EMT Practice Test

1. Question Content...


Question List

Question1: A top-down approach to the development of operational policies will help ensure:

Question2: Which of the following is a function of an IS steering committee?

Question3: The PRIMARY reason an IS auditor performs a functional walkthrough during the preliminary phase of an audit assignment is to:

Question4: Am advantage of the use of hot sites as a backup alternative is that:

Question5: A live test of a mutual agreement for IT system recovery has been carried out, including a four- hour test of intensive usage by the business units. The test has been successful, but gives only partial assurance that the:

Question6: Which of the following is the PRIMARY purpose for conducting parallel testing?

Question7: A poor choice of passwords and transmission over unprotected communications lines are examples of:

Question8: Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?

Question9: Which of the following is a risk of cross-training?

Question10: Back Orifice is an example of:

Question11: When evaluating the collective effect of preventive, detective or corrective controls within a process, an IS auditor should be aware of which of the following?

Question12: An IS auditor usually places more reliance on evidence directly collected. What is an example of such evidence?

Question13: What is a data validation edit control that matches input data to an occurrence rate? Choose the BEST answer.

Question14: When reviewing IS strategies, an IS auditor can BEST assess whether IS strategy supports the organizations' business objectives by determining if IS:

Question15: Which of the following measures can effectively minimize the possibility of buffer overflows?

Question16: During an IS audit, auditor has observed that authentication and authorization steps are split into two functions and there is a possibility to force the authorization step to be completed before the authentication step. Which of the following technique an attacker could user to force authorization step before authentication?

Question17: Which of the following findings should an IS auditor be MOST concerned about when performing an audit of backup and recovery and the offsite storage vault?

Question18: Who is ultimately responsible and accountable for reviewing user access to systems?

Question19: If inadequate, which of the following would be the MOST likely contributor to a denial-of-service attack?

Question20: The GREATEST risk posed by an improperly implemented intrusion prevention system (IPS) is:

Question21: When two or more systems are integrated, input/output controls must be reviewed by an IS auditor in the:

Question22: The GREATEST advantage of using web services for the exchange of information between two systems is:

Question23: What would an IS auditor expect to find in the console log?

Question24: Digital signatures require the sender to "sign" the data by encrypting the data with the sender's public key, to then be decrypted by the recipient using the recipient's private key.
True or false?

Question25: Which of the following should be included in an organization's IS security policy?

Question26: The IS auditor learns that when equipment was brought into the data center by a vendor, the emergency power shutoff switch was accidentally pressed and the UPS was engaged. Which of the following audit recommendations should the IS auditor suggest?

Question27: Which of the following option INCORRECTLY describes PBX feature?

Question28: The Secure Sockets Layer (SSL) protocol addresses the confidentiality of a message through:

Question29: When auditing the proposed acquisition of a new computer system, an IS auditor should FIRST establish that:

Question30: A retail outlet has introduced radio frequency identification (RFID) tags to create unique serial numbers for all products. Which of the following is the PRIMARY concern associated with this initiative?

Question31: Which of the following statement INCORRECTLY describes anti-malware?

Question32: The use of a GANTT chart can:

Question33: Company.com has contracted with an external consulting firm to implement a commercial financial system to replace its existing in-house developed system. In reviewing the proposed development approach, which of the following would be of GREATEST concern?

Question34: Which of the following would an IS auditor consider to be the MOST important to review when conducting a business continuity audit?

Question35: Which of the following will BEST ensure the successful offshore development of business applications?

Question36: The quality of the metadata produced from a data warehouse is ________________ in the warehouse's design.

Question37: Which of the following is a distinctive feature of the Secure Electronic Transactions (SET) protocol when used for electronic credit card payments?

Question38: If a database is restored from information backed up before the last system image, which of the following is recommended?

Question39: An IS auditor notes that IDS log entries related to port scanning are not being analyzed. This lack of analysis will MOST likely increase the risk of success of which of the following attacks?

Question40: A lower recovery time objective (RTO) results in:

Question41: Which of the following IT governance best practices improves strategic alignment?

Question42: What is the key distinction between encryption and hashing algorithms?

Question43: Which of the following issues should be the GREATEST concern to the IS auditor when reviewing an IT disaster recovery test?

Question44: If a database is restored using before-image dumps, where should the process begin following an interruption?

Question45: An IT steering committee should review information systems PRIMARILY to assess:

Question46: An offsite information processing facility with electrical wiring, air conditioning and flooring, but no computer or communications equipment, is a:

Question47: An IS auditor is reviewing the physical security measures of an organization. Regarding the access card system, the IS auditor should be MOST concerned that:

Question48: The specific advantage of white box testing is that it:

Question49: What is an effective countermeasure for the vulnerability of data entry operators potentially leaving their computers without logging off?

Question50: If an IS auditor observes that individual modules of a system perform correctly in development project tests, the auditor should inform management of the positive results and recommend further:

Question51: An IS auditor invited to a development project meeting notes that no project risks have been documented.
When the IS auditor raises this issue, the project manager responds that it is too early to identify risks and that, if risks do start impacting the project, a risk manager will be hired. The appropriate response of the IS auditor would be to:

Question52: While planning an audit, an assessment of risk should be made to provide:

Question53: The purpose of business continuity planning and disaster-recovery planning is to:

Question54: Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost-effectively obtain evidence about the plan's effectiveness?

Question55: Nowadays, computer security comprises mainly "preventive"" measures.

Question56: By evaluating application development projects against the capability maturity model (CMM), an IS auditor should be able to verify that:

Question57: What is essential for the IS auditor to obtain a clear understanding of network management?

Question58: An off-site processing facility should be easily identifiable externally because easy identification helps ensure smoother recovery. True or false?

Question59: Which of the following would effectively verify the originator of a transaction?

Question60: Disaster recovery planning (DRP) addresses the:

Question61: Which of the following audit techniques would BEST aid an auditor in determining whether there have been unauthorized program changes since the last authorized program update?

Question62: When preparing an audit report the IS auditor should ensure that the results are supported by:

Question63: A hot site should be implemented as a recovery strategy when the:

Question64: Which of the following is a dynamic analysis tool for the purpose of testing software modules?

Question65: When using an integrated test facility (ITF), an IS auditor should ensure that:

Question66: Which of the following is an advantage of an integrated test facility (ITF)?

Question67: Which of the following is an environmental issue caused by electric storms or noisy electric equipment and may also cause computer system to hang or crash?

Question68: Which audit technique provides the BEST evidence of the segregation of duties in an IS department?

Question69: The responsibilities of a disaster recovery relocation team include:

Question70: What often results in project scope creep when functional requirements are not defined as well as they could be?

Question71: An organization has a number of branches across a wide geographical area. To ensure that all aspects of the disaster recovery plan are evaluated in a cost effective manner, an IS auditor should recommend the use of a:

Question72: IS management recently replaced its existing wired local area network (LAN) with a wireless infrastructure to accommodate the increased use of mobile devices within the organization. This will increase the risk of which of the following attacks?

Question73: When an organization is outsourcing their information security function, which of the following should be kept in the organization?

Question74: Which of the following goals would you expect to find in an organization's strategic plan?

Question75: Which of the following best characterizes "worms"?

Question76: When developing a disaster recovery plan, the criteria for determining the acceptable downtime should be the:

Question77: An IS auditor issues an audit report pointing out the lack of firewall protection features at the perimeter network gateway and recommends a vendor product to address this vulnerability. The IS auditor has failed to exercise:

Question78: Atomicity enforces data integrity by ensuring that a transaction is either completed in its entirely or not at all. Atomicity is part of the ACID test reference for transaction processing.
True or false?

Question79: An organization is disposing of a number of laptop computers. Which of the following data destruction methods would be the MOST effective?

Question80: When protecting an organization's IT systems, which of the following is normally the next line of defense after the network firewall has been compromised?

Question81: After the merger of two organizations, multiple self-developed legacy applications from both companies are to be replaced by a new common platform. Which of the following would be the GREATEST risk?

Question82: Two-factor authentication can be circumvented through which of the following attacks?

Question83: What type of approach to the development of organizational policies is often driven by risk assessment?

Question84: While designing the business continuity plan (BCP) for an airline reservation system, the MOST appropriate method of data transfer/backup at an offsite location would be:

Question85: A sender of an e-mail message applies a digital signature to the digest of the message. This action provides assurance of the:

Question86: Which of the following is used to evaluate biometric access controls?

Question87: What topology provides the greatest redundancy of routes and the greatest network fault tolerance?

Question88: Which of the following would be the GREATEST cause for concern when data are sent over the Internet using HTTPS protocol?

Question89: Which of the following penetration tests would MOST effectively evaluate incident handling and response capabilities of an organization?

Question90: Private Branch Exchange(PBX) environment involves many security risks, one of which is the people both internal and external to an organization. Which of the following risks are NOT associated with Private Branch Exchange?
1. Theft of service
2. Disclosure of information
3. Data Modifications
4. Denial of service
5. Traffic Analysis

Question91: Which of the following intrusion detection systems (IDSs) will MOST likely generate false alarms resulting from normal network activity?

Question92: Which of the following would be the MOST cost-effective recommendation for reducing the number of defects encountered during software development projects?

Question93: To optimize an organization's business contingency plan (BCP), an IS auditor should recommend conducting a business impact analysis (BlA) in order to determine:

Question94: Which of the following do digital signatures provide?

Question95: Which of the following processes are performed during the design phase of the systems development life cycle (SDLC) model?

Question96: When segregation of duties concerns exists between IT support staff and end users, what would be suitable compensating control?

Question97: The knowledge base of an expert system that uses questionnaires to lead the user through a series of choices before a conclusion is reached is known as:

Question98: Many IT projects experience problems because the development time and/or resource requirements are underestimated. Which of the following techniques would provide the GREATEST assistance in developing an estimate of project duration?

Question99: Which of the following typically focuses on making alternative processes and resources available for transaction processing?

Question100: During an audit of an enterprise that is dedicated to e-commerce, the IS manager states that digital signatures are used when receiving communications from customers. To substantiate this, an IS auditor must prove that which of the following is used?

Question101: After observing suspicious activities in a server, a manager requests a forensic analysis.
Which of the following findings should be of MOST concern to the investigator?

Question102: Business units are concerned about the performance of a newly implemented system. Which of the following should an IS auditor recommend?

Question103: Confidentiality of the data transmitted in a wireless LAN is BEST protected if the session is:

Question104: Who is primarily responsible for storing and safeguarding the data?

Question105: Proper segregation of duties normally does not prohibit a LAN administrator from also having programming responsibilities. True or false?

Question106: Establishing the level of acceptable risk is the responsibility of:

Question107: Which of the following is a practice that should be incorporated into the plan for testing disaster recovery procedures?

Question108: What is the first step in a business process re-engineering project?

Question109: A company undertakes a business process reengineering (BPR) project in support of a new and direct marketing approach to its customers. Which of the following would be an IS auditor's main concern about the new process?

Question110: Which of the following would an IS auditor use to determine if unauthorized modifications were made to production programs?

Question111: When a new system is to be implemented within a short time frame, it is MOST important to:

Question112: From a control perspective, the key element in job descriptions is that they:

Question113: The PRIMARY objective of testing a business continuity plan is to:

Question114: Which of the following is an effective method for controlling downloading of files via FTP?

Question115: An organization has outsourced its help desk activities. An IS auditor's GREATEST concern when reviewing the contract and associated service level agreement (SLA) between the organization and vendor should be the provisions for:

Question116: Which of the following is penetration test where the penetration tester is provided with limited or no knowledge of the target's information systems?

Question117: Which of the following is the GREATEST concern when an organization's backup facility is at a warm site?

Question118: What protects an application purchaser's ability to fix or change an application in case the application vendor goes out of business?

Question119: Test and development environments should be separated. True or false?

Question120: Which of the following would MOST effectively control the usage of universal storage bus (USB) storage devices?

Question121: The optimum business continuity strategy for an entity is determined by the:

Question122: Which of the following public key infrastructure (PKI) elements provides detailed descriptions for dealing with a compromised private key?

Question123: The BEST method for assessing the effectiveness of a business continuity plan is to review the:

Question124: A number of system failures are occurring when corrections to previously detected errors are resubmitted for acceptance testing. This would indicate that the maintenance team is probably not adequately performing which of the following types of testing?

Question125: Which of the following BEST describes the role of a directory server in a public key infrastructure (PKI)?

Question126: isk analysis is not always possible because the IS auditor is attempting to calculate risk using nonquantifiable threats and potential losses. In this event, a _________________ risk assessment is more appropriate. Fill in the blanks.

Question127: Which are the two primary types of scanner used for protecting against Malware?
Malware mask/signatures and Heuristic Scanner
Active and passive Scanner
Behavioral Blockers and immunizer Scanner
None of the above

Question128: Which of the following recovery strategies is MOST appropriate for a business having multiple offices within a region and a limited recovery budget?

Question129: The use of statistical sampling procedures helps minimize:

Question130: Which of the following represents the GREATEST risk created by a reciprocal agreement for disaster recovery made between two companies?

Question131: If a programmer has update access to a live system, IS auditors are more concerned with the programmer's ability to initiate or modify transactions and the ability to access production than with the programmer's ability to authorize transactions. True or false?

Question132: Machines that operate as a closed system can NEVER be eavesdropped.

Question133: A PRIMARY benefit derived from an organization employing control self-assessment (CSA) techniques is that it:

Question134: E-mail traffic from the Internet is routed via firewall-1 to the mail gateway. Mail is routed from the mail gateway, via firewall-2, to the mail recipients in the internal network. Other traffic is not allowed. For example, the firewalls do not allow direct traffic from the Internet to the internal network.

The intrusion detection system (IDS) detects traffic for the internal network that did not originate from the mail gateway. The FIRST action triggered by the IDS should be to:

Question135: A malicious code that changes itself with each file it infects is called a:

Question136: Data edits are implemented before processing and are considered which of the following?

Question137: When developing a risk-based audit strategy, an IS auditor conduct a risk assessment to ensure that:

Question138: When should plans for testing for user acceptance be prepared?

Question139: Why is a clause for requiring source code escrow in an application vendor agreement important?

Question140: An organization is implementing an enterprise resource planning (ERP) application to meet its business objectives. Of the following, who is PRIMARILY responsible for overseeing the project in order to ensure that it is progressing in accordance with the project plan and that it will deliver the expected results?

Question141: Which of the following ensures the availability of transactions in the event of a disaster?

Question142: Under the concept of ""defense in depth"", subsystems should be designed to:

Question143: Which of the following Confidentiality, Integrity, Availability (CIA) attribute supports the principle of least privilege by providing access to information only to authorized and intended users?

Question144: In an IS audit of several critical servers, the IS auditor wants to analyze audit trails to discover potential anomalies in user or system behavior. Which of the following tools are MOST suitable for performing that task?

Question145: An IS auditor is evaluating a corporate network for a possible penetration by employees. Which of the following findings should give the IS auditor the GREATEST concern?

Question146: Which of the following internet security threats could compromise integrity?

Question147: During the review of a web-based software development project, an IS auditor realizes that coding standards are not enforced and code reviews are rarely carried out. This will MOST likely increase the likelihood of a successful:

Question148: Who assumes ownership of a systems-development project and the resulting system?

Question149: The MOST effective control for addressing the risk of piggybacking is:

Question150: Use of asymmetric encryption in an internet e-commerce site, where there is one private key for the hosting server and the public key is widely distributed to the customers, is MOST likely to provide comfort to the:

Question151: Which of the following message services provides the strongest evidence that a specific action has occurred?

Question152: Which of the following is a management technique that enables organizations to develop strategically important systems faster, while reducing development costs and maintaining quality?

Question153: What is used as a control to detect loss, corruption, or duplication of data?

Question154: A sequence of bits appended to a digital document that is used to secure an e-mail sent through the Internet is called a:

Question155: After identifying potential security vulnerabilities, what should be the IS auditor's next step?

Question156: The purpose of a checksum on an amount field in an electronic data interchange (EDI) communication of financial transactions is to ensure:

Question157: Which of the following would MOST likely indicate that a customer data warehouse should remain in-house rather than be outsourced to an offshore operation?

Question158: Involvement of senior management is MOST important in the development of:

Question159: An IS auditor's PRIMARY concern when application developers wish to use a copy of yesterday's production transaction file for volume tests is that:

Question160: Which of the following is a good control for protecting confidential data residing on a PC?

Question161: Which of the following procedures would BEST determine whether adequate recovery/restart procedures exist?

Question162: While copying files from a floppy disk, a user introduced a virus into the network. Which of the following would MOST effectively detect the existence of the virus?

Question163: Which of the following attack redirects outgoing message from the client back onto the client, preventing outside access as well as flooding the client with the sent packets?

Question164: What is often the most difficult part of initial efforts in application development?

Question165: When are benchmarking partners identified within the benchmarking process?

Question166: An IS auditor performing detailed network assessments and access control reviews should FIRST:

Question167: Proper segregation of duties does not prohibit a quality control administrator from also being responsible for change control and problem management. True or false?

Question168: Which of the following would be BEST prevented by a raised floor in the computer machine room?

Question169: Functionality is a characteristic associated with evaluating the quality of software products throughout their life cycle, and is BEST described as the set of attributes that bear on the:

Question170: Which of the following implementation modes would provide the GREATEST amount of security for outbound data connecting to the internet?

Question171: In computer forensics, which of the following is the process that allows bit-for-bit copy of a data to avoid damage of original data or information when multiple analysis may be performed?

Question172: Which of the following are effective in detecting fraud because they have the capability to consider a large number of variables when trying to resolve a problem?

Question173: A firewall is being deployed at a new location. Which of the following is the MOST important factor in ensuring a successful deployment?

Question174: The PRIMARY objective of implementing corporate governance by an organization's management is to:

Question175: Authentication techniques for sending and receiving data between EDI systems is crucial to prevent which of the following?

Question176: The network of an organization has been the victim of several intruders' attacks. Which of the following measures would allow for the early detection of such incidents?

Question177: Which of the following would help to ensure the portability of an application connected to a database?

Question178: During the development of an application, the quality assurance testing and user acceptance testing were combined. The MAJOR concern for an IS auditor reviewing the project is that there will be:

Question179: During a business continuity audit an IS auditor found that the business continuity plan (BCP) covered only critical processes. The IS auditor should:

Question180: A disaster recovery plan for an organization should:

Question181: Which of the following would provide the BEST protection against the hacking of a computer connected to the Internet?

Question182: What uses questionnaires to lead the user through a series of choices to reach a conclusion?

Question183: Which of the following is the MOST reliable sender authentication method?

Question184: To minimize the cost of a software project, quality management techniques should be applied:

Question185: What is an effective control for granting temporary access to vendors and external support personnel?

Question186: What type of risk results when an IS auditor uses an inadequate test procedure and concludes that material errors do not exist when errors actually exist?

Question187: An organization is migrating from a legacy system to an enterprise resource planning (ERP) system. While reviewing the data migration activity, the MOST important concern for the IS auditor is to determine that there is a:

Question188: What determines the strength of a secret key within a symmetric key cryptosystem?

Question189: After an IS auditor has identified threats and potential impacts, the auditor should:

Question190: Effective IT governance requires organizational structures and processes to ensure that:

Question191: Which type of major BCP test only requires representatives from each operational area to meet to review the plan?

Question192: Which of the following is the MOST effective control over visitor access to a data center?

Question193: Which of the following biometrics has the highest reliability and lowest false-acceptance rate (FAR)?

Question194: Which of the following should be the MOST important criterion in evaluating a backup solution for sensitive data that must be retained for a long period of time due to regulatory requirements?

Question195: While evaluating software development practices in an organization, an IS auditor notes that the quality assurance (QA) function reports to project management. The MOST important concern for an IS auditor is the:

Question196: An IS auditor attempting to determine whether access to program documentation is restricted to authorized persons would MOST likely:

Question197: An IS auditor finds that user acceptance testing of a new system is being repeatedly interrupted as defect fixes are implemented by developers. Which of the following would be the BEST recommendation for an IS auditor to make?

Question198: An IS auditor inspected a windowless room containing phone switching and networking equipment and documentation binders. The room was equipped with two handheld fire extinguishers-one filled with CO2, the other filled with halon. Which ofthe following should be given the HIGHEST priority in the auditor's report?

Question199: Which of the following is MOST critical when creating data for testing the logic in a new or modified application system?

Question200: An IS auditor conducting a review of software usage and licensing discovers that numerous PCs contain unauthorized software. Which of the following actions should the IS auditor take?

Question201: An IS auditor finds that not all employees are aware of the enterprise's information security policy. The IS auditor should conclude that:

Question202: In an audit of an inventory application, which approach would provide the BEST evidence that purchase orders are valid?

Question203: What kind of protocols does the OSI Transport Layer of the TCP/IP protocol suite provide to ensure reliable communication?

Question204: The FIRST step in a successful attack to a system would be:

Question205: Which of the following type of lock uses a magnetic or embedded chip based plastic card key or token entered into a sensor/reader to gain access?

Question206: Online banking transactions are being posted to the database when processing suddenly comes to a halt.
The integrity of the transaction processing is BEST ensured by:

Question207: What benefit does using capacity-monitoring software to monitor usage patterns and trends provide to management?

Question208: Which of the following are designed to detect network attacks in progress and assist in post-attack forensics?

Question209: The MOST likely explanation for the use of applets in an Internet application is that:

Question210: An IS auditor reviewing the implementation of an intrusion detection system (IDS) should be MOST concerned if:

Question211: Why does an IS auditor review an organization chart?

Question212: The management of an organization has decided to establish a security awareness program. Which of the following would MOST likely be a part of the program?

Question213: Which of the following is a passive attack to a network?

Question214: Due to changes in IT, the disaster recovery plan of a large organization has been changed. What is the PRIMARY risk if the new plan is not tested?

Question215: Which of the following is a prevalent risk in the development of end-user computing (EUC) applications?

Question216: Which of the following represents the GREATEST potential risk in an EDI environment?

Question217: When reviewing an active project, an IS auditor observed that, because of a reduction in anticipated benefits and increased costs, the business case was no longer valid. The IS auditor should recommend that the:

Question218: An organization having a number of offices across a wide geographical area has developed a disaster recovery plan (DRP). Using actual resources, which of the following is the MOST cost-effective test of the DRP?

Question219: ________________ (fill in the blank) should be implemented as early as data preparation to support data integrity at the earliest point possible.

Question220: Which of the following help(s) prevent an organization's systems from participating in a distributed denial- of-service (DDoS) attack?

Question221: As an outcome of information security governance, strategic alignment provides:

Question222: An accuracy measure for a biometric system is:

Question223: In an organization, the responsibilities for IT security are clearly assigned and enforced and an IT security risk and impact analysis is consistently performed. This represents which level of ranking in the information security governance maturity model?

Question224: To minimize costs and improve service levels an outsourcer should seek which of the following contract clauses?

Question225: When participating in a systems-development project, an IS auditor should focus on system controls rather than ensuring that adequate and complete documentation exists for all projects. True or false?

Question226: Which of the following would be the MOST effective audit technique for identifying segregation of duties violations in a new enterprise resource planning (ERP) implementation?

Question227: A decision support system (DSS):

Question228: An organization has just completed their annual risk assessment. Regarding the business continuity plan, what should an IS auditor recommend as the next step for the organization?

Question229: The PRIMARY purpose of an IT forensic audit is:

Question230: Why does the IS auditor often review the system logs?

Question231: As updates to an online order entry system are processed, the updates are recorded on a transaction tape and a hard copy transaction log. At the end of the day, the order entry files are backed up on tape. During the backup procedure, a drive malfunctions and the order entry files are lost. Which of the following is necessary to restore these files?

Question232: Which of the following attacks targets the Secure Sockets Layer (SSL)?

Question233: The decisions and actions of an IS auditor are MOST likely to affect which of the following risks?

Question234: An organization is planning to replace its wired networks with wireless networks. Which of the following would BEST secure the wireless network from unauthorized access?

Question235: Over the long term, which of the following has the greatest potential to improve the security incident response process?

Question236: Which of the following is the key benefit of control self-assessment (CSA)?

Question237: E-mail message authenticity and confidentiality is BEST achieved by signing the message using the:

Question238: An IS auditor recommends that an initial validation control be programmed into a credit card transaction capture application. The initial validation process would MOST likely:

Question239: An IS auditor is performing an audit of a network operating system. Which of the following is a user feature the IS auditor should review?

Question240: A structured walk-through test of a disaster recovery plan involves:

Question241: Which of the following BEST describes the concept of ""defense in depth""?

Question242: Although BCP and DRP are often implemented and tested by middle management and end users, the ultimate responsibility and accountability for the plans remain with executive management, such as the
_______________________. (fill-in-the-blank)

Question243: Who is accountable for maintaining appropriate security measures over information assets?

Question244: Which of the following is the MOST reliable form of single factor personal identification?

Question245: Which of the following is a program evaluation review technique that considers different scenarios for planning and control projects?

Question246: Information for detecting unauthorized input from a terminal would be BEST provided by the:

Question247: The PRIMARY objective of business continuity and disaster recovery plans should be to:

Question248: A proposed transaction processing application will have many data capture sources and outputs in paper and electronic form. To ensure that transactions are not lost during processing, an IS auditor should recommend the inclusion of:

Question249: In computer forensic which of the following describe the process that converts the information extracted into a format that can be understood by investigator?

Question250: To protect a VoIP infrastructure against a denial-of-service (DoS) attack, it is MOST important to secure the:

Question251: Which of the following attack involves sending forged ICMP Echo Request packets to the broadcast address on multiple gateways in order to illicit responses from the computers behind the gateway where they all respond back with ICMP Echo Reply packets to the source IP address of the ICMP Echo Request packets?

Question252: Any changes in systems assets, such as replacement of hardware, should be immediately recorded within the assets inventory of which of the following?

Question253: When assessing the design of network monitoring controls, an IS auditor should FIRST review network:

Question254: How does the process of systems auditing benefit from using a risk-based approach to audit planning?

Question255: Processing controls ensure that data is accurate and complete, and is processed only through which of the following?

Question256: Library control software restricts source code to:

Question257: Who is responsible for providing adequate physical and logical security for IS program, data and equipment?

Question258: Which of the following BEST characterizes a mantrap or deadman door, which is used as a deterrent control for the vulnerability of piggybacking?

Question259: If senior management is not committed to strategic planning, how likely is it that a company's implementation of IT will be successful?

Question260: The use of residual biometric information to gain unauthorized access is an example of which of the following attacks?

Question261: Which of the following forms of evidence for the auditor would be considered the MOST reliable?

Question262: Who is ultimately accountable for the development of an IS security policy?

Question263: Upon receipt of the initial signed digital certificate the user will decrypt the certificate with the public key of the:

Question264: As part of the business continuity planning process, which of the following should be identified FIRST in the business impact analysis?

Question265: Which of the following is the dominating objective of BCP and DRP?

Question266: An organization's IS audit charter should specify the:

Question267: Which of the following does a lack of adequate security controls represent?

Question268: What is used to provide authentication of the website and can also be used to successfully authenticate keys used for data encryption?

Question269: An advantage in using a bottom-up vs. a top-down approach to software testing is that:

Question270: Which of the following can degrade network performance?

Question271: The PRIMARY objective of Secure Sockets Layer (SSL) is to ensure:

Question272: While reviewing sensitive electronic work papers, the IS auditor noticed that they were not encrypted. This could compromise the:

Question273: A perpetrator looking to gain access to and gather information about encrypted data being transmitted over the network would use:

Question274: Which of the following is often used as a detection and deterrent control against Internet attacks?

Question275: An IS auditor conducting a review of disaster recovery planning (DRP) at a financial processing organization has discovered the following:
* The existing disaster recovery plan was compiled two years earlier by a systems analyst in the organization's IT department using transaction flow projections from the operations department.
* The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his/her attention.
* The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for its area in the event of a disruptive incident.
The basis of an organization's disaster recovery plan is to reestablish live processing at an alternative site where a similar, but not identical, hardware configuration is already established. An IS auditor should:

Question276: A core tenant of an IS strategy is that it must:

Question277: Which of the following is the MOST robust method for disposing of magnetic media that contains confidential information?

Question278: What is the most common purpose of a virtual private network implementation?

Question279: Which of the following provides the best evidence of the adequacy of a security awareness program?

Question280: An organization has a recovery time objective (RTO) equal to zero and a recovery point objective (RPO) close to 1 minute for a critical system. This implies that the system can tolerate:

Question281: The traditional role of an IS auditor in a control self-assessment (CSA) should be that of a(n):

Question282: Which of the following is the MOST critical and contributes the greatest to the quality of data in a data warehouse?

Question283: Which of the following would BEST ensure continuity of a wide area network (WAN) across the organization?

Question284: What process allows IS management to determine whether the activities of the organization differ from the planned or expected levels?

Question285: Change control for business application systems being developed using prototyping could be complicated by the:

Question286: An IS auditor is reviewing a software-based configuration. Which of the following represents the GREATEST vulnerability? The firewall software:

Question287: A company uses a bank to process its weekly payroll. Time sheets and payroll adjustment forms (e.g., hourly rate changes, terminations) are completed and delivered to the bank, which prepares checks (cheques) and reports for distribution. To BEST ensure payroll data accuracy:

Question288: Which of the following would an IS auditor consider the MOST relevant to short-term planning for an IS department?

Question289: Which of the following provides the BEST single-factor authentication?

Question290: An IS auditor should expect which of the following items to be included in the request for proposal (RFP) when IS is procuring services from an independent service provider (ISP)?

Question291: The reason a certification and accreditation process is performed on critical systems is to ensure that:

Question292: Which of the following is the most important element in the design of a data warehouse?

Question293: During an IS audit, one of your auditor has observed that some of the critical servers in your organization can be accessed ONLY by using shared/common user name and password. What should be the auditor's PRIMARY concern be with this approach?

Question294: A long-term IS employee with a strong technical background and broad managerial experience has applied for a vacant position in the IS audit department. Determining whether to hire this individual for this position should be based on the individual's experience and:

Question295: Which of the following exploit vulnerabilities to cause loss or damage to the organization and its assets?

Question296: During a review of a customer master file, an IS auditor discovered numerous customer name duplications arising from variations in customer first names. To determine the extent of the duplication, the IS auditor would use:

Question297: Which of the following is a data validation edit and control?

Question298: Responsibility for the governance of IT should rest with the:

Question299: The BEST method of proving the accuracy of a system tax calculation is by:

Question300: Which of the following would an IS auditor consider to be the MOST important when evaluating an organization's IS strategy? That it:

Question301: Regarding a disaster recovery plan, the role of an IS auditor should include:

Question302: An advantage of a continuous audit approach is that it can improve system security when used in time- sharing environments that process a large number of transactions. True or false?

Question303: In wireless communication, which of the following controls allows the device receiving the communications to verify that the received communications have not been altered in transit?

Question304: When reviewing an intrusion detection system (IDS), an IS auditor should be MOST concerned about which of the following?

Question305: The sender of a public key would be authenticated by a:

Question306: An IS auditor finds that a system under development has 12 linked modules and each item of data can carry up to 10 definable attribute fields. The system handles several million transactions a year. Which of these techniques could an IS auditor use to estimate the size of the development effort?

Question307: As a driver of IT governance, transparency of IT's cost, value and risks is primarily achieved through:

Question308: A data center has a badge-entry system. Which of the following is MOST important to protect the computing assets in the center?

Question309: A manager of a project was not able to implement all audit recommendations by the target date. The IS auditor should:

Question310: An advantage of using sanitized live transactions in test data is that:

Question311: What does PKI use to provide some of the strongest overall control over data confidentiality, reliability, and integrity for Internet transactions?

Question312: When performing a computer forensic investigation, in regard to the evidence gathered, an IS auditor should be MOST concerned with:

Question313: In a contract with a hot, warm or cold site, contractual provisions should cover which of the following considerations?

Question314: Which of the following controls would be the MOST comprehensive in a remote access network with multiple and diverse subsystems?

Question315: When reviewing input controls, an IS auditor observes that, in accordance with corporate policy, procedures allow supervisory override of data validation edits. The IS auditor should:

Question316: To detect attack attempts that the firewall is unable to recognize, an IS auditor should recommend placing a network intrusion detection system (IDS) between the:

Question317: The PRIMARY purpose of implementing Redundant Array of Inexpensive Disks (RAID) level 1 in a file server is to:

Question318: The use of object-oriented design and development techniques would MOST likely:

Question319: Which of the following online auditing techniques is most effective for the early detection of errors or irregularities?

Question320: An organization has a mix of access points that cannot be upgraded to stronger security and newer access points having advanced wireless security. An IS auditor recommends replacing the non-upgradeable access points. Which of the following would BEST justify the IS auditor's recommendation?

Question321: Which of the following hardware devices relieves the central computer from performing network control, format conversion and message handling tasks?

Question322: Which of the following is the MOST important criterion when selecting a location for an offsite storage facility for IS backup files? The offsite facility must be:

Question323: While evaluating logical access control the IS auditor should follow all of the steps mentioned below EXCEPT one?
1. Obtain general understanding of security risk facing information processing, through a review of relevant documentation, inquiry and observation,etc
2. Document and evaluate controls over potential access paths into the system to assess their adequacy, efficiency and effectiveness
3. Test Control over access paths to determine whether they are functioning and effective by applying appropriate audit technique
4. Evaluate the access control environment to determine if the control objective are achieved by analyzing test result and other audit evidence
5. Evaluate the security environment to assess its adequacy by reviewing written policies, observing practices and procedures, and comparing them with appropriate security standard or practice and procedures used by other organization.
6. Evaluate and deploy technical controls to mitigate all identified risks during audit.

Question324: The output of the risk management process is an input for making:

Question325: Responsibility and reporting lines cannot always be established when auditing automated systems since:

Question326: Which of the following terms refers to systems designed to detect and prevent the unauthorized transmission of information from the computer systems of an organization to outsiders?

Question327: Which of the following will replace system binaries and/or hook into the function calls of the operating system to hide the presence of other programs (choose the most precise answer)?

Question328: To assist an organization in planning for IT investments, an IS auditor should recommend the use of:

Question329: While observing a full simulation of the business continuity plan, an IS auditor notices that the notification systems within the organizational facilities could be severely impacted by infra structural damage. The BEST recommendation the IS auditor can provide to the organization is to ensure:

Question330: During the collection of forensic evidence, which of the following actions would MOST likely result in the destruction or corruption of evidence on a compromised system?

Question331: How can minimizing single points of failure or vulnerabilities of a common disaster best be controlled?

Question332: In an organization where an IT security baseline has been defined, an IS auditor should FIRST ensure:

Question333: What increases encryption overhead and cost the most?

Question334: A comprehensive and effective e-mail policy should address the issues of e-mail structure, policy enforcement, monitoring and:

Question335: An IS auditor is assigned to perform a post implementation review of an application system. Which pf the following situations may have impaired the independence of the IS auditor? The IS auditor:

Question336: A transaction journal provides the information necessary for detecting unauthorized ___________ (fill in the blank) from a terminal.

Question337: Which of the following would prevent accountability for an action performed, thus allowing nonrepudiation?

Question338: When transmitting a payment instruction, which of the following will help verify that the instruction was not duplicated?

Question339: To provide protection for media backup stored at an offsite location, the storage site should be:

Question340: What is a primary high-level goal for an auditor who is reviewing a system development project?

Question341: Obtaining user approval of program changes is very effective for controlling application changes and maintenance. True or false?

Question342: An IS auditor interviewing a payroll clerk finds that the answers do not support job descriptions and documented procedures. Under these circumstances, the IS auditor should:

Question343: Disabling which of the following would make wireless local area networks more secure against unauthorized access?

Question344: The ultimate purpose of IT governance is to:

Question345: In addition to the backup considerations for all systems, which of the following is an important consideration in providing backup for online systems?

Question346: Mitigating the risk and impact of a disaster or business interruption usually takes priority over transference of risk to a third party such as an insurer. True or false?

Question347: To properly evaluate the collective effect of preventative, detective, or corrective controls within a process, an IS auditor should be aware of which of the following?

Question348: Which of the following is the MOST reasonable option for recovering a noncritical system?

Question349: Which of the following is normally a responsibility of the chief security officer (CSO)?

Question350: Normally, it would be essential to involve which of the following stakeholders in the initiation stage of a project?

Question351: What is the BEST approach to mitigate the risk of a phishing attack?

Question352: To address the risk of operations staff's failure to perform the daily backup, management requires that the systems administrator sign off on the daily backup. This is an example of risk:

Question353: Network ILD&P are typically installed:

Question354: Which of the following would have the HIGHEST priority in a business continuity plan (BCP)?

Question355: The most common problem in the operation of an intrusion detection system (IDS) is:

Question356: Which of the following types of attack works by taking advantage of the unenforced and unchecked assumptions the system makes about its inputs?

Question357: In which of the following situations is it MOST appropriate to implement data mirroring as the recovery strategy?

Question358: An IS auditor conducting a review of disaster recovery planning (DRP) at a financial processing organization has discovered the following:
-The existing disaster recovery plan was compiled two years earlier by a systems analyst in the organization's IT department using transaction flow projections from the operations department.
-The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting their attention.
- the plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for its area in the event of a disruptive incident.
The IS auditor's report should recommend that:

Question359: Which of the following is MOST is critical during the business impact assessment phase of business continuity planning?

Question360: Which of the following is the MOST important element for the successful implementation of IT governance?

Question361: How is the time required for transaction processing review usually affected by properly implemented Electronic Data Interface (EDI)?

Question362: An IS auditor can verify that an organization's business continuity plan (BCP) is effective by reviewing the:

Question363: What influences decisions regarding criticality of assets?

Question364: The directory system of a database-management system describes:

Question365: An IS auditor should use statistical sampling and not judgment (nonstatistical) sampling, when:

Question366: The use of digital signatures:

Question367: Which of the following attack could be avoided by creating more security awareness in the organization and provide adequate security knowledge to all employees?

Question368: What is the PRIMARY purpose of audit trails?

Question369: During which of the following phases in system development would user acceptance test plans normally be prepared?

Question370: A team conducting a risk analysis is having difficulty projecting the financial losses that could result from a risk. To evaluate the potential losses, the team should:

Question371: An efficient use of public key infrastructure (PKI) should encrypt the:

Question372: An IS steering committee should:

Question373: In a public key infrastructure, a registration authority:

Question374: Overall business risk for a particular threat can be expressed as:

Question375: Which of the following is a mechanism for mitigating risks?

Question376: Which of the following is the MOST important function to be performed by IS management when a service has been outsourced?

Question377: Which of the following is the MOST important objective of data protection?

Question378: An IS auditor is reviewing an IT security risk management program. Measures of security risk should:

Question379: An IS auditor reviewing a proposed application software acquisition should ensure that the:

Question380: To prevent IP spoofing attacks, a firewall should be configured to drop a packet if:

Question381: The rate of change in technology increases the importance of:

Question382: Which of the following would BEST provide assurance of the integrity of new staff?

Question383: Data flow diagrams are used by IS auditors to:

Question384: Which of the following PBX feature allows a PBX to be configured so that incoming calls are distributed to the next available agent or placed on-hold until one become available?

Question385: When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected on the network?

Question386: An offsite information processing facility:

Question387: Is it appropriate for an IS auditor from a company that is considering outsourcing its IS processing to request and review a copy of each vendor's business continuity plan?

Question388: Once an organization has finished the business process reengineering (BPR) of all its critical operations, an IS auditor would MOST likely focus on a review of:

Question389: With the objective of mitigating the risk and impact of a major business interruption, a disaster recovery plan should endeavor to reduce the length of recovery time necessary, as well as costs associated with recovery. Although DRP results in an increase of pre-and post-incident operational costs, the extra costs are more than offset by reduced recovery and business impact costs. True or false?

Question390: Which of the following should be a concern to an IS auditor reviewing a wireless network?

Question391: Structured programming is BEST described as a technique that:

Question392: Which of the following term describes a failure of an electric utility company to supply power within acceptable range?

Question393: In a public key infrastructure (PKI), which of the following may be relied upon to prove that an online transaction was authorized by a specific customer?

Question394: The success of control self-assessment (CSA) highly depends on:

Question395: What can be used to help identify and investigate unauthorized transactions?

Question396: A financial institution that processes millions of transactions each day has a central communications processor (switch) for connecting to automated teller machines (ATMs). Which of the following would be the BEST contingency plan for the communications processor?

Question397: Which of the following physical access controls effectively reduces the risk of piggybacking?

Question398: An audit charter should:

Question399: An IS auditor reviewing an accounts payable system discovers that audit logs are not being reviewed.
When this issue is raised with management the response is that additional controls are not necessary because effective system access controls are in place. The BEST response the auditor can make is to:

Question400: An organization is using symmetric encryption. Which of the following would be a valid reason for moving to asymmetric encryption? Symmetric encryption:

Question401: Which of the following could lead to an unintentional loss of confidentiality?

Question402: Which of the following malware technical fool's malware by appending section of themselves to files - somewhat in the same way that file malware append themselves?

Question403: The advantage of a bottom-up approach to the development of organizational policies is that the policies:

Question404: Which of the following is a substantive test?

Question405: Which of the following must exist to ensure the viability of a duplicate information processing facility?

Question406: What is a risk associated with attempting to control physical access to sensitive areas such as computer rooms using card keys or locks?

Question407: Who should be responsible for network security operations?

Question408: What is the primary security concern for EDI environments?

Question409: An IS auditor reviewing an outsourcing contract of IT facilities would expect it to define the:

Question410: In order to properly protect against unauthorized disclosure of sensitive data, how should hard disks be sanitized?

Question411: What must an IS auditor understand before performing an application audit?

Question412: An IS auditor has imported data from the client's database. The next step-confirming whether the imported data are complete-is performed by:

Question413: Though management has stated otherwise, an IS auditor has reasons to believe that the organization is using software that is not licensed. In this situation, the IS auditor should:

Question414: Which of the following sampling methods is MOST useful when testing for compliance?

Question415: An IS auditor performing a review of an application's controls would evaluate the:

Question416: During an audit, an IS auditor notices that the IT department of a medium-sized organization has no separate risk management function, and the organization's operational risk documentation only contains a few broadly described IT risks. What is the MOST appropriate recommendation in this situation?

Question417: What can be very helpful to an IS auditor when determining the efficacy of a systems maintenance program?

Question418: The reason for establishing a stop or freezing point on the design of a new system is to:

Question419: An IS auditor is performing an audit of a remotely managed server backup. The IS auditor reviews the logs for one day and finds one case where logging on a server has failed with the result that backup restarts cannot be confirmed. What should the auditor do?

Question420: The BEST overall quantitative measure of the performance of biometric control devices is:

Question421: Which of the following PBX feature supports shared extensions among several devices, ensuring that only one device at a time can use an extension?

Question422: Which of the following is a concern when data are transmitted through Secure Sockets Layer (SSL) encryption, implemented on a trading partner's server?

Question423: When performing a review of the structure of an electronic funds transfer (EFT) system, an IS auditor observes that the technological infrastructure is based on a centralized processing scheme that has been outsourced to a provider in another country. Based on this information, which of the following conclusions should be the main concern of the IS auditor?

Question424: Which of the following BEST describes the necessary documentation for an enterprise product reengineering (EPR) software installation?

Question425: How does the SSL network protocol provide confidentiality?

Question426: COBIT 5 separates information goals into three sub-dimensions of quality. Which of the following sub- dimension of COBIT 5 describes the extent to which data values are in conformance with the actual true value?

Question427: Which of the following method is recommended by security professional to PERMANENTLY erase sensitive data on magnetic media?

Question428: An IS auditor is told by IS management that the organization has recently reached the highest level of the software capability maturity model (CMM). The software quality process MOST recently added by the organization is:

Question429: What can be implemented to provide the highest level of protection from external attack?

Question430: Which of the following type of lock uses a numeric keypad or dial to gain entry?

Question431: The MAIN purpose for periodically testing offsite facilities is to:

Question432: Which of the following is the PRIMARY advantage of using computer forensic software for investigations?

Question433: In a public key infrastructure (PKI), the authority responsible for the identification and authentication of an applicant for a digital certificate (i.e., certificate subjects) is the:

Question434: Which of the following functions is performed by a virtual private network (VPN)?

Question435: The phases and deliverables of a system development life cycle (SDLC) project should be determined:

Question436: A firm is considering using biometric fingerprint identification on all PCs that access critical datA. This requires:

Question437: Disaster recovery planning (DRP) for a company's computer system usually focuses on:

Question438: What should an organization do before providing an external agency physical access to its information processing facilities (IPFs)?

Question439: Which of the following should be considered FIRST when implementing a risk management program?

Question440: When planning to add personnel to tasks imposing time constraints on the duration of a project, which of the following should be revalidated FIRST?

Question441: An IS auditor noted that an organization had adequate business continuity plans (BCPs) for each individual process, but no comprehensive BCP. Which would be the BEST course of action for the IS auditor?

Question442: Which of the following statement is NOT true about smoke detector?

Question443: Which of the following should be of MOST concern to an IS auditor?

Question444: Which of the following statement correctly describes the difference between total flooding and local application extinguishing agent?

Question445: Which of the following would normally be the MOST reliable evidence for an auditor?

Question446: When is regression testing used to determine whether new application changes have introduced any errors in the remaining unchanged code?

Question447: Why is the WAP gateway a component warranting critical concern and review for the IS auditor when auditing and testing controls enforcing message confidentiality?

Question448: Integrating business continuity planning (BCP) into an IT project aids in:

Question449: When developing a security architecture, which of the following steps should be executed FIRST?

Question450: Which of the following attack occurs when a malicious action is performed by invoking the operating system to execute a particular system call?

Question451: An organization has outsourced its wide area network (WAN) to a third-party service provider. Under these circumstances, which of the following is the PRIMARY task the IS auditor should perform during an audit of business continuity (BCP) and disaster recovery planning (DRP)?

Question452: Ensuring that security and control policies support business and IT objectives is a primary objective of:

Question453: When auditing a disaster recovery plan for a critical business area, an IS auditor finds that it does not cover all the systems. Which of the following is the MOST appropriate action for the IS auditor?

Question454: When reviewing the IT strategic planning process, an IS auditor should ensure that the plan:

Question455: Which of the following should an IS auditor review to understand project progress in terms of time, budget and deliverables for early detection of possible overruns and for projecting estimates at completion (EACs)?

Question456: An IS auditor who was involved in designing an organization's business continuity plan(BCP) has been assigned to audit the plan. The IS auditor should:

Question457: Which of the following is an object-oriented technology characteristic that permits an enhanced degree of security over data?

Question458: Which of the following refers to an anomalous condition where a process attempts to store data beyond the boundaries of a fixed length buffer?

Question459: Which of the following should be included in a feasibility study for a project to implement an EDI process?

Question460: Documentation of a business case used in an IT development project should be retained until:

Question461: The MOST important reason for an IS auditor to obtain sufficient and appropriate audit evidence is to:

Question462: In planning an audit, the MOST critical step is the identification of the:

Question463: A virtual private network (VPN) provides data confidentiality by using:

Question464: In the context of effective information security governance, the primary objective of value delivery is to:

Question465: Who is responsible for implementing cost-effective controls in an automated system?

Question466: What control detects transmission errors by appending calculated bits onto the end of each segment of data?

Question467: Off-site data backup and storage should be geographically separated so as to _______________ (fill in the blank) the risk of a widespread physical disaster such as a hurricane or earthquake.

Question468: Which of the following is the BEST way to handle obsolete magnetic tapes before disposing of them?

Question469: A company has decided to implement an electronic signature scheme based on public key infrastructure.
The user's private key will be stored on the computer's hard drive and protected by a password. The MOST significant risk of this approach is:

Question470: Sending a message and a message hash encrypted by the sender's private key will ensure:

Question471: Which of the following is the MOST critical step in planning an audit?

Question472: Key verification is one of the best controls for ensuring that:

Question473: What are trojan horse programs?

Question474: Which of the following ensures a sender's authenticity and an e-mail's confidentiality?

Question475: How do modems (modulation/demodulation) function to facilitate analog transmissions to enter a digital network?

Question476: A benefit of open system architecture is that it:

Question477: Which of the following process consist of identification and selection of data from the imaged data set in computer forensics?

Question478: The MOST effective control for reducing the risk related to phishing is:

Question479: What type of risk is associated with authorized program exits (trap doors)?

Question480: Which of the following method should be recommended by security professional to erase the data on the magnetic media that would be reused by another employee?

Question481: An IS auditor reviewing access controls for a client-server environment should FIRST:

Question482: Which of the following methods of suppressing a fire in a data center is the MOST effective and environmentally friendly?

Question483: What are used as a countermeasure for potential database corruption when two processes attempt to simultaneously edit or update the same information?

Question484: Who is responsible for the overall direction, costs, and timetables for systems-development projects?

Question485: When installing an intrusion detection system (IDS), which of the following is MOST important?

Question486: When planning an audit of a network setup, an IS auditor should give highest priority to obtaining which of the following network documentation?

Question487: An IS auditor should be MOST concerned with what aspect of an authorized honeypot?

Question488: What is the lowest level of the IT governance maturity model where an IT balanced scorecard exists?

Question489: Which of the following is the MOST likely reason why e-mail systems have become a useful source of evidence for litigation?

Question490: Which of the following is the PRIMARY objective of an IT performance measurement process?

Question491: Which of the following protocol is PRIMARILY used to provide confidentiality in a web based application thus protecting data sent across a client machine and a server?

Question492: What type of BCP test uses actual resources to simulate a system crash and validate the plan's effectiveness?

Question493: During the planning stage of an IS audit, the PRIMARY goal of an IS auditor is to:

Question494: Which of the following programs would a sound information security policy MOST likely include to handle suspected intrusions?

Question495: The extent to which data will be collected during an IS audit should be determined based on the:

Question496: Which of the following provides the MOST relevant information for proactively strengthening security settings?

Question497: Distributed denial-of-service (DDOS) attacks on Internet sites are typically evoked by hackers using which of the following?

Question498: Using the OSI reference model, what layer(s) is/are used to encrypt data?

Question499: Which of the following is an attribute of the control self-assessment (CSA) approach?

Question500: An IS auditor is reviewing a project to implement a payment system between a parent bank and a subsidiary. The IS auditor should FIRST verify that the:

Question501: Which of the following reduces the potential impact of social engineering attacks?

Question502: The difference between a vulnerability assessment and a penetration test is that a vulnerability assessment:

Question503: Which of the following is MOST likely to result from a business process reengineering (BPR) project?

Question504: Default permit is only a good approach in an environment where:

Question505: During a review of a business continuity plan, an IS auditor noticed that the point at which a situation is declared to be a crisis has not been defined. The MAJOR risk associated with this is that:

Question506: At a hospital, medical personal carry handheld computers which contain patient health data. These handheld computers are synchronized with PCs which transfer data from a hospital database. Which of the following would be of the most importance?

Question507: Functional acknowledgements are used:

Question508: When developing a formal enterprise security program, the MOST critical success factor (CSF) would be the:

Question509: A hardware control that helps to detect errors when data are communicated from one computer to another is known as a:

Question510: Which of the following is of greatest concern when performing an IS audit?

Question511: Which of the following can help detect transmission errors by appending specially calculated bits onto the end of each segment of data?

Question512: ALL computer programming languages are vulnerable to command injection attack.

Question513: Which of the following tasks should be performed FIRST when preparing a disaster recovery plan?

Question514: A project manager of a project that is scheduled to take 18 months to complete announces that the project is in a healthy financial position because, after 6 months, only one-sixth of the budget has been spent. The IS auditor should FIRST determine:

Question515: The PRIMARY advantage of a continuous audit approach is that it:

Question516: Which of the following is the MOST important consideration when defining recovery point objectives (RPOs)?

Question517: The most common reason for the failure of information systems to meet the needs of users is that:

Question518: When implementing an application software package, which of the following presents the GREATEST risk?

Question519: The MAIN purpose of a transaction audit trail is to:

Question520: The editing/validation of data entered at a remote site would be performed MOST effectively at the:

Question521: Which of the following encrypt/decrypt steps provides the GREATEST assurance of achieving confidentiality, message integrity and nonrepudiation by either sender or recipient?

Question522: An IS auditor is using a statistical sample to inventory the tape library. What type of test would this be considered?

Question523: In an EDI process, the device which transmits and receives electronic documents is the:

Question524: Which of the following is the BEST information source for management to use as an aid in the identification of assets that are subject to laws and regulations?

Question525: Run-to-run totals can verify data through which stage(s) of application processing?

Question526: When auditing security for a data center, an IS auditor should look for the presence of a voltage regulator to ensure that the:

Question527: Which of the following are effective controls for detecting duplicate transactions such as payments made or received?

Question528: A local area network (LAN) administrator normally would be restricted from:

Question529: A large chain of shops with electronic funds transfer (EFT) at point-of-sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communications processor?

Question530: What type of fire-suppression system suppresses fire via water that is released from a main valve to be delivered via a system of dry pipes installed throughout the facilities?

Question531: An organization has contracted with a vendor for a turnkey solution for their electronic toll collection system (ETCS). The vendor has provided its proprietary application software as part of the solution. The contract should require that:

Question532: The IT balanced scorecard is a business governance tool intended to monitor IT performance evaluation indicators other than:

Question533: The MOST significant level of effort for business continuity planning (BCP) generally is required during the:

Question534: When should application controls be considered within the system-development process?

Question535: Which of the following is a passive attack method used by intruders to determine potential network vulnerabilities?

Question536: Which of the following technique is NOT used by a preacher against a Private Branch Exchange (PBX)?

Question537: During the requirements definition phase of a software development project, the aspects of software testing that should be addressed are developing:

Question538: A penetration test performed as part of evaluating network security:

Question539: During an audit of a business continuity plan (BCP), an IS auditor found that, although all departments were housed in the same building, each department had a separate BCP. The IS auditor recommended that the BCPs be reconciled. Which of the following areas should be reconciled FIRST?

Question540: Which of the following is BEST characterized by unauthorized modification of data before or during systems data entry?

Question541: An IS auditor was hired to review e-business security. The IS auditor's first task was to examine each existing e-business application looking for vulnerabilities. What would be the next task?

Question542: Which of the following would contribute MOST to an effective business continuity plan (BCP)?

Question543: When using a digital signature, the message digest is computed:

Question544: Which of the following is a sophisticated computer based switch that can be thought of as essentially a small in-house phone company for the organization?

Question545: Which of the following is the BEST method for determining the criticality of each application system in the production environment?

Question546: An organization is implementing a new system to replace a legacy system. Which of the following conversion practices creates the GREATEST risk?

Question547: How is risk affected if users have direct access to a database at the system level?

Question548: An organization can ensure that the recipients of e-mails from its employees can authenticate the identity of the sender by:

Question549: An IS auditor has audited a business continuity plan (BCP). Which of the following findings is the MOST critical?

Question550: Which of the following environmental controls is appropriate to protect computer equipment against short- term reductions in electrical power?

Question551: IS management is considering a Voice-over Internet Protocol (VoIP) network to reduce telecommunication costs and management asked the IS auditor to comment on appropriate security controls. Which of the following security measures is MOST appropriate?

Question552: What process is used to validate a subject's identity?

Question553: Which of the following would be MOST important for an IS auditor to verify when conducting a business continuity audit?

Question554: Which of the following aspects of symmetric key encryption influenced the development of asymmetric encryption?

Question555: Which of the following network configuration options contains a direct link between any two host machines?

Question556: Which of the following should an IS auditor use to detect duplicate invoice records within an invoice master file?

Question557: Proper segregation of duties prohibits a system analyst from performing quality-assurance functions. True or false?

Question558: Which testing approach is MOST appropriate to ensure that internal application interface errors are identified as soon as possible?

Question559: An IS auditor evaluating logical access controls should FIRST:

Question560: During the design of a business continuity plan, the business impact analysis (BIA) identifies critical processes and supporting applications. This will PRIMARILY influence the:

Question561: The GREATEST benefit in implementing an expert system is the:

Question562: If an IS auditor observes that an IS department fails to use formal documented methodologies, policies, and standards, what should the auditor do?

Question563: Business process re-engineering often results in ___________________ automation, which results in
____________ number of people using technology. Fill in the blanks.

Question564: When should reviewing an audit client's business plan be performed relative to reviewing an organization's IT strategic plan?

Question565: Which of the following is an advantage of prototyping?

Question566: When an employee is terminated from service, the MOST important action is to:

Question567: Which of the following would be the MOST significant audit finding when reviewing a point-of-sale (POS) system?

Question568: Which of the following should an IS auditor review to determine user permissions that have been granted for a particular resource?

Question569: The potential for unauthorized system access by way of terminals or workstations within an organization's facility is increased when:

Question570: Which of the following systems or tools can recognize that a credit card transaction is more likely to have resulted from a stolen credit card than from the holder of the credit card?

Question571: While reviewing the business continuity plan of an organization, an IS auditor observed that the organization's data and software files are backed up on a periodic basis. Which characteristic of an effective plan does this demonstrate?

Question572: During an application audit, an IS auditor finds several problems related to corrupted data in the database.
Which of the following is a corrective control that the IS auditor should recommend?

Question573: Batch control reconciliation is a _____________________ (fill the blank) control for mitigating risk of inadequate segregation of duties.

Question574: Many organizations require an employee to take a mandatory vacation (holiday) of a week or more to:

Question575: The frequent updating of which of the following is key to the continued effectiveness of a disaster recovery plan (DRP)?

Question576: A medium-sized organization, whose IT disaster recovery measures have been in place and regularly tested for years, has just developed a formal business continuity plan (BCP). A basic BCP tabletop exercise has been performed successfully. Which testing should an IS auditor recommend be performed NEXT to verify the adequacy of the new BCP?

Question577: Which of the following refers to the proving of mathematical theorems by a computer program?

Question578: In the process of evaluating program change controls, an IS auditor would use source code comparison software to:

Question579: An offsite information processing facility having electrical wiring, air conditioning and flooring, but no computer or communications equipment is a:

Question580: Which of the following is an advantage of the top-down approach to software testing?

Question581: An IS auditor should carefully review the functional requirements in a system-development project to ensure that the project is designed to:

Question582: With respect to business continuity strategies, an IS auditor interviews key stakeholders in an organization to determine whether they understand their roles and responsibilities. The IS auditor is attempting to evaluate the:

Question583: Who is ultimately responsible for providing requirement specifications to the software- development team?

Question584: Whenever an application is modified, what should be tested to determine the full impact of the change?

Question585: Which of the following BEST supports the prioritization of new IT projects?

Question586: To address an organization's disaster recovery requirements, backup intervals should not exceed the:

Question587: Which of the following activities performed by a database administrator (DBA) should be performed by a different person?

Question588: Which of the following protocol is developed jointly by VISA and Master Card to secure payment transactions among all parties involved in credit card transactions on behalf of cardholders and merchants?

Question589: In an online transaction processing system, data integrity is maintained by ensuring that a transaction is either completed in its entirety or not at all. This principle of data integrity is known as:

Question590: A check digit is an effective edit check to:

Question591: A primary benefit derived from an organization employing control self-assessment (CSA) techniques is that it can:

Question592: After initial investigation, an IS auditor has reasons to believe that fraud may be present.
The IS auditor should:

Question593: A manufacturing firm wants to automate its invoice payment system. Objectives state that the system should require considerably less time for review and authorization and the system should be capable of identifying errors that require follow up. Which of the following would BEST meet these objectives?

Question594: Validated digital signatures in an e-mail software application will:

Question595: In the event of a data center disaster, which of the following would be the MOST appropriate strategy to enable a complete recovery of a critical database?

Question596: The MAJOR consideration for an IS auditor reviewing an organization's IT project portfolio is the:

Question597: An example of a direct benefit to be derived from a proposed IT-related business investment is:

Question598: An intentional or unintentional disclosure of a password is likely to be evident within control logs. True or false?

Question599: Identify the correct sequence which needs to be followed as a chain of event in regards to evidence handling in computer forensics?

Question600: The waterfall life cycle model of software development is most appropriately used when:

Question601: The final decision to include a material finding in an audit report should be made by the:

Question602: An IS auditor is evaluating management's risk assessment of information systems. The IS auditor should FIRST review:

Question603: You may reduce a cracker's chances of success by (choose all that apply):

Question604: IS management has decided to install a level 1 Redundant Array of Inexpensive Disks (RAID) system in all servers to compensate for the elimination of offsite backups. The IS auditor should recommend:

Question605: To address a maintenance problem, a vendor needs remote access to a critical network. The MOST secure and effective solution is to provide the vendor with a:

Question606: While conducting an audit of a service provider, an IS auditor observes that the service provider has outsourced a part of the work to another provider. Since the work involves confidential information, the IS auditor's PRIMARY concern should be that the:

Question607: Which of the following translates e-mail formats from one network to another so that the message can travel through all the networks?

Question608: From a risk management point of view, the BEST approach when implementing a large and complex IT infrastructure is:

Question609: The role of the certificate authority (CA) as a third party is to:

Question610: Which of the following cryptographic systems is MOST appropriate for bulk data encryption and small devices such as smart cards?

Question611: Which of the following is best suited for searching for address field duplications?

Question612: After implementation of a disaster recovery plan, pre-disaster and post-disaster operational costs for an organization will:

Question613: Which of the following is an implementation risk within the process of decision support systems?

Question614: An IS auditor reviewing wireless network security determines that the Dynamic Host Configuration Protocol is disabled at all wireless access points. This practice:

Question615: What method might an IS auditor utilize to test wireless security at branch office locations?

Question616: Which of the following biometrics methods provides the HIGHEST accuracy and is LEAST accepted by users?

Question617: Which of the following uses a prototype that can be updated continually to meet changing user or business requirements?

Question618: Which of the following ensures confidentiality of information sent over the internet?

Question619: What process uses test data as part of a comprehensive test of program controls in a continuous online manner?

Question620: Which of the following is of greatest concern to the IS auditor?

Question621: The development of an IS security policy is ultimately the responsibility of the:

Question622: An IS auditor reviewing an organization's IT strategic plan should FIRST review:

Question623: An auditor needs to be aware of technical controls which are used to protect computer from malware.
Which of the following technical control interrupts DoS and ROM BIOS call and look for malware like action?

Question624: In auditing a web server, an IS auditor should be concerned about the risk of individuals gaining unauthorized access to confidential information through:

Question625: Which of the following fire suppression systems is MOST appropriate to use in a data center environment?

Question626: An IS auditor is reviewing access to an application to determine whether the 10 most recent "new user" forms were correctly authorized. This is an example of:

Question627: In determining the acceptable time period for the resumption of critical business processes:

Question628: During a postimplementation review of an enterprise resource management system, an IS auditor would MOST likely:

Question629: During an audit, an IS auditor notes that an organization's business continuity plan (BCP) does not adequately address information confidentiality during a recovery process. The IS auditor should recommend that the plan be modified to include:

Question630: Fourth-Generation Languages (4GLs) are most appropriate for designing the application's graphical user interface (GUI). They are inappropriate for designing any intensive data- calculation procedures. True or false?

Question631: What is a common vulnerability, allowing denial-of-service attacks?

Question632: What is an initial step in creating a proper firewall policy?

Question633: An IS auditor who is reviewing incident reports discovers that, in one instance, an important document left on an employee's desk was removed and put in the garbage by the outsourced cleaning staff. Which of the following should the IS auditor recommend to management?

Question634: Input/output controls should be implemented for which applications in an integrated systems environment?

Question635: Which of the following types of data validation editing checks is used to determine if a field contains data, and not zeros or blanks?

Question636: When reviewing a digital certificate verification process, which of the following findings represents the MOST significant risk?

Question637: Which of the following should an IS auditor review to gain an understanding of the effectiveness of controls over the management of multiple projects?

Question638: The purpose of a deadman door controlling access to a computer facility is primarily to:

Question639: During the system testing phase of an application development project the IS auditor should review the:

Question640: Who is responsible for authorizing access level of a data user?

Question641: Which of the following should be the MOST important consideration when deciding areas of priority for IT governance implementation?

Question642: Network Data Management Protocol (NDMP) technology should be used for backup if:

Question643: The PRIMARY purpose of a business impact analysis (BIA) is to:

Question644: Which of the following attack is also known as Time of Check(TOC)/Time of Use(TOU)?

Question645: Everything not explicitly permitted is forbidden has which of the following kinds of tradeoff?

Question646: What type(s) of firewalls provide(s) the greatest degree of protection and control because both firewall technologies inspect all seven OSI layers of network traffic?

Question647: The PRIMARY purpose for meeting with auditees prior to formally closing a review is to:

Question648: The vice president of human resources has requested an audit to identify payroll overpayments for the previous year. Which would be the BEST audit technique to use in this situation?

Question649: TEMPEST is a hardware for which of the following purposes?

Question650: Which of the following is a guiding best practice for implementing logical access controls?

Question651: If the recovery time objective (RTO) increases:

Question652: Parity bits are a control used to validate:

Question653: Before implementing controls, management should FIRST ensure that the controls:

Question654: What kind of testing should programmers perform following any changes to an application or system?

Question655: Which of the following data validation edits is effective in detecting transposition and transcription errors?

Question656: An IS auditor who has discovered unauthorized transactions during a review of EDI transactions is likely to recommend improving the:

Question657: An organization is considering connecting a critical PC-based system to the Internet. Which of the following would provide the BEST protection against hacking?

Question658: An IS auditor should be concerned when a telecommunication analyst:

Question659: When reviewing an organization's strategic IT plan an IS auditor should expect to find:

Question660: Which of the following attack includes social engineering, link manipulation or web site forgery techniques?

Question661: The MOST likely explanation for a successful social engineering attack is:

Question662: A financial services organization is developing and documenting business continuity measures. In which of the following cases would an IS auditor MOST likely raise an issue?

Question663: Which of the following activities should the business continuity manager perform FIRST after the replacement of hardware at the primary information processing facility?

Question664: What can ISPs use to implement inbound traffic filtering as a control to identify IP packets transmitted from unauthorized sources?

Question665: The risks associated with electronic evidence gathering would MOST likely be reduced by an e- mail:

Question666: Host Based ILD&P primarily addresses the issue of:

Question667: Which of the following potentially blocks hacking attempts?

Question668: Which of the following devices extends the network and has the capacity to store frames and act as a storage and forward device?

Question669: An integrated test facility is not considered a useful audit tool because it cannot compare processing output with independently calculated data. True or false?

Question670: What is the BEST backup strategy for a large database with data supporting online sales?

Question671: An IS auditor finds that, in accordance with IS policy, IDs of terminated users are deactivated within 90 days of termination. The IS auditor should:

Question672: An IS auditor is assigned to audit a software development project which is more than 80 percent complete, but has already overrun time by 10 percent and costs by 25 percent. Which of the following actions should the IS auditor take?

Question673: What should regression testing use to obtain accurate conclusions regarding the effects of changes or corrections to a program, and ensuring that those changes and corrections have not introduced new errors?

Question674: Which of the following is the MOST important IS audit consideration when an organization outsources a customer credit review system to a third-party service provider? The provider:

Question675: What is often assured through table link verification and reference checks?

Question676: Which of the following techniques would BEST help an IS auditor gain reasonable assurance that a project can meet its target date?

Question677: As compared to understanding an organization's IT process from evidence directly collected, how valuable are prior audit reports as evidence?

Question678: An integrated test facility is considered a useful audit tool because it:

Question679: What is the BEST action to prevent loss of data integrity or confidentiality in the case of an e-commerce application running on a LAN, processing electronic fund transfers (EFT) and orders?

Question680: What are used as the framework for developing logical access controls?

Question681: Whenever business processes have been re-engineered, the IS auditor attempts to identify and quantify the impact of any controls that might have been removed, or controls that might not work as effectively after business process changes. True or false?

Question682: ________ (fill in the blank) is/are ultimately accountable for the functionality, reliability, and security within IT governance.

Question683: A call-back system requires that a user with an id and password call a remote server through a dial-up line, then the server disconnects and:

Question684: What is the most common reason for information systems to fail to meet the needs of users?

Question685: Which of the following system and data conversion strategies provides the GREATEST redundancy?

Question686: A critical function of a firewall is to act as a:

Question687: Off-site data storage should be kept synchronized when preparing for recovery of time- sensitive data such as that resulting from which of the following?

Question688: The MAJOR advantage of a component-based development approach is the:

Question689: Which of the following is the initial step in creating a firewall policy?

Question690: An IS auditor reviews an organizational chart PRIMARILY for:

Question691: Talking about the different approaches to security in computing, the principle of regarding the computer system itself as largely an untrusted system emphasizes:

Question692: The PRIMARY purpose of audit trails is to:

Question693: An IS auditor selects a server for a penetration test that will be carried out by a technical specialist. Which of the following is MOST important?

Question694: Buffer overflow aims primarily at corrupting:

Question695: What can be used to gather evidence of network attacks?

Question696: Which of the following provides the strongest authentication for physical access control?

Question697: Which of the following is BEST suited for secure communications within a small group?

Question698: A hard disk containing confidential data was damaged beyond repair. What should be done to the hard disk to prevent access to the data residing on it?

Question699: The human resources (HR) department has developed a system to allow employees to enroll in benefits via a web site on the corporate Intranet. Which of the following would protect the confidentiality of the data?

Question700: Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly?

Question701: An organization currently using tape backups takes one full backup weekly and incremental backups daily.
They recently augmented their tape backup procedures with a backup-to- disk solution. This is appropriate because:

Question702: A web server is attacked and compromised. Which of the following should be performed FIRST to handle the incident?

Question703: Which of the following is the GREATEST risk to the effectiveness of application system controls?

Question704: IS auditors are MOST likely to perform compliance tests of internal controls if, after their initial evaluation of the controls, they conclude that control risks are within the acceptable limits. True or false?

Question705: The PRIMARY goal of a web site certificate is:

Question706: A control that detects transmission errors by appending calculated bits onto the end of each segment of data is known as a:

Question707: For which of the following applications would rapid recovery be MOST crucial?

Question708: During the review of a biometrics system operation, an IS auditor should FIRST review the stage of:

Question709: An IS auditor reviewing the risk assessment process of an organization should FIRST:

Question710: When auditing third-party service providers, an IS auditor should be concerned with which of the following?

Question711: The MOST effective biometric control system is the one:

Question712: An IS auditor finds out-of-range data in some tables of a database. Which of the following controls should the IS auditor recommend to avoid this situation?

Question713: An IS auditor reviewing the key roles and responsibilities of the database administrator (DBA) is LEAST likely to expect the job description of the DBA to include:

Question714: During an exit interview, in cases where there is disagreement regarding the impact of a finding, an IS auditor should:

Question715: Which of the following attack is MOSTLY performed by an attacker to steal the identity information of a user such as credit card number, passwords, etc?

Question716: Which of the following systems-based approaches would a financial processing company employ to monitor spending patterns to identify abnormal patterns and report them?

Question717: Which of the following is an appropriate test method to apply to a business continuity plan (BCP)?

Question718: What is an acceptable mechanism for extremely time-sensitive transaction processing?

Question719: An IS auditor is reviewing a project that is using an Agile software development approach. Which of the following should the IS auditor expect to find?

Question720: During Involuntary termination of an employee, which of the following is the MOST important step to be considered?

Question721: Which of the following would BEST support 24/7 availability?

Question722: Which of the following is the MOST important action in recovering from a cyberattack?

Question723: Security should ALWAYS be an all or nothing issue.

Question724: Active radio frequency ID (RFID) tags are subject to which of the following exposures?

Question725: Which of the following encryption techniques will BEST protect a wireless network from a man-in-the- middle attack?

Question726: Facilitating telecommunications continuity by providing redundant combinations of local carrier T- 1 lines, microwaves and/or coaxial cables to access the local communication loop:

Question727: An organization has implemented a disaster recovery plan. Which of the following steps should be carried out next?

Question728: A legacy payroll application is migrated to a new application. Which of the following stakeholders should be PRIMARILY responsible for reviewing and signing-off on the accuracy and completeness of the data before going live?

Question729: At the completion of a system development project, a postproject review should include which of the following?

Question730: There are several methods of providing telecommunications continuity. The method of routing traffic through split cable or duplicate cable facilities is called:

Question731: The 'trusted systems' approach has been predominant in the design of:

Question732: Organizations should use off-site storage facilities to maintain ______________ (fill in the blank) of current and critical information within backup files.

Question733: Establishing data ownership is an important first step for which of the following processes?

Question734: Which of the following is MOST critical for the successful implementation and maintenance of a security policy?

Question735: An organization has an integrated development environment (IDE) on which the program libraries reside on the server, but modification/development and testing are done from PC workstations.
Which of the following would be a strength of an IDE?

Question736: Which of the following is the MOST secure and economical method for connecting a private network over the Internet in a small- to medium-sized organization?

Question737: To ensure an organization is complying with privacy requirements, an IS auditor should FIRST review:

Question738: Which of the following is the BEST performance criterion for evaluating the adequacy of an organization's security awareness training?

Question739: When storing data archives off-site, what must be done with the data to ensure data completeness?

Question740: The MOST likely effect of the lack of senior management commitment to IT strategic planning is:

Question741: Proper segregation of duties prevents a computer operator (user) from performing security administration duties. True or false?

Question742: Who is responsible for restricting and monitoring access of a data user?

Question743: When reviewing a project where quality is a major concern, an IS auditor should use the project management triangle to explain that:

Question744: An IS auditor reviewing an organization's IS disaster recovery plan should verify that it is:

Question745: An appropriate control for ensuring the authenticity of orders received in an EDI application is to:

Question746: Which of the following would an IS auditor consider a weakness when performing an audit of an organization that uses a public key infrastructure with digital certificates for its business-to- consumer transactions via the internet?

Question747: Regarding digital signature implementation, which of the following answers is correct?

Question748: What is/are used to measure and ensure proper network capacity management and availability of services?

Question749: A LAN administrator normally would be restricted from:

Question750: Which of the following provides the GREATEST assurance of message authenticity?

Question751: Of the following alternatives, the FIRST approach to developing a disaster recovery strategy would be to assess whether:

Question752: In the course of performing a risk analysis, an IS auditor has identified threats and potential impacts. Next, the IS auditor should:

Question753: What are often the primary safeguards for systems software and data?

Question754: An IS auditor has been assigned to review IT structures and activities recently outsourced to various providers. Which of the following should the IS auditor determine FIRST?

Question755: The PRIMARY benefit of implementing a security program as part of a security governance framework is the:

Question756: Corrective action has been taken by an auditee immediately after the identification of a reportable finding.
The auditor should:

Question757: When reviewing print systems spooling, an IS auditor is MOST concerned with which of the following vulnerabilities?

Question758: The MAJOR advantage of the risk assessment approach over the baseline approach to information security management is that it ensures:

Question759: Which of the following would provide the highest degree of server access control?

Question760: Assessing IT risks is BEST achieved by:

Question761: An IS auditor has been asked to participate in project initiation meetings for a critical project. The IS auditor's MAIN concern should be that the:

Question762: When should an application-level edit check to verify that availability of funds was completed at the electronic funds transfer (EFT) interface?

Question763: In transport mode, the use of the Encapsulating Security Payload (ESP) protocol is advantageous over the Authentication Header (AH) protocol because it provides:

Question764: Which of the following provides nonrepudiation services for e-commerce transactions?

Question765: To gain an understanding of the effectiveness of an organization's planning and management of investments in IT assets, an IS auditor should review the:

Question766: An IS auditor finds that conference rooms have active network ports. Which of the following is MOST important to ensure?

Question767: Which of the following attack is against computer network and involves fragmented or invalid ICMP packets sent to the target?

Question768: A clerk changed the interest rate for a loan on a master file. The rate entered is outside the normal range for such a loan. Which of the following controls is MOST effective in providing reasonable assurance that the change was authorized?

Question769: A data administrator is responsible for:

Question770: Which of the following controls would an IS auditor look for in an environment where duties cannot be appropriately segregated?

Question771: Depending on the complexity of an organization's business continuity plan (BCP), the plan may be developed as a set of more than one plan to address various aspects of business continuity and disaster recovery, in such an environment, it is essential that:

Question772: An organization with extremely high security requirements is evaluating the effectiveness of biometric systems. Which of the following performance indicators is MOST important?

Question773: An IS auditor discovers that developers have operator access to the command line of a production environment operating system. Which of the following controls would BEST mitigate the risk of undetected and unauthorized program changes to the production environment?

Question774: The IS management of a multinational company is considering upgrading its existing virtual private network (VPN) to support voice-over IP (VoIP) communications via tunneling. Which of the following considerations should be PRIMARILY addressed?

Question775: Which of the following statement is NOT true about Voice-Over IP (VoIP)?
VoIP uses circuit switching technology
Lower cost per call or even free calls, especially for long distance call Lower infrastructure cost VoIP is a technology where voice traffic is carried on top of existing data infrastructure

Question776: Which of the following situations would increase the likelihood of fraud?

Question777: Database snapshots can provide an excellent audit trail for an IS auditor. True or false?

Question778: Which of the following is a characteristic of timebox management?

Question779: Which of the following fire-suppression methods is considered to be the most environmentally friendly?

Question780: Effective IT governance will ensure that the IT plan is consistent with the organization's:

Question781: When should systems administrators first assess the impact of applications or systems patches?

Question782: The activation of an enterprise's business continuity plan should be based on predetermined criteria that address the:

Question783: What supports data transmission through split cable facilities or duplicate cable facilities?

Question784: A company has implemented a new client-server enterprise resource planning (ERP) system. Local branches transmit customer orders to a central manufacturing facility. Which of the following would BEST ensure that the orders are entered accurately and the corresponding products are produced?

Question785: An IS auditor reviewing an organization that uses cross-training practices should assess the risk of:

Question786: Which of the following backup techniques is the MOST appropriate when an organization requires extremely granular data restore points, as defined in the recovery point objective (RPO)?

Question787: Following best practices, formal plans for implementation of new information systems are developed during the:

Question788: When selecting audit procedures, an IS auditor should use professional judgment to ensure that:

Question789: What type of cryptosystem is characterized by data being encrypted by the sender using the recipient's public key, and the data then being decrypted using the recipient's private key?

Question790: Rather than simply reviewing the adequacy of access control, appropriateness of access policies, and effectiveness of safeguards and procedures, the IS auditor is more concerned with effectiveness and utilization of assets. True or false?

Question791: What is a reliable technique for estimating the scope and cost of a software-development project?

Question792: What is used to develop strategically important systems faster, reduce development costs, and still maintain high quality?

Question793: What is the recommended initial step for an IS auditor to implement continuous-monitoring systems?

Question794: After a full operational contingency test, an IS auditor performs a review of the recovery steps. The auditor concludes that the time it took for the technological environment and systems to return to full-functioning exceeded the required critical recovery time. Which of the following should the auditor recommend?

Question795: To affix a digital signature to a message, the sender must first create a message digest by applying a cryptographic hashing algorithm against:

Question796: Which of the following provides the BEST evidence of an organization's disaster recovery readiness?

Question797: At the end of the testing phase of software development, an IS auditor observes that an intermittent software error has not been corrected. No action has been taken to resolve the error. The IS auditor should:

Question798: When developing a risk management program, what is the FIRST activity to be performed?

Question799: When implementing an IT governance framework in an organization the MOST important objective is:

Question800: Which of the following insurance types provide for a loss arising from fraudulent acts by employees?

Question801: Users are issued security tokens to be used in combination with a PIN to access the corporate virtual private network (VPN). Regarding the PIN, what is the MOST important rule to be included in a security policy?

Question802: Which of the following is a benefit of using callback devices?

Question803: An IS auditor performing a review of the backup processing facilities should be MOST concerned that:

Question804: During a disaster recovery test, an IS auditor observes that the performance of the disaster recovery site's server is slow. To find the root cause of this, the IS auditor should FIRST review the:

Question805: IS management has decided to rewrite a legacy customer relations system using fourth generation languages (4GLs). Which of the following risks is MOST often associated with system development using
4GLs?

Question806: An IS auditor identifies that reports on product profitability produced by an organization's finance and marketing departments give different results. Further investigation reveals that the product definition being used by the two departments is different. What should the IS auditor recommend?

Question807: A disaster recovery plan for an organization's financial system specifies that the recovery point objective (RPO) is no data loss and the recovery time objective (RTO) is 72 hours. Which of the following is the MOST cost-effective solution?

Question808: A company has recently upgraded its purchase system to incorporate EDI transmissions. Which of the following controls should be implemented in the EDI interface to provide for efficient data mapping?

Question809: Which of the following is a telecommunication device that translates data from digital form to analog form and back to digital?

Question810: The cost of ongoing operations when a disaster recovery plan is in place, compared to not having a disaster recovery plan, will MOST likely:

Question811: With respect to the outsourcing of IT services, which of the following conditions should be of GREATEST concern to an IS auditor?

Question812: Which of the following is the BEST way to satisfy a two-factor user authentication?

Question813: Before implementing an IT balanced scorecard, an organization must:

Question814: Which of the following provide(s) near-immediate recoverability for time-sensitive systems and transaction processing?

Question815: During an implementation review of a multiuser distributed application, an IS auditor finds minor weaknesses in three areas-the initial setting of parameters is improperly installed, weak passwords are being used and some vital reports are not being checked properly. While preparing the audit report, the IS auditor should:

Question816: Function Point Analysis (FPA) provides an estimate of the size of an information system based only on the number and complexity of a system's inputs and outputs. True or false?

Question817: To aid management in achieving IT and business alignment, an IS auditor should recommend the use of:

Question818: What is the MOST prevalent security risk when an organization implements remote virtual private network (VPN) access to its network?

Question819: In the event of a disruption or disaster, which of the following technologies provides for continuous operations?

Question820: Of the three major types of off-site processing facilities, what type is characterized by at least providing for electricity and HVAC?

Question821: Ideally, stress testing should be carried out in a:

Question822: Management considered two projections for its business continuity plan; plan A with two months to recover and plan B with eight months to recover. The recovery objectives are the same in both plans. It is reasonable to expect that plan B projected higher:

Question823: An organization's disaster recovery plan should address early recovery of:

Question824: How is the risk of improper file access affected upon implementing a database system?

Question825: To support an organization's goals, an IS department should have:

Question826: Above almost all other concerns, what often results in the greatest negative impact on the implementation of new application software?

Question827: Network environments often add to the complexity of program-to-program communication, making the implementation and maintenance of application systems more difficult. True or false?

Question828: If an IS auditor finds evidence of risk involved in not implementing proper segregation of duties, such as having the security administrator perform an operations function, what is the auditor's primary responsibility?

Question829: When performing an IS strategy audit, an IS auditor should review both short-term (one- year) and long- term (three-to five-year) IS strategies, interview appropriate corporate management personnel, and ensure that the external environment has been considered. The auditor should especially focus on procedures in an audit of IS strategy. True or false?

Question830: IT control objectives are useful to IS auditors, as they provide the basis for understanding the:

Question831: A substantive test to verify that tape library inventory records are accurate is:

Question832: What is the primary objective of a control self-assessment (CSA) program?

Question833: Which of the following is a benefit of a risk-based approach to audit planning? Audit:

Question834: Which of the following types of testing would determine whether a new or modifies system can operate in its target environment without adversely impacting other existing systems?

Question835: The initial step in establishing an information security program is the:

Question836: When identifying an earlier project completion time, which is to be obtained by paying a premium for early completion, the activities that should be selected are those:

Question837: After completing the business impact analysis (BIA), what is the next step in the business continuity planning process?

Question838: During the audit of an acquired software package, an IS auditor learned that the software purchase was based on information obtained through the Internet, rather than from responses to a request for proposal (RFP). The IS auditor should FIRST:

Question839: What should an IS auditor do if he or she observes that project-approval procedures do not exist?

Question840: During a change control audit of a production system, an IS auditor finds that the change management process is not formally documented and that some migration procedures failed. What should the IS auditor do next?

Question841: Allowing application programmers to directly patch or change code in production programs increases risk of fraud. True or false?

Question842: Which of the following antispam filtering techniques would BEST prevent a valid, variable- length e-mail message containing a heavily weighted spam keyword from being labeled as spam?

Question843: Which of the following is the GREATEST risk when implementing a data warehouse?

Question844: A database administrator is responsible for:

Question845: In reviewing the IS short-range (tactical) plan, an IS auditor should determine whether:

Question846: To ensure authentication, confidentiality and integrity of a message, the sender should encrypt the hash of the message with the sender's:

Question847: What should IS auditors always check when auditing password files?

Question848: Which of the following should an IS auditor recommend to BEST enforce alignment of an IT project portfolio with strategic organizational priorities?

Question849: An IS auditor evaluates the test results of a modification to a system that deals with payment computation.
The auditor finds that 50 percent of the calculations do not match predetermined totals. Which of the following would MOST likely be the next step in the audit?

Question850: Which of the following would be the BEST population to take a sample from when testing program changes?

Question851: Which of the following is the most fundamental step in preventing virus attacks?

Question852: An investment advisor e-mails periodic newsletters to clients and wants reasonable assurance that no one has modified the newsletter. This objective can be achieved by:

Question853: Which of the following is the GREATEST risk when storage growth in a critical file server is not managed properly?

Question854: While conducting an audit, an IS auditor detects the presence of a virus. What should be the IS auditor's next step?

Question855: Of the three major types of off-site processing facilities, what type is often an acceptable solution for preparing for recovery of noncritical systems and data?

Question856: To reduce the possibility of losing data during processing, the FIRST point at which control totals should be implemented is:

Question857: Which of the following risks could result from inadequate software baselining?

Question858: The GREATEST advantage of rapid application development (RAD) over the traditional system development life cycle (SDLC) is that it:

Question859: To ensure that audit resources deliver the best value to the organization, the FIRST step would be to:

Question860: The BEST filter rule for protecting a network from being used as an amplifier in a denial of service (DoS) attack is to deny all:

Question861: Which of the following disaster recovery/continuity plan components provides the GREATEST assurance of recovery after a disaster?

Question862: There are several types of penetration tests depending upon the scope, objective and nature of a test.
Which of the following describes a penetration test where you attack and attempt to circumvent the controls of the targeted network from the outside, usually the Internet?

Question863: Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and systems?

Question864: Which of the following should be of MOST concern to an IS auditor reviewing the BCP?

Question865: What is a callback system?

Question866: Failure in which of the following testing stages would have the GREATEST impact on the implementation of new application software?

Question867: When developing a business continuity plan (BCP), which of the following tools should be used to gain an understanding of the organization's business processes?

Question868: Which of the following is MOST likely to result from a business process reengineering (BPR) Project?

Question869: The PRIMARY objective of an audit of IT security policies is to ensure that:

Question870: When reviewing the procedures for the disposal of computers, which of the following should be the GREATEST concern for the IS auditor?

Question871: Which of the following would impair the independence of a quality assurance team?

Question872: What is an edit check to determine whether a field contains valid data?

Question873: What are intrusion-detection systems (IDS) primarily used for?

Question874: Which of the following PBX feature provides the possibility to break into a busy line to inform another user of an important message?

Question875: A hub is a device that connects:

Question876: Applying a digital signature to data traveling in a network provides:

Question877: When conducting a penetration test of an IT system, an organization should be MOST concerned with:

Question878: To develop a successful business continuity plan, end user involvement is critical during which of the following phases?

Question879: IT governance is PRIMARILY the responsibility of the:

Question880: During a security audit of IT processes, an IS auditor found that there were no documented security procedures. The IS auditor should: