systems (IDSs) monitors the general patterns of activity and traffic on a network and creates a database?

Question329: What should be the GREATEST concern to an IS auditor when employees use portable media (MP3 players, flash drives)?

Question330: .Which of the following provides the strongest authentication for physical access control?

Question331: The decisions and actions of an IS auditor are MOST likely to affect which of the following risks?

Question332: Which of the following exposures could be caused by a line grabbing technique?

Question333: .Regarding digital signature implementation, which of the following answers is correct?

Question334: In a public key infrastructure (PKI), the authority responsible for the identification and authentication of an applicant for a digital certificate (i.e., certificate subjects) is the:

Question335: IS management recently replaced its existing wired local area network (LAN) with a wireless infrastructure to accommodate the increased use of mobile devices within the organization. This will increase the risk of which of the following attacks?

Question336: Which of the following audit techniques would BEST aid an auditor in determining whether there have been unauthorized program changes since the last authorized program update?

Question337: To support an organization's goals, an IS department should have:

Question338: An IS auditor identifies that reports on product profitability produced by an organization's finance and marketing departments give different results. Further investigation reveals that the product definition being used by the two departments is different. What should the IS auditor recommend?

Question339: In a client-server architecture, a domain name service (DNS) is MOST important because it provides the:

Question340: Which of the following would effectively verify the originator of a transaction?

Question341: When evaluating the controls of an EDI application, an IS auditor should PRIMARILY be concerned with the risk of:

Question342: Which of the following is the BEST method for determining the criticality of each application system in the production environment?

Question343: When identifying an earlier project completion time, which is to be obtained by paying a premium for early completion, the activities that should be selected are those:

Question344: .Business process re-engineering often results in ______________ automation, which results in _____________ number of people using technology. Fill in the blanks.

Question345: .Rather than simply reviewing the adequacy of access control, appropriateness of access policies, and effectiveness of safeguards and procedures, the IS auditor is more concerned with effectiveness and utilization of assets. True or false?

Question346: The PRIMARY reason an IS auditor performs a functional walkthrough during the preliminary phase of an audit assignment is to:

Question347: .Who is accountable for maintaining appropriate security measures over information assets?

Question348: .Which of the following can degrade network performance? Choose the BEST answer.

Question349: A top-down approach to the development of operational policies will help ensure:

Question350: What is the BEST action to prevent loss of data integrity or confidentiality in the case of an e-commerce application running on a LAN, processing electronic fund transfers (EFT) and orders?

Question351: The development of an IS security policy is ultimately the responsibility of the:

Question352: In an organization where an IT security baseline has been defined, an IS auditor should FIRST ensure:

Question353: Which of the following is the MOST effective control over visitor access to a data center?

Question354: Which of the following will prevent dangling tuples in a database?

Question355: The feature of a digital signature that ensures the sender cannot later deny generating and sending the message is called:

Question356: The MOST important difference between hashing and encryption is that hashing:

Question357: When reviewing a hardware maintenance program, an IS auditor should assess whether:

Question358: Reverse proxy technology for web servers should be deployed if:

Question359: When assessing the design of network monitoring controls, an IS auditor should FIRST review network:

Question360: The GREATEST benefit in implementing an expert system is the:

Question361: .What is often assured through table link verification and reference checks?

Question362: .How does the process of systems auditing benefit from using a risk-based approach to audit planning?

Question363: An IS auditor performing an independent classification of systems should consider a situation where functions could be performed manually at a tolerable cost for an extended period of time as:

Question364: In a client-server system, which of the following control techniques is used to inspect activity from known or unknown users?

Question365: .How can minimizing single points of failure or vulnerabilities of a common disaster best be controlled?

Question366: Which of the following programs would a sound information security policy MOST likely include to handle suspected intrusions?

Question367: Which of the following are designed to detect network attacks in progress and assist in post-attack forensics?

Question368: The logical exposure associated with the use of a checkpoint restart procedure is:

Question369: TEMPEST is a hardware for which of the following purposes?

Question370: A business application system accesses a corporate database using a single ID and password embedded in a program. Which of the following would provide efficient access control over the organization's data?

Question371: The MOST important success factor in planning a penetration test is:

Question372: From a risk management point of view, the BEST approach when implementing a large and complex IT infrastructure is:

Question373: Which of the following is the MOST important criterion when selecting a location for an offsite storage facility for IS backup files? The offsite facility must be:

Question374: Before implementing controls, management should FIRST ensure that the controls:

Question375: When reviewing an active project, an IS auditor observed that, because of a reduction in anticipated benefits and increased costs, the business case was no longer valid. The IS auditor should recommend that the:

Question376: .Which of the following could lead to an unintentional loss of confidentiality? Choose the BEST answer.

Question377: The MAIN purpose for periodically testing offsite facilities is to:

Question378: Which of the following would be the MOST effective audit technique for identifying segregation of duties violations in a new enterprise resource planning (ERP) implementation?

Question379: Which of the following acts as a decoy to detect active internet attacks?

Question380: An IS auditor noted that an organization had adequate business continuity plans (BCPs) for each individual process, but no comprehensive BCP. Which would be the BEST course of action for the IS auditor?

Question381: Sending a message and a message hash encrypted by the sender's private key will ensure:

Question382: Which of the following is the BEST information source for management to use as an aid in the identification of assets that are subject to laws and regulations?

Question383: Which of the following is a mechanism for mitigating risks?

Question384: Which of the following types of firewalls would BEST protect a network from an internet attack?

Question385: Doing which of the following during peak production hours could result in unexpected downtime?

Question386: Which of the following is MOST critical when creating data for testing the logic in a new or modified application system?

Question387: Which of the following would be the GREATEST cause for concern when data are sent over the Internet using HTTPS protocol?

Question388: During the design of a business continuity plan, the business impact analysis (BIA) identifies critical processes and supporting applications. This will PRIMARILY influence the:

Question389: Which of the following user profiles should be of MOST concern to an IS auditor when performing an audit of an EFT system?

Question390: .What type(s) of firewalls provide(s) the greatest degree of protection and control because both firewall technologies inspect all seven OSI layers of network traffic?

Question391: .What can be used to gather evidence of network attacks?

Question392: When using a universal storage bus (USB) flash drive to transport confidential corporate data to an offsite location, an effective control would be to:

Question393: As part of the business continuity planning process, which of the following should be identified FIRST in the business impact analysis?

Question394: .How is the risk of improper file access affected upon implementing a database system?

Question395: Which of the following correctly describe the potential problem of deploying Wi-Fi Protected Access to secure your wireless network?

Question396: A critical function of a firewall is to act as a:

Question397: A programmer maliciously modified a production program to change data and then restored the original code. Which of the following would MOST effectively detect the malicious activity?

Question398: In reviewing the IS short-range (tactical) plan, an IS auditor should determine whether:

Question399: Over the long term, which of the following has the greatest potential to improve the security incident response process?

Question400: Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly?

Question401: Which of the following will replace system binaries and/or hook into the function calls of the operating system to hide the presence of other programs (choose the most precise answer)?

Question402: For application acquisitions with significant impacts, participation of your IS audit team should be encouraged:

Question403: The FIRST step in a successful attack to a system would be:

Question404: In regard to moving an application program from the test environment to the production environment, the BEST control would be to have the:

Question405: .What is an initial step in creating a proper firewall policy?

Question406: An IS auditor recommends that an initial validation control be programmed into a credit card transaction capture application. The initial validation process would MOST likely:

Question407: Which of the following methods of suppressing a fire in a data center is the MOST effective and environmentally friendly?

Question408: .Who is responsible for the overall direction, costs, and timetables for systems-development projects?

Question409: .An off-site processing facility should be easily identifiable externally because easy identification helps ensure smoother recovery. True or false?

Question410: Which of the following would BEST provide assurance of the integrity of new staff?

Question411: The potential for unauthorized system access by way of terminals or workstations within an organization's facility is increased when:

Question412: To minimize costs and improve service levels an outsourcer should seek which of the following contract clauses?

Question413: .Allowing application programmers to directly patch or change code in production programs increases risk of fraud. True or false?

Question414: Which of the following should an IS auditor recommend to BEST enforce alignment of an IT project portfolio with strategic organizational priorities?

Question415: .An IS auditor is using a statistical sample to inventory the tape library. What type of test would this be considered?

Question416: An organization has an integrated development environment (IDE) on which the program libraries reside on the server, but modification/development and testing are done from PC workstations. Which of the following would be a strength of an IDE?

Question417: .Which of the following is a good control for protecting confidential data residing on a PC?

Question418: IT control objectives are useful to IS auditors, as they provide the basis for understanding the:

Question419: The FIRST step in managing the risk of a cyber attack is to:

Question420: Which of the following BEST ensures the integrity of a server's operating system?

Question421: The BEST filter rule for protecting a network from being used as an amplifier in a denial of service (DoS) attack is to deny all:

Question422: Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)?

Question423: When reviewing a project where quality is a major concern, an IS auditor should use the project management triangle to explain that:

Question424: Which of the following would be MOST important for an IS auditor to verify when conducting a business continuity audit?

Question425: Which of the following is a dynamic analysis tool for the purpose of testing software modules?

Question426: Screening router inspects traffic through examining:

Question427: Before implementing an IT balanced scorecard, an organization must:

Question428: Regarding a disaster recovery plan, the role of an IS auditor should include:

Question429: Which of the following tasks should be performed FIRST when preparing a disaster recovery plan?

Question430: An organization has outsourced its help desk. Which of the following indicators would be the best to include in the SLA?

Question431: An organization is planning to replace its wired networks with wireless networks. Which of the following would BEST secure the wireless network from unauthorized access?

Question432: Which of the following would be the BEST overall control for an Internet business looking for confidentiality, reliability and integrity of data?

Question433: The BEST overall quantitative measure of the performance of biometric control devices is:

Question434: .Why does the IS auditor often review the system logs?

Question435: Disaster recovery planning (DRP) addresses the:

Question436: If a database is restored using before-image dumps, where should the process begin following an interruption?

Question437: Disaster recovery planning (DRP) for a company's computer system usually focuses on:

Question438: An IS auditor finds that a system under development has 12 linked modules and each item of data can carry up to 10 definable attribute fields. The system handles several million transactions a year. Which of these techniques could an IS auditor use to estimate the size of the development effort?

Question439: A virus typically consists of what major parts (choose all that apply):

Question440: Which of the following is a general operating system access control function?

Question441: Which of the following append themselves to files as a protection against viruses?

Question442: Which of the following would be the MOST significant audit finding when reviewing a point-of-sale (POS) system?

Question443: An IS auditor performing an application maintenance audit would review the log of program changes for the:

Question444: .When should reviewing an audit client's business plan be performed relative to reviewing an organization's IT strategic plan?

Question445: A TCP/IP-based environment is exposed to the Internet. Which of the following BEST ensures that complete encryption and authentication protocols exist for protecting information while transmitted?

Question446: To minimize the cost of a software project, quality management techniques should be applied:

Question447: Which of the following would MOST effectively control the usage of universal storage bus (USB) storage devices?

Question448: An offsite information processing facility with electrical wiring, air conditioning and flooring, but no computer or communications equipment, is a:

Question449: The ability of the internal IS audit function to achieve desired objectives depends largely on:

Question450: Which of the following would be the BEST population to take a sample from when testing program changes?

Question451: When conducting a penetration test of an IT system, an organization should be MOST concerned with:

Question452: When reviewing the IT strategic planning process, an IS auditor should ensure that the plan:

Question453: Which of the following would be of MOST concern to an IS auditor reviewing a virtual private network (VPN) implementation? Computers on the network that are located:

Question454: Change management procedures are established by IS management to:

Question455: After implementation of a disaster recovery plan, pre-disaster and post-disaster operational costs for an organization will:

Question456: .Which of the following can help detect transmission errors by appending specially calculated bits onto the end of each segment of data?

Question457: When reviewing the implementation of a LAN, an IS auditor should FIRST review the:

Question458: .What type of cryptosystem is characterized by data being encrypted by the sender using the recipient's public key, and the data then being decrypted using the recipient's private key?

Question459: Which of the following types of firewalls provide the GREATEST degree and granularity of control?

Question460: In wireless communication, which of the following controls allows the device receiving the communications to verify that the received communications have not been altered in transit?

Question461: Which of the following is a rewrite of ipfwadm?

Question462: Which of the following should be the MOST important consideration when deciding areas of priority for IT governance implementation?

Question463: The MOST effective control for addressing the risk of piggybacking is:

Question464: .Which of the following exploit vulnerabilities to cause loss or damage to the organization and its assets?

Question465: When auditing security for a data center, an IS auditor should look for the presence of a voltage regulator to ensure that the:

Question466: To prevent unauthorized entry to the data maintained in a dial-up, fast response system, an IS auditor should recommend:

Question467: An IS auditor reviewing an organization's IS disaster recovery plan should verify that it is:

Question468: .What is the most common reason for information systems to fail to meet the needs of users? Choose the BEST answer.

Question469: An IS auditor selects a server for a penetration test that will be carried out by a technical specialist. Which of the following is MOST important?

Question470: In a public key infrastructure, a registration authority:

Question471: With the help of a security officer, granting access to data is the responsibility of:

Question472: Sophisticated database systems provide many layers and types of security, including (choose all that apply):

Question473: During a postimplementation review of an enterprise resource management system, an IS auditor would MOST likely:

Question474: The MOST important reason for an IS auditor to obtain sufficient and appropriate audit evidence is to:

Question475: The most common problem in the operation of an intrusion detection system (IDS) is:

Question476: The Federal Information Processing Standards (FIPS) are primarily for use by (choose all that apply):

Question477: Software is considered malware based on:

Question478: Which of the following would impair the independence of a quality assurance team?

Question479: When reviewing a digital certificate verification process, which of the following findings represents the MOST significant risk?

Question480: In determining the acceptable time period for the resumption of critical business processes:

Question481: To ensure an organization is complying with privacy requirements, an IS auditor should FIRST review:

Question482: An organization having a number of offices across a wide geographical area has developed a disaster recovery plan. Using actual resources, which of the following is the MOST cost-effective test of the disaster recovery plan?

Question483: A legacy payroll application is migrated to a new application. Which of the following stakeholders should be PRIMARILY responsible for reviewing and signing-off on the accuracy and completeness of the data before going live?

Question484: At a hospital, medical personal carry handheld computers which contain patient health datA. These handheld computers are synchronized with PCs which transfer data from a hospital database. Which of the following would be of the most importance?

Question485: An IS auditor finds that, in accordance with IS policy, IDs of terminated users are deactivated within 90 days of termination. The IS auditor should:

Question486: Which of the following functions is performed by a virtual private network (VPN)?

Question487: A penetration test performed as part of evaluating network security:

Question488: To develop a successful business continuity plan, end user involvement is critical during which of the following phases?

Question489: Which of the following is a benefit of using callback devices?

Question490: An IS auditor finds that not all employees are aware of the enterprise's information security policy. The IS auditor should conclude that:

Question491: The vice president of human resources has requested an audit to identify payroll overpayments for the previous year. Which would be the BEST audit technique to use in this situation? A) Test data

Question492: Which of the following network configuration options contains a direct link between any two host machines?

Question493: An organization has outsourced its help desk activities. An IS auditor's GREATEST concern when reviewing the contract and associated service level agreement (SLA) between the organization and vendor should be the provisions for:

Question494: A technical lead who was working on a major project has left the organization. The project manager reports suspicious system activities on one of the servers that is accessible to the whole team. What would be of GREATEST concern if discoveredduring a forensic investigation?

Question495: .When should an application-level edit check to verify that availability of funds was completed at the electronic funds transfer (EFT) interface?

Question496: Which of the following is a benefit of using a callback device?

Question497: During a review of a business continuity plan, an IS auditor noticed that the point at which a situation is declared to be a crisis has not been defined. The MAJOR risk associated with this is that:

Question498: .What is an effective control for granting temporary access to vendors and external support personnel? Choose the BEST answer.

Question499: Which of the following types of attack works by taking advantage of the unenforced and unchecked assumptions the system makes about its inputs?

Question500: Which of the following should an IS auditor recommend for the protection of specific sensitive information stored in the data warehouse?

Question501: Which of the following should be seen as one of the most significant factors considered when determining the frequency of IS audits within your organization?

Question502: Network Data Management Protocol (NDMP) technology should be used for backup if:

Question503: An organization has outsourced its wide area network (WAN) to a third-party service provider. Under these circumstances, which of the following is the PRIMARY task the IS auditor should perform during an audit of business continuity (BCP) and disaster recovery planning (DRP)?

Question504: .What does PKI use to provide some of the strongest overall control over data confidentiality, reliability, and integrity for Internet transactions?

Question505: A database administrator is responsible for:

Question506: Which of the following is normally a responsibility of the chief security officer (CSO)?

Question507: .What kind of protocols does the OSI Transport Layer of the TCP/IP protocol suite provide to ensure reliable communication?

Question508: A long-term IS employee with a strong technical background and broad managerial experience has applied for a vacant position in the IS audit department. Determining whether to hire this individual for this position should be based on the individual'sexperience and:

Question509: .With the objective of mitigating the risk and impact of a major business interruption, a disasterrecovery plan should endeavor to reduce the length of recovery time necessary, as well as costs associated with recovery. Although DRP results in an increase of pre-and post-incident operational costs, the extra costs are more than offset by reduced recovery and business impact costs. True or false?

Question510: Which of the following will BEST ensure the successful offshore development of business applications?

Question511: .Which of the following do digital signatures provide?

Question512: Which of the following is BEST suited for secure communications within a small group?

Question513: Assuming this diagram represents an internal facility and the organization is implementing a firewall protection program, where should firewalls be installed?

Question514: A manufacturing firm wants to automate its invoice payment system. Objectives state that the system should require considerably less time for review and authorization and the system should be capable of identifying errors that require follow up. Which of the following would BEST meet these objectives?

Question515: Which of the following is a characteristic of timebox management?

Question516: To assist an organization in planning for IT investments, an IS auditor should recommend the use of:

Question517: .Of the three major types of off-site processing facilities, what type is characterized by at least providing for electricity and HVAC?

Question518: After a full operational contingency test, an IS auditor performs a review of the recovery steps. The auditor concludes that the time it took for the technological environment and systems to return to full-functioning exceeded the required critical recovery time. Which of the following should the auditor recommend?

Question519: Which of the following provides the best evidence of the adequacy of a security awareness program?

Question520: Buffer overflow aims primarily at corrupting:

Question521: Use of asymmetric encryption in an internet e-commerce site, where there is one private key for the hosting server and the public key is widely distributed to the customers, is MOST likely to provide comfort to the:

Question522: An IS auditor performing a review of the backup processing facilities should be MOST concerned that:

Question523: Effective IT governance requires organizational structures and processes to ensure that:

Question524: Assessing IT risks is BEST achieved by:

Question525: An organization has recently installed a security patch, which crashed the production server. To minimize the probability of this occurring again, an IS auditor should:

Question526: The advantage of a bottom-up approach to the development of organizational policies is that the policies:

Question527: .What should IS auditors always check when auditing password files?

Question528: .Which of the following typically focuses on making alternative processes and resources available for transaction processing?

Question529: .Which of the following should an IS auditor review to determine user permissions that have been granted for a particular resource? Choose the BEST answer.

Question530: When implementing an application software package, which of the following presents the GREATEST risk?

Question531: When performing an audit of access rights, an IS auditor should be suspicious of which of the following if allocated to a computer operator?

Question532: A number of system failures are occurring when corrections to previously detected errors are resubmitted for acceptance testing. This would indicate that the maintenance team is probably not adequately performing which of the following types of testing?

Question533: An offsite information processing facility having electrical wiring, air conditioning and flooring, but no computer or communications equipment is a:

Question534: An organization is using symmetric encryption. Which of the following would be a valid reason for moving to asymmetric encryption? Symmetric encryption:

Question535: An IS auditor should use statistical sampling and not judgment (nonstatistical) sampling, when:

Question536: .Which of the following would prevent accountability for an action performed, thus allowing nonrepudiation?

Question537: The PRIMARY objective of an audit of IT security policies is to ensure that:

Question538: When reviewing an implementation of a VoIP system over a corporate WAN, an IS auditor should expect to find:

Question539: Which of the following devices extends the network and has the capacity to store frames and act as a storage and forward device?

Question540: A comprehensive IS audit policy should include guidelines detailing what involvement the internal audit team should have?

Question541: Ideally, stress testing should be carried out in a:

Question542: Following best practices, formal plans for implementation of new information systems are developed during the:

Question543: To gain an understanding of the effectiveness of an organization's planning and management of investments in IT assets, an IS auditor should review the:

Question544: .What is a common vulnerability, allowing denial-of-service attacks?

Question545: Which of the following is the BEST performance criterion for evaluating the adequacy of an organization's security awareness training?

Question546: An example of a direct benefit to be derived from a proposed IT-related business investment is:

Question547: .Which of the following is the MOST critical step in planning an audit?

Question548: An IS auditor performing detailed network assessments and access control reviews should FIRST:

Question549: .Which of the following help(s) prevent an organization's systems from participating in a distributed denial-of-service (DDoS) attack? Choose the BEST answer.

Question550: An IS auditor who was involved in designing an organization's business continuity plan (BCP) has been assigned to audit the plan. The IS auditor should:

Question551: .Which of the following is often used as a detection and deterrent control against Internet attacks?

Question552: During the system testing phase of an application development project the IS auditor should review the:

Question553: Which of the following is the PRIMARY objective of an IT performance measurement process?

Question554: Which of the following is a control over component communication failure/errors?

Question555: Which of the following activities performed by a database administrator (DBA) should be performed by a different person?

Question556: An organization has created a policy that defines the types of web sites that users are forbidden to access. What is the MOST effective technology to enforce this policy?

Question557: The objective of concurrency control in a database system is to:

Question558: An organization has been recently downsized, in light of this, an IS auditor decides to test logical access controls. The IS auditor's PRIMARY concern should be that:

Question559: An IS auditor reviewing digital rights management (DRM) applications should expect to find an extensive use for which of the following technologies?

Question560: While evaluating software development practices in an organization, an IS auditor notes that the quality assurance (QA) function reports to project management. The MOST important concern for an IS auditor is the:

Question561: .What is the recommended initial step for an IS auditor to implement continuous-monitoring systems?

Question562: A database administrator has detected a performance problem with some tables which could be solved through denormalization. This situation will increase the risk of:

Question563: A company undertakes a business process reengineering (BPR) project in support of a new and direct marketing approach to its customers. Which of the following would be an IS auditor's main concern about the new process?

Question564: Which of the following is the MOST robust method for disposing of magnetic media that contains confidential information?

Question565: An organization is considering connecting a critical PC-based system to the Internet. Which of the following would provide the BEST protection against hacking?

Question566: Which of the following is MOST directly affected by network performance monitoring tools?

Question567: Which of the following are valid examples of Malware (choose all that apply):

Question568: A hard disk containing confidential data was damaged beyond repair. What should be done to the hard disk to prevent access to the data residing on it?

Question569: An organization's IS audit charter should specify the:

Question570: Which of the following is MOST critical for the successful implementation and maintenance of a security policy?

Question571: Which of the following is the GREATEST risk when implementing a data warehouse?

Question572: While reviewing the IT infrastructure, an IS auditor notices that storage resources are continuously being added. The IS auditor should:

Question573: As updates to an online order entry system are processed, the updates are recorded on a transaction tape and a hard copy transaction log. At the end of the day, the order entry files are backed up on tape. During the backup procedure, a drive malfunctions and the order entry files are lost. Which of the following is necessary to restore these files?

Question574: An IS auditor should expect which of the following items to be included in the request for proposal (RFP) when IS is procuring services from an independent service provider (ISP)?

Question575: .Who is ultimately responsible and accountable for reviewing user access to systems?

Question576: Which of the following is the MOST reasonable option for recovering a noncritical system?

Question577: Which of the following cryptographic systems is MOST appropriate for bulk data encryption and small devices such as smart cards?

Question578: Which of the following should an IS auditor use to detect duplicate invoice records within an invoice master file?

Question579: The BEST method of proving the accuracy of a system tax calculation is by:

Question580: Which of the following provides the GREATEST assurance of message authenticity?

Question581: .Proper segregation of duties prevents a computer operator (user) from performing security administration duties. True or false?

Question582: The 'trusted systems' approach has been predominant in the design of:

Question583: .If an IS auditor observes that an IS department fails to use formal documented methodologies, policies, and standards, what should the auditor do? Choose the BEST answer.

Question584: Talking about biometric measurement, which of the following measures the percent of invalid users who are incorrectly accepted in?

Question585: Back Orifice is an example of:

Question586: An IS auditor reviewing the implementation of an intrusion detection system (IDS) should be MOST concerned if:

Question587: Which of the following is an appropriate test method to apply to a business continuity plan (BCP)?

Question588: Which of the following is the MOST important consideration when defining recovery point objectives (RPOs)?

Question589: During what process should router access control lists be reviewed?

Question590: The GREATEST risk when end users have access to a database at its system level, instead of through the application, is that the users can:

Question591: E-mail traffic from the Internet is routed via firewall-1 to the mail gateway. Mail is routed from the mail gateway, via firewall-2, to the mail recipients in the internal network. Other traffic is not allowed. For example, the firewalls do not allow direct traffic from the Internet to the internal network.

The intrusion detection system (IDS) detects traffic for the internal network that did not originate from the mail gateway. The FIRST action triggered by the IDS should be to:

Question592: An IS auditor inspected a windowless room containing phone switching and networking equipment and documentation binders. The room was equipped with two handheld fire extinguishers-one filled with CO2, the other filled with halon. Which ofthe following should be given the HIGHEST priority in the auditor's report?

Question593: Which of the following sampling methods is MOST useful when testing for compliance?

Question594: When reviewing an organization's logical access security, which of the following should be of MOST concern to an IS auditor?

Question595: .Which type of major BCP test only requires representatives from each operational area to meet to review the plan?

Question596: .Proper segregation of duties does not prohibit a quality control administrator from also being responsible for change control and problem management. True or false?

Question597: .When is regression testing used to determine whether new application changes have introduced any errors in the remaining unchanged code?

Question598: Which audit technique provides the BEST evidence of the segregation of duties in an IS department?

Question599: In transport mode, the use of the Encapsulating Security Payload (ESP) protocol is advantageous over the Authentication Header (AH) protocol because it provides:

Question600: An IS auditor has identified the lack of an authorization process for users of an application. The IS auditor's main concern should be that:

Question601: In an EDI process, the device which transmits and receives electronic documents is the:

Question602: Which of the following types of transmission media provide the BEST security against unauthorized access?

Question603: Which of the following recovery strategies is MOST appropriate for a business having multiple offices within a region and a limited recovery budget?

Question604: .After an IS auditor has identified threats and potential impacts, the auditor should:

Question605: The knowledge base of an expert system that uses questionnaires to lead the user through a series of choices before a conclusion is reached is known as:

Question606: The IS management of a multinational company is considering upgrading its existing virtual private network (VPN) to support voice-over IP (VoIP) communications via tunneling. Which of the following considerations should be PRIMARILY addressed?

Question607: The success of control self-assessment (CSA) highly depends on:

Question608: .What is essential for the IS auditor to obtain a clear understanding of network management?

Question609: Which of the following would normally be the MOST reliable evidence for an auditor?

Question610: Vendors have released patches fixing security flaws in their software. Which of the following should an IS auditor recommend in this situation?

Question611: An appropriate control for ensuring the authenticity of orders received in an EDI application is to:

Question612: In a small organization, an employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend?

Question613: Which of the following data validation edits is effective in detecting transposition and transcription errors?

Question614: .What type of risk is associated with authorized program exits (trap doors)? Choose the BEST answer.

Question615: Which of the following processes should an IS auditor recommend to assist in the recording of baselines for software releases?

Question616: Which of the following should be of MOST concern to an IS auditor reviewing the BCP?

Question617: .Of the three major types of off-site processing facilities, what type is often an acceptable solution for preparing for recovery of noncritical systems and data?

Question618: .What is used as a control to detect loss, corruption, or duplication of data?

Question619: "Which of the following BEST describes the concept of ""defense in depth""?"

Question620: An IS auditor issues an audit report pointing out the lack of firewall protection features at the perimeter network gateway and recommends a vendor product to address this vulnerability. The IS auditor has failed to exercise:

Question621: To affix a digital signature to a message, the sender must first create a message digest by applying a cryptographic hashing algorithm against:

Question622: .Proper segregation of duties normally does not prohibit a LAN administrator from also having programming responsibilities. True or false?

Question623: Which of the following would an IS auditor use to determine if unauthorized modifications were made to production programs?

Question624: Which of the following controls would be MOST effective in ensuring that production source code and object code are synchronized?

Question625: A financial institution that processes millions of transactions each day has a central communications processor (switch) for connecting to automated teller machines (ATMs). Which of the following would be the BEST contingency plan for the communications processor?

Question626: A company has decided to implement an electronic signature scheme based on public key infrastructure. The user's private key will be stored on the computer's hard drive and protected by a password. The MOST significant risk of this approach is:

Question627: After initial investigation, an IS auditor has reasons to believe that fraud may be present. The IS auditor should:

Question628: Which of the following is the BEST way to satisfy a two-factor user authentication?

Question629: A local area network (LAN) administrator normally would be restricted from:

Question630: .Using the OSI reference model, what layer(s) is/are used to encrypt data?

Question631: Well-written risk assessment guidelines for IS auditing should specify which of the following elements at the least (choose all that apply):

Question632: .What process is used to validate a subject's identity?

Question633: The security level of a private key system depends on the number of:

Question634: The MOST significant level of effort for business continuity planning (BCP) generally is required during the:

Question635: Structured programming is BEST described as a technique that:

Question636: .Why does an IS auditor review an organization chart?

Question637: The responsibility for authorizing access to a business application system belongs to the:

Question638: When implementing an IT governance framework in an organization the MOST important objective is:

Question639: An organization is implementing an enterprise resource planning (ERP) application to meet its business objectives. Of the following, who is PRIMARILY responsible for overseeing the project in order to ensure that it is progressing in accordance with the project plan and that it will deliver the expected results?

Question640: Which of the following would contribute MOST to an effective business continuity plan (BCP)?

Question641: Which of the following is a data validation edit and control?

Question642: Which of the following controls would be the MOST comprehensive in a remote access network with multiple and diverse subsystems?

Question643: Which of the following controls would BEST detect intrusion?

Question644: Wi-Fi Protected Access implements the majority of which IEEE standard?

Question645: An IS auditor reviewing access controls for a client-server environment should FIRST:

Question646: Which of the following is an advantage of prototyping?

Question647: When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensure that:

Question648: The cost of ongoing operations when a disaster recovery plan is in place, compared to not having a disaster recovery plan, will MOST likely:

Question649: IT operations for a large organization have been outsourced. An IS auditor reviewing the outsourced operation should be MOST concerned about which of the following findings?

Question650: Which of the following must exist to ensure the viability of a duplicate information processing facility?

Question651: Which of the following should be considered FIRST when implementing a risk management program?

Question652: .What are intrusion-detection systems (IDS) primarily used for?

Question653: A company has contracted with an external consulting firm to implement a commercial financial system to replace its existing system developed in-house. in reviewing the proposed development approach, which of the following would be of GREATESTconcern?

Question654: An IS auditor who is reviewing incident reports discovers that, in one instance, an important document left on an employee's desk was removed and put in the garbage by the outsourced cleaning staff. Which of the following should the IS auditor recommend to management?

Question655: While planning an audit, an assessment of risk should be made to provide:

Question656: In auditing a web server, an IS auditor should be concerned about the risk of individuals gaining unauthorized access to confidential information through:

Question657: Which of the following is a prevalent risk in the development of end-user computing (EUC) applications?

Question658: After completing the business impact analysis (BIA), what is the next step in the business continuity planning process?

Question659: What is the MOST prevalent security risk when an organization implements remote virtual private network (VPN) access to its network?

Question660: With respect to the outsourcing of IT services, which of the following conditions should be of GREATEST concern to an IS auditor?

Question661: The MAIN criterion for determining the severity level of a service disruption incident is:

Question662: .Which of the following provides the BEST single-factor authentication?

Question663: Management considered two projections for its business continuity plan; plan A with two months to recover and plan B with eight months to recover. The recovery objectives are the same in both plans. It is reasonable to expect that plan B projected higher:

Question664: When preparing an audit report the IS auditor should ensure that the results are supported by:

Question665: When using an integrated test facility (ITF), an IS auditor should ensure that:

Question666: Which of the following should be of PRIMARY concern to an IS auditor reviewing the management of external IT service providers?

Question667: Which of the following are examples of tools for launching Distributed DoS Attack (choose all that apply):

Question668: When an organization is outsourcing their information security function, which of the following should be kept in the organization?

Question669: There are several methods of providing telecommunications continuity. The method of routing traffic through split cable or duplicate cable facilities is called:

Question670: Which of the following ensures the availability of transactions in the event of a disaster?

Question671: .Atomicity enforces data integrity by ensuring that a transaction is either completed in its entirely or not at all. Atomicity is part of the ACID test reference for transaction processing. True or false?

Question672: During the audit of an acquired software package, an IS auditor learned that the software purchase was based on information obtained through the Internet, rather than from responses to a request for proposal (RFP). The IS auditor should FIRST:

Question673: Which of the following issues should be the GREATEST concern to the IS auditor when reviewing an IT disaster recovery test?

Question674: Which of the following is the MOST important IS audit consideration when an organization outsources a customer credit review system to a third-party service provider? The provider:

Question675: The GREATEST advantage of using web services for the exchange of information between two systems is:

Question676: Which of the following controls will MOST effectively detect the presence of bursts of errors in network transmissions?

Question677: Which of the following BEST limits the impact of server failures in a distributed environment?

Question678: An organization has a number of branches across a wide geographical areA. To ensure that all aspects of the disaster recovery plan are evaluated in a cost effective manner, an IS auditor should recommend the use of a:

Question679: Which of the following types of attack involves a program that creates an infinite loop, makes lots of copies of itself, and continues to open lots of files?

Question680: The activation of an enterprise's business continuity plan should be based on predetermined criteria that address the:

Question681: Which of the following is the MOST important action in recovering from a cyberattack?

Question682: Which of the following is the BEST audit procedure to determine if a firewall is configured in compliance with an organization's security policy?

Question683: An integrated test facility is considered a useful audit tool because it:

Question684: When performing a database review, an IS auditor notices that some tables in the database are not normalized. The IS auditor should next:

Question685: Which of the following BEST describes the necessary documentation for an enterprise product reengineering (EPR) software installation?

Question686: Within a virus, which component is responsible for what the virus does to the victim file?

Question687: An IS auditor finds that conference rooms have active network ports. Which of the following is MOST important to ensure?

Question688: An internet-based attack using password sniffing can:

Question689: Data flow diagrams are used by IS auditors to:

Question690: Of the following alternatives, the FIRST approach to developing a disaster recovery strategy would be to assess whether:

Question691: An IS auditor is assigned to perform a postimplementation review of an application system. Which of the following situations may have impaired the independence of the IS auditor? The IS auditor:

Question692: Which of the following would an IS auditor consider to be the MOST important to review when conducting a business continuity audit?

Question693: Which of the following would BEST ensure continuity of a wide area network (WAN) across the organization?

Question694: A disaster recovery plan for an organization's financial system specifies that the recovery point objective (RPO) is no data loss and the recovery time objective (RTO) is 72 hours. Which of the following is the MOST cost-effective solution?

Question695: During the planning stage of an IS audit, the PRIMARY goal of an IS auditor is to:

Question696: .If a database is restored from information backed up before the last system image, which of the following is recommended?

Question697: .When auditing third-party service providers, an IS auditor should be concerned with which of the following? Choose the BEST answer.

Question698: Naming conventions for system resources are important for access control because they:

Question699: The Secure Sockets Layer (SSL) protocol addresses the confidentiality of a message through:

Question700: An advantage of using sanitized live transactions in test data is that:

Question701: An IS auditor can verify that an organization's business continuity plan (BCP) is effective by reviewing the:

Question702: Which of the following is MOST likely to result from a business process reengineering (BPR) project?

Question703: .What is a reliable technique for estimating the scope and cost of a software-development project?

Question704: The network of an organization has been the victim of several intruders' attacks. Which of the following measures would allow for the early detection of such incidents?

Question705: You should know the difference between an exploit and a vulnerability. Which of the following refers to a weakness in the system?

Question706: .Why is the WAP gateway a component warranting critical concern and review for the IS auditor when auditing and testing controls enforcing message confidentiality?

Question707: An organization can ensure that the recipients of e-mails from its employees can authenticate the identity of the sender by:

Question708: If the recovery time objective (RTO) increases:

Question709: The use of risk assessment tools for classifying risk factors should be formalized in your IT audit effort through:

Question710: The MAIN purpose of a transaction audit trail is to:

Question711: .In order to properly protect against unauthorized disclosure of sensitive data, how should hard disks be sanitized?

Question712: A company has implemented a new client-server enterprise resource planning (ERP) system. Local branches transmit customer orders to a central manufacturing facility. Which of the following would BEST ensure that the orders are entered accurately and the corresponding products are produced?

Question713: Most trojan horse programs are spread through:

Question714: A hub is a device that connects:

Question715: During a security audit of IT processes, an IS auditor found that there were no documented security procedures. The IS auditor should:

Question716: .When participating in a systems-development project, an IS auditor should focus on system controls rather than ensuring that adequate and complete documentation exists for all projects. True or false?

Question717: Involvement of senior management is MOST important in the development of:

Question718: The waterfall life cycle model of software development is most appropriately used when:

Question719: An IS auditor interviewing a payroll clerk finds that the answers do not support job descriptions and documented procedures. Under these circumstances, the IS auditor should:

Question720: Digital signatures require the:

Question721: .The use of statistical sampling procedures helps minimize:

Question722: Which of the following is a practice that should be incorporated into the plan for testing disaster recovery procedures?

Question723: During the review of a web-based software development project, an IS auditor realizes that coding standards are not enforced and code reviews are rarely carried out. This will MOST likely increase the likelihood of a successful:

Question724: Which of the following is the PRIMARY purpose for conducting parallel testing?

Question725: .What is the primary objective of a control self-assessment (CSA) program?

Question726: A malicious code that changes itself with each file it infects is called a:

Question727: .Mitigating the risk and impact of a disaster or business interruption usually takes priority over transference of risk to a third party such as an insurer. True or false?

Question728: Which of the following environmental controls is appropriate to protect computer equipment against short-term reductions in electrical power?

Question729: .What protects an application purchaser's ability to fix or change an application in case the application vendor goes out of business?

Question730: The MAJOR advantage of the risk assessment approach over the baseline approach to information security management is that it ensures:

Question731: Disabling which of the following would make wireless local area networks more secure against unauthorized access?

Question732: Which of the following provides the BEST evidence of an organization's disaster recovery readiness?

Question733: Which of the following should be included in a feasibility study for a project to implement an EDI process?

Question734: Which of the following cryptography options would increase overhead/cost?

Question735: .Which of the following fire-suppression methods is considered to be the most environmentally friendly?

Question736: Which of the following is the PRIMARY safeguard for securing software and data within an information processing facility?

Question737: Which of the following is a feature of Wi-Fi Protected Access (WPA) in wireless networks?

Question738: During a change control audit of a production system, an IS auditor finds that the change management process is not formally documented and that some migration procedures failed. What should the IS auditor do next?

Question739: The use of residual biometric information to gain unauthorized access is an example of which of the following attacks?

Question740: An IS auditor has imported data from the client's database. The next step-confirming whether the imported data are complete-is performed by:

Question741: The MOST effective control for reducing the risk related to phishing is:

Question742: Which of the following would be the MOST secure firewall system?

Question743: The rate of change in technology increases the importance of:

Question744: .An advantage of a continuous audit approach is that it can improve system security when used in time-sharing environments that process a large number of transactions. True or false?

Question745: Which of the following fire suppression systems is MOST appropriate to use in a data center environment?

Question746: Many organizations require an employee to take a mandatory vacation (holiday) of a week or more to:

Question747: During the collection of forensic evidence, which of the following actions would MOST likely result in the destruction or corruption of evidence on a compromised system?

Question748: While observing a full simulation of the business continuity plan, an IS auditor notices that the notification systems within the organizational facilities could be severely impacted by infra structural damage. The BEST recommendation the IS auditor can provide to the organization is to ensure:

Question749: The optimum business continuity strategy for an entity is determined by the:

Question750: Depending on the complexity of an organization's business continuity plan (BCP), the plan may be developed as a set of more than one plan to address various aspects of business continuity and disaster recovery, in such an environment, it is essential that:

Question751: Is it appropriate for an IS auditor from a company that is considering outsourcing its IS processing to request and review a copy of each vendor's business continuity plan?

Question752: Which of the following concerns associated with the World Wide Web would be addressed by a firewall?

Question753: Two-factor authentication can be circumvented through which of the following attacks?

Question754: A clerk changed the interest rate for a loan on a master file. The rate entered is outside the normal range for such a loan. Which of the following controls is MOST effective in providing reasonable assurance that the change was authorized?

Question755: Which of the following is a function of an IS steering committee?

Question756: Which of the following would be the MOST cost-effective recommendation for reducing the number of defects encountered during software development projects?

Question757: An IS auditor reviewing an accounts payable system discovers that audit logs are not being reviewed. When this issue is raised with management the response is that additional controls are not necessary because effective system access controls are inplace. The BEST response the auditor can make is to:

Question758: Which of the following translates e-mail formats from one network to another so that the message can travel through all the networks?

Question759: A web server is attacked and compromised. Which of the following should be performed FIRST to handle the incident?

Question760: What should be done to determine the appropriate level of audit coverage for an organization's IT environment?

Question761: When reviewing system parameters, an IS auditor's PRIMARY concern should be that:

Question762: To address a maintenance problem, a vendor needs remote access to a critical network. The MOST secure and effective solution is to provide the vendor with a:

Question763: To determine who has been given permission to use a particular system resource, an IS auditor should review:

Question764: .Which of the following is the most fundamental step in preventing virus attacks?

Question765: Once an organization has finished the business process reengineering (BPR) of all its critical operations, an IS auditor would MOST likely focus on a review of:

Question766: .Parity bits are a control used to validate:

Question767: Which of the following exposures associated with the spooling of sensitive reports for offline printing should an IS auditor consider to be the MOST serious?

Question768: An IS auditor reviewing an organization that uses cross-training practices should assess the risk of:

Question769: Which of the following online auditing techniques is most effective for the early detection of errors or irregularities?

Question770: Which of the following would an IS auditor consider the MOST relevant to short-term planning for an IS department?

Question771: The IS auditor learns that when equipment was brought into the data center by a vendor, the emergency power shutoff switch was accidentally pressed and the UPS was engaged. Which of the following audit recommendations should the IS auditor suggest?

Question772: .A core tenant of an IS strategy is that it must:

Question773: An organization has contracted with a vendor for a turnkey solution for their electronic toll collection system (ETCS). The vendor has provided its proprietary application software as part of the solution. The contract should require that:

Question774: Which of the following would an IS auditor consider a weakness when performing an audit of an organization that uses a public key infrastructure with digital certificates for its business-toconsumer transactions via the internet?

Question775: A review of wide area network (WAN) usage discovers that traffic on one communication line between sites, synchronously linking the master and standby database, peaks at 96 percent of the line capacity. An IS auditor should conclude that:

Question776: An IS auditor analyzing the audit log of a database management system (DBMS) finds that some transactions were partially executed as a result of an error, and are not rolled back. Which of the following transaction processing features has been violated?

Question777: The purpose of code signing is to provide assurance that:

Question778: Which of the following is an example of a passive attack initiated through the Internet?

Question779: You may reduce a cracker's chances of success by (choose all that apply):

Question780: An accurate biometric system usually exhibits (choose all that apply):

Question781: .Who is responsible for implementing cost-effective controls in an automated system?

Question782: A firewall is being deployed at a new location. Which of the following is the MOST important factor in ensuring a successful deployment?

Question783: .What is a primary high-level goal for an auditor who is reviewing a system development project?

Question784: Which of the following encrypt/decrypt steps provides the GREATEST assurance of achieving confidentiality, message integrity and nonrepudiation by either sender or recipient?

Question785: Which of the following is a telecommunication device that translates data from digital form to analog form and back to digital?

Question786: .Network environments often add to the complexity of program-to-program communication, making the implementation and maintenance of application systems more difficult. True or false?

Question787: The PRIMARY objective of a logical access control review is to:

Question788: An organization is implementing a new system to replace a legacy system. Which of the following conversion practices creates the GREATEST risk?

Question789: What should an organization do before providing an external agency physical access to its information processing facilities (IPFs)?

Question790: Which of the following is a benefit of a risk-based approach to audit planning? Audit:

Question791: .What is/are used to measure and ensure proper network capacity management and availability of services? Choose the BEST answer.

Question792: Which of the following forms of evidence for the auditor would be considered the MOST reliable?

Question793: An IS auditor reviewing database controls discovered that changes to the database during normal working hours were handled through a standard set of procedures. However, changes made after normal hours required only an abbreviated number of steps. Inthis situation, which of the following would be considered an adequate set of compensating controls?

Question794: The PRIMARY purpose of an IT forensic audit is:

Question795: An IS auditor notes that IDS log entries related to port scanning are not being analyzed. This lack of analysis will MOST likely increase the risk of success of which of the following attacks?

Question796: Which of the following hardware devices relieves the central computer from performing network control, format conversion and message handling tasks?

Question797: Which of the following types of spyware was originally designed for determining the sources of error or for measuring staff productivity?

Question798: The responsibility for authorizing access to application data should be with the:

Question799: Security should ALWAYS be an all or nothing issue.

Question800: A medium-sized organization, whose IT disaster recovery measures have been in place and regularly tested for years, has just developed a formal business continuity plan (BCP). A basic BCP tabletop exercise has been performed successfully. Which testing should an IS auditor recommend be performed NEXT to verify the adequacy of the new BCP?

Question801: An IS auditor is reviewing an IT security risk management program. Measures of security risk should:

Question802: Iptables is based on which of the following frameworks?

Question803: By evaluating application development projects against the capability maturity model (CMM), an IS auditor should be able to verify that:

Question804: The MOST likely effect of the lack of senior management commitment to IT strategic planning is:

Question805: .What must an IS auditor understand before performing an application audit? Choose the BEST answer.

Question806: A disaster recovery plan for an organization should:

Question807: When protecting an organization's IT systems, which of the following is normally the next line of defense after the network firewall has been compromised?

Question808: Which of the following network components is PRIMARILY set up to serve as a security measure by preventing unauthorized traffic between different segments of the network?

Question809: A data center has a badge-entry system. Which of the following is MOST important to protect the computing assets in the center?

Question810: .What is the key distinction between encryption and hashing algorithms?

Question811: The reason for establishing a stop or freezing point on the design of a new system is to:

Question812: When segregation of duties concerns exist between IT support staff and end users, what would be a suitable compensating control?

Question813: Receiving an EDI transaction and passing it through the communication's interface stage usually requires:

Question814: Which of the following biometrics has the highest reliability and lowest false-acceptance rate (FAR)?

Question815: The frequent updating of which of the following is key to the continued effectiveness of a disaster recovery plan (DRP)?

Question816: Which of the following is the MOST important element for the successful implementation of IT governance?

Question817: During the requirements definition phase of a software development project, the aspects of software testing that should be addressed are developing:

Question818: Which of the following is the MOST important function to be performed by IS management when a service has been outsourced?

Question819: An organization with extremely high security requirements is evaluating the effectiveness of biometric systems. Which of the following performance indicators is MOST important?

Question820: As part of the IEEE 802.11 standard ratified in September 1999, WEP uses the CRC- 32 checksum for:

Question821: Effective transactional controls are often capable of offering which of the following benefits (choose all that apply):

Question822: .What often results in project scope creep when functional requirements are not defined as well as they could be?

Question823: .Although BCP and DRP are often implemented and tested by middle management and end users, the ultimate responsibility and accountability for the plans remain with executive management, such as the _______________. (fill-in-the-blank)

Question824: An IS auditor observes a weakness in the tape management system at a data center in that some parameters are set to bypass or ignore tape header records. Which of the following is the MOST effective compensating control for this weakness?

Question825: Company.com has contracted with an external consulting firm to implement a commercial financial system to replace its existing in-house developed system. In reviewing the proposed development approach, which of the following would be of GREATEST concern?

Question826: From a control perspective, the key element in job descriptions is that they:

Question827: .Fourth-Generation Languages (4GLs) are most appropriate for designing the application's graphical user interface (GUI). They are inappropriate for designing any intensive data-calculation procedures. True or false?

Question828: .Off-site data backup and storage should be geographically separated so as to ________________ (fill in the blank) the risk of a widespread physical disaster such as a hurricane or earthquake.

Question829: Which of the following is a good time frame for making changes to passwords?

Question830: Which of the following data validation edits is effective in detecting transposition and transcription errors?

Question831: .If an IS auditor observes that individual modules of a system perform correctly in development project tests, the auditor should inform management of the positive results and recommend further:

Question832: IT best practices for the availability and continuity of IT services should:

Question833: An IS auditor is evaluating a corporate network for a possible penetration by employees. Which of the following findings should give the IS auditor the GREATEST concern?

Question834: .Which of the following are effective in detecting fraud because they have the capability to consider a large number of variables when trying to resolve a problem? Choose the BEST answer.

Question835: Online banking transactions are being posted to the database when processing suddenly comes to a halt. The integrity of the transaction processing is BEST ensured by:

Question836: .How does the SSL network protocol provide confidentiality?

Question837: To determine if unauthorized changes have been made to production code the BEST audit procedure is to:

Question838: The role of the certificate authority (CA) as a third party is to:

Question839: Which of the following systems-based approaches would a financial processing company employ to monitor spending patterns to identify abnormal patterns and report them?

Question840: .Data edits are implemented before processing and are considered which of the following? Choose the BEST answer.

Question841: A retail outlet has introduced radio frequency identification (RFID) tags to create unique serial numbers for all products. Which of the following is the PRIMARY concern associated with this initiative?

Question842: The purpose of business continuity planning and disaster-recovery planning is to:

Question843: .An intentional or unintentional disclosure of a password is likely to be evident within control logs. True or false?

Question844: When planning an audit of a network setup, an IS auditor should give highest priority to obtaining which of the following network documentation?

Question845: Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization's change control procedures?

Question846: Which of the following should be of MOST concern to an IS auditor?

Question847: Which of the following refers to the proving of mathematical theorems by a computer program?

Question848: What process uses test data as part of a comprehensive test of program controls in a continuous online manner?

Question849: .What is the primary security concern for EDI environments? Choose the BEST answer.

Question850: .Whenever an application is modified, what should be tested to determine the full impact of the change? Choose the BEST answer.

Question851: An IS auditor evaluating logical access controls should FIRST:

Question852: An IS auditor is performing an audit of a remotely managed server backup. The IS auditor reviews the logs for one day and finds one case where logging on a server has failed with the result that backup restarts cannot be confirmed. What should the auditor do?

Question853: During an audit, an IS auditor notices that the IT department of a medium-sized organization has no separate risk management function, and the organization's operational risk documentation only contains a few broadly described IT risks. What is the MOST appropriate recommendation in this situation?

Question854: The PRIMARY objective of Secure Sockets Layer (SSL) is to ensure:

Question855: Which of the following are valid choices for the Apache/SSL combination (choose all that apply):

Question856: When reviewing the configuration of network devices, an IS auditor should FIRST identify:

Question857: The MOST likely explanation for a successful social engineering attack is:

Question858: The implementation of access controls FIRST requires:

Question859: .The traditional role of an IS auditor in a control self-assessment (CSA) should be that of a(n):

Question860: A hardware control that helps to detect errors when data are communicated from one computer to another is known as a:

Question861: An IS auditor reviewing an organization's data file control procedures finds that transactions are applied to the most current files, while restart procedures use earlier versions. The IS auditor should recommend the implementation of:

Question862: .Which of the following is a program evaluation review technique that considers different scenarios for planning and control projects?

Question863: An offsite information processing facility:

Question864: Which of the following are often considered as the first defensive line in protecting a typical data and information environment?

Question865: Which of the following IT governance best practices improves strategic alignment?

Question866: Effective IT governance will ensure that the IT plan is consistent with the organization's:

Question867: An IS auditor attempting to determine whether access to program documentation is restricted to authorized persons would MOST likely:

Question868: Which of the following is a network diagnostic tool that monitors and records network information?

Question869: Which of the following situations would increase the likelihood of fraud?

Question870: .Who is ultimately responsible for providing requirement specifications to the software-development team?

Question871: The extent to which data will be collected during an IS audit should be determined based on the:

Question872: A lower recovery time objective (RTO) results in:

Question873: After reviewing its business processes, a large organization is deploying a new web application based on a VoIP technology. Which of the following is the MOST appropriate approach for implementing access control that will facilitate security management of the VoIP web application?

Question874: While designing the business continuity plan (BCP) for an airline reservation system, the MOST appropriate method of data transfer/backup at an offsite location would be:

Question875: From a control perspective, the PRIMARY objective of classifying information assets is to:

Question876: To provide protection for media backup stored at an offsite location, the storage site should be:

Question877: The PRIMARY purpose of a business impact analysis (BIA) is to:

Question878: .What are trojan horse programs? Choose the BEST answer.

Question879: During the requirements definition phase for a database application, performance is listed as a top priority. To access the DBMS files, which of the following technologies should be recommended for optimal I/O performance?

Question880: When using a digital signature, the message digest is computed:

Question881: .Proper segregation of duties prohibits a system analyst from performing quality-assurance functions. True or false?

Question882: The use of risk assessment tools for classifying risk factors should be formalized in your IT audit effort through:

Question883: .What are used as the framework for developing logical access controls?

Question884: Which of the following is an example of the defense in-depth security principle?

Question885: .What is the PRIMARY purpose of audit trails?

Question886: An organization's disaster recovery plan should address early recovery of:

Question887: During the audit of a database server, which of the following would be considered the GREATEST exposure?

Question888: Which of the following is the BEST method for preventing the leakage of confidential information in a laptop computer?

Question889: For which of the following applications would rapid recovery be MOST crucial?

Question890: Which of the following should concern an IS auditor when reviewing security in a client-server environment?

Question891: Which of the following is a risk of cross-training?

Question892: A sequence of bits appended to a digital document that is used to secure an e-mail sent through the Internet is called a:

Question893: When developing a disaster recovery plan, the criteria for determining the acceptable downtime should be the:

Question894: An IS auditor should expect the responsibility for authorizing access rights to production data and systems to be entrusted to the:

Question895: .What is often the most difficult part of initial efforts in application development? Choose the BEST answer.

Question896: Which of the following controls would an IS auditor look for in an environment where duties cannot be appropriately segregated?

Question897: Which of the following represents the GREATEST risk created by a reciprocal agreement for disaster recovery made between two companies?

Question898: The MOST effective biometric control system is the one:

Question899: Which of the following attacks targets the Secure Sockets Layer (SSL)?

Question900: When reviewing IS strategies, an IS auditor can BEST assess whether IS strategy supports the organizations' business objectives by determining if IS:

Question901: .After identifying potential security vulnerabilities, what should be the IS auditor's next step?

Question902: Which of the following BEST restricts users to those functions needed to perform their duties?

Question903: .When reviewing print systems spooling, an IS auditor is MOST concerned with which of the following vulnerabilities?

Question904: For locations 3a, 1d and 3d, the diagram indicates hubs with lines that appear to be open and active. Assuming that is true, what control, if any, should be recommended to mitigate this weakness?

Question905: An audit charter should:

Question906: .What is a callback system?

Question907: To determine how data are accessed across different platforms in a heterogeneous environment, an IS auditor should FIRST review:

Question908: In the 2c area of the diagram, there are three hubs connected to each other. What potential risk might this indicate?

Question909: In an audit of an inventory application, which approach would provide the BEST evidence that purchase orders are valid?

Question910: .Which of the following is of greatest concern when performing an IS audit?

Question911: When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected on the network?

Question912: While reviewing the business continuity plan of an organization, an IS auditor observed that the organization's data and software files are backed up on a periodic basis. Which characteristic of an effective plan does this demonstrate?

Question913: Validated digital signatures in an e-mail software application will:

Question914: In an IS audit of several critical servers, the IS auditor wants to analyze audit trails to discover potential anomalies in user or system behavior. Which of the following tools are MOST suitable for performing that task?

Question915: Which of the following is the MOST effective method for dealing with the spreading of a network worm that exploits vulnerability in a protocol?

Question916: An organization is using an enterprise resource management (ERP) application. Which of the following would be an effective access control?

Question917: When developing a business continuity plan (BCP), which of the following tools should be used to gain an understanding of the organization's business processes?

Question918: Which of the following aspects of symmetric key encryption influenced the development of asymmetric encryption?

Question919: What is the best defense against Local DoS attacks?

Question920: The application systems of an organization using open-source software have no single recognized developer producing patches. Which of the following would be the MOST secure way of updating open-source software?

Question921: .When storing data archives off-site, what must be done with the data to ensure data completeness?

Question922: Which of the following would BEST support 24/7 availability?

Question923: Users are issued security tokens to be used in combination with a PIN to access the corporate virtual private network (VPN). Regarding the PIN, what is the MOST important rule to be included in a security policy?

Question924: An organization provides information to its supply chain partners and customers through an extranet infrastructure. Which of the following should be the GREATEST concern to an IS auditor reviewing the firewall security architecture?

Question925: Which of the following systems or tools can recognize that a credit card transaction is more likely to have resulted from a stolen credit card than from the holder of the credit card?

Question926: E-mail message authenticity and confidentiality is BEST achieved by signing the message using the:
(
A) sender's private key and encrypting the message using the receiver's public key.

Question927: In an organization, the responsibilities for IT security are clearly assigned and enforced and an IT security risk and impact analysis is consistently performed. This represents which level of ranking in the information security governance maturity model?

Question928: Business units are concerned about the performance of a newly implemented system. Which of the following should an IS auditor recommend?

Question929: The BEST way to minimize the risk of communication failures in an e-commerce environment would be to use:

Question930: Fault-tolerance is a feature particularly sought-after in which of the following kinds of computer systems (choose all that apply):

Question931: .How is risk affected if users have direct access to a database at the system level?

Question932: An IS auditor has been assigned to review IT structures and activities recently outsourced to various providers. Which of the following should the IS auditor determine FIRST?

Question933: During an audit of the logical access control of an ERP financial system an IS auditor found some user accounts shared by multiple individuals. The user IDs were based on roles rather than individual identities. These accounts allow access to financial transactions on the ERP. What should the IS auditor do next?

Question934: .When are benchmarking partners identified within the benchmarking process?

Question935: Many IT projects experience problems because the development time and/or resource requirements are underestimated. Which of the following techniques would provide the GREATEST assistance in developing an estimate of project duration?

Question936: The final decision to include a material finding in an audit report should be made by the:

Question937: In the course of performing a risk analysis, an IS auditor has identified threats and potential impacts. Next, the IS auditor should:

Question938: Which of the following is the MOST reliable form of single factor personal identification?

Question939: Which of the following is the MOST effective control when granting temporary access to vendors?

Question940: Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost-effectively obtain evidence about the plan's effectiveness?

Question941: An IS auditor examining a biometric user authentication system establishes the existence of a control weakness that would allow an unauthorized individual to update the centralized database on the server that is used to store biometric templates. Ofthe following, which is the BEST control against this risk?

Question942: Which of the following protocols would be involved in the implementation of a router and an interconnectivity device monitoring system?

Question943: An advantage in using a bottom-up vs. a top-down approach to software testing is that:

Question944: Which of the following would help to ensure the portability of an application connected to a database?

Question945: Functionality is a characteristic associated with evaluating the quality of software products throughout their life cycle, and is BEST described as the set of attributes that bear on the:

Question946: .An IS auditor usually places more reliance on evidence directly collected. What is an example of such evidence?

Question947: Neural networks are effective in detecting fraud because they can:

Question948: During a human resources (HR) audit, an IS auditor is informed that there is a verbal agreement between the IT and HR departments as to the level of IT services expected. In this situation, what should the IS auditor do FIRST?

Question949: An existing system is being extensively enhanced by extracting and reusing design and program components. This is an example of:

Question950: .Off-site data storage should be kept synchronized when preparing for recovery of time-sensitive data such as that resulting from which of the following? Choose the BEST answer.

Question951: Which of the following findings should an IS auditor be MOST concerned about when performing an audit of backup and recovery and the offsite storage vault?

Question952: Which of the following would MOST effectively enhance the security of a challenge-response based authentication system?

Question953: When a new system is to be implemented within a short time frame, it is MOST important to:

Question954: A benefit of open system architecture is that it:

Question955: .If an IS auditor finds evidence of risk involved in not implementing proper segregation of duties, such as having the security administrator perform an operations function, what is the auditor's primary responsibility?

Question956: The output of the risk management process is an input for making:

Question957: Functional acknowledgements are used:

Question958: Which of the following is the initial step in creating a firewall policy?

Question959: An IS auditor conducting a review of software usage and licensing discovers that numerous PCs contain unauthorized software. Which of the following actions should the IS auditor take?

Question960: In the event of a disruption or disaster, which of the following technologies provides for continuous operations?

Question961: Which of the following would provide the BEST protection against the hacking of a computer connected to the Internet?

Question962: When installing an intrusion detection system (IDS), which of the following is MOST important?

Question963: When using public key encryption to secure data being transmitted across a network:

Question964: An IS auditor finds that, at certain times of the day, the data warehouse query performance decreases significantly. Which of the following controls would it be relevant for the IS auditor to review?

Question965: An IT steering committee should review information systems PRIMARILY to assess:

Question966: During an audit of a telecommunications system, an IS auditor finds that the risk of intercepting data transmitted to and from remote sites is very high. The MOST effective control for reducing this exposure is:

Question967: .What is the most common purpose of a virtual private network implementation?

Question968: When reviewing input controls, an IS auditor observes that, in accordance with corporate policy, procedures allow supervisory override of data validation edits. The IS auditor should:

Question969: Which of the following manages the digital certificate life cycle to ensure adequate security and controls exist in digital signature applications related to e-commerce?

Question970: When performing an audit of a client relationship management (CRM) system migration project, which of the following should be of GREATEST concern to an IS auditor?

Question971: A benefit of quality of service (QoS) is that the:

Question972: The PRIMARY goal of a web site certificate is:

Question973: When developing a formal enterprise security program, the MOST critical success factor (CSF) would be the:

Question974: During an audit of an enterprise that is dedicated to e-commerce, the IS manager states that digital signatures are used when receiving communications from customers. To substantiate this, an IS auditor must prove that which of the following is used?

Question975: Which of the following procedures would MOST effectively detect the loading of illegal software packages onto a network?

Question976: Which of the following is the GREATEST risk when storage growth in a critical file server is not managed properly?

Question977: An IS auditor finds that a DBA has read and write access to production datA. The IS auditor should:

Question978: The PRIMARY objective of service-level management (SLM) is to:

Question979: .An integrated test facility is not considered a useful audit tool because it cannot compare processing output with independently calculated datA. True or false?

Question980: .When should plans for testing for user acceptance be prepared? Choose the BEST answer.

Question981: .What is used to develop strategically important systems faster, reduce development costs, and still maintain high quality? Choose the BEST answer.

Question982: When reviewing the procedures for the disposal of computers, which of the following should be the GREATEST concern for the IS auditor?

Question983: IS management has decided to rewrite a legacy customer relations system using fourth generation languages (4GLs). Which of the following risks is MOST often associated with system development using 4GLs?

Question984: An IS auditor is performing an audit of a network operating system. Which of the following is a user feature the IS auditor should review?

Question985: .What increases encryption overhead and cost the most?

Question986: Network ILD&P are typically installed:

Question987: When reviewing an organization's approved software product list, which of the following is the MOST important thing to verify?

Question988: Introducing inhomogeneity to your network for the sake of robustness would have which of the following drawbacks?

Question989: The editing/validation of data entered at a remote site would be performed MOST effectively at the:

Question990: .Batch control reconciliation is a _____________________ (fill in the blank) control for mitigating risk of inadequate segregation of duties.

Question991: If inadequate, which of the following would be the MOST likely contributor to a denial-of-service attack?

Question992: The PRIMARY benefit of implementing a security program as part of a security governance framework is the:

Question993: A certificate authority (CA) can delegate the processes of:

Question994: An installed Ethernet cable run in an unshielded twisted pair (UTP) network is more than 100 meters long. Which of the following could be caused by the length of the cable?

Question995: Due to changes in IT, the disaster recovery plan of a large organization has been changed. What is the PRIMARY risk if the new plan is not tested?

Question996: .Whenever business processes have been re-engineered, the IS auditor attempts to identify and quantify the impact of any controls that might have been removed, or controls that might not work as effectively after business process changes. True or false?

Question997: The ultimate purpose of IT governance is to:

Question998: Which of the following satisfies a two-factor user authentication?

Question999: Talking about the different approaches to security in computing, the principle of regarding the computer system itself as largely an untrusted system emphasizes:

Question1000: IS management is considering a Voice-over Internet Protocol (VoIP) network to reduce telecommunication costs and management asked the IS auditor to comment on appropriate security controls. Which of the following security measures is MOST appropriate?

Question1001: .______________ risk analysis is not always possible because the IS auditor is attempting to calculate risk using nonquantifiable threats and potential losses. In this event, a ______________ risk assessment is more appropriate. Fill in the blanks.

Question1002: An IS auditor is performing a network security review of a telecom company that provides Internet connection services to shopping malls for their wireless customers. The company uses Wireless Transport Layer Security (WTLS) and Secure Sockets Layer (SSL) technology for protecting their customer's payment information. The IS auditor should be MOST concerned if a hacker:

Question1003: The database administrator (DBA) suggests that DB efficiency can be improved by denormalizing some tables. This would result in:

Question1004: Which of the following would be the BEST access control procedure?

Question1005: The reason a certification and accreditation process is performed on critical systems is to ensure that:

Question1006: At the end of the testing phase of software development, an IS auditor observes that an intermittent software error has not been corrected. No action has been taken to resolve the error. The IS auditor should:

Question1007: Normally, it would be essential to involve which of the following stakeholders in the initiation stage of a project?

Question1008: Distributed denial-of-service (DDOS) attacks on Internet sites are typically evoked by hackers using which of the following?

Question1009: .Which of the following is a guiding best practice for implementing logical access controls?

Question1010: A PRIMARY benefit derived from an organization employing control self-assessment (CSA) techniques is that it:

Question1011: In-house personnel performing IS audits should posses which of the following knowledge and/or skills (choose 2):

Question1012: Which of the following would be BEST prevented by a raised floor in the computer machine room?

Question1013: What would be the MOST effective control for enforcing accountability among database users accessing sensitive information?

Question1014: An investment advisor e-mails periodic newsletters to clients and wants reasonable assurance that no one has modified the newsletter. This objective can be achieved by:

Question1015: .When should systems administrators first assess the impact of applications or systems patches?

Question1016: The management of an organization has decided to establish a security awareness program. Which of the following would MOST likely be a part of the program?

Question1017: .Authentication techniques for sending and receiving data between EDI systems is crucial to prevent which of the following? Choose the BEST answer.

Question1018: Which of the following should be the MOST important criterion in evaluating a backup solution for sensitive data that must be retained for a long period of time due to regulatory requirements?

Question1019: The PRIMARY purpose of implementing Redundant Array of Inexpensive Disks (RAID) level 1 in a file server is to:

Question1020: During maintenance of a relational database, several values of the foreign key in a transaction table of a relational database have been corrupted. The consequence is that:

Question1021: .Input/output controls should be implemented for which applications in an integrated systems environment?

Question1022: The IT balanced scorecard is a business governance tool intended to monitor IT performance evaluation indicators other than:

Question1023: Which of the following is a feature of Wi-Fi Protected Access (WPA) in wireless networks?

Question1024: An IS auditor is assigned to audit a software development project which is more than 80 percent complete, but has already overrun time by 10 percent and costs by 25 percent. Which of the following actions should the IS auditor take?

Question1025: Java applets and ActiveX controls are distributed executable programs that execute in the background of a web browser client. This practice is considered reasonable when:

Question1026: .Who should be responsible for network security operations?

Question1027: Which of the following are the characteristics of a good password?

Question1028: Everything not explicitly permitted is forbidden has which of the following kinds of tradeoff?

Question1029: Physical access controls are usually implemented based on which of the following means (choose all that apply):

Question1030: The difference between a vulnerability assessment and a penetration test is that a vulnerability assessment:

Question1031: Which of the following is an advantage of an integrated test facility (ITF)?

Question1032: Which of the following is a passive attack to a network?

Question1033: Creating which of the following is how a hacker can insure his ability to return to the hacked system at will?

Question1034: .How do modems (modulation/demodulation) function to facilitate analog transmissions to enter a digital network?

Question1035: Which of the following goals would you expect to find in an organization's strategic plan?

Question1036: Which of the following is the MOST secure and economical method for connecting a private network over the Internet in a small- to medium-sized organization?

Question1037: Which of the following activities should the business continuity manager perform FIRST after the replacement of hardware at the primary information processing facility?

Question1038: Facilitating telecommunications continuity by providing redundant combinations of local carrier T-1 lines, microwaves and/or coaxial cables to access the local communication loop:

Question1039: Which of the following is the GREATEST risk to the effectiveness of application system controls?

Question1040: The risks associated with electronic evidence gathering would MOST likely be reduced by an e-mail:

Question1041: An IS auditor evaluating the resilience of a high-availability network should be MOST concerned if:

Question1042: What is the best defense against Distributed DoS Attack?

Question1043: After installing a network, an organization installed a vulnerability assessment tool or security scanner to identify possible weaknesses. Which is the MOST serious risk associated with such tools?

Question1044: What is wrong with a Black Box type of intrusion detection system?

Question1045: Integrating business continuity planning (BCP) into an IT project aids in:

Question1046: Which of the following is not a good tactic to use against hackers?

Question1047: A data administrator is responsible for:

Question1048: When reviewing procedures for emergency changes to programs, the IS auditor should verify that the procedures:

Question1049: The purpose of a deadman door controlling access to a computer facility is primarily to: