EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following attack is MOSTLY performed by an attacker to steal the identity information of a user such as credit card number, passwords, etc?

Question2: Active radio frequency ID (RFID) tags are subject to which of the following exposures?

Question3: Which of the following activities should the business continuity manager perform FIRST after the replacement of hardware at the primary information processing facility?

Question4: Which of the following is the MOST effective method for dealing with the spreading of a network worm that exploits vulnerability in a protocol?

Question5: Which of the following is the MOST reliable sender authentication method?

Question6: Using the OSI reference model, what layer(s) is/are used to encrypt data?

Question7: Most access violations are:

Question8: Which of the following is a feature of an intrusion detection system (IDS)?

Question9: Which of the following layer of an OSI model controls dialog between computers?

Question10: Which of the following is protocol data unit (PDU) of transport layer in TCP/IP model?

Question11: Which of the following exposures associated with the spooling of sensitive reports for offline printing should an IS auditor consider to be the MOST serious?

Question12: Doing which of the following during peak production hours could result in unexpected downtime?

Question13: Which of the following statements regarding an off-site information processing facility is TRUE?

Question14: A company is implementing a dynamic host configuration protocol (DHCP). Given that the following conditions exist, which represents the GREATEST concern?

Question15: Which of the following BEST describes the role of a directory server in a public key infrastructure (PKI)?

Question16: During an IS audit, one of your auditor has observed that some of the critical servers in your organization can be accessed ONLY by using shared/common user name and password. What should be the auditor's PRIMARY concern be with this approach?

Question17: To prevent unauthorized entry to the data maintained in a dial-up, fast response system, an IS auditor should recommend:

Question18: The BEST overall quantitative measure of the performance of biometric control devices is:

Question19: Which of the following is the protocol data unit (PDU) of application layer in TCP/IP model?

Question20: What is an acceptable mechanism for extremely time-sensitive transaction processing?

Question21: Which of the following disaster recovery/continuity plan components provides the GREATEST assurance of recovery after a disaster?

Question22: Which of the following concerns associated with the World Wide Web would be addressed by a firewall?

Question23: Which of the following backup techniques is the MOST appropriate when an organization requires extremely granular data restore points, as defined in the recovery point objective (RPO)?

Question24: An IS auditor reviewing database controls discovered that changes to the database during normal working hours were handled through a standard set of procedures. However, changes made after normal hours required only an abbreviated number of steps. In this situation, which of the following would be considered an adequate set of compensating controls?

Question25: Which of the following public key infrastructure (PKI) elements provides detailed descriptions for dealing with a compromised private key?

Question26: To address an organization's disaster recovery requirements, backup intervals should not exceed the:

Question27: What uses questionnaires to lead the user through a series of choices to reach a conclusion?

Question28: Which of the following technique is NOT used by a preacher against a Private Branch Exchange (PBX)?

Question29: During an audit of the logical access control of an ERP financial system an IS auditor found some user accounts shared by multiple individuals. The user IDs were based on roles rather than individual identities.
These accounts allow access to financial transactions on the ERP. What should the IS auditor do next?

Question30: Which of the following attack involves sending forged ICMP Echo Request packets to the broadcast address on multiple gateways in order to illicit responses from the computers behind the gateway where they all respond back with ICMP Echo Reply packets to the source IP address of the ICMP Echo Request packets?

Question31: Which of the following acts as a decoy to detect active internet attacks?

Question32: Which of the following layer of an enterprise data flow architecture is concerned with the assembly and preparation of data for loading into data marts?

Question33: An IS auditor finds that a DBA has read and write access to production data. The IS auditor should:

Question34: During which of the following phases in system development would user acceptance test plans normally be prepared?

Question35: An IS auditor performing an independent classification of systems should consider a situation where functions could be performed manually at a tolerable cost for an extended period of time as:

Question36: A number of system failures are occurring when corrections to previously detected errors are resubmitted for acceptance testing. This would indicate that the maintenance team is probably not adequately performing which of the following types of testing?

Question37: What supports data transmission through split cable facilities or duplicate cable facilities?

Question38: Which of the following testing method examines internal structure or working of an application?

Question39: During Involuntary termination of an employee, which of the following is the MOST important step to be considered?

Question40: Which of the following statement INCORRECTLY describes anti-malware?

Question41: The PRIMARY goal of a web site certificate is:

Question42: An IS auditor has completed a network audit. Which of the following is the MOST significant logical security finding?

Question43: When should plans for testing for user acceptance be prepared?

Question44: The GREATEST risk posed by an improperly implemented intrusion prevention system (IPS) is:

Question45: IT best practices for the availability and continuity of IT services should:

Question46: What is the recommended initial step for an IS auditor to implement continuous-monitoring systems?

Question47: A programmer maliciously modified a production program to change data and then restored the original code. Which of the following would MOST effectively detect the malicious activity?

Question48: Which of the following types of transmission media provide the BEST security against unauthorized access?

Question49: Which of the following term related to network performance refers to the variation in the time of arrival of packets on the receiver of the information?

Question50: An IS auditor is reviewing the physical security measures of an organization. Regarding the access card system, the IS auditor should be MOST concerned that:

Question51: As an IS auditor it is very important to understand the importance of job scheduling. Which of the following statement is NOT true about job scheduler or job scheduling software?

Question52: Within IPSEC which of the following defines security parameters which should be applied between communicating parties such as encryption algorithms, key initialization vector, life span of keys, etc?

Question53: Passwords should be:

Question54: Which of the following statement INCORRECTLY describes packet switching technique?

Question55: Which of the following functionality is NOT supported by SSL protocol?

Question56: To affix a digital signature to a message, the sender must first create a message digest by applying a cryptographic hashing algorithm against:

Question57: When transmitting a payment instruction, which of the following will help verify that the instruction was not duplicated?

Question58: Which of the following tasks should be performed FIRST when preparing a disaster recovery plan?

Question59: Which of the following statement correctly describes the difference between total flooding and local application extinguishing agent?

Question60: Which of the following statement INCORRECTLY describes Asynchronous Transfer Mode (ATM) technique?

Question61: The most common problem in the operation of an intrusion detection system (IDS) is:

Question62: Which of the following procedures would BEST determine whether adequate recovery/restart procedures exist?

Question63: Which of the following is the INCORRECT "layer - protocol data unit (PDU)" mapping within the TCP/IP model?

Question64: Which of the following is the BEST type of program for an organization to implement to aggregate, correlate and store different log and event files, and then produce weekly and monthly reports for IS auditors?

Question65: The feature of a digital signature that ensures the sender cannot later deny generating and sending the message is called:

Question66: Allowing application programmers to directly patch or change code in production programs increases risk of fraud. True or false?

Question67: Which of the following is the BEST practice to ensure that access authorizations are still valid?

Question68: With the help of a security officer, granting access to data is the responsibility of:

Question69: What type of fire-suppression system suppresses fire via water that is released from a main valve to be delivered via a system of dry pipes installed throughout the facilities?

Question70: An IS auditor reviewing access controls for a client-server environment should FIRST:

Question71: How does the process of systems auditing benefit from using a risk-based approach to audit planning?

Question72: Which of the following help(s) prevent an organization's systems from participating in a distributed denial- of-service (DDoS) attack?

Question73: An organization has a mix of access points that cannot be upgraded to stronger security and newer access points having advanced wireless security. An IS auditor recommends replacing the non-upgradeable access points. Which of the following would BEST justify the IS auditor's recommendation?

Question74: COBIT 5 separates information goals into three sub-dimensions of quality. Which of the following sub- dimension of COBIT 5 describes the extent to which data values are in conformance with the actual true value?

Question75: During an audit of an enterprise that is dedicated to e-commerce, the IS manager states that digital signatures are used when receiving communications from customers. To substantiate this, an IS auditor must prove that which of the following is used?

Question76: Which of the following statement correctly describes the difference between symmetric key encryption and asymmetric key encryption?

Question77: There are many firewall implementations provided by firewall manufacturers. Which of the following implementation utilize two packet filtering routers and a bastion host? This approach creates the most secure firewall system since it supports network and application level security while defining a separate DMZ.

Question78: As compared to understanding an organization's IT process from evidence directly collected, how valuable are prior audit reports as evidence?

Question79: Which of the following protocol is PRIMARILY used to provide confidentiality in a web based application thus protecting data sent across a client machine and a server?

Question80: During a postimplementation review of an enterprise resource management system, an IS auditor would MOST likely:

Question81: Which of the following layer of an enterprise data flow architecture is concerned with transporting information between the various layers?

Question82: Which of the following is an example of the defense in-depth security principle?

Question83: What method might an IS auditor utilize to test wireless security at branch office locations?

Question84: Which of the following is a form of Hybrid Cryptography where the sender encrypts the bulk of the data using Symmetric Key cryptography and then communicates securely a copy of the session key to the receiver?

Question85: From a control perspective, the PRIMARY objective of classifying information assets is to:

Question86: Off-site data storage should be kept synchronized when preparing for recovery of time- sensitive data such as that resulting from which of the following?

Question87: Which of the following layer of an OSI model encapsulates packets into frames?

Question88: What are intrusion-detection systems (IDS) primarily used for?

Question89: Which of the following is MOST likely to result from a business process reengineering (BPR) Project?

Question90: Business Continuity Planning (BCP) is not defined as a preparation that facilitates:

Question91: Which of the following protocol does NOT work at the Application layer of the TCP/IP Models?

Question92: Which of the following append themselves to files as a protection against viruses?

Question93: An organization has created a policy that defines the types of web sites that users are forbidden to access.
What is the MOST effective technology to enforce this policy?

Question94: An IS auditor reviewing the implementation of an intrusion detection system (IDS) should be MOST concerned if:

Question95: Which of the following type of a computer network is a WAN that are limited to a city?

Question96: Which of the following provides the framework for designing and developing logical access controls?

Question97: Which of the following protocol is developed jointly by VISA and Master Card to secure payment transactions among all parties involved in credit card transactions on behalf of cardholders and merchants?

Question98: When reviewing the implementation of a LAN, an IS auditor should FIRST review the:

Question99: Which of the following property of the core date warehouse layer of an enterprise data flow architecture uses common attributes to access a cross section of an information in the warehouse?

Question100: Which of the following is the MOST robust method for disposing of magnetic media that contains confidential information?

Question101: Which of the following transmission media uses a transponder to send information?

Question102: Disaster recovery planning (DRP) addresses the:

Question103: What is/are used to measure and ensure proper network capacity management and availability of services?

Question104: Which of the following statement INCORRECTLY describes circuit switching technique?

Question105: An efficient use of public key infrastructure (PKI) should encrypt the:

Question106: Who is primarily responsible for storing and safeguarding the data?

Question107: Security administration procedures require read-only access to:

Question108: An IS auditor performing a review of the backup processing facilities should be MOST concerned that:

Question109: Which of the following term related to network performance refers to the actual rate that information is transferred over a network?

Question110: Which of the following is the MOST critical step in planning an audit?

Question111: An IS auditor notes that IDS log entries related to port scanning are not being analyzed. This lack of analysis will MOST likely increase the risk of success of which of the following attacks?

Question112: In which of the following WAN message transmission technique messages are divided into packets before they are sent and each packet is then transmitted individually and can even follow different routes to its destination?

Question113: In order to properly protect against unauthorized disclosure of sensitive data, how should hard disks be sanitized?

Question114: In an EDI process, the device which transmits and receives electronic documents is the:

Question115: Which of the following statement correctly describes the differences between tunnel mode and transport mode of the IPSec protocol?

Question116: Which of the following would MOST effectively reduce social engineering incidents?

Question117: Which of the following BEST ensures the integrity of a server's operating system?

Question118: An IS auditor reviewing the key roles and responsibilities of the database administrator (DBA) is LEAST likely to expect the job description of the DBA to include:

Question119: Minimum password length and password complexity verification are examples of:

Question120: Change management procedures are established by IS management to:

Question121: The PRIMARY purpose of implementing Redundant Array of Inexpensive Disks (RAID) level 1 in a file server is to:

Question122: A certificate authority (CA) can delegate the processes of:

Question123: What kind of testing should programmers perform following any changes to an application or system?

Question124: Which of the following is a benefit of using callback devices?

Question125: Which of the following is a network diagnostic tool that monitors and records network information?

Question126: During a disaster recovery test, an IS auditor observes that the performance of the disaster recovery site's server is slow. To find the root cause of this, the IS auditor should FIRST review the:

Question127: As an auditor it is very important to ensure confidentiality, integrity, authenticity and availability are implemented appropriately in an information system. Which of the following definitions incorrectly describes these parameters?
1. Authenticity - A third party must be able to verify that the content of a message has been sent by a specific entity and nobody else.
2. Non-repudiation - The origin or the receipt of a specific message must be verifiable by a third party. A person cannot deny having sent a message if the message is signed by the originator.
3. Accountability - The action of an entity must be uniquely traceable to different entities
4. Availability - The IT resource must be available on a timely basis to meet mission requirements or to avoid substantial losses.

Question128: A database administrator is responsible for:

Question129: When should application controls be considered within the system-development process?

Question130: Identify the WAN message switching technique being used from the description presented below:
"Data is routed in its entirety from the source node to the destination node, one hope at a time. During message routing, every intermediate switch in the network stores the whole message. If the entire network's resources are engaged or the network becomes blocked, this WAN switching technology stores and delays the message until ample resources become available for effective transmission of the message. "

Question131: An IS auditor examining a biometric user authentication system establishes the existence of a control weakness that would allow an unauthorized individual to update the centralized database on the server that is used to store biometric templates. Ofthe following, which is the BEST control against this risk?

Question132: A penetration test performed as part of evaluating network security:

Question133: When reviewing the configuration of network devices, an IS auditor should FIRST identify:

Question134: How can minimizing single points of failure or vulnerabilities of a common disaster best be controlled?

Question135: Which of the following is an advantage of asymmetric crypto system over symmetric key crypto system?

Question136: What determines the strength of a secret key within a symmetric key cryptosystem?

Question137: Which of the following should be included in a feasibility study for a project to implement an EDI process?

Question138: Ensuring that security and control policies support business and IT objectives is a primary objective of:

Question139: An IS auditor should recommend the use of library control software to provide reasonable assurance that:

Question140: Identify the network topology from below diagram presented below:

Network Topology

Question141: Applying a retention date on a file will ensure that:

Question142: The goal of an information system is to achieve integrity, authenticity and non-repudiation of information's sent across the network. Which of the following statement correctly describe the steps to address all three?

Question143: Which of the following data validation edits is effective in detecting transposition and transcription errors?

Question144: Which of the following fire-suppression methods is considered to be the most environmentally friendly?

Question145: An IS auditor reviewing digital rights management (DRM) applications should expect to find an extensive use for which of the following technologies?

Question146: Which of the following is of greatest concern to the IS auditor?

Question147: Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization's change control procedures?

Question148: IS management is considering a Voice-over Internet Protocol (VoIP) network to reduce telecommunication costs and management asked the IS auditor to comment on appropriate security controls. Which of the following security measures is MOST appropriate?

Question149: Which of the following ensures a sender's authenticity and an e-mail's confidentiality?

Question150: During the development of an application, the quality assurance testing and user acceptance testing were combined. The MAJOR concern for an IS auditor reviewing the project is that there will be:

Question151: Who should be responsible for network security operations?

Question152: Private Branch Exchange(PBX) environment involves many security risks, one of which is the people both internal and external to an organization. Which of the following risks are NOT associated with Private Branch Exchange?
1. Theft of service
2. Disclosure of information
3. Data Modifications
4. Denial of service
5. Traffic Analysis

Question153: During the audit of a database server, which of the following would be considered the GREATEST exposure?

Question154: For locations 3a, 1d and 3d, the diagram indicates hubs with lines that appear to be open and active.
Assuming that is true, what control, if any, should be recommended to mitigate this weakness?

Question155: Which of the following ACID property ensures that transaction will bring the database from one valid state to another?

Question156: Organizations should use off-site storage facilities to maintain ______________ (fill in the blank) of current and critical information within backup files.

Question157: Which of the following attack occurs when a malicious action is performed by invoking the operating system to execute a particular system call?

Question158: The purpose of business continuity planning and disaster-recovery planning is to:

Question159: A hacker could obtain passwords without the use of computer tools or programs through the technique of:

Question160: Disabling which of the following would make wireless local area networks more secure against unauthorized access?

Question161: The use of residual biometric information to gain unauthorized access is an example of which of the following attacks?

Question162: Which of the following physical access controls effectively reduces the risk of piggybacking?

Question163: Which of the following layer of an OSI model ensures that messages are delivered error-free, in sequence, and with no losses or duplications?

Question164: Off-site data backup and storage should be geographically separated so as to _______________ (fill in the blank) the risk of a widespread physical disaster such as a hurricane or earthquake.

Question165: The application systems of an organization using open-source software have no single recognized developer producing patches. Which of the following would be the MOST secure way of updating open- source software?

Question166: The FIRST step in data classification is to:

Question167: The MOST likely explanation for the use of applets in an Internet application is that:

Question168: What can be implemented to provide the highest level of protection from external attack?

Question169: The PRIMARY purpose of audit trails is to:

Question170: Which of the following types of testing would determine whether a new or modifies system can operate in its target environment without adversely impacting other existing systems?

Question171: Which of the following statements pertaining to IPSec is incorrect?

Question172: Proper segregation of duties prohibits a system analyst from performing quality-assurance functions. True or false?

Question173: Which of the following would be the MOST cost-effective recommendation for reducing the number of defects encountered during software development projects?

Question174: Which of the following findings should an IS auditor be MOST concerned about when performing an audit of backup and recovery and the offsite storage vault?

Question175: In which of the following situations is it MOST appropriate to implement data mirroring as the recovery strategy?

Question176: Which of the following system and data conversion strategies provides the GREATEST redundancy?

Question177: Which of the following systems or tools can recognize that a credit card transaction is more likely to have resulted from a stolen credit card than from the holder of the credit card?

Question178: An organization is disposing of a number of laptop computers. Which of the following data destruction methods would be the MOST effective?

Question179: The potential for unauthorized system access by way of terminals or workstations within an organization's facility is increased when:

Question180: Which of the following INCORRECTLY describes the layer functions of the LAN or WAN Layer of the TCP/ IP model?

Question181: Which of the following would be BEST prevented by a raised floor in the computer machine room?

Question182: What should an organization do before providing an external agency physical access to its information processing facilities (IPFs)?

Question183: Which of the following type of network service stores information about the various resources in a central database on a network and help network devices locate services?

Question184: While copying files from a floppy disk, a user introduced a virus into the network. Which of the following would MOST effectively detect the existence of the virus?

Question185: Inadequate programming and coding practices introduce the risk of:

Question186: What should regression testing use to obtain accurate conclusions regarding the effects of changes or corrections to a program, and ensuring that those changes and corrections have not introduced new errors?

Question187: Reconfiguring which of the following firewall types will prevent inward downloading of files through the File Transfer Protocol (FTP)?

Question188: To ensure message integrity, confidentiality and non-repudiation between two parties, the MOST effective method would be to create a message digest by applying a cryptographic hashing algorithm against:

Question189: In RFID technology which of the following risk could represent a threat to non-RFID networked or collocated systems, assets, and people?

Question190: Which of the following attack redirects outgoing message from the client back onto the client, preventing outside access as well as flooding the client with the sent packets?

Question191: In a public key infrastructure (PKI), which of the following may be relied upon to prove that an online transaction was authorized by a specific customer?

Question192: Responsibility and reporting lines cannot always be established when auditing automated systems since:

Question193: An IS auditor reviewing an accounts payable system discovers that audit logs are not being reviewed.
When this issue is raised with management the response is that additional controls are not necessary because effective system access controls are in place. The BEST response the auditor can make is to:

Question194: Which of the following protocol does NOT work at Network interface layer in TCP/IP model?

Question195: An IS auditor is reviewing a project that is using an Agile software development approach. Which of the following should the IS auditor expect to find?

Question196: Who is responsible for providing adequate physical and logical security for IS program, data and equipment?

Question197: An IS auditor has audited a business continuity plan (BCP). Which of the following findings is the MOST critical?

Question198: Which of the following term in business continuity determines the maximum tolerable amount of time that is needed to verify the system and/or data integrity?

Question199: Which of the following type of a computer network covers a limited area such as a home, office or campus?

Question200: Which of the following PBX feature supports shared extensions among several devices, ensuring that only one device at a time can use an extension?

Question201: An existing system is being extensively enhanced by extracting and reusing design and program components. This is an example of:

Question202: Which of the following transmission media is MOST difficult to tap?

Question203: A live test of a mutual agreement for IT system recovery has been carried out, including a four- hour test of intensive usage by the business units. The test has been successful, but gives only partial assurance that the:

Question204: An IS auditor should review the configuration of which of the following protocols to detect unauthorized mappings between the IP address and the media access control (MAC) address?

Question205: Which of the following implementation modes would provide the GREATEST amount of security for outbound data connecting to the internet?

Question206: An organization with extremely high security requirements is evaluating the effectiveness of biometric systems. Which of the following performance indicators is MOST important?

Question207: Which of the following comparisons are used for identification and authentication in a biometric system?

Question208: During an audit, an IS auditor notes that an organization's business continuity plan (BCP) does not adequately address information confidentiality during a recovery process. The IS auditor should recommend that the plan be modified to include:

Question209: Which of the following is the MOST effective type of antivirus software?

Question210: Parity bits are a control used to validate:

Question211: Time constraints and expanded needs have been found by an IS auditor to be the root causes for recent violations of corporate data definition standards in a new business intelligence project.
Which of the following is the MOST appropriate suggestion for an auditor to make?

Question212: Which of the following controls would BEST detect intrusion?

Question213: Which of the following fire suppression systems is MOST appropriate to use in a data center environment?

Question214: Which of the following Confidentiality, Integrity, Availability (CIA) attribute supports the principle of least privilege by providing access to information only to authorized and intended users?

Question215: To properly evaluate the collective effect of preventative, detective, or corrective controls within a process, an IS auditor should be aware of which of the following?

Question216: Which of the following is the BEST method for determining the criticality of each application system in the production environment?

Question217: The IS management of a multinational company is considering upgrading its existing virtual private network (VPN) to support voice-over IP (VoIP) communications via tunneling. Which of the following considerations should be PRIMARILY addressed?

Question218: What process allows IS management to determine whether the activities of the organization differ from the planned or expected levels?

Question219: Confidentiality of the data transmitted in a wireless LAN is BEST protected if the session is:

Question220: A data center has a badge-entry system. Which of the following is MOST important to protect the computing assets in the center?

Question221: Which of the following cryptography options would increase overhead/cost?

Question222: What is often assured through table link verification and reference checks?

Question223: Users are issued security tokens to be used in combination with a PIN to access the corporate virtual private network (VPN). Regarding the PIN, what is the MOST important rule to be included in a security policy?

Question224: Sending a message and a message hash encrypted by the sender's private key will ensure:

Question225: The PRIMARY objective of Secure Sockets Layer (SSL) is to ensure:

Question226: Who is mainly responsible for protecting information assets they have been entrusted with on a daily basis by defining who can access the data, it's sensitivity level, type of access, and adhering to corporate information security policies?

Question227: A virtual private network (VPN) provides data confidentiality by using:

Question228: Identify the correct sequence of Business Process Reengineering (BPR) application steps from the given choices below?

Question229: Which of the following is the GREATEST risk when storage growth in a critical file server is not managed properly?

Question230: When developing a business continuity plan (BCP), which of the following tools should be used to gain an understanding of the organization's business processes?

Question231: An IS auditor conducting a review of disaster recovery planning (DRP) at a financial processing organization has discovered the following:
* The existing disaster recovery plan was compiled two years earlier by a systems analyst in the organization's IT department using transaction flow projections from the operations department.
* The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his/her attention.
* The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for its area in the event of a disruptive incident.
The basis of an organization's disaster recovery plan is to reestablish live processing at an alternative site where a similar, but not identical, hardware configuration is already established. An IS auditor should:

Question232: An organization is implementing a new system to replace a legacy system. Which of the following conversion practices creates the GREATEST risk?

Question233: Which of the following cryptographic systems is MOST appropriate for bulk data encryption and small devices such as smart cards?

Question234: An organization is migrating from a legacy system to an enterprise resource planning (ERP) system. While reviewing the data migration activity, the MOST important concern for the IS auditor is to determine that there is a:

Question235: During an application audit, an IS auditor finds several problems related to corrupted data in the database.
Which of the following is a corrective control that the IS auditor should recommend?

Question236: A technical lead who was working on a major project has left the organization. The project manager reports suspicious system activities on one of the servers that is accessible to the whole team. What would be of GREATEST concern if discoveredduring a forensic investigation?

Question237: Which of the following is an example of a passive attack initiated through the Internet?

Question238: Which of the following process consist of identification and selection of data from the imaged data set in computer forensics?

Question239: An organization is using an enterprise resource management (ERP) application. Which of the following would be an effective access control?

Question240: Which of the following is an implementation risk within the process of decision support systems?

Question241: Which of the following aspects of symmetric key encryption influenced the development of asymmetric encryption?

Question242: Which of the following is NOT a component of IPSec?

Question243: Which of the following database model allow many-to-many relationships in a tree-like structure that allows multiple parents?

Question244: Mitigating the risk and impact of a disaster or business interruption usually takes priority over transference of risk to a third party such as an insurer. True or false?

Question245: The MAJOR advantage of a component-based development approach is the:

Question246: Which of the following attack includes social engineering, link manipulation or web site forgery techniques?

Question247: Which of the following protocol uses serial interface for communication between two computers in WAN technology?

Question248: When performing a database review, an IS auditor notices that some tables in the database are not normalized. The IS auditor should next:

Question249: ISO 9126 is a standard to assist in evaluating the quality of a product. Which of the following is defined as a set of attributes that bear on the existence of a set of functions and their specified properties?

Question250: When should reviewing an audit client's business plan be performed relative to reviewing an organization's IT strategic plan?

Question251: Which of the following term in business continuity defines the total amount of time that a business process can be disrupted without causing any unacceptable consequences?

Question252: When reviewing an organization's approved software product list, which of the following is the MOST important thing to verify?

Question253: When using a universal storage bus (USB) flash drive to transport confidential corporate data to an offsite location, an effective control would be to:

Question254: Which of the following would an IS auditor consider to be the MOST helpful when evaluating the effectiveness and adequacy of a computer preventive maintenance program?

Question255: In which of the following database models is the data represented in terms of tulles and grouped into relations?

Question256: Which of the following is a technique that could be used to capture network user passwords?

Question257: Which of the following level in CMMI model focuses on process definition and process deployment?

Question258: Which of the following would be considered an essential feature of a network management system?

Question259: Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly?

Question260: Which of the following software development methodology uses minimal planning and in favor of rapid prototyping?

Question261: How is the risk of improper file access affected upon implementing a database system?

Question262: The GREATEST advantage of using web services for the exchange of information between two systems is:

Question263: After implementation of a disaster recovery plan, pre-disaster and post-disaster operational costs for an organization will:

Question264: Which of the following exposures could be caused by a line grabbing technique?

Question265: The MOST significant level of effort for business continuity planning (BCP) generally is required during the:

Question266: Which of the following is an estimation technique where the results can be measure by the functional size of an information system based on the number and complexity of input, output, interface and queries?

Question267: John has been hired to fill a new position in one of the well-known financial institute. The position is for IS auditor. He has been assigned to complete IS audit of one of critical financial system. Which of the following should be the first step for John to be perform during IS audit planning?

Question268: The MOST effective biometric control system is the one:

Question269: The FIRST step in managing the risk of a cyber-attack is to:

Question270: Which of the following user profiles should be of MOST concern to an IS auditor when performing an audit of an EFT system?

Question271: The cost of ongoing operations when a disaster recovery plan is in place, compared to not having a disaster recovery plan, will MOST likely:

Question272: Which of the following type of computer is a large, general purpose computer that are made to share their processing power and facilities with thousands of internal or external users?

Question273: A TCP/IP-based environment is exposed to the Internet. Which of the following BEST ensures that complete encryption and authentication protocols exist for protecting information while transmitted?

Question274: When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected on the network?

Question275: Which of the following attack best describe "Computer is the target of a crime" and "Computer is the tool of a crime"?

Question276: A lower recovery time objective (RTO) results in:

Question277: Following best practices, formal plans for implementation of new information systems are developed during the:

Question278: Which of the following would help to ensure the portability of an application connected to a database?

Question279: An IS auditor conducting a review of disaster recovery planning (DRP) at a financial processing organization has discovered the following:
-The existing disaster recovery plan was compiled two years earlier by a systems analyst in the organization's IT department using transaction flow projections from the operations department.
-The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting their attention.
- the plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for its area in the event of a disruptive incident.
The IS auditor's report should recommend that:

Question280: Which of the following BEST reduces the ability of one device to capture the packets that are meant for another device?

Question281: The PRIMARY objective of performing a postincident review is that it presents an opportunity to:

Question282: Which of the following controls will MOST effectively detect the presence of bursts of errors in network transmissions?

Question283: Which of the following type of lock uses a magnetic or embedded chip based plastic card key or token entered into a sensor/reader to gain access?

Question284: Which of the following term in business continuity determines the maximum tolerable amount of time needed to bring all critical systems back online after disaster occurs?

Question285: An organization has a recovery time objective (RTO) equal to zero and a recovery point objective (RPO) close to 1 minute for a critical system. This implies that the system can tolerate:

Question286: How does the digital envelop work? What are the correct steps to follow?

Question287: Which of the following is the MOST reliable form of single factor personal identification?

Question288: To determine which users can gain access to the privileged supervisory state, which of the following should an IS auditor review?

Question289: To determine how data are accessed across different platforms in a heterogeneous environment, an IS auditor should FIRST review:

Question290: Which of the following type of an IDS resides on important systems like database, critical servers and monitors various internal resources of an operating system?

Question291: Which of the following will help detect changes made by an intruder to the system log of a server?

Question292: The MOST important success factor in planning a penetration test is:

Question293: In what way is a common gateway interface (CGI) MOST often used on a webserver?

Question294: When reviewing a digital certificate verification process, which of the following findings represents the MOST significant risk?

Question295: When auditing security for a data center, an IS auditor should look for the presence of a voltage regulator to ensure that the:

Question296: The reason a certification and accreditation process is performed on critical systems is to ensure that:

Question297: Which of the following is a general operating system access control function?

Question298: In a small organization, developers may release emergency changes directly to production. Which of the following will BEST control the risk in this situation?

Question299: Which of the following is an appropriate test method to apply to a business continuity plan (BCP)?

Question300: Which of the following would be the BEST access control procedure?

Question301: Validated digital signatures in an e-mail software application will:

Question302: An IS auditor analyzing the audit log of a database management system (DBMS) finds that some transactions were partially executed as a result of an error, and are not rolled back. Which of the following transaction processing features has been violated?

Question303: Which of the following network configuration options contains a direct link between any two host machines?

Question304: Which of the following must exist to ensure the viability of a duplicate information processing facility?

Question305: An organization is using symmetric encryption. Which of the following would be a valid reason for moving to asymmetric encryption? Symmetric encryption:

Question306: How often should a Business Continuity Plan be reviewed?

Question307: When auditing a proxy-based firewall, an IS auditor should:

Question308: If the recovery time objective (RTO) increases:

Question309: Which of the following protocol is used for electronic mail service?

Question310: Which of the following would effectively verify the originator of a transaction?

Question311: In a relational database with referential integrity, the use of which of the following keys would prevent deletion of a row from a customer table as long as the customer number of that row is stored with live orders on the orders table?

Question312: When reviewing print systems spooling, an IS auditor is MOST concerned with which of the following vulnerabilities?

Question313: Which of the following is the MOST important action in recovering from a cyberattack?

Question314: Disaster recovery planning (DRP) for a company's computer system usually focuses on:

Question315: Which of the following antivirus software implementation strategies would be the MOST effective in an interconnected corporate network?

Question316: Which of the following should an IS auditor recommend for the protection of specific sensitive information stored in the data warehouse?

Question317: Sign-on procedures include the creation of a unique user ID and password. However, an IS auditor discovers that in many cases the username and password are the same. The BEST control to mitigate this risk is to:

Question318: Which of the following type of a computer network are variation of LAN and are dedicated to connecting storage devices to servers and other computing devices?

Question319: An offsite information processing facility:

Question320: Which of the following type of IDS has self-learning functionality and over a period of time will learned what is the expected behavior of a system?

Question321: A digital signature contains a message digest to:

Question322: An IS auditor is performing a network security review of a telecom company that provides Internet connection services to shopping malls for their wireless customers. The company uses Wireless Transport Layer Security (WTLS) and Secure Sockets Layer (SSL) technology for protecting their customer's payment information. The IS auditor should be MOST concerned if a hacker:

Question323: Which of the following protocols would be involved in the implementation of a router and an interconnectivity device monitoring system?

Question324: Which of the following is a dynamic analysis tool for the purpose of testing software modules?

Question325: Which of the following would be an indicator of the effectiveness of a computer security incident response team?

Question326: In a client-server architecture, a domain name service (DNS) is MOST important because it provides the:

Question327: Assuming this diagram represents an internal facility and the organization is implementing a firewall protection program, where should firewalls be installed?

Question328: Two-factor authentication can be circumvented through which of the following attacks?

Question329: As updates to an online order entry system are processed, the updates are recorded on a transaction tape and a hard copy transaction log. At the end of the day, the order entry files are backed up on tape. During the backup procedure, a drive malfunctions and the order entry files are lost. Which of the following is necessary to restore these files?

Question330: Which of the following should be of PRIMARY concern to an IS auditor reviewing the management of external IT service providers?

Question331: Which testing approach is MOST appropriate to ensure that internal application interface errors are identified as soon as possible?

Question332: Normally, it would be essential to involve which of the following stakeholders in the initiation stage of a project?

Question333: Which of the following would BEST maintain the integrity of a firewall log?

Question334: Depending on the complexity of an organization's business continuity plan (BCP), the plan may be developed as a set of more than one plan to address various aspects of business continuity and disaster recovery, in such an environment, it is essential that:

Question335: An IS auditor should be MOST concerned with what aspect of an authorized honeypot?

Question336: In large corporate networks having supply partners across the globe, network traffic may continue to rise.
The infrastructure components in such environments should be scalable. Which of the following firewall architectures limits future scalability?

Question337: What type of risk is associated with authorized program exits (trap doors)?

Question338: What should an IS auditor do if he or she observes that project-approval procedures do not exist?

Question339: Which of the following components is responsible for the collection of data in an intrusion detection system (IDS)?

Question340: A perpetrator looking to gain access to and gather information about encrypted data being transmitted over the network would use:

Question341: An advantage in using a bottom-up vs. a top-down approach to software testing is that:

Question342: The MOST effective control for reducing the risk related to phishing is:

Question343: Java applets and ActiveX controls are distributed executable programs that execute in the background of a web browser client. This practice is considered reasonable when:

Question344: Naming conventions for system resources are important for access control because they:

Question345: Which of the following is a ITU-T standard protocol suite for packet switched wide area network communication?

Question346: The reliability of an application system's audit trail may be questionable if:

Question347: Which of the following is a software application that pretend to be a server on the Internet and is not set up purposely to actively protect against break-ins?

Question348: Which of the following would an IS auditor consider to be the MOST important to review when conducting a business continuity audit?

Question349: An installed Ethernet cable run in an unshielded twisted pair (UTP) network is more than 100 meters long.
Which of the following could be caused by the length of the cable?

Question350: Over the long term, which of the following has the greatest potential to improve the security incident response process?

Question351: Which of the following term in business continuity defines the total amount of time that a business process can be disrupted without causing any unacceptable consequences?

Question352: Which of the following is the MOST important criterion when selecting a location for an offsite storage facility for IS backup files? The offsite facility must be:

Question353: Which of the following would prevent accountability for an action performed, thus allowing nonrepudiation?

Question354: The responsibility for authorizing access to a business application system belongs to the:

Question355: During an IS audit, auditor has observed that authentication and authorization steps are split into two functions and there is a possibility to force the authorization step to be completed before the authentication step. Which of the following technique an attacker could user to force authorization step before authentication?

Question356: By evaluating application development projects against the capability maturity model (CMM), an IS auditor should be able to verify that:

Question357: The MOST effective control for addressing the risk of piggybacking is:

Question358: Which of the following is the MOST important objective of data protection?

Question359: The database administrator (DBA) suggests that DB efficiency can be improved by denormalizing some tables. This would result in:

Question360: Why is a clause for requiring source code escrow in an application vendor agreement important?

Question361: The PRIMARY reason for using digital signatures is to ensure data:

Question362: Which of the following biometrics has the highest reliability and lowest false-acceptance rate (FAR)?

Question363: If a database is restored from information backed up before the last system image, which of the following is recommended?

Question364: Receiving an EDI transaction and passing it through the communication's interface stage usually requires:

Question365: Which of the following is a practice that should be incorporated into the plan for testing disaster recovery procedures?

Question366: An IS auditor noted that an organization had adequate business continuity plans (BCPs) for each individual process, but no comprehensive BCP. Which would be the BEST course of action for the IS auditor?

Question367: Online banking transactions are being posted to the database when processing suddenly comes to a halt.
The integrity of the transaction processing is BEST ensured by:

Question368: Which of the following BEST limits the impact of server failures in a distributed environment?

Question369: Which of the following is a distinctive feature of the Secure Electronic Transactions (SET) protocol when used for electronic credit card payments?

Question370: Accountability for the maintenance of appropriate security measures over information assets resides with the:

Question371: To develop a successful business continuity plan, end user involvement is critical during which of the following phases?

Question372: Which of the following layer of an enterprise data flow architecture does the scheduling of the tasks necessary to build and maintain the Data Warehouse (DW) and also populates Data Marts?

Question373: An IS auditor observes a weakness in the tape management system at a data center in that some parameters are set to bypass or ignore tape header records. Which of the following is the MOST effective compensating control for this weakness?

Question374: Management considered two projections for its business continuity plan; plan A with two months to recover and plan B with eight months to recover. The recovery objectives are the same in both plans. It is reasonable to expect that plan B projected higher:

Question375: As part of the business continuity planning process, which of the following should be identified FIRST in the business impact analysis?

Question376: When a new system is to be implemented within a short time frame, it is MOST important to:

Question377: To prevent IP spoofing attacks, a firewall should be configured to drop a packet if:

Question378: The implementation of access controls FIRST requires:

Question379: Which of the following would be the BEST overall control for an Internet business looking for confidentiality, reliability and integrity of data?

Question380: The MOST likely explanation for a successful social engineering attack is:

Question381: What is a callback system?

Question382: Which of the following functions should be performed by the application owners to ensure an adequate segregation of duties between IS and end users?

Question383: Who is responsible for the overall direction, costs, and timetables for systems-development projects?

Question384: Which of the following term related to network performance refers to the delay that packet may experience on their way to reach the destination from the source?

Question385: During a human resources (HR) audit, an IS auditor is informed that there is a verbal agreement between the IT and HR departments as to the level of IT services expected. In this situation, what should the IS auditor do FIRST?

Question386: Why does an IS auditor review an organization chart?

Question387: In a client-server system, which of the following control techniques is used to inspect activity from known or unknown users?

Question388: Which of the following option INCORRECTLY describes PBX feature?

Question389: After an IS auditor has identified threats and potential impacts, the auditor should:

Question390: Which of the following is the PRIMARY safeguard for securing software and data within an information processing facility?

Question391: The GREATEST risk when end users have access to a database at its system level, instead of through the application, is that the users can:

Question392: A clerk changed the interest rate for a loan on a master file. The rate entered is outside the normal range for such a loan. Which of the following controls is MOST effective in providing reasonable assurance that the change was authorized?

Question393: When reviewing the procedures for the disposal of computers, which of the following should be the GREATEST concern for the IS auditor?

Question394: The waterfall life cycle model of software development is most appropriately used when:

Question395: An IS auditor finds that client requests were processed multiple times when received from different independent departmental databases, which are synchronized weekly. What would be the BEST recommendation?

Question396: Which of the following processes should an IS auditor recommend to assist in the recording of baselines for software releases?

Question397: Which of the following controls would be the MOST comprehensive in a remote access network with multiple and diverse subsystems?

Question398: Which of the following PBX feature provides the possibility to break into a busy line to inform another user of an important message?

Question399: Which of the following is an advantage of the top-down approach to software testing?

Question400: A company undertakes a business process reengineering (BPR) project in support of a new and direct marketing approach to its customers. Which of the following would be an IS auditor's main concern about the new process?

Question401: The logical exposure associated with the use of a checkpoint restart procedure is:

Question402: Which of the following malware technical fool's malware by appending section of themselves to files - somewhat in the same way that file malware append themselves?

Question403: Which of the following method should be recommended by security professional to erase the data on the magnetic media that would be reused by another employee?

Question404: Which of the following is a concern when data are transmitted through Secure Sockets Layer (SSL) encryption, implemented on a trading partner's server?

Question405: An organization is considering connecting a critical PC-based system to the Internet. Which of the following would provide the BEST protection against hacking?

Question406: Which of the following biometrics methods provides the HIGHEST accuracy and is LEAST accepted by users?

Question407: Who is ultimately responsible for providing requirement specifications to the software- development team?

Question408: When auditing a disaster recovery plan for a critical business area, an IS auditor finds that it does not cover all the systems. Which of the following is the MOST appropriate action for the IS auditor?

Question409: When reviewing an organization's logical access security, which of the following should be of MOST concern to an IS auditor?

Question410: Which of the following statement INCORRECTLY describes device and where they sit within the TCP/IP model?

Question411: An IS auditor should know information about different network transmission media. Which of the following transmission media is used for short distance transmission?

Question412: An auditor needs to be aware of technical controls which are used to protect computer from malware.
Which of the following technical control interrupts DoS and ROM BIOS call and look for malware like action?

Question413: Which of the following would be of MOST concern to an IS auditor reviewing a virtual private network (VPN) implementation? Computers on the network that are located:

Question414: Which of the following service is a distributed database that translate host name to IP address to IP address to host name?

Question415: The PRIMARY objective of service-level management (SLM) is to:

Question416: Which of the following is the GREATEST concern when an organization's backup facility is at a warm site?

Question417: Which of the following type of network service is used by network computer to obtain an IP addresses and other parameters such as default gateway, subnet mask?

Question418: An IS auditor reviewing an organization's data file control procedures finds that transactions are applied to the most current files, while restart procedures use earlier versions. The IS auditor should recommend the implementation of:

Question419: An IS auditor evaluating the resilience of a high-availability network should be MOST concerned if:

Question420: Which of the following INCORRECTLY describes the layer function of the Application Layer within the TCP/IP model?

Question421: Which of the following is a passive attack method used by intruders to determine potential network vulnerabilities?

Question422: To determine if unauthorized changes have been made to production code the BEST audit procedure is to:

Question423: Which policy helps an auditor to gain a better understanding of biometrics system in an organization?

Question424: After installing a network, an organization installed a vulnerability assessment tool or security scanner to identify possible weaknesses. Which is the MOST serious risk associated with such tools?

Question425: Which of the following is protocol data unit (PDU) of network interface layer in TCP/IP model?

Question426: Which of the following is the most fundamental step in preventing virus attacks?

Question427: Which of the following type of honey pot essentially gives a hacker a real environment to attack?

Question428: Digital signatures require the sender to "sign" the data by encrypting the data with the sender's public key, to then be decrypted by the recipient using the recipient's private key.
True or false?

Question429: A business application system accesses a corporate database using a single ID and password embedded in a program. Which of the following would provide efficient access control over the organization's data?

Question430: In transport mode, the use of the Encapsulating Security Payload (ESP) protocol is advantageous over the Authentication Header (AH) protocol because it provides:

Question431: A company has implemented a new client-server enterprise resource planning (ERP) system. Local branches transmit customer orders to a central manufacturing facility. Which of the following would BEST ensure that the orders are entered accurately and the corresponding products are produced?

Question432: In the 2c area of the diagram, there are three hubs connected to each other. What potential risk might this indicate?

Question433: An IS auditor finds that user acceptance testing of a new system is being repeatedly interrupted as defect fixes are implemented by developers. Which of the following would be the BEST recommendation for an IS auditor to make?

Question434: What should be the GREATEST concern to an IS auditor when employees use portable media (MP3 players, flash drives)?

Question435: To ensure compliance with a security policy requiring that passwords be a combination of letters and numbers, an IS auditor should recommend that:

Question436: After reviewing its business processes, a large organization is deploying a new web application based on a VoIP technology. Which of the following is the MOST appropriate approach for implementing access control that will facilitate security management of the VoIP web application?

Question437: Which of the following would be the MOST significant audit finding when reviewing a point-of-sale (POS) system?

Question438: What is the BEST backup strategy for a large database with data supporting online sales?

Question439: Which of the following should be of MOST concern to an IS auditor reviewing the BCP?

Question440: Proper segregation of duties does not prohibit a quality control administrator from also being responsible for change control and problem management. True or false?

Question441: Which of the following layer of an enterprise data flow architecture is concerned with basic data communication?

Question442: Which of the following layer of an enterprise data flow architecture represents subset of information from the core Data Warehouse selected and organized to meet the needs of a particular business unit or business line?

Question443: During an audit of a business continuity plan (BCP), an IS auditor found that, although all departments were housed in the same building, each department had a separate BCP. The IS auditor recommended that the BCPs be reconciled. Which of the following areas should be reconciled FIRST?

Question444: Which of the following statement correctly describes the difference between IPSec and SSH protocols?

Question445: Which of the following is the dominating objective of BCP and DRP?

Question446: Which of the following is the INCORRECT Layer to Protocol mapping used in the DOD TCP/IP model?

Question447: Which of the following devices extends the network and has the capacity to store frames and act as a storage and forward device?

Question448: Which of the following is an environmental issue caused by electric storms or noisy electric equipment and may also cause computer system to hang or crash?

Question449: An organization has a number of branches across a wide geographical area. To ensure that all aspects of the disaster recovery plan are evaluated in a cost effective manner, an IS auditor should recommend the use of a:

Question450: The MAIN reason for requiring that all computer clocks across an organization be synchronized is to:

Question451: There are many types of audit logs analysis tools available in the market. Which of the following audit logs analysis tools will look for anomalies in user or system behavior?

Question452: Which of the following should be the MOST important criterion in evaluating a backup solution for sensitive data that must be retained for a long period of time due to regulatory requirements?

Question453: Which of the following technique is used for speeding up network traffic flow and making it easier to manage?

Question454: An IS auditor who has discovered unauthorized transactions during a review of EDI transactions is likely to recommend improving the:

Question455: Which of the following is the BEST audit procedure to determine if a firewall is configured in compliance with an organization's security policy?

Question456: Which of the following functions is performed by a virtual private network (VPN)?

Question457: A hot site should be implemented as a recovery strategy when the:

Question458: In the event of a data center disaster, which of the following would be the MOST appropriate strategy to enable a complete recovery of a critical database?

Question459: When two or more systems are integrated, input/output controls must be reviewed by an IS auditor in the:

Question460: Web and e-mail filtering tools are PRIMARILY valuable to an organization because they:

Question461: An IS auditor examining the configuration of an operating system to verify the controls should review the:

Question462: An IS auditor performing detailed network assessments and access control reviews should FIRST:

Question463: Which of the following ACID property in DBMS requires that each transaction is "all or nothing"?

Question464: Which of the following is MOST critical when creating data for testing the logic in a new or modified application system?

Question465: Which of the following is best suited for searching for address field duplications?

Question466: Which of the following layer of an enterprise data flow architecture is responsible for data copying, transformation in Data Warehouse (DW) format and quality control?

Question467: E-mail traffic from the Internet is routed via firewall-1 to the mail gateway. Mail is routed from the mail gateway, via firewall-2, to the mail recipients in the internal network. Other traffic is not allowed. For example, the firewalls do not allow direct traffic from the Internet to the internal network.

The intrusion detection system (IDS) detects traffic for the internal network that did not originate from the mail gateway. The FIRST action triggered by the IDS should be to:

Question468: IS management has decided to install a level 1 Redundant Array of Inexpensive Disks (RAID) system in all servers to compensate for the elimination of offsite backups. The IS auditor should recommend:

Question469: Which of the following network components is PRIMARILY set up to serve as a security measure by preventing unauthorized traffic between different segments of the network?

Question470: An IS auditor reviewing a database application discovers that the current configuration does not match the originally designed structure. Which of the following should be the IS auditor's next action?

Question471: An IS auditor should carefully review the functional requirements in a system-development project to ensure that the project is designed to:

Question472: Which of the following term in business continuity determines the maximum acceptable amount of data loss measured in time?

Question473: In addition to the backup considerations for all systems, which of the following is an important consideration in providing backup for online systems?

Question474: Which of the following would MOST effectively control the usage of universal storage bus (USB) storage devices?

Question475: The security level of a private key system depends on the number of:

Question476: The directory system of a database-management system describes:

Question477: When planning an audit of a network setup, an IS auditor should give highest priority to obtaining which of the following network documentation?

Question478: Which of the following uses a prototype that can be updated continually to meet changing user or business requirements?

Question479: When reviewing a hardware maintenance program, an IS auditor should assess whether:

Question480: Which of the following presents an inherent risk with no distinct identifiable preventive controls?

Question481: In which of the following WAN message transmission technique does two network nodes establish a dedicated communications channel through the network before the nodes may communicate?

Question482: Which of the following is a control over component communication failure/errors?

Question483: An organization's disaster recovery plan should address early recovery of:

Question484: Which of the following would an IS auditor consider a weakness when performing an audit of an organization that uses a public key infrastructure with digital certificates for its business-to- consumer transactions via the internet?

Question485: What is used to develop strategically important systems faster, reduce development costs, and still maintain high quality?

Question486: The MAIN criterion for determining the severity level of a service disruption incident is:

Question487: Structured programming is BEST described as a technique that:

Question488: During a logical access controls review, an IS auditor observes that user accounts are shared. The GREATEST risk resulting from this situation is that:

Question489: Which of the following software development methods is based on iterative and incremental development, where requirements and solutions evolve through collaboration between self-organizing, cross-functional teams?

Question490: An organization has contracted with a vendor for a turnkey solution for their electronic toll collection system (ETCS). The vendor has provided its proprietary application software as part of the solution. The contract should require that:

Question491: When using a digital signature, the message digest is computed:

Question492: Which of the following provides the BEST evidence of an organization's disaster recovery readiness?

Question493: To detect attack attempts that the firewall is unable to recognize, an IS auditor should recommend placing a network intrusion detection system (IDS) between the:

Question494: To provide protection for media backup stored at an offsite location, the storage site should be:

Question495: What type of risk results when an IS auditor uses an inadequate test procedure and concludes that material errors do not exist when errors actually exist?

Question496: A benefit of quality of service (QoS) is that the:

Question497: The purpose of code signing is to provide assurance that:

Question498: A database administrator has detected a performance problem with some tables which could be solved through denormalization. This situation will increase the risk of:

Question499: Neural networks are effective in detecting fraud because they can:

Question500: Which of the following processes are performed during the design phase of the systems development life cycle (SDLC) model?

Question501: What are trojan horse programs?

Question502: Which of the following layer of an enterprise data flow architecture represents subsets of information from the core data warehouse?

Question503: What is a risk associated with attempting to control physical access to sensitive areas such as computer rooms using card keys or locks?

Question504: As an IS auditor it is very important to understand software release management process. Which of the following software release normally contains a significant change or addition of new functionality?

Question505: While reviewing the IT infrastructure, an IS auditor notices that storage resources are continuously being added. The IS auditor should:

Question506: In which of the following transmission media it is MOST difficult to modify the information traveling across the network?

Question507: In a public key infrastructure, a registration authority:

Question508: An IS auditor reviewing a proposed application software acquisition should ensure that the:

Question509: In a small organization, an employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend?

Question510: Which of the following encrypt/decrypt steps provides the GREATEST assurance of achieving confidentiality, message integrity and nonrepudiation by either sender or recipient?

Question511: Which of the following cryptography is based on practical application of the characteristics of the smallest
"grains" of light, the photon, the physical laws governing their generation and propagation and detection?

Question512: Rather than simply reviewing the adequacy of access control, appropriateness of access policies, and effectiveness of safeguards and procedures, the IS auditor is more concerned with effectiveness and utilization of assets. True or false?

Question513: A structured walk-through test of a disaster recovery plan involves:

Question514: At the end of the testing phase of software development, an IS auditor observes that an intermittent software error has not been corrected. No action has been taken to resolve the error. The IS auditor should:

Question515: Which of the following type of lock uses a numeric keypad or dial to gain entry?

Question516: Which of the following layer of the OSI model provides a standard interface for applications to communicate with devices on a network?

Question517: Applying a digital signature to data traveling in a network provides:

Question518: Once an organization has finished the business process reengineering (BPR) of all its critical operations, an IS auditor would MOST likely focus on a review of:

Question519: Which of the following transmission media is LEAST vulnerable to cross talk?

Question520: Which of the following is the MOST effective control over visitor access to a data center?

Question521: Proper segregation of duties normally does not prohibit a LAN administrator from also having programming responsibilities. True or false?

Question522: During the review of a web-based software development project, an IS auditor realizes that coding standards are not enforced and code reviews are rarely carried out. This will MOST likely increase the likelihood of a successful:

Question523: The frequent updating of which of the following is key to the continued effectiveness of a disaster recovery plan (DRP)?

Question524: Batch control reconciliation is a _____________________ (fill the blank) control for mitigating risk of inadequate segregation of duties.

Question525: Which of the following is penetration test where the penetration tester is provided with limited or no knowledge of the target's information systems?

Question526: A review of wide area network (WAN) usage discovers that traffic on one communication line between sites, synchronously linking the master and standby database, peaks at 96 percent of the line capacity. An IS auditor should conclude that:

Question527: Which of the following ensures the availability of transactions in the event of a disaster?

Question528: The use of object-oriented design and development techniques would MOST likely:

Question529: When auditing third-party service providers, an IS auditor should be concerned with which of the following?

Question530: Which of the following BEST restricts users to those functions needed to perform their duties?

Question531: As an IS auditor, it is very important to make sure all storage media are well protected. Which of the following is the LEAST important factor for protecting CDs and DVDs?

Question532: Which of the following type of network service maps Domain Names to network IP addresses or network IP addresses to Domain Names?

Question533: Which of the following intrusion detection systems (IDSs) monitors the general patterns of activity and traffic on a network and creates a database?

Question534: Which of the following procedures would MOST effectively detect the loading of illegal software packages onto a network?

Question535: An IS auditor should expect the responsibility for authorizing access rights to production data and systems to be entrusted to the:

Question536: Above almost all other concerns, what often results in the greatest negative impact on the implementation of new application software?

Question537: Which of the following layer from an enterprise data flow architecture captures all data of interest to an organization and organize it to assist in reporting and analysis?

Question538: Which of the following is a standard secure email protection protocol?

Question539: Which of the following is the unique identifier within and IPSec packet that enables the sending host to reference the security parameter to apply?

Question540: Digital signatures require the:

Question541: Due to changes in IT, the disaster recovery plan of a large organization has been changed. What is the PRIMARY risk if the new plan is not tested?

Question542: The responsibility for authorizing access to application data should be with the:

Question543: Which of the following software development methodology is a reuse-based approach to defining, implementing and composing loosely coupled independent components into systems?

Question544: Which of the following would MOST effectively enhance the security of a challenge-response based authentication system?

Question545: A core tenant of an IS strategy is that it must:

Question546: A disaster recovery plan for an organization should:

Question547: IT operations for a large organization have been outsourced. An IS auditor reviewing the outsourced operation should be MOST concerned about which of the following findings?

Question548: The PRIMARY objective of a logical access control review is to:

Question549: A company uses a bank to process its weekly payroll. Time sheets and payroll adjustment forms (e.g., hourly rate changes, terminations) are completed and delivered to the bank, which prepares checks (cheques) and reports for distribution. To BEST ensure payroll data accuracy:

Question550: Which of the following provides the MOST relevant information for proactively strengthening security settings?

Question551: Which key is used by the sender of a message to create a digital signature for the message being sent?

Question552: Which of the following provides the BEST single-factor authentication?

Question553: Which of the following would provide the BEST protection against the hacking of a computer connected to the Internet?

Question554: When performing an audit of a client relationship management (CRM) system migration project, which of the following should be of GREATEST concern to an IS auditor?

Question555: Which of the following statement correctly describes one way SSL authentication between a client (e.g.
browser) and a server (e.g. web server)?

Question556: The purpose of a deadman door controlling access to a computer facility is primarily to:

Question557: Which of the following is a passive attack to a network?

Question558: Electromagnetic emissions from a terminal represent an exposure because they:

Question559: Which of the following layer of an OSI model transmits and receives the bit stream as electrical, optical or radio signals over an appropriate medium or carrier?

Question560: During the testing of the business continuity plan (BCP), which of the following methods of results analysis provides the BEST assurance that the plan is workable?

Question561: At a hospital, medical personal carry handheld computers which contain patient health data. These handheld computers are synchronized with PCs which transfer data from a hospital database. Which of the following would be of the most importance?

Question562: An IS auditor finds that, at certain times of the day, the data warehouse query performance decreases significantly. Which of the following controls would it be relevant for the IS auditor to review?

Question563: When should systems administrators first assess the impact of applications or systems patches?

Question564: An information security policy stating that 'the display of passwords must be masked or suppressed' addresses which of the following attack methods?

Question565: An organization provides information to its supply chain partners and customers through an extranet infrastructure. Which of the following should be the GREATEST concern to an IS auditor reviewing the firewall security architecture?

Question566: An IS auditor has identified the lack of an authorization process for users of an application. The IS auditor's main concern should be that:

Question567: Which of the following functionality is NOT performed by the application layer of a TCP/IP model?

Question568: Which of the following term related to network performance refers to the number of corrupted bits expressed as a percentage or fraction of the total sent?

Question569: Which of the following level in CMMI model focuses on process innovation and continuous optimization?

Question570: The information security policy that states 'each individual must have their badge read at every controlled door' addresses which of the following attack methods?

Question571: Who is responsible for restricting and monitoring access of a data user?

Question572: The GREATEST benefit in implementing an expert system is the:

Question573: Regarding a disaster recovery plan, the role of an IS auditor should include:

Question574: Which of the following method is recommended by security professional to PERMANENTLY erase sensitive data on magnetic media?

Question575: Functionality is a characteristic associated with evaluating the quality of software products throughout their life cycle, and is BEST described as the set of attributes that bear on the:

Question576: Which of the following is of greatest concern when performing an IS audit?

Question577: During the review of a biometrics system operation, an IS auditor should FIRST review the stage of:

Question578: A financial institution that processes millions of transactions each day has a central communications processor (switch) for connecting to automated teller machines (ATMs). Which of the following would be the BEST contingency plan for the communications processor?

Question579: The use of statistical sampling procedures helps minimize:

Question580: When performing an IS strategy audit, an IS auditor should review both short-term (one- year) and long- term (three-to five-year) IS strategies, interview appropriate corporate management personnel, and ensure that the external environment has been considered. The auditor should especially focus on procedures in an audit of IS strategy. True or false?

Question581: An IS auditor needs to consider many factors while evaluating an encryption system. Which of the following is LEAST important factor to be considered while evaluating an encryption system?

Question582: Which of the following attack involves slicing small amount of money from a computerize transaction or account?

Question583: An offsite information processing facility with electrical wiring, air conditioning and flooring, but no computer or communications equipment, is a:

Question584: Which of the following would BEST support 24/7 availability?

Question585: What should IS auditors always check when auditing password files?

Question586: Which of the following satisfies a two-factor user authentication?

Question587: After identifying potential security vulnerabilities, what should be the IS auditor's next step?

Question588: Which of the following is the MOST important consideration when defining recovery point objectives (RPOs)?

Question589: An organization can ensure that the recipients of e-mails from its employees can authenticate the identity of the sender by:

Question590: In an online banking application, which of the following would BEST protect against identity theft?

Question591: Which of the following device in Frame Relay WAN technique is generally customer owned device that provides a connectivity between company's own network and the frame relays network?

Question592: Which of the following environmental controls is appropriate to protect computer equipment against short- term reductions in electrical power?

Question593: The most likely error to occur when implementing a firewall is:

Question594: Which of the following layer in an enterprise data flow architecture derives enterprise information from operational data, external data and nonoperational data?

Question595: Which of the following attack is also known as Time of Check(TOC)/Time of Use(TOU)?

Question596: A PRIMARY benefit derived from an organization employing control self-assessment (CSA) techniques is that it:

Question597: Which of the following provides the GREATEST assurance of message authenticity?

Question598: In computer forensics, which of the following is the process that allows bit-for-bit copy of a data to avoid damage of original data or information when multiple analysis may be performed?

Question599: In a contract with a hot, warm or cold site, contractual provisions should cover which of the following considerations?

Question600: A call-back system requires that a user with an id and password call a remote server through a dial-up line, then the server disconnects and:

Question601: Which of the following are effective in detecting fraud because they have the capability to consider a large number of variables when trying to resolve a problem?

Question602: In auditing a web server, an IS auditor should be concerned about the risk of individuals gaining unauthorized access to confidential information through:

Question603: Diskless workstation is an example of:

Question604: An IS auditor conducting an access control review in a client-server environment discovers that all printing options are accessible by all users. In this situation, the IS auditor is MOST likely to conclude that:

Question605: Which of the following methods of suppressing a fire in a data center is the MOST effective and environmentally friendly?

Question606: Identify the correct sequence which needs to be followed as a chain of event in regards to evidence handling in computer forensics?

Question607: Which of the following statement is NOT true about smoke detector?

Question608: Who is accountable for maintaining appropriate security measures over information assets?

Question609: Why is the WAP gateway a component warranting critical concern and review for the IS auditor when auditing and testing controls enforcing message confidentiality?

Question610: The BEST way to minimize the risk of communication failures in an e-commerce environment would be to use:

Question611: During an audit of a telecommunications system, an IS auditor finds that the risk of intercepting data transmitted to and from remote sites is very high. The MOST effective control for reducing this exposure is:

Question612: Which of the following is the INCORRECT "layer - protocol" mapping within the TCP/IP model?

Question613: From a risk management point of view, the BEST approach when implementing a large and complex IT infrastructure is:

Question614: Input/output controls should be implemented for which applications in an integrated systems environment?

Question615: When using an integrated test facility (ITF), an IS auditor should ensure that:

Question616: Which of the following statement INCORRECTLY describes network device such as a Router?

Question617: Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?

Question618: Which of the following intrusion detection systems (IDSs) will MOST likely generate false alarms resulting from normal network activity?

Question619: To determine who has been given permission to use a particular system resource, an IS auditor should review:

Question620: If inadequate, which of the following would be the MOST likely contributor to a denial-of-service attack?

Question621: Which of the following layer in in an enterprise data flow architecture is directly death with by end user with information?

Question622: Which of the following encryption techniques will BEST protect a wireless network from a man-in-the- middle attack?

Question623: Which of the following layer of an OSI model responsible for routing and forwarding of a network packets?

Question624: Which of the following database controls would ensure that the integrity of transactions is maintained in an online transaction processing system's database?

Question625: What type of approach to the development of organizational policies is often driven by risk assessment?

Question626: While reviewing the business continuity plan of an organization, an IS auditor observed that the organization's data and software files are backed up on a periodic basis. Which characteristic of an effective plan does this demonstrate?

Question627: When reviewing system parameters, an IS auditor's PRIMARY concern should be that:

Question628: Vendors have released patches fixing security flaws in their software. Which of the following should an IS auditor recommend in this situation?

Question629: The traditional role of an IS auditor in a control self-assessment (CSA) should be that of a(n):

Question630: An IS auditor doing penetration testing during an audit of internet connections would:

Question631: Which of the following manages the digital certificate life cycle to ensure adequate security and controls exist in digital signature applications related to e-commerce?

Question632: An IS auditor notes that patches for the operating system used by an organization are deployed by the IT department as advised by the vendor. The MOST significant concern an IS auditor should have with this practice is the nonconsideration bylT of:

Question633: An IS auditor reviewing wireless network security determines that the Dynamic Host Configuration Protocol is disabled at all wireless access points. This practice:

Question634: If a database is restored using before-image dumps, where should the process begin following an interruption?

Question635: Which of the following is the BEST way to satisfy a two-factor user authentication?

Question636: A firm is considering using biometric fingerprint identification on all PCs that access critical datA. This requires:

Question637: Which of the following internet security threats could compromise integrity?

Question638: An advantage of a continuous audit approach is that it can improve system security when used in time- sharing environments that process a large number of transactions. True or false?

Question639: Which of the following testing method examines the functionality of an application without peering into its internal structure or knowing the details of it's internals?

Question640: Which of the following is a project management technique for defining and deploying software deliverables within a relatively short and fixed period of time, and with predetermined specific resources?

Question641: What protects an application purchaser's ability to fix or change an application in case the application vendor goes out of business?

Question642: Which of the following is a type of computer network used for data transmission among devices such as computers, telephones and personal digital assistants?

Question643: While designing the business continuity plan (BCP) for an airline reservation system, the MOST appropriate method of data transfer/backup at an offsite location would be:

Question644: A sequence of bits appended to a digital document that is used to secure an e-mail sent through the Internet is called a:

Question645: Authentication techniques for sending and receiving data between EDI systems is crucial to prevent which of the following?

Question646: Which of the following provide(s) near-immediate recoverability for time-sensitive systems and transaction processing?

Question647: Which of the following is NOT a true statement about public key infrastructure (PKI)?

Question648: The difference between a vulnerability assessment and a penetration test is that a vulnerability assessment:

Question649: The objective of concurrency control in a database system is to:

Question650: Which of the following recovery strategies is MOST appropriate for a business having multiple offices within a region and a limited recovery budget?

Question651: Which of the following is widely accepted as one of the critical components in networking management?

Question652: Which of the following type of a computer network covers a broad area such as city, region, nation or international link?

Question653: After completing the business impact analysis (BIA), what is the next step in the business continuity planning process?

Question654: During what process should router access control lists be reviewed?

Question655: When using public key encryption to secure data being transmitted across a network:

Question656: What can be used to gather evidence of network attacks?

Question657: An internet-based attack using password sniffing can:

Question658: What is the MOST effective method of preventing unauthorized use of data files?

Question659: Identify the correct sequence of Business Process Reengineering (BPR) benchmarking process from the given choices below?

Question660: Identify the INCORRECT statement related to network performance below?

Question661: During maintenance of a relational database, several values of the foreign key in a transaction table of a relational database have been corrupted. The consequence is that:

Question662: A company has recently upgraded its purchase system to incorporate EDI transmissions. Which of the following controls should be implemented in the EDI interface to provide for efficient data mapping?

Question663: The technique used to ensure security in virtual private networks (VPNs) is:

Question664: An investment advisor e-mails periodic newsletters to clients and wants reasonable assurance that no one has modified the newsletter. This objective can be achieved by:

Question665: When evaluating the controls of an EDI application, an IS auditor should PRIMARILY be concerned with the risk of:

Question666: After a full operational contingency test, an IS auditor performs a review of the recovery steps. The auditor concludes that the time it took for the technological environment and systems to return to full-functioning exceeded the required critical recovery time. Which of the following should the auditor recommend?

Question667: What is an effective control for granting temporary access to vendors and external support personnel?

Question668: Which of the following statement is NOT true about Voice-Over IP (VoIP)?
VoIP uses circuit switching technology
Lower cost per call or even free calls, especially for long distance call Lower infrastructure cost VoIP is a technology where voice traffic is carried on top of existing data infrastructure

Question669: Which of the following will prevent dangling tuples in a database?

Question670: The PRIMARY purpose of a business impact analysis (BIA) is to:

Question671: For a discretionary access control to be effective, it must:

Question672: Business units are concerned about the performance of a newly implemented system. Which of the following should an IS auditor recommend?

Question673: Which of the following virus prevention techniques can be implemented through hardware?

Question674: In which of the following RFID risks competitor potentially could gain unauthorized access to RFID- generated information and use it to harm the interests of the organization implementing the RFID system?

Question675: Which of the following ACID property in DBMS ensures that the concurrent execution of transactions results in a system state that would be obtained if transactions were executed serially, i.e. one after the other?

Question676: An organization has implemented a disaster recovery plan. Which of the following steps should be carried out next?

Question677: After discovering a security vulnerability in a third-party application that interfaces with several external systems, a patch is applied to a significant number of modules. Which of the following tests should an IS auditor recommend?

Question678: If an IS auditor finds evidence of risk involved in not implementing proper segregation of duties, such as having the security administrator perform an operations function, what is the auditor's primary responsibility?

Question679: There are several types of penetration tests depending upon the scope, objective and nature of a test.
Which of the following describes a penetration test where you attack and attempt to circumvent the controls of the targeted network from the outside, usually the Internet?

Question680: An organization has been recently downsized, in light of this, an IS auditor decides to test logical access controls. The IS auditor's PRIMARY concern should be that:

Question681: What would be the MOST effective control for enforcing accountability among database users accessing sensitive information?

Question682: Which of the following line media would provide the BEST security for a telecommunication network?

Question683: Which of the following is protocol data unit (PDU) of data at LAN or WAN interface layer in TCP/IP model?

Question684: Which of the following would contribute MOST to an effective business continuity plan (BCP)?

Question685: IS management recently replaced its existing wired local area network (LAN) with a wireless infrastructure to accommodate the increased use of mobile devices within the organization. This will increase the risk of which of the following attacks?

Question686: Which of the following cryptography demands less computational power and offers more security per bit?

Question687: Which of the following term describes a failure of an electric utility company to supply power within acceptable range?

Question688: Which of the following should be a concern to an IS auditor reviewing a wireless network?

Question689: Which of the following types of firewalls provide the GREATEST degree and granularity of control?

Question690: The computer security incident response team (CSIRT) of an organization disseminates detailed descriptions of recent threats. An IS auditor's GREATEST concern should be that the users might:

Question691: The Secure Sockets Layer (SSL) protocol addresses the confidentiality of a message through:

Question692: A hard disk containing confidential data was damaged beyond repair. What should be done to the hard disk to prevent access to the data residing on it?

Question693: Which of the following ACID property in DBMS means that once a transaction has been committed, it will remain so, even in the event of power loss, crashes, or errors?

Question694: When installing an intrusion detection system (IDS), which of the following is MOST important?

Question695: During a business continuity audit an IS auditor found that the business continuity plan (BCP) covered only critical processes. The IS auditor should:

Question696: Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)?

Question697: Which of the following types of firewalls would BEST protect a network from an internet attack?

Question698: During the requirements definition phase for a database application, performance is listed as a top priority.
To access the DBMS files, which of the following technologies should be recommended for optimal I/O performance?

Question699: The role of the certificate authority (CA) as a third party is to:

Question700: Upon receipt of the initial signed digital certificate the user will decrypt the certificate with the public key of the:

Question701: Which of the following is a prevalent risk in the development of end-user computing (EUC) applications?

Question702: Which of the following ensures confidentiality of information sent over the internet?

Question703: Which of the following term related to network performance refers to the maximum rate that information can be transferred over a network?

Question704: The GREATEST advantage of rapid application development (RAD) over the traditional system development life cycle (SDLC) is that it:

Question705: The specific advantage of white box testing is that it:

Question706: Which of the following attack could be avoided by creating more security awareness in the organization and provide adequate security knowledge to all employees?

Question707: Which of the following is a sophisticated computer based switch that can be thought of as essentially a small in-house phone company for the organization?

Question708: Identify the LAN topology from below diagram presented below:

bus topology

Question709: Which of the following results in a denial-of-service attack?

Question710: Who is ultimately accountable for the development of an IS security policy?

Question711: E-mail message authenticity and confidentiality is BEST achieved by signing the message using the:

Question712: Which of the following is the GREATEST advantage of elliptic curve encryption over RSA encryption?

Question713: Which of the following would impair the independence of a quality assurance team?

Question714: Which of the following antispam filtering techniques would BEST prevent a valid, variable- length e-mail message containing a heavily weighted spam keyword from being labeled as spam?

Question715: Am advantage of the use of hot sites as a backup alternative is that:

Question716: How do modems (modulation/demodulation) function to facilitate analog transmissions to enter a digital network?

Question717: An organization has outsourced its help desk. Which of the following indicators would be the best to include in the SLA?

Question718: Who is responsible for authorizing access level of a data user?

Question719: Which of the following is a feature of Wi-Fi Protected Access (WPA) in wireless networks?

Question720: An IS auditor recommends that an initial validation control be programmed into a credit card transaction capture application. The initial validation process would MOST likely:

Question721: Which of the following statement correctly describes difference between SSL and S/HTTP?

Question722: Which of the following controls would provide the GREATEST assurance of database integrity?

Question723: Which of the following PBX feature allows a PBX to be configured so that incoming calls are distributed to the next available agent or placed on-hold until one become available?

Question724: Which of the following is MOST directly affected by network performance monitoring tools?

Question725: Which of the following should concern an IS auditor when reviewing security in a client-server environment?

Question726: An offsite information processing facility having electrical wiring, air conditioning and flooring, but no computer or communications equipment is a:

Question727: Which of the following should an IS auditor review to determine user permissions that have been granted for a particular resource?

Question728: A data administrator is responsible for:

Question729: When reviewing input controls, an IS auditor observes that, in accordance with corporate policy, procedures allow supervisory override of data validation edits. The IS auditor should:

Question730: Which of the following can degrade network performance?

Question731: Which of the following is the MOST critical and contributes the greatest to the quality of data in a data warehouse?

Question732: To verify that the correct version of a data file was used for a production run, an IS auditor should review:

Question733: An accuracy measure for a biometric system is:

Question734: An IS auditor is reviewing a software-based configuration. Which of the following represents the GREATEST vulnerability? The firewall software:

Question735: The MOST important difference between hashing and encryption is that hashing:

Question736: Which of the following types of data validation editing checks is used to determine if a field contains data, and not zeros or blanks?

Question737: In an online transaction processing system, data integrity is maintained by ensuring that a transaction is either completed in its entirety or not at all. This principle of data integrity is known as:

Question738: Which of the following attacks could capture network user passwords?

Question739: Transmitting redundant information with each character or frame to facilitate detection and correction of errors is called a:

Question740: Distributed denial-of-service (DDOS) attacks on Internet sites are typically evoked by hackers using which of the following?

Question741: An IS auditor finds out-of-range data in some tables of a database. Which of the following controls should the IS auditor recommend to avoid this situation?

Question742: Which of the following statement correctly describes difference between packet filtering firewall and stateful inspection firewall?

Question743: A disaster recovery plan for an organization's financial system specifies that the recovery point objective (RPO) is no data loss and the recovery time objective (RTO) is 72 hours. Which of the following is the MOST cost-effective solution?

Question744: When reviewing an intrusion detection system (IDS), an IS auditor should be MOST concerned about which of the following?

Question745: Which of the following provides nonrepudiation services for e-commerce transactions?

Question746: Reverse proxy technology for web servers should be deployed if:

Question747: While evaluating logical access control the IS auditor should follow all of the steps mentioned below EXCEPT one?
1. Obtain general understanding of security risk facing information processing, through a review of relevant documentation, inquiry and observation,etc
2. Document and evaluate controls over potential access paths into the system to assess their adequacy, efficiency and effectiveness
3. Test Control over access paths to determine whether they are functioning and effective by applying appropriate audit technique
4. Evaluate the access control environment to determine if the control objective are achieved by analyzing test result and other audit evidence
5. Evaluate the security environment to assess its adequacy by reviewing written policies, observing practices and procedures, and comparing them with appropriate security standard or practice and procedures used by other organization.
6. Evaluate and deploy technical controls to mitigate all identified risks during audit.

Question748: An IS auditor inspected a windowless room containing phone switching and networking equipment and documentation binders. The room was equipped with two handheld fire extinguishers-one filled with CO2, the other filled with halon. Which ofthe following should be given the HIGHEST priority in the auditor's report?

Question749: The PRIMARY objective of business continuity and disaster recovery plans should be to:

Question750: In computer forensic which of the following describe the process that converts the information extracted into a format that can be understood by investigator?

Question751: Which of the following reports should an IS auditor use to check compliance with a service level agreement's (SLA) requirement for uptime?

Question752: As an IS auditor it is very important to understand software release management process. Which of the following software release normally contains small enhancements and fixes?

Question753: Which of the following would be the MOST secure firewall system?

Question754: When reviewing an implementation of a VoIP system over a corporate WAN, an IS auditor should expect to find:

Question755: An off-site processing facility should be easily identifiable externally because easy identification helps ensure smoother recovery. True or false?

Question756: Which of the following applet intrusion issues poses the GREATEST risk of disruption to an organization?

Question757: Network Data Management Protocol (NDMP) technology should be used for backup if:

Question758: Who is responsible for implementing cost-effective controls in an automated system?

Question759: What is the most common reason for information systems to fail to meet the needs of users?

Question760: An IS auditor performing an application maintenance audit would review the log of program changes for the:

Question761: An integrated test facility is not considered a useful audit tool because it cannot compare processing output with independently calculated data. True or false?

Question762: Proper segregation of duties prevents a computer operator (user) from performing security administration duties. True or false?

Question763: Which of the following device in Frame Relay WAN technique is a service provider device that does the actual data transmission and switching in the frame relay cloud?

Question764: Test and development environments should be separated. True or false?

Question765: Which of the following is the BEST method for preventing the leakage of confidential information in a laptop computer?

Question766: When developing a disaster recovery plan, the criteria for determining the acceptable downtime should be the:

Question767: An IS auditor is reviewing the remote access methods of a company used to access system remotely.
Which of the following is LEAST preferred remote access method from a security and control point of view?

Question768: Which of the following is the MOST reasonable option for recovering a noncritical system?

Question769: An IS auditor performing a telecommunication access control review should be concerned PRIMARILY with the:

Question770: An organization has recently installed a security patch, which crashed the production server. To minimize the probability of this occurring again, an IS auditor should:

Question771: During the requirements definition phase of a software development project, the aspects of software testing that should be addressed are developing:

Question772: Which of the following controls would be MOST effective in ensuring that production source code and object code are synchronized?

Question773: In regard to moving an application program from the test environment to the production environment, the BEST control would be to have the:

Question774: Use of asymmetric encryption in an internet e-commerce site, where there is one private key for the hosting server and the public key is widely distributed to the customers, is MOST likely to provide comfort to the:

Question775: An organization currently using tape backups takes one full backup weekly and incremental backups daily.
They recently augmented their tape backup procedures with a backup-to- disk solution. This is appropriate because:

Question776: Which of the following is NOT a disadvantage of Single Sign On (SSO)?

Question777: Identify the network topology from below diagram presented below:

Network Topology

Question778: Which of the following is the BEST way to handle obsolete magnetic tapes before disposing of them?

Question779: During the system testing phase of an application development project the IS auditor should review the:

Question780: Which are the two primary types of scanner used for protecting against Malware?
Malware mask/signatures and Heuristic Scanner
Active and passive Scanner
Behavioral Blockers and immunizer Scanner
None of the above

Question781: Which of the following attack is against computer network and involves fragmented or invalid ICMP packets sent to the target?

Question782: Which of the following methods of providing telecommunications continuity involves the use of an alternative media?

Question783: What is a common vulnerability, allowing denial-of-service attacks?

Question784: Which of the following type of computer has highest processing speed?

Question785: Which of the following is the MOST secure and economical method for connecting a private network over the Internet in a small- to medium-sized organization?

Question786: IS management has decided to rewrite a legacy customer relations system using fourth generation languages (4GLs). Which of the following risks is MOST often associated with system development using
4GLs?

Question787: Which of the following is the MOST effective control when granting temporary access to vendors?

Question788: Which of the following issues should be the GREATEST concern to the IS auditor when reviewing an IT disaster recovery test?

Question789: As described at security policy, the CSO implemented an e-mail package solution that allows for ensuring integrity of messages sent using SMIME. Which of the options below BEST describes how it implements the environment to suite policy´s requirement?

Question790: The MAIN purpose for periodically testing offsite facilities is to:

Question791: What process is used to validate a subject's identity?

Question792: If a programmer has update access to a live system, IS auditors are more concerned with the programmer's ability to initiate or modify transactions and the ability to access production than with the programmer's ability to authorize transactions. True or false?

Question793: When reviewing procedures for emergency changes to programs, the IS auditor should verify that the procedures:

Question794: To ensure authentication, confidentiality and integrity of a message, the sender should encrypt the hash of the message with the sender's:

Question795: Which of the following is BEST suited for secure communications within a small group?

Question796: When performing an audit of access rights, an IS auditor should be suspicious of which of the following if allocated to a computer operator?

Question797: What is used to provide authentication of the website and can also be used to successfully authenticate keys used for data encryption?

Question798: In which of the following database model is the data organized into a tree-like structure, implying a single parent for each record?

Question799: Which of the following represents the GREATEST potential risk in an EDI environment?

Question800: Which of the following message services provides the strongest evidence that a specific action has occurred?

Question801: The MOST significant security concerns when using flash memory (e.g., USB removable disk) is that the:

Question802: Which of the following would prevent unauthorized changes to information stored in a server's log?

Question803: Of the following alternatives, the FIRST approach to developing a disaster recovery strategy would be to assess whether: