لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Function Point Analysis (FPA) provides an estimate of the size of an information system based only on the number and complexity of a system's inputs and outputs. True or false?
A. True
B. False
عرض الإجابة
اجابة صحيحة: C
السؤال #2
When reviewing an organization's strategic IT plan an IS auditor should expect to find:
A. an assessment of the fit of the organization's application portfolio with business objectives
B. actions to reduce hardware procurement cost
C. a listing of approved suppliers of IT contract resources
D. a description of the technical architecture for the organization's network perimeter security
عرض الإجابة
اجابة صحيحة: C
السؤال #3
To support an organization's goals, an IS department should have:
A. a low-cost philosophy
B. long- and short-range plans
C. leading-edge technology
D. plans to acquire new hardware and software
عرض الإجابة
اجابة صحيحة: B
السؤال #4
A technical lead who was working on a major project has left the organization. The project manager reports suspicious system activities on one of the servers that is accessible to the whole team. What would be of GREATEST concern if discovered during a forensic investigation?
A. Audit logs are not enabled for the system
B. A logon ID for the technical lead still exists
C. Spyware is installed on the system
D. A Trojan is installed on the system
عرض الإجابة
اجابة صحيحة: D
السؤال #5
Which of the following is the BEST method for determining the criticality of each application system in the production environment?
A. interview the application programmers
B. Perform a gap analysis
C. Review the most recent application audits
D. Perform a business impact analysis
عرض الإجابة
اجابة صحيحة: A
السؤال #6
What is the BEST backup strategy for a large database with data supporting online sales?
A. Weekly full backup with daily incremental backup
B. Daily full backup
C. Clustered servers
D. Mirrored hard disks
عرض الإجابة
اجابة صحيحة: D
السؤال #7
Which of the following controls would an IS auditor look for in an environment where duties cannot be appropriately segregated?
A. Overlapping controls
B. Boundary controls
C. Access controls
D. Compensating controls
عرض الإجابة
اجابة صحيحة: A
السؤال #8
When auditing a proxy-based firewall, an IS auditor should:
A. verify that the firewall is not dropping any forwarded packets
B. review Address Resolution Protocol (ARP) tables for appropriate mapping between media access control (MAC) and IP addresses
C. verify that the filters applied to services such as HTTP are effective
D. test whether routing information is forwarded by the firewall
عرض الإجابة
اجابة صحيحة: C
السؤال #9
To ensure an organization is complying with privacy requirements, an IS auditor should FIRST review:
A. the IT infrastructure
B. organizational policies, standards and procedures
C. legal and regulatory requirements
D. the adherence to organizational policies, standards and procedures
عرض الإجابة
اجابة صحيحة: A
السؤال #10
An IS auditor finds out-of-range data in some tables of a database. Which of the following controls should the IS auditor recommend to avoid this situation?
A. Log all table update transactions
B. implement before-and-after image reporting
C. Use tracing and tagging
D. implement integrity constraints in the database
عرض الإجابة
اجابة صحيحة: A
السؤال #11
Which of the following recovery strategies is MOST appropriate for a business having multiple offices within a region and a limited recovery budget?
A. A hot site maintained by the business
B. A commercial cold site
C. A reciprocal arrangement between its offices
D. A third-party hot site
عرض الإجابة
اجابة صحيحة: B
السؤال #12
Which of the following is the BEST performance criterion for evaluating the adequacy of an organization's security awareness training?
A. Senior management is aware of critical information assets and demonstrates an adequate concern for their protection
B. Job descriptions contain clear statements of accountability for information security
C. In accordance with the degree of risk and business impact, there is adequate funding for security efforts
D. No actual incidents have occurred that have caused a loss or a public embarrassment
عرض الإجابة
اجابة صحيحة: C
السؤال #13
Which of the following would an IS auditor consider to be the MOST important to review when conducting a business continuity audit?
A. A hot site contracted and available as needed
B. A business continuity manual is available and current
C. insurance coverage is adequate and premiums are current
D. Media backups are performed on a timely basis and stored offsite
عرض الإجابة
اجابة صحيحة: D
السؤال #14
The success of control self-assessment (CSA) highly depends on:
A. having line managers assume a portion of the responsibility for control monitoring
B. assigning staff managers the responsibility for building, but not monitoring, controls
C. the implementation of a stringent control policy and rule-driven controls
D. the implementation of supervision and the monitoring of controls of assigned duties
عرض الإجابة
اجابة صحيحة: B
السؤال #15
A financial institution that processes millions of transactions each day has a central communications processor (switch) for connecting to automated teller machines (ATMs). Which of the following would be the BEST contingency plan for the communications processor?
A. Reciprocal agreement with another organization
B. Alternate processor in the same location
C. Alternate processor at another network node
D. Installation of duplex communication links
عرض الإجابة
اجابة صحيحة: A
السؤال #16
The responsibility for authorizing access to application data should be with the:
A. data custodian
B. database administrator (DBA)
C. data owner
D. security administrator
عرض الإجابة
اجابة صحيحة: B
السؤال #17
In what way is a common gateway interface (CGI) MOST often used on a webserver? Consistent way for transferring data to the application program and back to the user
B. Computer graphics imaging method for movies and TV
C. Graphic user interface for web design
D. interface to access the private gateway domain
عرض الإجابة
اجابة صحيحة: B
السؤال #18
Which of the following fire suppression systems is MOST appropriate to use in a data center environment?
A. Wet-pipe sprinkler system
B. Dry-pipe sprinkler system
C. FM-200system
D. Carbon dioxide-based fire extinguishers
عرض الإجابة
اجابة صحيحة: A
السؤال #19
Which of the following is the BEST method for preventing the leakage of confidential information in a laptop computer?
A. Encrypt the hard disk with the owner's public key
B. Enable the boot password (hardware-based password)
C. Use a biometric authentication device
D. Use two-factor authentication to logon to the notebook
عرض الإجابة
اجابة صحيحة: D
السؤال #20
Which of the following results in a denial-of-service attack?
A. Brute force attack
B. Ping of death
C. Leapfrog attack
D. Negative acknowledgement (NAK) attack
عرض الإجابة
اجابة صحيحة: C
السؤال #21
Establishing the level of acceptable risk is the responsibility of:
A. quality assurance management
B. senior business management
C. the chief information officer
D. the chief security officer
عرض الإجابة
اجابة صحيحة: C
السؤال #22
Which of the following is widely accepted as one of the critical components in networking management?
A. Configuration management
B. Topological mappings
C. Application of monitoring tools
D. Proxy server troubleshooting
عرض الإجابة
اجابة صحيحة: C
السؤال #23
The PRIMARY objective of implementing corporate governance by an organization's management is to:
A. provide strategic direction
B. control business operations
C. align IT with business
D. implement best practices
عرض الإجابة
اجابة صحيحة: B
السؤال #24
The MOST important success factor in planning a penetration test is:
A. the documentation of the planned testing procedure
B. scheduling and deciding on the timed length of the test
C. the involvement of the management of the client organization
D. the qualifications and experience of staff involved in the test
عرض الإجابة
اجابة صحيحة: B
السؤال #25
Which of the following refers to the collection of policies and procedures for implementing controls capable of restricting access to computer software and data files?
A. Binary access control
B. System-level access control
C. Logical access control
D. Physical access controlE
F. None of the choices
عرض الإجابة
اجابة صحيحة: B
السؤال #26
In an online transaction processing system, data integrity is maintained by ensuring that a transaction is either completed in its entirety or not at all. This principle of data integrity is known as:
A. isolation
B. consistency
C. atomicity
عرض الإجابة
اجابة صحيحة: A
السؤال #27
Which of the following would be the BEST performance indicator for the effectiveness of an incident management program?
A. Incident alert meantime
B. Average time between incidents
C. Number of incidents reported
D. Incident resolution meantime
عرض الإجابة
اجابة صحيحة: A
السؤال #28
If the recovery time objective (RTO) increases:
A. the disaster tolerance increases
B. the cost of recovery increases
C. a cold site cannot be used
D. the data backup frequency increases
عرض الإجابة
اجابة صحيحة: D
السؤال #29
What would be the major purpose of rootkit?
A. to hide evidence from system administrators
B. to encrypt files for system administrators
C. to corrupt files for system administrators
D. to hijack system sessions
E. None of the choices
عرض الإجابة
اجابة صحيحة: A
السؤال #30
Following best practices, formal plans for implementation of new information systems are developed during the:
A. development phase
B. design phase
D. deployment phase
عرض الإجابة
اجابة صحيحة: A
السؤال #31
The use of symmetric key encryption controls to protect sensitive data transmitted over a communications network requires that:
A. primary keys for encrypting the data be stored in encrypted form
B. encryption keys be changed only when a compromise is detected at both ends
C. encryption keys at one end be changed on a regular basis
D. public keys be stored in encrypted form
عرض الإجابة
اجابة صحيحة: C
السؤال #32
The Federal Information Processing Standards (FIPS) were developed by:
A. the United States Federal government
B. ANSI
C. ISO
D. IEEE
E. IANA
F. None of the choices
عرض الإجابة
اجابة صحيحة: A
السؤال #33
The cost of ongoing operations when a disaster recovery plan is in place, compared to not having a disaster recovery plan, will MOST likely:
A. increase
B. decrease
C. remain the same
D. be unpredictable
عرض الإجابة
اجابة صحيحة: A
السؤال #34
An IS auditor reviewing an organization's data file control procedures finds that transactions are applied to the most current files, while restart procedures use earlier versions. The IS auditor should recommend the implementation of:
A. source documentation retention
B. data file security
C. version usage control
D. one-for-one checking
عرض الإجابة
اجابة صحيحة: B
السؤال #35
When performing a database review, an IS auditor notices that some tables in the database are not normalized. The IS auditor should next:
A. recommend that the database be normalized
C. review the stored procedures
D. review the justification
عرض الإجابة
اجابة صحيحة: D
السؤال #36
The Federal Information Processing Standards (FIPS) are primarily for use by (Choose two.):
A. all non-military government agencies
B. US government contractors
C. all military government agenciesD
E. None of the choices
عرض الإجابة
اجابة صحيحة: B
السؤال #37
Which of the following satisfies a two-factor user authentication?
A. Iris scanning plus fingerprint scanning
B. Terminal ID plus global positioning system (GPS)
C. A smart card requiring the user's PIN
D. User ID along with password
عرض الإجابة
اجابة صحيحة: B
السؤال #38
Which of the following is a practice that should be incorporated into the plan for testing disaster recovery procedures?
A. Invite client participation
B. involve all technical staff
C. Rotate recovery managers
D. install locally-stored backup
عرض الإجابة
اجابة صحيحة: D
السؤال #39
Which of the following typically consists of a computer, some real looking data and/or a network site that appears to be part of a production network but which is in fact isolated and well prepared?
A. honeypot
B. superpot
C. IDS
D. IPS
E. firewall
F. None of the choices
عرض الإجابة
اجابة صحيحة: A
السؤال #40
In the context of effective information security governance, the primary objective of value delivery is to:
A. optimize security investments in support of business objectives
B. implement a standard set of security practices
C. institute a standards-based solution
D. implement a continuous improvement culture
عرض الإجابة
اجابة صحيحة: D
السؤال #41
The BEST method of proving the accuracy of a system tax calculation is by:
A. detailed visual review and analysis of the source code of the calculation programs
B. recreating program logic using generalized audit software to calculate monthly totals
C. preparing simulated transactions for processing and comparing the results to predetermined results
D. automatic flowcharting and analysis of the source code of the calculation programs
عرض الإجابة
اجابة صحيحة: B
السؤال #42
An organization has been recently downsized, in light of this, an IS auditor decides to test logical access controls. The IS auditor's PRIMARY concern should be that:
A. all system access is authorized and appropriate for an individual's role and responsibilities
B. management has authorized appropriate access for all newly-hired individuals
C. only the system administrator has authority to grant or modify access to individuals
D. access authorization forms are used to grant or modify access to individuals
عرض الإجابة
اجابة صحيحة: A
السؤال #43
In an organization, the responsibilities for IT security are clearly assigned and enforced and an IT security risk and impact analysis is consistently performed. This represents which level of ranking in the information security governance maturity model?
A. Optimized
B. Managed
C. Defined
D. Repeatable
عرض الإجابة
اجابة صحيحة: D
السؤال #44
From a risk management point of view, the BEST approach when implementing a large and complex IT infrastructure is:
A. a big bang deployment after proof of concept
B. prototyping and a one-phase deployment
C. a deployment plan based on sequenced phases
D. to simulate the new infrastructure before deployment
عرض الإجابة
اجابة صحيحة: C
السؤال #45
Which of the following reduces the potential impact of social engineering attacks?
A. Compliance with regulatory requirements
B. Promoting ethical understanding
C. Security awareness programs
D. Effective performance incentives
عرض الإجابة
اجابة صحيحة: B
السؤال #46
An organization has a number of branches across a wide geographical area. To ensure that all aspects of the disaster recovery plan are evaluated in a cost effective manner, an IS auditor should recommend the use of a:
A. data recovery test
B. full operational test
C. posttest
D. preparedness test
عرض الإجابة
اجابة صحيحة: A
السؤال #47
Depending on the complexity of an organization's business continuity plan (BCP), the plan may be developed as a set of more than one plan to address various aspects of business continuity and disaster recovery, in such an environment, it is essential that:
A. each plan is consistent with one another
B. all plans are integrated into a single plan
C. each plan is dependent on one another
D. the sequence for implementation of all plans is defined
عرض الإجابة
اجابة صحيحة: D
السؤال #48
A live test of a mutual agreement for IT system recovery has been carried out, including a four- hour test of intensive usage by the business units. The test has been successful, but gives only partial assurance that the:
A. system and the IT operations team can sustain operations in the emergency environment
B. resources and the environment could sustain the transaction load
C. connectivity to the applications at the remote site meets response time requirements
D. workflow of actual business operations can use the emergency system in case of a disaster
عرض الإجابة
اجابة صحيحة: A
السؤال #49
Which of the following controls will MOST effectively detect the presence of bursts of errors in network transmissions?
A. Parity check Echo check Block sum check
D. Cyclic redundancy check
عرض الإجابة
اجابة صحيحة: D
السؤال #50
Which of the following intrusion detection systems (IDSs) will MOST likely generate false alarms resulting from normal network activity?
A. Statistical-based
B. Signature-based
C. Neural network
D. Host-based
عرض الإجابة
اجابة صحيحة: C
السؤال #51
Which of the following would be the MOST secure firewall system?
A. Screened-host firewall
B. Screened-subnet firewall
C. Dual-homed firewall
D. Stateful-inspection firewall
عرض الإجابة
اجابة صحيحة: A
السؤال #52
The PRIMARY purpose of reviewing the IT strategic plan is to identify risks that may:
A. limit the ability to deliver customer requirements
B. limit the organization’s ability to achieve its objectives
C. impact operational efficiency of the IT department
عرض الإجابة
اجابة صحيحة: C
السؤال #53
An IS auditor examining the configuration of an operating system to verify the controls should review the:
A. transaction logs
B. authorization tables
C. parameter settings
D. routing tables
عرض الإجابة
اجابة صحيحة: A
السؤال #54
Which of the following could be determined by entity-relationship diagram?
A. Links between data objects
B. How the system behaves as a consequence of external events
عرض الإجابة
اجابة صحيحة: C
السؤال #55
During the review of a business process reengineering project, the PRIMARY concern of an IS auditor is to determine whether the new business model:
A. is aligned with industry best practices
B. is aligned with organizational goals
C. leverages benchmarking results
D. meets its key performance measures
عرض الإجابة
اجابة صحيحة: A
السؤال #56
A structured walk-through test of a disaster recovery plan involves:
A. representatives from each of the functional areas coming together to go over the plan
B. all employees who participate in the day-to-day operations coming together to practice executing the plan
C. moving the systems to the alternate processing site and performing processing operations
D. distributing copies of the plan to the various functional areas for review
عرض الإجابة
اجابة صحيحة: A
السؤال #57
Sophisticated database systems provide many layers and types of security, including (Choose three.):
A. Access control
B. Auditing
C. Encryption
D. Integrity controls
E. Compression controls
عرض الإجابة
اجابة صحيحة: B
السؤال #58
Talking about biometric measurement, which of the following measures the percent of invalid users who are incorrectly accepted in?
A. failure to reject rate
B. false accept rate
C. false reject rate
D. failure to enroll rate
E. None of the choices
عرض الإجابة
اجابة صحيحة: ABCD
السؤال #59
Gimmes often work through:
A. SMS
B. IRC chat
C. email attachment
D. news
E. file download
F. None of the choices
عرض الإجابة
اجابة صحيحة: C
السؤال #60
Which of the following should be an IS auditor’s BEST recommendation to prevent installation of unlicensed software on employees’ company-provided devices?
A. Enforce audit logging of software installation activities
B. Restrict software installation authority to administrative users only
C. Implement software blacklisting
D. Remove unlicensed software from end-user devices
عرض الإجابة
اجابة صحيحة: A
السؤال #61
When conducting a penetration test of an IT system, an organization should be MOST concerned with:
A. the confidentiality of the report
B. finding all possible weaknesses on the system
C. restoring all systems to the original state
D. logging all changes made to the production system
عرض الإجابة
اجابة صحيحة: B
السؤال #62
The BEST overall quantitative measure of the performance of biometric control devices is:
A. false-rejection rate
B. false-acceptance rate
C. equal-error rate
D. estimated-error rate
عرض الإجابة
اجابة صحيحة: A
السؤال #63
When removing a financial application system from production, which of the following is MOST important?
A. Media used by the retired system has been sanitized
B. Data retained for regulatory purposes can be retrieved
C. End-user requests for changes are recorded and tracked
D. Software license agreements are retained
A. policies and procedures of the business area being audited
B. business process supported by the system
C. availability reports associated with the cloud-based system
D. architecture and cloud environment of the system
عرض الإجابة
اجابة صحيحة: A
السؤال #64
B. During maintenance of a relational database, several values of the foreign key in a transaction table of a relational database have been corrupted. The consequence is that:
A. the detail of involved transactions may no longer be associated with master data, causing errors when these transactions are processed
C. the database will immediately stop execution and lose more information
D. the database will no longer accept input data
عرض الإجابة
اجابة صحيحة: B
السؤال #65
Adopting a service-oriented architecture would MOST likely:
A. inhibit integration with legacy systems
B. compromise application software security
C. facilitate connectivity between partners
D. streamline all internal processes
عرض الإجابة
اجابة صحيحة: A
السؤال #66
An organization is planning to replace its wired networks with wireless networks. Which of the following would BEST secure the wireless network from unauthorized access? Implement Wired Equivalent Privacy (WEP) Permit access to only authorized Media Access Control (MAC) addresses
C. Disable open broadcast of service set identifiers (SSID)
D. Implement Wi-Fi Protected Access (WPA) 2
عرض الإجابة
اجابة صحيحة: D
السؤال #67
An IS auditor is reviewing the performance outcomes of controls in an agile development project. Which of the following would provide the MOST relevant evidence for the auditor to consider?
A. Progress report of outstanding work
B. Product backlog
C. Number of failed builds
D. Composition of the scrum team A An IS auditor performing an audit of backup procedures observes that backup tapes are picked up weekly and stored offsite at a third-party hosting facility
A. Ensure that data is encrypted before leaving the facility
B. Ensure that the transport company obtains signatures for all shipments
C. Confirm that data is transported in locked tamper-evident containers
D. Confirm that data transfers are logged and recorded
عرض الإجابة
اجابة صحيحة: C
السؤال #68
An IS auditor finds that client requests were processed multiple times when received from different independent departmental databases, which are synchronized weekly. What would be the BEST recommendation?
A. increase the frequency for data replication between the different department systems to ensure timely updates
B.
C. Change the application architecture so that common data is held in just one shared database for all departments
D. implement reconciliation controls to detect duplicates before orders are processed in the systems
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.