EMT Practice Test

1. Question Content...


Question List

Question1: If an IS auditor observes that individual modules of a system perform correctly in development project tests, the auditor should inform management of the positive results and recommend further:

Question2: While planning an audit, an assessment of risk should be made to provide:

Question3: When storing data archives off-site, what must be done with the data to ensure data completeness?

Question4: When auditing security for a data center, an IS auditor should look for the presence of a voltage regulator to ensure that the:

Question5: How can minimizing single points of failure or vulnerabilities of a common disaster best be controlled?

Question6: Which key is used by the sender of a message to create a digital signature for the message being sent?

Question7: In a public key infrastructure, a registration authority:

Question8: Which of the following transmission media uses a transponder to send information?

Question9: An accuracy measure for a biometric system is:

Question10: Which of the following biometrics methods provides the HIGHEST accuracy and is LEAST accepted by users?

Question11: To prevent unauthorized entry to the data maintained in a dial-up, fast response system, an IS auditor should recommend:

Question12: Authentication techniques for sending and receiving data between EDI systems is crucial to prevent which of the following?

Question13: The purpose of a deadman door controlling access to a computer facility is primarily to:

Question14: What should regression testing use to obtain accurate conclusions regarding the effects of changes or corrections to a program, and ensuring that those changes and corrections have not introduced new errors?

Question15: There are many types of audit logs analysis tools available in the market. Which of the following audit logs analysis tools will look for anomalies in user or system behavior?

Question16: What is an effective control for granting temporary access to vendors and external support personnel?

Question17: What is an acceptable mechanism for extremely time-sensitive transaction processing?

Question18: A transaction journal provides the information necessary for detecting unauthorized ___________ (fill in the blank) from a terminal.

Question19: An organization has been recently downsized, in light of this, an IS auditor decides to test logical access controls. The IS auditor's PRIMARY concern should be that:

Question20: What is a reliable technique for estimating the scope and cost of a software-development project?

Question21: When reviewing print systems spooling, an IS auditor is MOST concerned with which of the following vulnerabilities?

Question22: While evaluating logical access control the IS auditor should follow all of the steps mentioned below EXCEPT one?
1. Obtain general understanding of security risk facing information processing, through a review of relevant documentation, inquiry and observation,etc
2. Document and evaluate controls over potential access paths into the system to assess their adequacy, efficiency and effectiveness
3. Test Control over access paths to determine whether they are functioning and effective by applying appropriate audit technique
4. Evaluate the access control environment to determine if the control objective are achieved by analyzing test result and other audit evidence
5. Evaluate the security environment to assess its adequacy by reviewing written policies, observing practices and procedures, and comparing them with appropriate security standard or practice and procedures used by other organization.
6. Evaluate and deploy technical controls to mitigate all identified risks during audit.

Question23: Which of the following antispam filtering techniques would BEST prevent a valid, variable- length e-mail message containing a heavily weighted spam keyword from being labeled as spam?

Question24: Which of the following is a dynamic analysis tool for the purpose of testing software modules?

Question25: Which of the following attack involves sending forged ICMP Echo Request packets to the broadcast address on multiple gateways in order to illicit responses from the computers behind the gateway where they all respond back with ICMP Echo Reply packets to the source IP address of the ICMP Echo Request packets?

Question26: A web server is attacked and compromised. Which of the following should be performed FIRST to handle the incident?

Question27: Network environments often add to the complexity of program-to-program communication, making the implementation and maintenance of application systems more difficult. True or false?

Question28: While reviewing the IT infrastructure, an IS auditor notices that storage resources are continuously being added. The IS auditor should:

Question29: Which of the following attack redirects outgoing message from the client back onto the client, preventing outside access as well as flooding the client with the sent packets?

Question30: The objective of concurrency control in a database system is to:

Question31: The MAIN reason for requiring that all computer clocks across an organization be synchronized is to:

Question32: Which of the following term in business continuity determines the maximum tolerable amount of time that is needed to verify the system and/or data integrity?

Question33: Which of the following physical access controls effectively reduces the risk of piggybacking?

Question34: The most common problem in the operation of an intrusion detection system (IDS) is:

Question35: Which of the following type of lock uses a numeric keypad or dial to gain entry?

Question36: An IS auditor is reviewing access to an application to determine whether the 10 most recent "new user" forms were correctly authorized. This is an example of:

Question37: Which of the following is an example of the defense in-depth security principle?

Question38: In a public key infrastructure (PKI), which of the following may be relied upon to prove that an online transaction was authorized by a specific customer?

Question39: A certificate authority (CA) can delegate the processes of:

Question40: Distributed denial-of-service (DDOS) attacks on Internet sites are typically evoked by hackers using which of the following?

Question41: There are many known weaknesses within an Intrusion Detection System (IDS). Which of the following is NOT a limitation of an IDS?

Question42: In a public key infrastructure (PKI), the authority responsible for the identification and authentication of an applicant for a digital certificate (i.e., certificate subjects) is the:

Question43: What protects an application purchaser's ability to fix or change an application in case the application vendor goes out of business?

Question44: The potential for unauthorized system access by way of terminals or workstations within an organization's facility is increased when:

Question45: Which of the following could lead to an unintentional loss of confidentiality?

Question46: The purpose of code signing is to provide assurance that:

Question47: What type(s) of firewalls provide(s) the greatest degree of protection and control because both firewall technologies inspect all seven OSI layers of network traffic?

Question48: Passwords should be:

Question49: The vice president of human resources has requested an audit to identify payroll overpayments for the previous year. Which would be the BEST audit technique to use in this situation?

Question50: Which of the following transmission media is LEAST vulnerable to cross talk?

Question51: To determine how data are accessed across different platforms in a heterogeneous environment, an IS auditor should FIRST review:

Question52: Which of the following provides nonrepudiation services for e-commerce transactions?

Question53: Proper segregation of duties prohibits a system analyst from performing quality-assurance functions. True or false?

Question54: Two-factor authentication can be circumvented through which of the following attacks?

Question55: Which of the following term related to network performance refers to the actual rate that information is transferred over a network?

Question56: An internet-based attack using password sniffing can:

Question57: Why does the IS auditor often review the system logs?

Question58: Which of the following provides the strongest authentication for physical access control?

Question59: Which of the following public key infrastructure (PKI) elements provides detailed descriptions for dealing with a compromised private key?

Question60: Which of the following is the BEST way to satisfy a two-factor user authentication?

Question61: Allowing application programmers to directly patch or change code in production programs increases risk of fraud. True or false?

Question62: When participating in a systems-development project, an IS auditor should focus on system controls rather than ensuring that adequate and complete documentation exists for all projects. True or false?

Question63: Confidentiality of the data transmitted in a wireless LAN is BEST protected if the session is:

Question64: To ensure that audit resources deliver the best value to the organization, the FIRST step would be to:

Question65: Which of the following is a form of Hybrid Cryptography where the sender encrypts the bulk of the data using Symmetric Key cryptography and then communicates securely a copy of the session key to the receiver?

Question66: Which of the following is an advantage of asymmetric crypto system over symmetric key crypto system?

Question67: Which of the following BEST limits the impact of server failures in a distributed environment?

Question68: Which of the following controls would BEST detect intrusion?

Question69: An IS auditor doing penetration testing during an audit of internet connections would:

Question70: An IS auditor finds that conference rooms have active network ports. Which of the following is MOST important to ensure?

Question71: What type of cryptosystem is characterized by data being encrypted by the sender using the recipient's public key, and the data then being decrypted using the recipient's private key?

Question72: Which of the following encryption techniques will BEST protect a wireless network from a man-in-the- middle attack?

Question73: In wireless communication, which of the following controls allows the device receiving the communications to verify that the received communications have not been altered in transit?

Question74: An organization provides information to its supply chain partners and customers through an extranet infrastructure. Which of the following should be the GREATEST concern to an IS auditor reviewing the firewall security architecture?

Question75: For which of the following applications would rapid recovery be MOST crucial?

Question76: In RFID technology which of the following risk could represent a threat to non-RFID networked or collocated systems, assets, and people?

Question77: Which of the following message services provides the strongest evidence that a specific action has occurred?

Question78: Which of the following is the MOST important action in recovering from a cyberattack?

Question79: In computer forensic which of the following describe the process that converts the information extracted into a format that can be understood by investigator?

Question80: What are used as a countermeasure for potential database corruption when two processes attempt to simultaneously edit or update the same information?

Question81: Change management procedures are established by IS management to:

Question82: Which of the following statement correctly describes the difference between symmetric key encryption and asymmetric key encryption?

Question83: Parity bits are a control used to validate:

Question84: When should reviewing an audit client's business plan be performed relative to reviewing an organization's IT strategic plan?

Question85: An IS auditor evaluating the resilience of a high-availability network should be MOST concerned if:

Question86: Which of the following systems-based approaches would a financial processing company employ to monitor spending patterns to identify abnormal patterns and report them?

Question87: Batch control reconciliation is a _____________________ (fill the blank) control for mitigating risk of inadequate segregation of duties.

Question88: Which of the following term in business continuity defines the total amount of time that a business process can be disrupted without causing any unacceptable consequences?

Question89: What is used to provide authentication of the website and can also be used to successfully authenticate keys used for data encryption?

Question90: When auditing third-party service providers, an IS auditor should be concerned with which of the following?

Question91: An IS auditor conducting an access control review in a client-server environment discovers that all printing options are accessible by all users. In this situation, the IS auditor is MOST likely to conclude that:

Question92: Which of the following is protocol data unit (PDU) of network interface layer in TCP/IP model?

Question93: An organization is using symmetric encryption. Which of the following would be a valid reason for moving to asymmetric encryption? Symmetric encryption:

Question94: What is often assured through table link verification and reference checks?

Question95: Sign-on procedures include the creation of a unique user ID and password. However, an IS auditor discovers that in many cases the username and password are the same. The BEST control to mitigate this risk is to:

Question96: An IS auditor observes a weakness in the tape management system at a data center in that some parameters are set to bypass or ignore tape header records. Which of the following is the MOST effective compensating control for this weakness?

Question97: What uses questionnaires to lead the user through a series of choices to reach a conclusion?

Question98: As an IS auditor, it is very important to make sure all storage media are well protected. Which of the following is the LEAST important factor for protecting CDs and DVDs?

Question99: As an auditor it is very important to ensure confidentiality, integrity, authenticity and availability are implemented appropriately in an information system. Which of the following definitions incorrectly describes these parameters?
1. Authenticity - A third party must be able to verify that the content of a message has been sent by a specific entity and nobody else.
2. Non-repudiation - The origin or the receipt of a specific message must be verifiable by a third party. A person cannot deny having sent a message if the message is signed by the originator.
3. Accountability - The action of an entity must be uniquely traceable to different entities
4. Availability - The IT resource must be available on a timely basis to meet mission requirements or to avoid substantial losses.

Question100: Which of the following is a benefit of using callback devices?

Question101: Which of the following is a distinctive feature of the Secure Electronic Transactions (SET) protocol when used for electronic credit card payments?

Question102: After installing a network, an organization installed a vulnerability assessment tool or security scanner to identify possible weaknesses. Which is the MOST serious risk associated with such tools?

Question103: When planning an audit of a network setup, an IS auditor should give highest priority to obtaining which of the following network documentation?

Question104: Which of the following processes should an IS auditor recommend to assist in the recording of baselines for software releases?

Question105: The FIRST step in a successful attack to a system would be:

Question106: Which of the following controls would be the MOST comprehensive in a remote access network with multiple and diverse subsystems?

Question107: An off-site processing facility should be easily identifiable externally because easy identification helps ensure smoother recovery. True or false?

Question108: What is the key distinction between encryption and hashing algorithms?

Question109: Which of the following can degrade network performance?

Question110: Which of the following is a network diagnostic tool that monitors and records network information?

Question111: Which of the following service is a distributed database that translate host name to IP address to IP address to host name?

Question112: Java applets and ActiveX controls are distributed executable programs that execute in the background of a web browser client. This practice is considered reasonable when:

Question113: Which of the following is a program evaluation review technique that considers different scenarios for planning and control projects?

Question114: An IS auditor is evaluating management's risk assessment of information systems. The IS auditor should FIRST review:

Question115: If an IS auditor observes that an IS department fails to use formal documented methodologies, policies, and standards, what should the auditor do?

Question116: The quality of the metadata produced from a data warehouse is ________________ in the warehouse's design.

Question117: Which of the following controls will MOST effectively detect the presence of bursts of errors in network transmissions?

Question118: IS management has decided to rewrite a legacy customer relations system using fourth generation languages (4GLs). Which of the following risks is MOST often associated with system development using
4GLs?

Question119: Which of the following implementation modes would provide the GREATEST amount of security for outbound data connecting to the internet?

Question120: An IS auditor performing detailed network assessments and access control reviews should FIRST:

Question121: Which of the following is the MOST effective method for dealing with the spreading of a network worm that exploits vulnerability in a protocol?

Question122: Although BCP and DRP are often implemented and tested by middle management and end users, the ultimate responsibility and accountability for the plans remain with executive management, such as the
_______________________. (fill-in-the-blank)

Question123: Which of the following functionality is NOT performed by the application layer of a TCP/IP model?

Question124: A database administrator has detected a performance problem with some tables which could be solved through denormalization. This situation will increase the risk of:

Question125: In a client-server system, which of the following control techniques is used to inspect activity from known or unknown users?

Question126: Which of the following statement INCORRECTLY describes Asynchronous Transfer Mode (ATM) technique?

Question127: Which of the following provides the MOST relevant information for proactively strengthening security settings?

Question128: Which of the following sampling methods is MOST useful when testing for compliance?

Question129: Which of the following BEST reduces the ability of one device to capture the packets that are meant for another device?

Question130: Which of the following is the GREATEST advantage of elliptic curve encryption over RSA encryption?

Question131: Company.com has contracted with an external consulting firm to implement a commercial financial system to replace its existing in-house developed system. In reviewing the proposed development approach, which of the following would be of GREATEST concern?

Question132: How do modems (modulation/demodulation) function to facilitate analog transmissions to enter a digital network?

Question133: Which of the following attack could be avoided by creating more security awareness in the organization and provide adequate security knowledge to all employees?

Question134: What should be the GREATEST concern to an IS auditor when employees use portable media (MP3 players, flash drives)?

Question135: Which of the following would MOST effectively enhance the security of a challenge-response based authentication system?

Question136: When developing a risk-based audit strategy, an IS auditor conduct a risk assessment to ensure that:

Question137: Which of the following is the BEST method for preventing the leakage of confidential information in a laptop computer?

Question138: If senior management is not committed to strategic planning, how likely is it that a company's implementation of IT will be successful?

Question139: Which of the following is MOST directly affected by network performance monitoring tools?

Question140: An IS auditor performing a telecommunication access control review should be concerned PRIMARILY with the:

Question141: A firewall is being deployed at a new location. Which of the following is the MOST important factor in ensuring a successful deployment?

Question142: When reviewing the configuration of network devices, an IS auditor should FIRST identify:

Question143: Which of the following is protocol data unit (PDU) of data at LAN or WAN interface layer in TCP/IP model?

Question144: In a small organization, developers may release emergency changes directly to production. Which of the following will BEST control the risk in this situation?

Question145: Which of the following attack is MOSTLY performed by an attacker to steal the identity information of a user such as credit card number, passwords, etc?

Question146: Which of the following attack involves slicing small amount of money from a computerize transaction or account?

Question147: Which of the following functions should be performed by the application owners to ensure an adequate segregation of duties between IS and end users?

Question148: Which of the following database controls would ensure that the integrity of transactions is maintained in an online transaction processing system's database?

Question149: Which of the following cryptographic systems is MOST appropriate for bulk data encryption and small devices such as smart cards?

Question150: What is a callback system?

Question151: Which of the following would be the MOST secure firewall system?

Question152: A TCP/IP-based environment is exposed to the Internet. Which of the following BEST ensures that complete encryption and authentication protocols exist for protecting information while transmitted?

Question153: Which of the following is the MOST reliable sender authentication method?

Question154: What often results in project scope creep when functional requirements are not defined as well as they could be?

Question155: Which of the following is the most fundamental step in preventing virus attacks?

Question156: Which of the following antivirus software implementation strategies would be the MOST effective in an interconnected corporate network?

Question157: Which of the following is a feature of an intrusion detection system (IDS)?

Question158: Which of the following ensures a sender's authenticity and an e-mail's confidentiality?

Question159: Which of the following is the BEST audit procedure to determine if a firewall is configured in compliance with an organization's security policy?

Question160: Which of the following is a standard secure email protection protocol?

Question161: In order to properly protect against unauthorized disclosure of sensitive data, how should hard disks be sanitized?

Question162: An audit charter should:

Question163: Which policy helps an auditor to gain a better understanding of biometrics system in an organization?

Question164: After an IS auditor has identified threats and potential impacts, the auditor should:

Question165: Which of the following is a sophisticated computer based switch that can be thought of as essentially a small in-house phone company for the organization?

Question166: The sender of a public key would be authenticated by a:

Question167: Which of the following would MOST effectively reduce social engineering incidents?

Question168: Which of the following is MOST is critical during the business impact assessment phase of business continuity planning?

Question169: Function Point Analysis (FPA) provides an estimate of the size of an information system based only on the number and complexity of a system's inputs and outputs. True or false?

Question170: A check digit is an effective edit check to:

Question171: Which of the following statement is NOT true about Voice-Over IP (VoIP)?
VoIP uses circuit switching technology
Lower cost per call or even free calls, especially for long distance call Lower infrastructure cost VoIP is a technology where voice traffic is carried on top of existing data infrastructure

Question172: An efficient use of public key infrastructure (PKI) should encrypt the:

Question173: When evaluating the collective effect of preventive, detective or corrective controls within a process, an IS auditor should be aware of which of the following?

Question174: Which of the following PBX feature supports shared extensions among several devices, ensuring that only one device at a time can use an extension?

Question175: A business application system accesses a corporate database using a single ID and password embedded in a program. Which of the following would provide efficient access control over the organization's data?

Question176: Which of the following would be of MOST concern to an IS auditor reviewing a virtual private network (VPN) implementation? Computers on the network that are located:

Question177: Atomicity enforces data integrity by ensuring that a transaction is either completed in its entirely or not at all. Atomicity is part of the ACID test reference for transaction processing.
True or false?

Question178: Which of the following will help detect changes made by an intruder to the system log of a server?

Question179: Business Continuity Planning (BCP) is not defined as a preparation that facilitates:

Question180: Mitigating the risk and impact of a disaster or business interruption usually takes priority over transference of risk to a third party such as an insurer. True or false?

Question181: A company is implementing a dynamic host configuration protocol (DHCP). Given that the following conditions exist, which represents the GREATEST concern?

Question182: The GREATEST risk when end users have access to a database at its system level, instead of through the application, is that the users can:

Question183: The MAIN criterion for determining the severity level of a service disruption incident is:

Question184: E-mail message authenticity and confidentiality is BEST achieved by signing the message using the:

Question185: When performing an audit of access rights, an IS auditor should be suspicious of which of the following if allocated to a computer operator?

Question186: During maintenance of a relational database, several values of the foreign key in a transaction table of a relational database have been corrupted. The consequence is that:

Question187: Which of the following protocols would be involved in the implementation of a router and an interconnectivity device monitoring system?

Question188: What can be used to help identify and investigate unauthorized transactions?

Question189: A PRIMARY benefit derived from an organization employing control self-assessment (CSA) techniques is that it:

Question190: Establishing data ownership is an important first step for which of the following processes?

Question191: When should systems administrators first assess the impact of applications or systems patches?

Question192: In what way is a common gateway interface (CGI) MOST often used on a webserver?

Question193: The difference between a vulnerability assessment and a penetration test is that a vulnerability assessment:

Question194: An IS auditor needs to consider many factors while evaluating an encryption system. Which of the following is LEAST important factor to be considered while evaluating an encryption system?

Question195: Which of the following is a benefit of a risk-based approach to audit planning? Audit:

Question196: What process is used to validate a subject's identity?

Question197: A digital signature contains a message digest to:

Question198: What type of BCP test uses actual resources to simulate a system crash and validate the plan's effectiveness?

Question199: What can ISPs use to implement inbound traffic filtering as a control to identify IP packets transmitted from unauthorized sources?

Question200: Which of the following would be the BEST access control procedure?

Question201: An IS auditor inspected a windowless room containing phone switching and networking equipment and documentation binders. The room was equipped with two handheld fire extinguishers-one filled with CO2, the other filled with halon. Which ofthe following should be given the HIGHEST priority in the auditor's report?

Question202: What is a data validation edit control that matches input data to an occurrence rate? Choose the BEST answer.

Question203: To ensure compliance with a security policy requiring that passwords be a combination of letters and numbers, an IS auditor should recommend that:

Question204: An IS auditor reviewing the implementation of an intrusion detection system (IDS) should be MOST concerned if:

Question205: In an online banking application, which of the following would BEST protect against identity theft?

Question206: During an audit of an enterprise that is dedicated to e-commerce, the IS manager states that digital signatures are used when receiving communications from customers. To substantiate this, an IS auditor must prove that which of the following is used?

Question207: An organization is considering connecting a critical PC-based system to the Internet. Which of the following would provide the BEST protection against hacking?

Question208: A hacker could obtain passwords without the use of computer tools or programs through the technique of:

Question209: Which of the following is the protocol data unit (PDU) of application layer in TCP/IP model?

Question210: An IS auditor reviewing a database application discovers that the current configuration does not match the originally designed structure. Which of the following should be the IS auditor's next action?

Question211: When auditing a proxy-based firewall, an IS auditor should:

Question212: Which of the following exposures associated with the spooling of sensitive reports for offline printing should an IS auditor consider to be the MOST serious?

Question213: Which of the following is a good control for protecting confidential data residing on a PC?

Question214: What is a primary high-level goal for an auditor who is reviewing a system development project?

Question215: Who is responsible for implementing cost-effective controls in an automated system?

Question216: Which of the following statement correctly describes the difference between total flooding and local application extinguishing agent?

Question217: Which of the following type of honey pot essentially gives a hacker a real environment to attack?

Question218: Which of the following is the INCORRECT "layer - protocol data unit (PDU)" mapping within the TCP/IP model?

Question219: Regarding digital signature implementation, which of the following answers is correct?

Question220: Diskless workstation is an example of:

Question221: When reviewing an implementation of a VoIP system over a corporate WAN, an IS auditor should expect to find:

Question222: Neural networks are effective in detecting fraud because they can:

Question223: Which of the following process consist of identification and selection of data from the imaged data set in computer forensics?

Question224: When should application controls be considered within the system-development process?

Question225: Which of the following intrusion detection systems (IDSs) monitors the general patterns of activity and traffic on a network and creates a database?

Question226: Who is ultimately responsible and accountable for reviewing user access to systems?

Question227: An IS auditor reviewing the key roles and responsibilities of the database administrator (DBA) is LEAST likely to expect the job description of the DBA to include:

Question228: Who assumes ownership of a systems-development project and the resulting system?

Question229: Database snapshots can provide an excellent audit trail for an IS auditor. True or false?

Question230: An organization is planning to replace its wired networks with wireless networks. Which of the following would BEST secure the wireless network from unauthorized access?

Question231: Which of the following types of data validation editing checks is used to determine if a field contains data, and not zeros or blanks?

Question232: Which of the following best characterizes "worms"?

Question233: IT operations for a large organization have been outsourced. An IS auditor reviewing the outsourced operation should be MOST concerned about which of the following findings?

Question234: The use of statistical sampling procedures helps minimize:

Question235: Digital signatures require the:

Question236: Which of the following is an environmental issue caused by electric storms or noisy electric equipment and may also cause computer system to hang or crash?

Question237: The implementation of access controls FIRST requires:

Question238: Which of the following cryptography is based on practical application of the characteristics of the smallest
"grains" of light, the photon, the physical laws governing their generation and propagation and detection?

Question239: What is the most common purpose of a virtual private network implementation?

Question240: An IS auditor should be MOST concerned with what aspect of an authorized honeypot?

Question241: Vendors have released patches fixing security flaws in their software. Which of the following should an IS auditor recommend in this situation?

Question242: The database administrator (DBA) suggests that DB efficiency can be improved by denormalizing some tables. This would result in:

Question243: What is essential for the IS auditor to obtain a clear understanding of network management?

Question244: When reviewing a hardware maintenance program, an IS auditor should assess whether:

Question245: An IS auditor has identified the lack of an authorization process for users of an application. The IS auditor's main concern should be that:

Question246: Which of the following attack includes social engineering, link manipulation or web site forgery techniques?

Question247: What benefit does using capacity-monitoring software to monitor usage patterns and trends provide to management?

Question248: Which of the following types of firewalls would BEST protect a network from an internet attack?

Question249: An IS auditor notes that patches for the operating system used by an organization are deployed by the IT department as advised by the vendor. The MOST significant concern an IS auditor should have with this practice is the nonconsideration bylT of:

Question250: The PRIMARY objective of performing a postincident review is that it presents an opportunity to:

Question251: Which of the following is of greatest concern when performing an IS audit?

Question252: The MOST effective control for reducing the risk related to phishing is:

Question253: An IS auditor should review the configuration of which of the following protocols to detect unauthorized mappings between the IP address and the media access control (MAC) address?

Question254: In a small organization, an employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend?

Question255: The responsibility for authorizing access to application data should be with the:

Question256: Which of the following type of computer is a large, general purpose computer that are made to share their processing power and facilities with thousands of internal or external users?

Question257: Which of the following fire suppression systems is MOST appropriate to use in a data center environment?

Question258: An IS auditor should carefully review the functional requirements in a system-development project to ensure that the project is designed to:

Question259: Which of the following methods of suppressing a fire in a data center is the MOST effective and environmentally friendly?

Question260: Of the three major types of off-site processing facilities, what type is characterized by at least providing for electricity and HVAC?

Question261: What increases encryption overhead and cost the most?

Question262: Business process re-engineering often results in ___________________ automation, which results in
____________ number of people using technology. Fill in the blanks.

Question263: During the requirements definition phase for a database application, performance is listed as a top priority.
To access the DBMS files, which of the following technologies should be recommended for optimal I/O performance?

Question264: A review of wide area network (WAN) usage discovers that traffic on one communication line between sites, synchronously linking the master and standby database, peaks at 96 percent of the line capacity. An IS auditor should conclude that:

Question265: What is a common vulnerability, allowing denial-of-service attacks?

Question266: Whenever an application is modified, what should be tested to determine the full impact of the change?

Question267: Over the long term, which of the following has the greatest potential to improve the security incident response process?

Question268: What is a risk associated with attempting to control physical access to sensitive areas such as computer rooms using card keys or locks?

Question269: When selecting audit procedures, an IS auditor should use professional judgment to ensure that:

Question270: What type of risk is associated with authorized program exits (trap doors)?

Question271: Which of the following statement correctly describes difference between SSL and S/HTTP?

Question272: Receiving an EDI transaction and passing it through the communication's interface stage usually requires:

Question273: To determine who has been given permission to use a particular system resource, an IS auditor should review:

Question274: The network of an organization has been the victim of several intruders' attacks. Which of the following measures would allow for the early detection of such incidents?

Question275: The use of digital signatures:

Question276: Which of the following hardware devices relieves the central computer from performing network control, format conversion and message handling tasks?

Question277: Which of the following exposures could be caused by a line grabbing technique?

Question278: An IS auditor has completed a network audit. Which of the following is the MOST significant logical security finding?

Question279: Which of the following statements regarding an off-site information processing facility is TRUE?

Question280: Which of the following is a software application that pretend to be a server on the Internet and is not set up purposely to actively protect against break-ins?

Question281: For a discretionary access control to be effective, it must:

Question282: The FIRST step in data classification is to:

Question283: Use of asymmetric encryption in an internet e-commerce site, where there is one private key for the hosting server and the public key is widely distributed to the customers, is MOST likely to provide comfort to the:

Question284: Which of the following would prevent accountability for an action performed, thus allowing nonrepudiation?

Question285: Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?

Question286: Reconfiguring which of the following firewall types will prevent inward downloading of files through the File Transfer Protocol (FTP)?

Question287: What is the recommended initial step for an IS auditor to implement continuous-monitoring systems?

Question288: An investment advisor e-mails periodic newsletters to clients and wants reasonable assurance that no one has modified the newsletter. This objective can be achieved by:

Question289: Which of the following term in business continuity determines the maximum tolerable amount of time needed to bring all critical systems back online after disaster occurs?

Question290: An organization has a mix of access points that cannot be upgraded to stronger security and newer access points having advanced wireless security. An IS auditor recommends replacing the non-upgradeable access points. Which of the following would BEST justify the IS auditor's recommendation?

Question291: Which type of major BCP test only requires representatives from each operational area to meet to review the plan?

Question292: What method might an IS auditor utilize to test wireless security at branch office locations?

Question293: Which of the following is NOT a true statement about public key infrastructure (PKI)?

Question294: There are many firewall implementations provided by firewall manufacturers. Which of the following implementation utilize two packet filtering routers and a bastion host? This approach creates the most secure firewall system since it supports network and application level security while defining a separate DMZ.

Question295: What process allows IS management to determine whether the activities of the organization differ from the planned or expected levels?

Question296: Which of the following statement correctly describes difference between packet filtering firewall and stateful inspection firewall?

Question297: Which of the following would be an indicator of the effectiveness of a computer security incident response team?

Question298: Which of the following is BEST characterized by unauthorized modification of data before or during systems data entry?

Question299: Which of the following encrypt/decrypt steps provides the GREATEST assurance of achieving confidentiality, message integrity and nonrepudiation by either sender or recipient?

Question300: How is the risk of improper file access affected upon implementing a database system?

Question301: When protecting an organization's IT systems, which of the following is normally the next line of defense after the network firewall has been compromised?

Question302: Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost-effectively obtain evidence about the plan's effectiveness?

Question303: Which of the following statement is NOT true about smoke detector?

Question304: What is an initial step in creating a proper firewall policy?

Question305: What is used as a control to detect loss, corruption, or duplication of data?

Question306: After reviewing its business processes, a large organization is deploying a new web application based on a VoIP technology. Which of the following is the MOST appropriate approach for implementing access control that will facilitate security management of the VoIP web application?

Question307: Which of the following INCORRECTLY describes the layer functions of the LAN or WAN Layer of the TCP/ IP model?

Question308: During the planning stage of an IS audit, the PRIMARY goal of an IS auditor is to:

Question309: Which of the following intrusion detection systems (IDSs) will MOST likely generate false alarms resulting from normal network activity?

Question310: An IS auditor usually places more reliance on evidence directly collected. What is an example of such evidence?

Question311: Who is responsible for the overall direction, costs, and timetables for systems-development projects?

Question312: Library control software restricts source code to:

Question313: Any changes in systems assets, such as replacement of hardware, should be immediately recorded within the assets inventory of which of the following?

Question314: To address a maintenance problem, a vendor needs remote access to a critical network. The MOST secure and effective solution is to provide the vendor with a:

Question315: How is the time required for transaction processing review usually affected by properly implemented Electronic Data Interface (EDI)?

Question316: Which of the following statement INCORRECTLY describes device and where they sit within the TCP/IP model?

Question317: During what process should router access control lists be reviewed?

Question318: To protect a VoIP infrastructure against a denial-of-service (DoS) attack, it is MOST important to secure the:

Question319: A control that detects transmission errors by appending calculated bits onto the end of each segment of data is known as a:

Question320: Which of the following ensures confidentiality of information sent over the internet?

Question321: What is an effective countermeasure for the vulnerability of data entry operators potentially leaving their computers without logging off?

Question322: How does the digital envelop work? What are the correct steps to follow?

Question323: An organization is using an enterprise resource management (ERP) application. Which of the following would be an effective access control?

Question324: What type of fire-suppression system suppresses fire via water that is released from a main valve to be delivered via a system of dry pipes installed throughout the facilities?

Question325: What should an organization do before providing an external agency physical access to its information processing facilities (IPFs)?

Question326: Which of the following device in Frame Relay WAN technique is generally customer owned device that provides a connectivity between company's own network and the frame relays network?

Question327: During a logical access controls review, an IS auditor observes that user accounts are shared. The GREATEST risk resulting from this situation is that:

Question328: The MOST likely explanation for a successful social engineering attack is:

Question329: An IS auditor finds that client requests were processed multiple times when received from different independent departmental databases, which are synchronized weekly. What would be the BEST recommendation?

Question330: What kind of protocols does the OSI Transport Layer of the TCP/IP protocol suite provide to ensure reliable communication?

Question331: Which of the following protocol is developed jointly by VISA and Master Card to secure payment transactions among all parties involved in credit card transactions on behalf of cardholders and merchants?

Question332: In the course of performing a risk analysis, an IS auditor has identified threats and potential impacts. Next, the IS auditor should:

Question333: isk analysis is not always possible because the IS auditor is attempting to calculate risk using nonquantifiable threats and potential losses. In this event, a _________________ risk assessment is more appropriate. Fill in the blanks.

Question334: A number of system failures are occurring when corrections to previously detected errors are resubmitted for acceptance testing. This would indicate that the maintenance team is probably not adequately performing which of the following types of testing?

Question335: Private Branch Exchange(PBX) environment involves many security risks, one of which is the people both internal and external to an organization. Which of the following risks are NOT associated with Private Branch Exchange?
1. Theft of service
2. Disclosure of information
3. Data Modifications
4. Denial of service
5. Traffic Analysis

Question336: Which of the following environmental controls is appropriate to protect computer equipment against short- term reductions in electrical power?

Question337: Which of the following is the INCORRECT Layer to Protocol mapping used in the DOD TCP/IP model?

Question338: The technique used to ensure security in virtual private networks (VPNs) is:

Question339: Which of the following should be of MOST concern to an IS auditor?

Question340: Which of the following should an IS auditor recommend for the protection of specific sensitive information stored in the data warehouse?

Question341: To detect attack attempts that the firewall is unable to recognize, an IS auditor should recommend placing a network intrusion detection system (IDS) between the:

Question342: The BEST filter rule for protecting a network from being used as an amplifier in a denial of service (DoS) attack is to deny all:

Question343: Which of the following protocol is PRIMARILY used to provide confidentiality in a web based application thus protecting data sent across a client machine and a server?

Question344: Which of the following is a feature of Wi-Fi Protected Access (WPA) in wireless networks?

Question345: As described at security policy, the CSO implemented an e-mail package solution that allows for ensuring integrity of messages sent using SMIME. Which of the options below BEST describes how it implements the environment to suite policy´s requirement?

Question346: Which of the following is the MOST likely reason why e-mail systems have become a useful source of evidence for litigation?

Question347: Off-site data backup and storage should be geographically separated so as to _______________ (fill in the blank) the risk of a widespread physical disaster such as a hurricane or earthquake.

Question348: If an IS auditor finds evidence of risk involved in not implementing proper segregation of duties, such as having the security administrator perform an operations function, what is the auditor's primary responsibility?

Question349: Input/output controls should be implemented for which applications in an integrated systems environment?

Question350: Organizations should use off-site storage facilities to maintain ______________ (fill in the blank) of current and critical information within backup files.

Question351: Using the OSI reference model, what layer(s) is/are used to encrypt data?

Question352: A critical function of a firewall is to act as a:

Question353: Disabling which of the following would make wireless local area networks more secure against unauthorized access?

Question354: Who is ultimately accountable for the development of an IS security policy?

Question355: Which of the following option INCORRECTLY describes PBX feature?

Question356: There are several types of penetration tests depending upon the scope, objective and nature of a test.
Which of the following describes a penetration test where you attack and attempt to circumvent the controls of the targeted network from the outside, usually the Internet?

Question357: What is used to develop strategically important systems faster, reduce development costs, and still maintain high quality?

Question358: Upon receipt of the initial signed digital certificate the user will decrypt the certificate with the public key of the:

Question359: An IS auditor notes that IDS log entries related to port scanning are not being analyzed. This lack of analysis will MOST likely increase the risk of success of which of the following attacks?

Question360: Which of the following functions is performed by a virtual private network (VPN)?

Question361: Depending on the complexity of an organization's business continuity plan (BCP), the plan may be developed as a set of more than one plan to address various aspects of business continuity and disaster recovery, in such an environment, it is essential that:

Question362: When reviewing procedures for emergency changes to programs, the IS auditor should verify that the procedures:

Question363: The traditional role of an IS auditor in a control self-assessment (CSA) should be that of a(n):

Question364: During an audit of the logical access control of an ERP financial system an IS auditor found some user accounts shared by multiple individuals. The user IDs were based on roles rather than individual identities.
These accounts allow access to financial transactions on the ERP. What should the IS auditor do next?

Question365: The PRIMARY purpose of an IT forensic audit is:

Question366: ________________ (fill in the blank) should be implemented as early as data preparation to support data integrity at the earliest point possible.

Question367: Which of the following is a passive attack to a network?

Question368: An IS auditor should know information about different network transmission media. Which of the following transmission media is used for short distance transmission?

Question369: Which of the following cryptography demands less computational power and offers more security per bit?

Question370: Which of the following is the BEST practice to ensure that access authorizations are still valid?

Question371: Which of the following is MOST likely to result from a business process reengineering (BPR) Project?

Question372: An IS auditor is assigned to perform a post implementation review of an application system. Which pf the following situations may have impaired the independence of the IS auditor? The IS auditor:

Question373: The PRIMARY objective of Secure Sockets Layer (SSL) is to ensure:

Question374: Which of the following do digital signatures provide?

Question375: An IS auditor reviewing wireless network security determines that the Dynamic Host Configuration Protocol is disabled at all wireless access points. This practice:

Question376: Overall business risk for a particular threat can be expressed as:

Question377: Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization's change control procedures?

Question378: In a client-server architecture, a domain name service (DNS) is MOST important because it provides the:

Question379: Who is accountable for maintaining appropriate security measures over information assets?

Question380: With the help of a security officer, granting access to data is the responsibility of:

Question381: Which of the following controls would provide the GREATEST assurance of database integrity?

Question382: Which of the following is the INCORRECT "layer - protocol" mapping within the TCP/IP model?

Question383: Which of the following Confidentiality, Integrity, Availability (CIA) attribute supports the principle of least privilege by providing access to information only to authorized and intended users?

Question384: What are trojan horse programs?

Question385: Which of the following biometrics has the highest reliability and lowest false-acceptance rate (FAR)?

Question386: The feature of a digital signature that ensures the sender cannot later deny generating and sending the message is called:

Question387: An IS auditor analyzing the audit log of a database management system (DBMS) finds that some transactions were partially executed as a result of an error, and are not rolled back. Which of the following transaction processing features has been violated?

Question388: Which of the following are effective in detecting fraud because they have the capability to consider a large number of variables when trying to resolve a problem?

Question389: Which of the following concerns associated with the World Wide Web would be addressed by a firewall?

Question390: If a programmer has update access to a live system, IS auditors are more concerned with the programmer's ability to initiate or modify transactions and the ability to access production than with the programmer's ability to authorize transactions. True or false?

Question391: Which of the following attack is against computer network and involves fragmented or invalid ICMP packets sent to the target?

Question392: Rather than simply reviewing the adequacy of access control, appropriateness of access policies, and effectiveness of safeguards and procedures, the IS auditor is more concerned with effectiveness and utilization of assets. True or false?

Question393: Fourth-Generation Languages (4GLs) are most appropriate for designing the application's graphical user interface (GUI). They are inappropriate for designing any intensive data- calculation procedures. True or false?

Question394: Which of the following is a control over component communication failure/errors?

Question395: Which of the following BEST characterizes a mantrap or deadman door, which is used as a deterrent control for the vulnerability of piggybacking?

Question396: What can be implemented to provide the highest level of protection from external attack?

Question397: Which of the following protocol does NOT work at the Application layer of the TCP/IP Models?

Question398: Users are issued security tokens to be used in combination with a PIN to access the corporate virtual private network (VPN). Regarding the PIN, what is the MOST important rule to be included in a security policy?

Question399: Inadequate programming and coding practices introduce the risk of:

Question400: Which of the following type of lock uses a magnetic or embedded chip based plastic card key or token entered into a sensor/reader to gain access?

Question401: Which of the following applet intrusion issues poses the GREATEST risk of disruption to an organization?

Question402: Which of the following would provide the BEST protection against the hacking of a computer connected to the Internet?

Question403: In which of the following RFID risks competitor potentially could gain unauthorized access to RFID- generated information and use it to harm the interests of the organization implementing the RFID system?

Question404: Test and development environments should be separated. True or false?

Question405: An IS auditor reviewing database controls discovered that changes to the database during normal working hours were handled through a standard set of procedures. However, changes made after normal hours required only an abbreviated number of steps. In this situation, which of the following would be considered an adequate set of compensating controls?

Question406: Which of the following is a ITU-T standard protocol suite for packet switched wide area network communication?

Question407: How does the process of systems auditing benefit from using a risk-based approach to audit planning?

Question408: Which of the following comparisons are used for identification and authentication in a biometric system?

Question409: When conducting a penetration test of an IT system, an organization should be MOST concerned with:

Question410: Which of the following method should be recommended by security professional to erase the data on the magnetic media that would be reused by another employee?

Question411: The information security policy that states 'each individual must have their badge read at every controlled door' addresses which of the following attack methods?

Question412: The reliability of an application system's audit trail may be questionable if:

Question413: What is/are used to measure and ensure proper network capacity management and availability of services?

Question414: Data edits are implemented before processing and are considered which of the following?

Question415: What is the first step in a business process re-engineering project?

Question416: An organization has recently installed a security patch, which crashed the production server. To minimize the probability of this occurring again, an IS auditor should:

Question417: An IS auditor examining a biometric user authentication system establishes the existence of a control weakness that would allow an unauthorized individual to update the centralized database on the server that is used to store biometric templates. Ofthe following, which is the BEST control against this risk?

Question418: What are often the primary safeguards for systems software and data?

Question419: Applying a digital signature to data traveling in a network provides:

Question420: Which of the following is a general operating system access control function?

Question421: An IS auditor has imported data from the client's database. The next step-confirming whether the imported data are complete-is performed by:

Question422: The purpose of business continuity planning and disaster-recovery planning is to:

Question423: Which of the following methods of providing telecommunications continuity involves the use of an alternative media?

Question424: An IS auditor evaluating logical access controls should FIRST:

Question425: When reviewing an intrusion detection system (IDS), an IS auditor should be MOST concerned about which of the following?

Question426: Which of the following line media would provide the BEST security for a telecommunication network?

Question427: A programmer maliciously modified a production program to change data and then restored the original code. Which of the following would MOST effectively detect the malicious activity?

Question428: To ensure message integrity, confidentiality and non-repudiation between two parties, the MOST effective method would be to create a message digest by applying a cryptographic hashing algorithm against:

Question429: Which of the following components is responsible for the collection of data in an intrusion detection system (IDS)?

Question430: How often should a Business Continuity Plan be reviewed?

Question431: Which of the following is the MOST effective type of antivirus software?

Question432: Key verification is one of the best controls for ensuring that:

Question433: Which of the following network components is PRIMARILY set up to serve as a security measure by preventing unauthorized traffic between different segments of the network?

Question434: The directory system of a database-management system describes:

Question435: Which of the following statement correctly describes the differences between tunnel mode and transport mode of the IPSec protocol?

Question436: During the testing of the business continuity plan (BCP), which of the following methods of results analysis provides the BEST assurance that the plan is workable?

Question437: The use of a GANTT chart can:

Question438: The MOST important difference between hashing and encryption is that hashing:

Question439: During the audit of a database server, which of the following would be considered the GREATEST exposure?

Question440: As compared to understanding an organization's IT process from evidence directly collected, how valuable are prior audit reports as evidence?

Question441: Which of the following results in a denial-of-service attack?

Question442: Structured programming is BEST described as a technique that:

Question443: The MOST significant security concerns when using flash memory (e.g., USB removable disk) is that the:

Question444: Which of the following term related to network performance refers to the variation in the time of arrival of packets on the receiver of the information?

Question445: Doing which of the following during peak production hours could result in unexpected downtime?

Question446: A sequence of bits appended to a digital document that is used to secure an e-mail sent through the Internet is called a:

Question447: When are benchmarking partners identified within the benchmarking process?

Question448: Who is responsible for restricting and monitoring access of a data user?

Question449: Which of the following would an IS auditor consider a weakness when performing an audit of an organization that uses a public key infrastructure with digital certificates for its business-to- consumer transactions via the internet?

Question450: Who should be responsible for network security operations?

Question451: The MAJOR advantage of the risk assessment approach over the baseline approach to information security management is that it ensures:

Question452: Which of the following transmission media is MOST difficult to tap?

Question453: Which of the following would be BEST prevented by a raised floor in the computer machine room?

Question454: Who is ultimately responsible for providing requirement specifications to the software- development team?

Question455: Which of the following typically focuses on making alternative processes and resources available for transaction processing?

Question456: Which of the following would normally be the MOST reliable evidence for an auditor?

Question457: In the 2c area of the diagram, there are three hubs connected to each other. What potential risk might this indicate?

Question458: Which of the following protocol does NOT work at Network interface layer in TCP/IP model?

Question459: For locations 3a, 1d and 3d, the diagram indicates hubs with lines that appear to be open and active.
Assuming that is true, what control, if any, should be recommended to mitigate this weakness?

Question460: An IS auditor is performing a network security review of a telecom company that provides Internet connection services to shopping malls for their wireless customers. The company uses Wireless Transport Layer Security (WTLS) and Secure Sockets Layer (SSL) technology for protecting their customer's payment information. The IS auditor should be MOST concerned if a hacker:

Question461: Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)?

Question462: What supports data transmission through split cable facilities or duplicate cable facilities?

Question463: Which of the following type of IDS has self-learning functionality and over a period of time will learned what is the expected behavior of a system?

Question464: A LAN administrator normally would be restricted from:

Question465: Which of the following is a passive attack method used by intruders to determine potential network vulnerabilities?

Question466: The PRIMARY objective of a logical access control review is to:

Question467: Why does an IS auditor review an organization chart?

Question468: How does the SSL network protocol provide confidentiality?

Question469: The security level of a private key system depends on the number of:

Question470: In auditing a web server, an IS auditor should be concerned about the risk of individuals gaining unauthorized access to confidential information through:

Question471: Which of the following would be the BEST overall control for an Internet business looking for confidentiality, reliability and integrity of data?

Question472: A firm is considering using biometric fingerprint identification on all PCs that access critical datA. This requires:

Question473: An IS auditor selects a server for a penetration test that will be carried out by a technical specialist. Which of the following is MOST important?

Question474: Which of the following is used to evaluate biometric access controls?

Question475: Reverse proxy technology for web servers should be deployed if:

Question476: During a security audit of IT processes, an IS auditor found that there were no documented security procedures. The IS auditor should:

Question477: Which of the following type of computer has highest processing speed?

Question478: Validated digital signatures in an e-mail software application will:

Question479: Which of the following term in business continuity defines the total amount of time that a business process can be disrupted without causing any unacceptable consequences?

Question480: Web and e-mail filtering tools are PRIMARILY valuable to an organization because they:

Question481: Which of the following satisfies a two-factor user authentication?

Question482: Which of the following is the MOST critical step in planning an audit?

Question483: What should IS auditors always check when auditing password files?

Question484: To prevent IP spoofing attacks, a firewall should be configured to drop a packet if:

Question485: Which of the following should be a concern to an IS auditor reviewing a wireless network?

Question486: Which of the following penetration tests would MOST effectively evaluate incident handling and response capabilities of an organization?

Question487: Accountability for the maintenance of appropriate security measures over information assets resides with the:

Question488: Which of the following fire-suppression methods is considered to be the most environmentally friendly?

Question489: The MOST important success factor in planning a penetration test is:

Question490: An IS auditor should expect the responsibility for authorizing access rights to production data and systems to be entrusted to the:

Question491: An IS auditor is using a statistical sample to inventory the tape library. What type of test would this be considered?

Question492: A technical lead who was working on a major project has left the organization. The project manager reports suspicious system activities on one of the servers that is accessible to the whole team. What would be of GREATEST concern if discoveredduring a forensic investigation?

Question493: Which of the following cryptography options would increase overhead/cost?

Question494: Which of the following append themselves to files as a protection against viruses?

Question495: Which of the following types of firewalls provide the GREATEST degree and granularity of control?

Question496: Which of the following help(s) prevent an organization's systems from participating in a distributed denial- of-service (DDoS) attack?

Question497: Which of the following is a technique that could be used to capture network user passwords?

Question498: Obtaining user approval of program changes is very effective for controlling application changes and maintenance. True or false?

Question499: Security administration procedures require read-only access to:

Question500: Which of the following devices extends the network and has the capacity to store frames and act as a storage and forward device?

Question501: Why is the WAP gateway a component warranting critical concern and review for the IS auditor when auditing and testing controls enforcing message confidentiality?

Question502: An IS auditor is evaluating a corporate network for a possible penetration by employees. Which of the following findings should give the IS auditor the GREATEST concern?

Question503: In planning an audit, the MOST critical step is the identification of the:

Question504: Which of the following should an IS auditor review to determine user permissions that have been granted for a particular resource?

Question505: Which of the following provide(s) near-immediate recoverability for time-sensitive systems and transaction processing?

Question506: The goal of an information system is to achieve integrity, authenticity and non-repudiation of information's sent across the network. Which of the following statement correctly describe the steps to address all three?

Question507: How is risk affected if users have direct access to a database at the system level?

Question508: What type of risk results when an IS auditor uses an inadequate test procedure and concludes that material errors do not exist when errors actually exist?

Question509: A hub is a device that connects:

Question510: Which of the following is of greatest concern to the IS auditor?

Question511: Naming conventions for system resources are important for access control because they:

Question512: The PRIMARY reason for using digital signatures is to ensure data:

Question513: In large corporate networks having supply partners across the globe, network traffic may continue to rise.
The infrastructure components in such environments should be scalable. Which of the following firewall architectures limits future scalability?

Question514: Which of the following attack best describe "Computer is the target of a crime" and "Computer is the tool of a crime"?

Question515: Which of the following provides the BEST single-factor authentication?

Question516: Which of the following would an IS auditor consider to be the MOST helpful when evaluating the effectiveness and adequacy of a computer preventive maintenance program?

Question517: An IS auditor examining the configuration of an operating system to verify the controls should review the:

Question518: Which of the following is BEST suited for secure communications within a small group?

Question519: A hardware control that helps to detect errors when data are communicated from one computer to another is known as a:

Question520: With the objective of mitigating the risk and impact of a major business interruption, a disaster recovery plan should endeavor to reduce the length of recovery time necessary, as well as costs associated with recovery. Although DRP results in an increase of pre-and post-incident operational costs, the extra costs are more than offset by reduced recovery and business impact costs. True or false?

Question521: The most likely error to occur when implementing a firewall is:

Question522: A penetration test performed as part of evaluating network security:

Question523: An IS auditor finds that a DBA has read and write access to production data. The IS auditor should:

Question524: During Involuntary termination of an employee, which of the following is the MOST important step to be considered?

Question525: When reviewing system parameters, an IS auditor's PRIMARY concern should be that:

Question526: Which of the following functionality is NOT supported by SSL protocol?

Question527: An organization's IS audit charter should specify the:

Question528: Which of the following types of transmission media provide the BEST security against unauthorized access?

Question529: Which of the following is often used as a detection and deterrent control against Internet attacks?

Question530: An information security policy stating that 'the display of passwords must be masked or suppressed' addresses which of the following attack methods?

Question531: Of the three major types of off-site processing facilities, what type is often an acceptable solution for preparing for recovery of noncritical systems and data?

Question532: The decisions and actions of an IS auditor are MOST likely to affect which of the following risks?

Question533: What are used as the framework for developing logical access controls?

Question534: Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly?

Question535: An IS auditor is performing an audit of a remotely managed server backup. The IS auditor reviews the logs for one day and finds one case where logging on a server has failed with the result that backup restarts cannot be confirmed. What should the auditor do?

Question536: When reviewing a digital certificate verification process, which of the following findings represents the MOST significant risk?

Question537: An organization with extremely high security requirements is evaluating the effectiveness of biometric systems. Which of the following performance indicators is MOST important?

Question538: When should plans for testing for user acceptance be prepared?

Question539: Which of the following is NOT a disadvantage of Single Sign On (SSO)?

Question540: What is an edit check to determine whether a field contains valid data?

Question541: In an IS audit of several critical servers, the IS auditor wants to analyze audit trails to discover potential anomalies in user or system behavior. Which of the following tools are MOST suitable for performing that task?

Question542: IS management is considering a Voice-over Internet Protocol (VoIP) network to reduce telecommunication costs and management asked the IS auditor to comment on appropriate security controls. Which of the following security measures is MOST appropriate?

Question543: An intentional or unintentional disclosure of a password is likely to be evident within control logs. True or false?

Question544: Which of the following would provide the highest degree of server access control?

Question545: What influences decisions regarding criticality of assets?

Question546: The human resources (HR) department has developed a system to allow employees to enroll in benefits via a web site on the corporate Intranet. Which of the following would protect the confidentiality of the data?

Question547: The BEST overall quantitative measure of the performance of biometric control devices is:

Question548: When using a universal storage bus (USB) flash drive to transport confidential corporate data to an offsite location, an effective control would be to:

Question549: When performing a database review, an IS auditor notices that some tables in the database are not normalized. The IS auditor should next:

Question550: Which of the following statement correctly describes the difference between IPSec and SSH protocols?

Question551: Which of the following method is recommended by security professional to PERMANENTLY erase sensitive data on magnetic media?

Question552: When using public key encryption to secure data being transmitted across a network:

Question553: Which of the following is the unique identifier within and IPSec packet that enables the sending host to reference the security parameter to apply?

Question554: Which of the following statement INCORRECTLY describes anti-malware?

Question555: Which of the following is the MOST secure and economical method for connecting a private network over the Internet in a small- to medium-sized organization?

Question556: What is the BEST approach to mitigate the risk of a phishing attack?

Question557: The extent to which data will be collected during an IS audit should be determined based on the:

Question558: Which of the following is widely accepted as one of the critical components in networking management?

Question559: The GREATEST risk posed by an improperly implemented intrusion prevention system (IPS) is:

Question560: The MOST effective biometric control system is the one:

Question561: Which of the following manages the digital certificate life cycle to ensure adequate security and controls exist in digital signature applications related to e-commerce?

Question562: Which of the following is an effective method for controlling downloading of files via FTP?

Question563: Proper segregation of duties does not prohibit a quality control administrator from also being responsible for change control and problem management. True or false?

Question564: Which of the following technique is used for speeding up network traffic flow and making it easier to manage?

Question565: Time constraints and expanded needs have been found by an IS auditor to be the root causes for recent violations of corporate data definition standards in a new business intelligence project.
Which of the following is the MOST appropriate suggestion for an auditor to make?

Question566: Which of the following is penetration test where the penetration tester is provided with limited or no knowledge of the target's information systems?

Question567: Which of the following processes are performed during the design phase of the systems development life cycle (SDLC) model?

Question568: A perpetrator looking to gain access to and gather information about encrypted data being transmitted over the network would use:

Question569: An organization has created a policy that defines the types of web sites that users are forbidden to access.
What is the MOST effective technology to enforce this policy?

Question570: Which of the following acts as a decoy to detect active internet attacks?

Question571: Which of the following PBX feature provides the possibility to break into a busy line to inform another user of an important message?

Question572: The PRIMARY goal of a web site certificate is:

Question573: The IS auditor learns that when equipment was brought into the data center by a vendor, the emergency power shutoff switch was accidentally pressed and the UPS was engaged. Which of the following audit recommendations should the IS auditor suggest?

Question574: Which of the following technique is NOT used by a preacher against a Private Branch Exchange (PBX)?

Question575: Which of the following statement correctly describes one way SSL authentication between a client (e.g.
browser) and a server (e.g. web server)?

Question576: In computer forensics, which of the following is the process that allows bit-for-bit copy of a data to avoid damage of original data or information when multiple analysis may be performed?

Question577: Which of the following BEST describes the necessary documentation for an enterprise product reengineering (EPR) software installation?

Question578: When should an application-level edit check to verify that availability of funds was completed at the electronic funds transfer (EFT) interface?

Question579: In which of the following transmission media it is MOST difficult to modify the information traveling across the network?

Question580: What type of approach to the development of organizational policies is often driven by risk assessment?

Question581: An IS auditor is reviewing a software-based configuration. Which of the following represents the GREATEST vulnerability? The firewall software:

Question582: In regard to moving an application program from the test environment to the production environment, the BEST control would be to have the:

Question583: The MOST significant level of effort for business continuity planning (BCP) generally is required during the:

Question584: An auditor needs to be aware of technical controls which are used to protect computer from malware.
Which of the following technical control interrupts DoS and ROM BIOS call and look for malware like action?

Question585: An IS auditor performing an independent classification of systems should consider a situation where functions could be performed manually at a tolerable cost for an extended period of time as:

Question586: Which of the following term related to network performance refers to the maximum rate that information can be transferred over a network?

Question587: After identifying potential security vulnerabilities, what should be the IS auditor's next step?

Question588: When reviewing the implementation of a LAN, an IS auditor should FIRST review the:

Question589: The IS management of a multinational company is considering upgrading its existing virtual private network (VPN) to support voice-over IP (VoIP) communications via tunneling. Which of the following considerations should be PRIMARILY addressed?

Question590: An installed Ethernet cable run in an unshielded twisted pair (UTP) network is more than 100 meters long.
Which of the following could be caused by the length of the cable?

Question591: During an IS audit, auditor has observed that authentication and authorization steps are split into two functions and there is a possibility to force the authorization step to be completed before the authentication step. Which of the following technique an attacker could user to force authorization step before authentication?

Question592: Off-site data storage should be kept synchronized when preparing for recovery of time- sensitive data such as that resulting from which of the following?

Question593: Which of the following is the dominating objective of BCP and DRP?

Question594: A call-back system requires that a user with an id and password call a remote server through a dial-up line, then the server disconnects and:

Question595: Which of the following would effectively verify the originator of a transaction?

Question596: Which of the following user profiles should be of MOST concern to an IS auditor when performing an audit of an EFT system?

Question597: Which of the following BEST describes the role of a directory server in a public key infrastructure (PKI)?

Question598: From a control perspective, the PRIMARY objective of classifying information assets is to:

Question599: ________ (fill in the blank) is/are are ultimately accountable for the functionality, reliability, and security within IT governance.

Question600: Digital signatures require the sender to "sign" the data by encrypting the data with the sender's public key, to then be decrypted by the recipient using the recipient's private key.
True or false?

Question601: During the review of a biometrics system operation, an IS auditor should FIRST review the stage of:

Question602: When using a digital signature, the message digest is computed:

Question603: Which of the following provides the GREATEST assurance of message authenticity?

Question604: What does PKI use to provide some of the strongest overall control over data confidentiality, reliability, and integrity for Internet transactions?

Question605: IS management recently replaced its existing wired local area network (LAN) with a wireless infrastructure to accommodate the increased use of mobile devices within the organization. This will increase the risk of which of the following attacks?

Question606: An IS auditor reviewing an organization's data file control procedures finds that transactions are applied to the most current files, while restart procedures use earlier versions. The IS auditor should recommend the implementation of:

Question607: The logical exposure associated with the use of a checkpoint restart procedure is:

Question608: Which of the following is the BEST type of program for an organization to implement to aggregate, correlate and store different log and event files, and then produce weekly and monthly reports for IS auditors?

Question609: Which of the following is a guiding best practice for implementing logical access controls?

Question610: Which of the following controls would be MOST effective in ensuring that production source code and object code are synchronized?

Question611: If inadequate, which of the following would be the MOST likely contributor to a denial-of-service attack?

Question612: What can be used to gather evidence of network attacks?

Question613: A malicious code that changes itself with each file it infects is called a:

Question614: Which of the following translates e-mail formats from one network to another so that the message can travel through all the networks?

Question615: When performing an IS strategy audit, an IS auditor should review both short-term (one- year) and long- term (three-to five-year) IS strategies, interview appropriate corporate management personnel, and ensure that the external environment has been considered. The auditor should especially focus on procedures in an audit of IS strategy. True or false?

Question616: What should an IS auditor do if he or she observes that project-approval procedures do not exist?

Question617: The PRIMARY purpose of audit trails is to:

Question618: Proper segregation of duties prevents a computer operator (user) from performing security administration duties. True or false?

Question619: Which of the following exploit vulnerabilities to cause loss or damage to the organization and its assets?

Question620: The Secure Sockets Layer (SSL) protocol addresses the confidentiality of a message through:

Question621: An offsite information processing facility having electrical wiring, air conditioning and flooring, but no computer or communications equipment is a:

Question622: Which of the following would prevent unauthorized changes to information stored in a server's log?

Question623: An IS auditor reviewing access controls for a client-server environment should FIRST:

Question624: Which of the following network configuration options contains a direct link between any two host machines?

Question625: Assuming this diagram represents an internal facility and the organization is implementing a firewall protection program, where should firewalls be installed?

Question626: Which of the following type of an IDS resides on important systems like database, critical servers and monitors various internal resources of an operating system?

Question627: E-mail traffic from the Internet is routed via firewall-1 to the mail gateway. Mail is routed from the mail gateway, via firewall-2, to the mail recipients in the internal network. Other traffic is not allowed. For example, the firewalls do not allow direct traffic from the Internet to the internal network.

The intrusion detection system (IDS) detects traffic for the internal network that did not originate from the mail gateway. The FIRST action triggered by the IDS should be to:

Question628: The BEST way to minimize the risk of communication failures in an e-commerce environment would be to use:

Question629: The application systems of an organization using open-source software have no single recognized developer producing patches. Which of the following would be the MOST secure way of updating open- source software?

Question630: Proper segregation of duties normally does not prohibit a LAN administrator from also having programming responsibilities. True or false?

Question631: To verify that the correct version of a data file was used for a production run, an IS auditor should review:

Question632: A database administrator is responsible for:

Question633: Which of the following is a data validation edit and control?

Question634: Which of the following would BEST maintain the integrity of a firewall log?

Question635: The role of the certificate authority (CA) as a third party is to:

Question636: What is the MOST effective method of preventing unauthorized use of data files?

Question637: Which of the following is the MOST effective control when granting temporary access to vendors?

Question638: Which of the following is the PRIMARY advantage of using computer forensic software for investigations?

Question639: In transport mode, the use of the Encapsulating Security Payload (ESP) protocol is advantageous over the Authentication Header (AH) protocol because it provides:

Question640: When reviewing an organization's logical access security, which of the following should be of MOST concern to an IS auditor?

Question641: Which of the following protocol is used for electronic mail service?

Question642: Which of the following provides the framework for designing and developing logical access controls?

Question643: Above almost all other concerns, what often results in the greatest negative impact on the implementation of new application software?

Question644: What must an IS auditor understand before performing an application audit?

Question645: A virtual private network (VPN) provides data confidentiality by using:

Question646: If a database is restored from information backed up before the last system image, which of the following is recommended?

Question647: Which of the following is the MOST reliable form of single factor personal identification?

Question648: What determines the strength of a secret key within a symmetric key cryptosystem?

Question649: An IS auditor is reviewing the physical security measures of an organization. Regarding the access card system, the IS auditor should be MOST concerned that:

Question650: What is often the most difficult part of initial efforts in application development?

Question651: Which are the two primary types of scanner used for protecting against Malware?
Malware mask/signatures and Heuristic Scanner
Active and passive Scanner
Behavioral Blockers and immunizer Scanner
None of the above

Question652: What would be the MOST effective control for enforcing accountability among database users accessing sensitive information?

Question653: An organization can ensure that the recipients of e-mails from its employees can authenticate the identity of the sender by:

Question654: Who is primarily responsible for storing and safeguarding the data?

Question655: Processing controls ensure that data is accurate and complete, and is processed only through which of the following?

Question656: Which of the following is a concern when data are transmitted through Secure Sockets Layer (SSL) encryption, implemented on a trading partner's server?

Question657: A core tenant of an IS strategy is that it must:

Question658: Which of the following term related to network performance refers to the number of corrupted bits expressed as a percentage or fraction of the total sent?

Question659: Minimum password length and password complexity verification are examples of:

Question660: To determine if unauthorized changes have been made to production code the BEST audit procedure is to:

Question661: The PRIMARY advantage of a continuous audit approach is that it:

Question662: Whenever business processes have been re-engineered, the IS auditor attempts to identify and quantify the impact of any controls that might have been removed, or controls that might not work as effectively after business process changes. True or false?

Question663: Which of the following malware technical fool's malware by appending section of themselves to files - somewhat in the same way that file malware append themselves?

Question664: While copying files from a floppy disk, a user introduced a virus into the network. Which of the following would MOST effectively detect the existence of the virus?

Question665: During an IS audit, one of your auditor has observed that some of the critical servers in your organization can be accessed ONLY by using shared/common user name and password. What should be the auditor's PRIMARY concern be with this approach?

Question666: In an EDI process, the device which transmits and receives electronic documents is the:

Question667: IS auditors are MOST likely to perform compliance tests of internal controls if, after their initial evaluation of the controls, they conclude that control risks are within the acceptable limits. True or false?

Question668: Which of the following should concern an IS auditor when reviewing security in a client-server environment?

Question669: A company has decided to implement an electronic signature scheme based on public key infrastructure.
The user's private key will be stored on the computer's hard drive and protected by a password. The MOST significant risk of this approach is:

Question670: Which of the following term related to network performance refers to the delay that packet may experience on their way to reach the destination from the source?

Question671: Applying a retention date on a file will ensure that:

Question672: An advantage of a continuous audit approach is that it can improve system security when used in time- sharing environments that process a large number of transactions. True or false?

Question673: The computer security incident response team (CSIRT) of an organization disseminates detailed descriptions of recent threats. An IS auditor's GREATEST concern should be that the users might:

Question674: What topology provides the greatest redundancy of routes and the greatest network fault tolerance?

Question675: Who is responsible for authorizing access level of a data user?

Question676: An organization having a number of offices across a wide geographical area has developed a disaster recovery plan (DRP). Using actual resources, which of the following is the MOST cost-effective test of the DRP?

Question677: Which of the following will prevent dangling tuples in a database?

Question678: Which of the following would be considered an essential feature of a network management system?

Question679: An integrated test facility is not considered a useful audit tool because it cannot compare processing output with independently calculated data. True or false?

Question680: What can be very helpful to an IS auditor when determining the efficacy of a systems maintenance program?

Question681: An IS auditor is reviewing the remote access methods of a company used to access system remotely.
Which of the following is LEAST preferred remote access method from a security and control point of view?

Question682: The initial step in establishing an information security program is the:

Question683: What kind of testing should programmers perform following any changes to an application or system?

Question684: What is the MOST prevalent security risk when an organization implements remote virtual private network (VPN) access to its network?

Question685: During an audit of a telecommunications system, an IS auditor finds that the risk of intercepting data transmitted to and from remote sites is very high. The MOST effective control for reducing this exposure is:

Question686: Which of the following INCORRECTLY describes the layer function of the Application Layer within the TCP/IP model?

Question687: Who is responsible for providing adequate physical and logical security for IS program, data and equipment?

Question688: The MOST effective control for addressing the risk of piggybacking is:

Question689: What is the primary objective of a control self-assessment (CSA) program?

Question690: A data administrator is responsible for:

Question691: Which of the following would be the GREATEST cause for concern when data are sent over the Internet using HTTPS protocol?

Question692: Identify the INCORRECT statement related to network performance below?

Question693: Which of the following attack occurs when a malicious action is performed by invoking the operating system to execute a particular system call?

Question694: Ensuring that security and control policies support business and IT objectives is a primary objective of:

Question695: Which of the following are effective controls for detecting duplicate transactions such as payments made or received?

Question696: Which of the following is a substantive test?

Question697: Which of the following data validation edits is effective in detecting transposition and transcription errors?

Question698: Run-to-run totals can verify data through which stage(s) of application processing?

Question699: John has been hired to fill a new position in one of the well-known financial institute. The position is for IS auditor. He has been assigned to complete IS audit of one of critical financial system. Which of the following should be the first step for John to be perform during IS audit planning?

Question700: Which of the following uses a prototype that can be updated continually to meet changing user or business requirements?

Question701: Which of the following BEST ensures the integrity of a server's operating system?

Question702: To affix a digital signature to a message, the sender must first create a message digest by applying a cryptographic hashing algorithm against:

Question703: Which of the following is protocol data unit (PDU) of transport layer in TCP/IP model?

Question704: Why is a clause for requiring source code escrow in an application vendor agreement important?

Question705: Which of the following is best suited for searching for address field duplications?

Question706: Which of the following device in Frame Relay WAN technique is a service provider device that does the actual data transmission and switching in the frame relay cloud?

Question707: COBIT 5 separates information goals into three sub-dimensions of quality. Which of the following sub- dimension of COBIT 5 describes the extent to which data values are in conformance with the actual true value?

Question708: Which of the following potentially blocks hacking attempts?

Question709: Which of the following is the BEST way to handle obsolete magnetic tapes before disposing of them?

Question710: The use of residual biometric information to gain unauthorized access is an example of which of the following attacks?

Question711: Transmitting redundant information with each character or frame to facilitate detection and correction of errors is called a:

Question712: Which of the following attack is also known as Time of Check(TOC)/Time of Use(TOU)?

Question713: While designing the business continuity plan (BCP) for an airline reservation system, the MOST appropriate method of data transfer/backup at an offsite location would be:

Question714: Which of the following presents an inherent risk with no distinct identifiable preventive controls?

Question715: Which of the following is the PRIMARY safeguard for securing software and data within an information processing facility?

Question716: An IS auditor should use statistical sampling and not judgment (nonstatistical) sampling, when:

Question717: A sender of an e-mail message applies a digital signature to the digest of the message. This action provides assurance of the:

Question718: An IS auditor should recommend the use of library control software to provide reasonable assurance that:

Question719: What is the BEST action to prevent loss of data integrity or confidentiality in the case of an e-commerce application running on a LAN, processing electronic fund transfers (EFT) and orders?

Question720: Within IPSEC which of the following defines security parameters which should be applied between communicating parties such as encryption algorithms, key initialization vector, life span of keys, etc?

Question721: What are intrusion-detection systems (IDS) primarily used for?

Question722: Which of the following attacks targets the Secure Sockets Layer (SSL)?

Question723: Which of the following is an example of a passive attack initiated through the Internet?

Question724: Identify the correct sequence which needs to be followed as a chain of event in regards to evidence handling in computer forensics?

Question725: Which of the following virus prevention techniques can be implemented through hardware?

Question726: Which of the following term describes a failure of an electric utility company to supply power within acceptable range?

Question727: Which of the following term in business continuity determines the maximum acceptable amount of data loss measured in time?

Question728: Which of the following internet security threats could compromise integrity?

Question729: The responsibility for authorizing access to a business application system belongs to the:

Question730: What would an IS auditor expect to find in the console log?

Question731: Sending a message and a message hash encrypted by the sender's private key will ensure:

Question732: Which of the following can help detect transmission errors by appending specially calculated bits onto the end of each segment of data?

Question733: After observing suspicious activities in a server, a manager requests a forensic analysis.
Which of the following findings should be of MOST concern to the investigator?

Question734: Which of the following PBX feature allows a PBX to be configured so that incoming calls are distributed to the next available agent or placed on-hold until one become available?

Question735: An IS auditor finds that, at certain times of the day, the data warehouse query performance decreases significantly. Which of the following controls would it be relevant for the IS auditor to review?

Question736: To properly evaluate the collective effect of preventative, detective, or corrective controls within a process, an IS auditor should be aware of which of the following?

Question737: Active radio frequency ID (RFID) tags are subject to which of the following exposures?

Question738: When installing an intrusion detection system (IDS), which of the following is MOST important?

Question739: Which of the following BEST restricts users to those functions needed to perform their duties?

Question740: As an IS auditor it is very important to understand the importance of job scheduling. Which of the following statement is NOT true about job scheduler or job scheduling software?

Question741: The FIRST step in managing the risk of a cyber-attack is to:

Question742: When is regression testing used to determine whether new application changes have introduced any errors in the remaining unchanged code?

Question743: What is the primary security concern for EDI environments?

Question744: Electromagnetic emissions from a terminal represent an exposure because they:

Question745: In a relational database with referential integrity, the use of which of the following keys would prevent deletion of a row from a customer table as long as the customer number of that row is stored with live orders on the orders table?

Question746: When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected on the network?

Question747: A data center has a badge-entry system. Which of the following is MOST important to protect the computing assets in the center?

Question748: An IS auditor reviewing digital rights management (DRM) applications should expect to find an extensive use for which of the following technologies?

Question749: Which of the following is the MOST effective control over visitor access to a data center?

Question750: What is the most common reason for information systems to fail to meet the needs of users?