لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
As an auditor it is very important to ensure confidentiality, integrity, authenticity and availability are implemented appropriately in an information system. Which of the following definitions incorrectly describes these parameters? 1. Authenticity – A third party must be able to verify that the content of a message has been sent by a specific entity and nobody else. 2. Non-repudiation – The origin or the receipt of a specific message must be verifiable by a third party. A person cannot deny having sent a
A. All of the options presented
B. None of the options presented
C. Options number 1 and 2
D. Option number 3
عرض الإجابة
اجابة صحيحة: B
السؤال #2
Which of the following is the MOST important objective of data protection?
A. identifying persons who need access to information
B. Ensuring the integrity of information
C. Denying or authorizing access to the IS system
D. Monitoring logical accesses
عرض الإجابة
اجابة صحيحة: A
السؤال #3
Which of the following type of computer is a large, general purpose computer that are made to share their processing power and facilities with thousands of internal or external users?
A. Thin client computer
B. Midrange servers
C. Personal computers
D. Mainframe computers
عرض الإجابة
اجابة صحيحة: A
السؤال #4
Fourth-Generation Languages (4GLs) are most appropriate for designing the application's graphical user interface (GUI). They are inappropriate for designing any intensive data- calculation procedures. True or false?
A. True
B. False
عرض الإجابة
اجابة صحيحة: A
السؤال #5
COBIT 5 separates information goals into three sub-dimensions of quality. Which of the following sub-dimension of COBIT 5 describes the extent to which data values are in conformance with the actual true value?
A. Intrinsic quality
B. Contextual and representational quality
C. Security quality
D. Accessibility quality
عرض الإجابة
اجابة صحيحة: D
السؤال #6
If an IS auditor observes that individual modules of a system perform correctly in development project tests, the auditor should inform management of the positive results and recommend further:
A. Documentation development
B. Comprehensive integration testing
C. Full unit testing
D. Full regression testing
عرض الإجابة
اجابة صحيحة: D
السؤال #7
Which of the following is a form of Hybrid Cryptography where the sender encrypts the bulk of the data using Symmetric Key cryptography and then communicates securely a copy of the session key to the receiver?
A. Digital Envelope
B. Digital Signature
C. Symmetric key encryption
D. Asymmetric
عرض الإجابة
اجابة صحيحة: C
السؤال #8
Which of the following attack is against computer network and involves fragmented or invalid ICMP packets sent to the target?
A. Nuke attack
B. Brute force attack
C. Buffer overflow
D. Pulsing Zombie
عرض الإجابة
اجابة صحيحة: C
السؤال #9
Identify the WAN message switching technique being used from the description presented below: “Data is routed in its entirety from the source node to the destination node, one hope at a time. During message routing, every intermediate switch in the network stores the whole message. If the entire network's resources are engaged or the network becomes blocked, this WAN switching technology stores and delays the message until ample resources become available for effective transmission of the message. “
A. Message Switching
B. Packet switching
C. Circuit switching
D. Virtual Circuits
عرض الإجابة
اجابة صحيحة: B
السؤال #10
Which of the following types of attack involves a program that creates an infinite loop, makes lots of copies of itself, and continues to open lots of files?
A. Local DoS attacks
B. Remote DoS attacks
C. Distributed DoS attacks
D. Local Virus attacks
E. None of the choices
عرض الإجابة
اجابة صحيحة: A
السؤال #11
What is used as a control to detect loss, corruption, or duplication of data?
A. Redundancy check
B. Reasonableness check
C. Hash totals
D. Accuracy check
عرض الإجابة
اجابة صحيحة: A
السؤال #12
Which of the following exposures could be caused by a line grabbing technique?
A. Unauthorized data access
B. Excessive CPU cycle usage
C. Lockout of terminal polling
D. Multiplexor control dysfunction
عرض الإجابة
اجابة صحيحة: B
السؤال #13
An IS auditor needs to consider many factors while evaluating an encryption system. Which of the following is LEAST important factor to be considered while evaluating an encryption system?
A. Encryption algorithm
B. Encryption keys
C. Key length
D. Implementation language
عرض الإجابة
اجابة صحيحة: D
السؤال #14
Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly?
A. Field checks
B. Control totals
C. Reasonableness checks
D. A before-and-after maintenance report
عرض الإجابة
اجابة صحيحة: C
السؤال #15
An organization is migrating from a legacy system to an enterprise resource planning (ERP) system. While reviewing the data migration activity, the MOST important concern for the IS auditor is to determine that there is a:
A. correlation of semantic characteristics of the data migrated between the two systems
B. correlation of arithmetic characteristics of the data migrated between the two systems
C. correlation of functional characteristics of the processes between the two systems
D. relative efficiency of the processes between the two systems
عرض الإجابة
اجابة صحيحة: A
السؤال #16
Which of the following is a program evaluation review technique that considers different scenarios for planning and control projects?
A. Function Point Analysis (FPA)
B. GANTT
C. Rapid Application Development (RAD)
D. PERT
عرض الإجابة
اجابة صحيحة: A
السؤال #17
Which of the following translates e-mail formats from one network to another so that the message can travel through all the networks?
A. Gateway
B. Protocol converter
C. Front-end communication processor
D. Concentrator/multiplexor
عرض الإجابة
اجابة صحيحة: C
السؤال #18
Attack amplifier is often being HEAVILY relied upon on by which of the following types of attack?
A. Packet dropping
B. ToS
C. DDoS
D. ATP
E. Wiretapping
F. None of the choices
عرض الإجابة
اجابة صحيحة: D
السؤال #19
Which of the following type of IDS has self-learning functionality and over a period of time will learned what is the expected behavior of a system?
A. Signature Based IDS
B. Host Based IDS
C. Neural Network based IDS
D. Statistical based IDS
عرض الإجابة
اجابة صحيحة: A
السؤال #20
By evaluating application development projects against the capability maturity model (CMM), an IS auditor should be able to verify that:
A. reliable products are guaranteed
B. programmers' efficiency is improved
C. security requirements are designed
D. predictable software processes are followed
عرض الإجابة
اجابة صحيحة: D
السؤال #21
Which of the following controls would provide the GREATEST assurance of database integrity?
A. Audit log procedures
B. Table link/reference checks
C. Query/table access time checks
D. Rollback and roll forward database features
عرض الإجابة
اجابة صحيحة: A
السؤال #22
There are several types of penetration tests depending upon the scope, objective and nature of a test. Which of the following describes a penetration test where you attack and attempt to circumvent the controls of the targeted network from the outside, usually the Internet?
A. External Testing
B. Internal Testing
C. Blind Testing
D. Targeted Testing
عرض الإجابة
اجابة صحيحة: D
السؤال #23
Which of the following option INCORRECTLY describes PBX feature?
A. Voice mail -Stores messages centrally and – by using a password – allows for retrieval from inside or outside lines
B. Tenanting-Provides for the possibility to break into a busy line to inform another user an important message
C. Automatic Call Distribution - Allows a PBX to be configured so that incoming calls are distributed to the next available agent or placed on-hold until one become available
D. Diagnostics -Allows for bypassing normal call restriction procedures
عرض الإجابة
اجابة صحيحة: A
السؤال #24
Within a virus, which component is responsible for what the virus does to the victim file?
A. the payload
B. the signature
C. the trigger
D. the premium
E. None of the choices
عرض الإجابة
اجابة صحيحة: C
السؤال #25
Which of the following refers to any program that invites the user to run it but conceals a harmful or malicious payload?
A. virus
B. worm
C. trojan horse
D. spyware
E. rootkits
F. None of the choices
عرض الإجابة
اجابة صحيحة: B
السؤال #26
Which of the following would MOST likely impact the integrity of a database backup?
A. Record fields contain null information
B. Open database files during backup
C. Relational database model used
D. Backing up the database to an optical disk
عرض الإجابة
اجابة صحيحة: C
السؤال #27
A shared resource matrix is a technique commonly used to locate:
A. Malicious code
B. Security flaws
C. Trap doors
D. Covert channels
عرض الإجابة
اجابة صحيحة: D
السؤال #28
Who is responsible for authorizing access level of a data user?
A. Data Owner
B. Data User
C. Data Custodian
D. Security Administrator
عرض الإجابة
اجابة صحيحة: A
السؤال #29
Which of the following is a strength of a client-server security system?
A. Change control and change management procedures are inherently strong
B. Users can manipulate data without controlling resources on the mainframe
C. Network components seldom become obsolete
D. Access to confidential data or data manipulation is controlled tightly
عرض الإجابة
اجابة صحيحة: C
السؤال #30
What is the first step in a business process re-engineering project?
A. Identifying current business processes
B. Forming a BPR steering committee
C. Defining the scope of areas to be reviewed
D. Reviewing the organizational strategic plan
عرض الإجابة
اجابة صحيحة: C
السؤال #31
The PRIMARY objective of business continuity and disaster recovery plans should be to:
A. safeguard critical IS assets
B. provide for continuity of operations
C. minimize the loss to an organization
D. protect human life
عرض الإجابة
اجابة صحيحة: A
السؤال #32
Which of the following is appropriate when an IS auditor is conducting an exit meeting with senior management?
A. Eliminate significant findings where audit and management agree on risk acceptance
B. Agree with senior management on the risk grading of the audit report
C. Document written responses from management along with an implementation plan
D. Escalate disputed recommendations to the audit committee
عرض الإجابة
اجابة صحيحة: C
السؤال #33
Which of the following is the MOST effective method for dealing with the spreading of a network worm that exploits vulnerability in a protocol?
A. Install the vendor's security fix for the vulnerability
B. Block the protocol traffic in the perimeter firewall
C. Block the protocol traffic between internal network segments
D. Stop the service until an appropriate security fix is installed
عرض الإجابة
اجابة صحيحة: C
السؤال #34
Which of the following factor is LEAST important in the measurement of critical success factors of productivity in the SDLC phases?
A. Dollar Spent per use
B. Number of transactions per month
C. Number of transactions per user
D. Number of occurrences of fraud/misuse detection
عرض الإجابة
اجابة صحيحة: D
السؤال #35
To ensure message integrity, confidentiality and non-repudiation between two parties, the MOST effective method would be to create a message digest by applying a cryptographic hashing algorithm against:
A. the entire message, enciphering the message digest using the sender's private key, enciphering the message with a symmetric key and enciphering the key by using the receiver's public key
B. any part of the message, enciphering the message digest using the sender's private key, enciphering the message with a symmetric key and enciphering the key using the receiver's public key
C. the entire message, enciphering the message digest using the sender's private key, enciphering the message with a symmetric key and enciphering both the encrypted message and digest using the receiver's public key
D. the entire message, enciphering the message digest using the sender's private key and enciphering the message using the receiver's public key
عرض الإجابة
اجابة صحيحة: C
السؤال #36
Which of the following term describes a failure of an electric utility company to supply power within acceptable range?
A. Sag
B. Blackout
C. Brownout
D. EMI
عرض الإجابة
اجابة صحيحة: B
السؤال #37
Responsibility and reporting lines cannot always be established when auditing automated systems since:
A. diversified control makes ownership irrelevant
B. staff traditionally changes jobs with greater frequency
C. ownership is difficult to establish where resources are shared
D. duties change frequently in the rapid development of technology
عرض الإجابة
اجابة صحيحة: D
السؤال #38
Which of the following device in Frame Relay WAN technique is a service provider device that does the actual data transmission and switching in the frame relay cloud?
A. DTE
B. DCE
C. DME
D. DLE
عرض الإجابة
اجابة صحيحة: A
السؤال #39
Disaster recovery planning (DRP) addresses the:
A. technological aspect of business continuity planning
B. operational piece of business continuity planning
C. functional aspect of business continuity planning
D. overall coordination of business continuity planning
عرض الإجابة
اجابة صحيحة: A
السؤال #40
Most access violations are:
A. Accidental
B. Caused by internal hackers
C. Caused by external hackers
D. Related to Internet
عرض الإجابة
اجابة صحيحة: A
السؤال #41
If an IS auditor finds evidence of risk involved in not implementing proper segregation of duties, such as having the security administrator perform an operations function, what is the auditor's primary responsibility?
A. To advise senior management
B. To reassign job functions to eliminate potential fraud
C. To implement compensator controls
D. Segregation of duties is an administrative control not considered by an IS auditor
عرض الإجابة
اجابة صحيحة: D
السؤال #42
Which of the following is a project management technique for defining and deploying software deliverables within a relatively short and fixed period of time, and with predetermined specific resources?
A. Functional Point analysis
B. Gantt Chart
C. Critical path methodology
D. Time box management
عرض الإجابة
اجابة صحيحة: C
السؤال #43
What is essential for the IS auditor to obtain a clear understanding of network management?
A. Security administrator access to systems
B. Systems logs of all hosts providing application services
C. A graphical map of the network topology
D. Administrator access to systems
عرض الإجابة
اجابة صحيحة: A
السؤال #44
An IS auditor performing a telecommunication access control review should be concerned PRIMARILY with the:
A. maintenance of access logs of usage of various system resources
B. authorization and authentication of the user prior to granting access to system resources
C. adequate protection of stored data on servers by encryption or other means
D. accountability system and the ability to identify any terminal accessing system resources
عرض الإجابة
اجابة صحيحة: A
السؤال #45
Why is it not preferable for a firewall to treat each network frame or packet in isolation?
A. Such a firewall has no way of knowing if any given packet is part of an existing connection, is trying to establish a new connection, or is just a rogue packet
B. Such a firewall is costly to setup
C. Such a firewall is too complicated to maintain
D. Such a firewall is CPU hungry
E. Such a firewall offers poor compatibility
F. None of the choices
عرض الإجابة
اجابة صحيحة: D
السؤال #46
Of the three major types of off-site processing facilities, what type is characterized by at least providing for electricity and HVAC?
A. Cold site
B. Alternate site
C. Hot site
D. Warm site
عرض الإجابة
اجابة صحيحة: B
السؤال #47
Which of the following type of testing uses a set of test cases that focus on control structure of the procedural design?
A. Interface testing
B. Unit Testing
C. System Testing
D. Final acceptance testing
عرض الإجابة
اجابة صحيحة: B
السؤال #48
The MAIN criterion for determining the severity level of a service disruption incident is:
A. cost of recovery
B. negative public opinion
C. geographic location
D. downtime
عرض الإجابة
اجابة صحيحة: C
السؤال #49
When reviewing the procedures for the disposal of computers, which of the following should be the GREATEST concern for the IS auditor?
A. Hard disks are overwritten several times at the sector level, but are not reformatted before leaving the organization
B. All files and folders on hard disks are separately deleted, and the hard disks are formatted before leaving the organization
C. Hard disks are rendered unreadable by hole-punching through the platters at specific positions before leaving the organization
D. The transport of hard disks is escorted by internal security staff to a nearby metal recycling company, where the hard disks are registered and then shredded
عرض الإجابة
اجابة صحيحة: B
السؤال #50
What should an organization do before providing an external agency physical access to its information processing facilities (IPFs)?
A. The processes of the external agency should be subjected to an IS audit by an independent agency
B. Employees of the external agency should be trained on the security procedures of the organization
C. Any access by an external agency should be limited to the demilitarized zone (DMZ)
D. The organization should conduct a risk assessment and design and implement appropriate controls
عرض الإجابة
اجابة صحيحة: C
السؤال #51
An offsite information processing facility with electrical wiring, air conditioning and flooring, but no computer or communications equipment, is a:
A. cold site
B. warm site
C. dial-up site
D. duplicate processing facility
عرض الإجابة
اجابة صحيحة: A
السؤال #52
Host Based ILD&P primarily addresses the issue of:
A. information integrity
B. information accuracy
C. information validity
D. information leakage
E. None of the choices
عرض الإجابة
اجابة صحيحة: C
السؤال #53
Which of the following audit risk is related to exposure of a process or entity to be audited without taking into account the control that management has implemented?
A. Inherent Risk
B. Control Risk
C. Detection Risk
D. Overall Audit Risk
عرض الإجابة
اجابة صحيحة: A
السؤال #54
The application systems of an organization using open-source software have no single recognized developer producing patches. Which of the following would be the MOST secure way of updating open-source software?
A. Rewrite the patches and apply them
B. Code review and application of available patches
C. Develop in-house patches
D. identify and test suitable patches before applying them
عرض الإجابة
اجابة صحيحة: B
السؤال #55
________________ (fill in the blank) should be implemented as early as data preparation to support data integrity at the earliest point possible.
A. Control totals
B. Authentication controls
C. Parity bits
D. Authorization controls
عرض الإجابة
اجابة صحيحة: D
السؤال #56
Which of the following methods of encryption has been proven to be almost unbreakable when correctly used?
A. key pair
B. Oakley
C. certificate
D. 3-DES
E. one-time pad
F. None of the choices
عرض الإجابة
اجابة صحيحة: A
السؤال #57
When evaluating the collective effect of preventive, detective or corrective controls within a process an IS auditor should be aware:
A. of the point at which controls are exercised as data flows through the system
B. that only preventive and detective controls are relevant
C. that corrective controls can only be regarded as compensating
D. that classification allows an IS auditor to determine which controls are missing
عرض الإجابة
اجابة صحيحة: A
السؤال #58
In which of the following cloud computing service model are applications hosted by the service provider and made available to the customers over a network?
A. Software as a service
B. Data as a service
C. Platform as a service
D. Infrastructure as a service
عرض الإجابة
اجابة صحيحة: A
السؤال #59
Which of the following BEST describes the necessary documentation for an enterprise product reengineering (EPR) software installation?
A. Specific developments only
B. Business requirements only
C. All phases of the installation must be documented
D. No need to develop a customer specific documentation
عرض الإجابة
اجابة صحيحة: D
السؤال #60
What is the PRIMARY purpose of audit trails?
A. To document auditing efforts
B. To correct data integrity errors
C. To establish accountability and responsibility for processed transactions
D. To prevent unauthorized access to data
عرض الإجابة
اجابة صحيحة: A
السؤال #61
Which of the following is the process of feeding test data into two systems – the modified system and alternative system and comparing the result?
A. Parallel Test
B. Black box testing
C. Regression Testing
D. Pilot Testing
عرض الإجابة
اجابة صحيحة: A
السؤال #62
The MOST important difference between hashing and encryption is that hashing:
A. is irreversible
B. output is the same length as the original message
C. is concerned with integrity and security
D. is the same at the sending and receiving end
عرض الإجابة
اجابة صحيحة: D
السؤال #63
Facilitating telecommunications continuity by providing redundant combinations of local carrier T- 1 lines, microwaves and/or coaxial cables to access the local communication loop:
A. last-mile circuit protection
B. long-haul network diversity
C. diverse routing
D. alternative routing
عرض الإجابة
اجابة صحيحة: A
السؤال #64
Reconfiguring which of the following firewall types will prevent inward downloading of files through the File Transfer Protocol (FTP)?
A. Circuit gateway
B. Application gateway
C. Packet filter
D. Screening router
عرض الإجابة
اجابة صحيحة: D
السؤال #65
Talking about the different approaches to security in computing, the principle of regarding the computer system itself as largely an untrusted system emphasizes:
A. most privilege
B. full privilege
C. least privilege
D. null privilege
E. None of the choices
عرض الإجابة
اجابة صحيحة: A
السؤال #66
Which of the following is a good time frame for making changes to passwords?
A. every 180 to 365 days
B. every 30 to 45 days
C. every 10 to 20 days
D. every 90 to 120 days
E. None of the choices
عرض الإجابة
اجابة صحيحة: D
السؤال #67
Which of the following will replace system binaries and/or hook into the function calls of the operating system to hide the presence of other programs (choose the most precise answer)?
A. rootkits
B. virus
C. trojan
D. tripwire
E. None of the choices
عرض الإجابة
اجابة صحيحة: A
السؤال #68
In which of the following database models is the data represented in terms of tulles and grouped into relations?
A. Hierarchical database model
B. Network database model
C. Relational database model
D. Object-relational database model
عرض الإجابة
اجابة صحيحة: B
السؤال #69
Accountability for the maintenance of appropriate security measures over information assets resides with the:
A. security administrator
B. systems administrator
C. data and systems owners
D. systems operations group
عرض الإجابة
اجابة صحيحة: C
السؤال #70
Which of the following software tools is often used for stealing money from infected PC owner through taking control of the modem?
A. System patcher
B. Porn dialer
C. War dialer
D. T1 dialer
E. T3 dialer
F. None of the choices
عرض الإجابة
اجابة صحيحة: E
السؤال #71
Which of the following is the GREATEST concern when an organization allows personal devices to connect to its network?
A. It is difficult to enforce the security policy on personal devices
B. Help desk employees will require additional training to support devices
C. IT infrastructure costs will increase
D. It is difficult to maintain employee privacy
عرض الإجابة
اجابة صحيحة: D
السؤال #72
Which of the following step of PDCA study the actual result and compares it against the expected result?
A. Plan
B. Do
C. Check
D. Act
عرض الإجابة
اجابة صحيحة: C
السؤال #73
Introducing inhomogeneity to your network for the sake of robustness would have which of the following drawbacks?
A. poorer performance
B. poor scalability
C. weak infrastructure
D. high costs in terms of training and maintenance
E. None of the choices
عرض الإجابة
اجابة صحيحة: B
السؤال #74
Network ILD&P are typically installed:
A. on the organization's internal network connection
B. on the organization's internet network connection
C. on each end user stations
D. on the firewall
E. None of the choices
عرض الإجابة
اجابة صحيحة: E
السؤال #75
Which of the following provide(s) near-immediate recoverability for time-sensitive systems and transaction processing?
A. Automated electronic journaling and parallel processing
B. Data mirroring and parallel processing
C. Data mirroring
D. Parallel processing
عرض الإجابة
اجابة صحيحة: A
السؤال #76
Which of the following statements regarding an off-site information processing facility is TRUE?
A. It should have the same amount of physical access restrictions as the primary processing site
B. It should be located in proximity to the originating site so that it can quickly be made operational
C. It should be easily identified from the outside so in the event of an emergency it can be easily found
D. Need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive
عرض الإجابة
اجابة صحيحة: D
السؤال #77
The intent of application controls is to ensure that when inaccurate data is entered into the system, the data is:
A. accepted and processed
B. accepted and not processed
C. not accepted and not processed
D. not accepted and processed
عرض الإجابة
اجابة صحيحة: C
السؤال #78
What influences decisions regarding criticality of assets?
A. The business criticality of the data to be protected
B. Internal corporate politics
C. The business criticality of the data to be protected, and the scope of the impact upon the organization as a whole
D. The business impact analysis
عرض الإجابة
اجابة صحيحة: D
السؤال #79
A call-back system requires that a user with an id and password call a remote server through a dial-up line, then the server disconnects and:
A. dials back to the user machine based on the user id and password using a telephone number from its database
B. dials back to the user machine based on the user id and password using a telephone number provided by the user during this connection
C. waits for a redial back from the user machine for reconfirmation and then verifies the user id and password using its database
D. waits for a redial back from the user machine for reconfirmation and then verifies the user id and password using the sender's database
عرض الإجابة
اجابة صحيحة: B
السؤال #80
An IS auditor should recommend the use of library control software to provide reasonable assurance that:
A. program changes have been authorized
B. only thoroughly tested programs are released
C. modified programs are automatically moved to production
D. source and executable code integrity is maintained
عرض الإجابة
اجابة صحيحة: D
السؤال #81
Which of the following layer in an enterprise data flow architecture derives enterprise information from operational data, external data and nonoperational data?
A. Data preparation layer
B. Data source layer
C. Data mart layer
D. Data access layer
عرض الإجابة
اجابة صحيحة: C
السؤال #82
What is used to develop strategically important systems faster, reduce development costs, and still maintain high quality?
A. Rapid application development (RAD)
B. GANTT
C. PERT
D. Decision trees
عرض الإجابة
اجابة صحيحة: B
السؤال #83
During the requirements definition phase of a software development project, the aspects of software testing that should be addressed are developing:
A. test data covering critical applications
B. detailed test plans
C. quality assurance test specifications
D. user acceptance testing specifications
عرض الإجابة
اجابة صحيحة: D
السؤال #84
If a database is restored using before-image dumps, where should the process begin following an interruption?
A. Before the last transaction
B. After the last transaction
C. As the first transaction after the latest checkpoint
D. At the last transaction before the latest checkpoint
عرض الإجابة
اجابة صحيحة: D
السؤال #85
For locations 3a, 1d and 3d, the diagram indicates hubs with lines that appear to be open and active. Assuming that is true, what control, if any, should be recommended to mitigate this weakness?
A. Intelligent hub
B. Physical security over the hubs
C. Physical security and an intelligent hub
D. No controls are necessary since this is not a weakness
عرض الإجابة
اجابة صحيحة: C
السؤال #86
What is/are used to measure and ensure proper network capacity management and availability of services?
A. Network performance-monitoring tools
B. Network component redundancy
C. Syslog reporting
D. IT strategic planning
عرض الإجابة
اجابة صحيحة: A
السؤال #87
Which of the following functions, if combined, would be the GREATEST risk to an organization?
A. Systems analyst and database administrator
B. Quality assurance and computer operator
C. Tape librarian and data entry clerk
D. Application programmer and tape librarian
عرض الإجابة
اجابة صحيحة: C
السؤال #88
Which of the following are examples of tools for launching Distributed DoS Attack (Choose four.):
A. TFN
B. TFN2K
C. Trin00
D. Stacheldracht
E. Tripwire
عرض الإجابة
اجابة صحيحة: E
السؤال #89
Which of the following should be the PRIMARY basis for prioritizing follow-up audits?
A. Complexity of management’s actions plans
B. Recommendation from executive management
C. Audit cycle defined in the audit plan
D. Residual risk from the findings of previous audits
عرض الإجابة
اجابة صحيحة: C
السؤال #90
Squid is an example of:
A. IDS
B. caching proxy
C. security proxy
D. connection proxy
E. dialer
F. None of the choices
عرض الإجابة
اجابة صحيحة: A
السؤال #91
Which type of major BCP test only requires representatives from each operational area to meet to review the plan?
A. Parallel
B. Preparedness
C. Walk-thorough
D. Paper
عرض الإجابة
اجابة صحيحة: C
السؤال #92
A company is implementing a dynamic host configuration protocol (DHCP). Given that the following conditions exist, which represents the GREATEST concern?
A. Most employees use laptops
B. A packet filtering firewall is used
C. The IP address space is smaller than the number of PCs
D. Access to a network port is not restricted
عرض الإجابة
اجابة صحيحة: C
السؤال #93
Run-to-run totals can verify data through which stage(s) of application processing?
A. Initial
B. Various
C. Final
D. Output
عرض الإجابة
اجابة صحيحة: C
السؤال #94
There are many known weaknesses within an Intrusion Detection System (IDS). Which of the following is NOT a limitation of an IDS?
A. Weakness in the identification and authentication scheme
B. Application level vulnerability
C. Backdoor into application
D. Detect zero day attack
عرض الإجابة
اجابة صحيحة: C
السؤال #95
Which of the following BEST facilitates compliance with requirements mandating the security of confidential data?
A. Classification of data
B. Security awareness training
C. Encryption of external data transmissions
D. Standardized escalation protocols for breaches
عرض الإجابة
اجابة صحيحة: A
السؤال #96
Which of the following should concern an IS auditor when reviewing security in a client- server environment?
A. Protecting data using an encryption technique
B. Preventing unauthorized access using a diskless workstation
C. The ability of users to access and modify the database directly
D. Disabling floppy drives on the users' machines
عرض الإجابة
اجابة صحيحة: D
السؤال #97
Which of the following processes are performed during the design phase of the systems development life cycle (SDLC) model?
A. Develop test plans
B. Baseline procedures to prevent scope creep
C. Define the need that requires resolution, and map to the major requirements of the solution
D. Program and test the new system
عرض الإجابة
اجابة صحيحة: A
السؤال #98
Which of the following ACID property in DBMS ensures that the concurrent execution of transactions results in a system state that would be obtained if transactions were executed serially, i.e. one after the other?
A. Atomicity
B. Consistency
C. Isolation
D. Durability
عرض الإجابة
اجابة صحيحة: A
السؤال #99
During a logical access controls review, an IS auditor observes that user accounts are shared. The GREATEST risk resulting from this situation is that:
A. an unauthorized user may use the ID to gain access
B. user access management is time consuming
C. passwords are easily guessed
D. user accountability may not be established
عرض الإجابة
اجابة صحيحة: C
السؤال #100
The use of risk assessment tools for classifying risk factors should be formalized in your IT audit effort through:
A. the use of risk controls
B. the use of computer assisted functions
C. using computer assisted audit technology tools
D. the development of written guidelines
E. None of the choices
عرض الإجابة
اجابة صحيحة: A
السؤال #101
Relatively speaking, firewalls operated at the application level of the seven layer OSI model are:
A. almost always less efficient
B. almost always less effective
C. almost always less secure
D. almost always less costly to setup
E. None of the choices
عرض الإجابة
اجابة صحيحة: F
السؤال #102
Which of the following is best suited for searching for address field duplications?
A. Text search forensic utility software
B. Generalized audit software
C. Productivity audit software
D. Manual review
عرض الإجابة
اجابة صحيحة: A
السؤال #103
Which of the following actions should an organization’s security policy require an employee to take upon finding a security breach?
A. Report the incident to the manager immediately
B. Inform IS audit management immediately
C. Confirm the breach can be exploited
D. Devise appropriate countermeasures
عرض الإجابة
اجابة صحيحة: C
السؤال #104
Which of the following is the MOST effective type of antivirus software?
A. Scanners
B. Active monitors
C. integrity checkers
D. Vaccines
عرض الإجابة
اجابة صحيحة: B
السؤال #105
To determine if unauthorized changes have been made to production code the BEST audit procedure is to:
A. examine the change control system records and trace them forward to object code files
B. review access control permissions operating within the production program libraries
C. examine object code to find instances of changes and trace them back to change control records
D. review change approved designations established within the change control system
عرض الإجابة
اجابة صحيحة: C
السؤال #106
An IS auditor performing a review of the backup processing facilities should be MOST concerned that:
A. adequate fire insurance exists
B. regular hardware maintenance is performed
C. offsite storage of transaction and master files exists
D. backup processing facilities are fully tested
عرض الإجابة
اجابة صحيحة: A
السؤال #107
While copying files from a floppy disk a user introduced a virus into the network. Which of the following would MOST effectively detect the existence of the virus? A:
A. scan of all floppy disks before use
B. virus monitor on the network file server
C. scheduled daily scan of all network drives
D. virus monitor on the user's personal computer
عرض الإجابة
اجابة صحيحة: A
السؤال #108
Which of the following is not a good tactic to use against hackers?
A. Enticement
B. Entrapment
عرض الإجابة
اجابة صحيحة: C
السؤال #109
Which of the following acts as a decoy to detect active internet attacks?
A. Honeypots
B. Firewalls
C. Trapdoors
D. Traffic analysis
عرض الإجابة
اجابة صحيحة: B
السؤال #110
The feature of a digital signature that ensures the sender cannot later deny generating and sending the message is:
A. data integrity
B. authentication
C. nonrepudiation
D. replay protection
عرض الإجابة
اجابة صحيحة: D
السؤال #111
Which of the following is NOT a defined ISO basic task related to network management?
A. Fault management
B. Accounting resources
C. Security management
D. Communications management
عرض الإجابة
اجابة صحيحة: D
السؤال #112
Which of the following would an IS auditor consider to be the MOST helpful when evaluating the effectiveness and adequacy of a computer preventive maintenance program?
A. A system downtime log
B. Vendors' reliability figures
C. Regularly scheduled maintenance log
D. A written preventive maintenance schedule
عرض الإجابة
اجابة صحيحة: B
السؤال #113
Your final audit report should be issued:
A. after an agreement on the observations is reached
B. before an agreement on the observations is reached
C. if an agreement on the observations cannot reached
D. without mentioning the observations
E. None of the choices
عرض الإجابة
اجابة صحيحة: ABCD
السؤال #114
What supports data transmission through split cable facilities or duplicate cable facilities?
A. Diverse routing
B. Dual routing
C. Alternate routing
D. Redundant routing
عرض الإجابة
اجابة صحيحة: B
السؤال #115
After an IS auditor has identified threats and potential impacts, the auditor should:
A. Identify and evaluate the existing controls
B. Conduct a business impact analysis (BIA)
C. Report on existing controls
D. Propose new controls
عرض الإجابة
اجابة صحيحة: D
السؤال #116
During an audit, an IS auditor notes that an organization's business continuity plan (BCP) does not adequately address information confidentiality during a recovery process. The IS auditor should recommend that the plan be modified to include:
A. the level of information security required when business recovery procedures are invoked
B. information security roles and responsibilities in the crisis management structure
C. information security resource requirements
D. change management procedures for information security that could affect business continuity arrangements
عرض الإجابة
اجابة صحيحة: C
السؤال #117
Which of the following transmission media would NOT be affected by cross talk or interference?
A. Copper cable
B. Radio System
C. Satellite radio link
D. Fiber optic cables
عرض الإجابة
اجابة صحيحة: D
السؤال #118
While evaluating logical access control the IS auditor should follow all of the steps mentioned below EXCEPT one? 1. Obtain general understanding of security risk facing information processing, through a review of relevant documentation, inquiry and observation,etc 2. Document and evaluate controls over potential access paths into the system to assess their adequacy, efficiency and effectiveness 3. Test Control over access paths to determine whether they are functioning and effective by applying appropriate
A. 2
B. 3
C. 1
D. 6
عرض الإجابة
اجابة صحيحة: A
السؤال #119
Applying a retention date on a file will ensure that:
A. data cannot be read until the date is set
B. data will not be deleted before that date
C. backup copies are not retained after that date
D. datasets having the same name are differentiated
عرض الإجابة
اجابة صحيحة: B
السؤال #120
Back Orifice is an example of:
A. a virus
B. a legitimate remote control software
C. a backdoor that takes the form of an installed program
D. an eavesdropper
E. None of the choices
عرض الإجابة
اجابة صحيحة: A
السؤال #121
Which of the following is a telecommunication device that translates data from digital form to analog form and back to digital?
A. Multiplexer
B. Modem
C. Protocol converter
D. Concentrator
عرض الإجابة
اجابة صحيحة: A
السؤال #122
Which of the following audit is mainly designed to evaluate the internal control structure in a given process or area?
A. Compliance Audit
B. Financial Audit
C. Operational Audit
D. Forensic audit
عرض الإجابة
اجابة صحيحة: C
السؤال #123
Who should be responsible for network security operations?
A. Business unit managers
B. Security administrators
C. Network administrators
D. IS auditors
عرض الإجابة
اجابة صحيحة: B
السؤال #124
How does the digital envelop work? What are the correct steps to follow?
A. You encrypt the data using a session key and then encrypt session key using private key of a sender
B. You encrypt the data using the session key and then you encrypt the session key using sender's public key
C. You encrypt the data using the session key and then you encrypt the session key using the receiver's public key
D. You encrypt the data using the session key and then you encrypt the session key using the receiver's private key
عرض الإجابة
اجابة صحيحة: A
السؤال #125
Which key is used by the sender of a message to create a digital signature for the message being sent?
A. Sender's public key
B. Sender's private key
C. Receiver's public key
D. Receiver's private key
عرض الإجابة
اجابة صحيحة: B
السؤال #126
An IS auditor performing a review of the backup processing facilities should be MOST concerned that:
A. adequate fire insurance exists
B. regular hardware maintenance is performed
C. offsite storage of transaction and master files exists
D. backup processing facilities are tested fully
عرض الإجابة
اجابة صحيحة: A
السؤال #127
In-house personnel performing IS audits should possess which of the following knowledge and/or skills (Choose two.):
A. information systems knowledge commensurate with the scope of the IT environment in question
B. sufficient analytical skills to determine root cause of deficiencies in question
C. sufficient knowledge on secure system coding
D. sufficient knowledge on secure platform development
E. information systems knowledge commensurate outside of the scope of the IT environment in question
عرض الإجابة
اجابة صحيحة: A
السؤال #128
Which of the following is a ITU-T standard protocol suite for packet switched wide area network communication?
A. Point-to-point protocol
B. X
C. Frame Relay
D. ISDN
عرض الإجابة
اجابة صحيحة: C
السؤال #129
Who is responsible for providing technical support for the hardware and software environment by developing, installing and operating the requested system?
A. System Development Management
B. Quality Assurance
C. User Management
D. Senior Management
عرض الإجابة
اجابة صحيحة: A
السؤال #130
Which of the following is the BEST way to handle obsolete magnetic tapes before disposing of them?
A. Overwriting the tapes
B. initializing the tape labels
C. Degaussing the tapes
D. Erasing the tapes
عرض الإجابة
اجابة صحيحة: D
السؤال #131
Access rules normally are included in which of the following documentation categories?
A. Technical reference documentation
B. User manuals
C. Functional design specifications
D. System development methodology documents
عرض الإجابة
اجابة صحيحة: B
السؤال #132
Which of the following component of an expert system allows the expert to enter knowledge into the system without the traditional mediation of a software engineer?
A. Decision tree
B. Rules
C. Semantic nets
D. Knowledge interface
عرض الإجابة
اجابة صحيحة: D
السؤال #133
The use of statistical sampling procedures helps minimize:
A. Detection risk
B. Business risk
C. Controls risk
D. Compliance risk
عرض الإجابة
اجابة صحيحة: C
السؤال #134
A source code repository should be designed to:
A. provide automatic incorporation and distribution of modified code
B. prevent changes from being incorporated into existing code
C. provide secure versioning and backup capabilities for existing code
D. prevent developers from accessing secure source code
عرض الإجابة
اجابة صحيحة: A
السؤال #135
Digital signatures require the sender to "sign" the data by encrypting the data with the sender's public key, to then be decrypted by the recipient using the recipient's private key. True or false?
A. False
B. True
عرض الإجابة
اجابة صحيحة: B
السؤال #136
When should an application-level edit check to verify that availability of funds was completed at the electronic funds transfer (EFT) interface?
A. Before transaction completion
B. Immediately after an EFT is initiated
C. During run-to-run total testing
D. Before an EFT is initiated
عرض الإجابة
اجابة صحيحة: A
السؤال #137
In a small organization, developers may release emergency changes directly to production. Which of the following will BEST control the risk in this situation?
A. Approve and document the change the next business day
B. Limit developer access to production to a specific timeframe
C. Obtain secondary approval before releasing to production
D. Disable the compiler option in the production machine
عرض الإجابة
اجابة صحيحة: A
السؤال #138
Which of the following type of testing validate functioning of the application under test with other system, where a set of data is transferred from one system to another?
A. Interface testing
B. Unit Testing
C. System Testing
D. Final acceptance testing
عرض الإجابة
اجابة صحيحة: A
السؤال #139
You are part of a security staff at a highly profitable bank and each day, all traffic on the network is logged for later review. Every Friday when major deposits are made you're seeing a series of bits placed in the "Urgent Pointer" field of a TCP packet. This is only 16 bits which isn't much but it concerns you because:
A. This could be a sign of covert channeling in bank network communications and should be investigated
B. It could be a sign of a damaged network cable causing the issue
C. It could be a symptom of malfunctioning network card or drivers and the source system should be checked for the problem
D. It is normal traffic because sometimes the previous fields 16-bit checksum value can over run into the urgent pointer's 16-bit field causing the condition
عرض الإجابة
اجابة صحيحة: A
السؤال #140
Codes from exploit programs are frequently reused in:
A. trojan horses only
B. computer viruses only
C. OS patchers
D. eavedroppers
E. trojan horses and computer viruses
F. None of the choices
عرض الإجابة
اجابة صحيحة: A
السؤال #141
Which of the following statement correctly describes the difference between IPSec and SSH protocols?
A. IPSec works at the transport layer where as SSH works at the network layer of an OSI Model
B. IPSec works at the network layer where as SSH works at the application layer of an OSI Model
C. IPSec works at the network layer and SSH works at the transport layer of an OSI Model
D. IPSec works at the transport layer and SSH works at the network layer of an OSI Model
عرض الإجابة
اجابة صحيحة: C
السؤال #142
Which of the following is NOT a component of IPSec?
A. Authentication Header
B. Encapsulating Security Payload
C. Key Distribution Center
D. Internet Key Exchange
عرض الإجابة
اجابة صحيحة: B
السؤال #143
Which of the following statement INCORRECTLY describes network device such as a Router?
A. Router creates a new header for each packet
B. Router builds a routing table based on MAC address
C. Router does not forward broadcast packet
D. Router assigns a different network address per port
عرض الإجابة
اجابة صحيحة: B
السؤال #144
Ensuring that security and control policies support business and IT objectives is a primary objective of:
A. An IT security policies audit
B. A processing audit
C. A software audit
D. A vulnerability assessment
عرض الإجابة
اجابة صحيحة: B
السؤال #145
Which of the following control fixes a component or system after an incident has occurred?
A. Deterrent
B. Preventive
C. Corrective
D. Recovery
عرض الإجابة
اجابة صحيحة: C
السؤال #146
Which of the following manages the digital certificate life cycle to ensure adequate security and controls exist in digital signature applications related to ecommerce?
A. Registration authority
B. Certificate authority (CA)
C. Certification relocation list
D. Certification practice statement
عرض الإجابة
اجابة صحيحة: B
السؤال #147
Which of the following characteristics pertaining to databases is not true?
A. A data model should exist and all entities should have a significant name
B. Justifications must exist for normalized data
C. No NULLs should be allowed for primary keys
D. All relations must have a specific cardinality
عرض الإجابة
اجابة صحيحة: B
السؤال #148
You should keep all computer rooms at reasonable temperatures, which is in between (choose all that apply):
A. 60 - 75 degrees Fahrenheit
B. 10 - 25 degrees Celsius
C. 30 - 45 degrees Fahrenheit
D. 1 - 15 degrees Celsius
E. 20 - 35 degrees Fahrenheit
F. 0 - 5 degrees Celsius
عرض الإجابة
اجابة صحيحة: ABCD
السؤال #149
Which of the following audit mainly focuses on discovering and disclosing on frauds and crimes?
A. Compliance Audit
B. Financial Audit
C. Integrated Audit
D. Forensic audit
عرض الإجابة
اجابة صحيحة: D
السؤال #150
A certificate authority (CA) can delegate the processes of:
A. revocation and suspension of a subscriber's certificate
B. generation and distribution of the CA public key
C. establishing a link between the requesting entity and its public key
D. issuing and distributing subscriber certificates
عرض الإجابة
اجابة صحيحة: A
السؤال #151
Which of the following is the MOST critical step in planning an audit?
A. Implementing a prescribed auditing framework such as COBIT
B. Identifying current controls
C. Identifying high-risk audit targets
D. Testing controls
عرض الإجابة
اجابة صحيحة: A
السؤال #152
Which of the following is the most important benefit of control self-assessment (CSA)?
A. CSA is a policy/rule driven
B. In CSA approach, risk is identified sooner
C. CSA requires limited employee participations
D. In CSA, resources are being used in an effective manner
عرض الإجابة
اجابة صحيحة: B
السؤال #153
Which of the following methods of providing telecommunications continuity involves the use of an alternative media?
A. Alternative routing
B. Diverse routing
C. Long haul network diversity
D. Last mile circuit protection
عرض الإجابة
اجابة صحيحة: A
السؤال #154
Which of the following audit tools is MOST useful to an IS auditor when an audit trail is required?
A. Integrated test facility (ITF)
B. Continuous and intermittent simulation (CIS)
C. Audit hooks
D. Snapshots
عرض الإجابة
اجابة صحيحة: A
السؤال #155
When auditing security for a data center, an IS auditor should look for the presence of a voltage regulator to ensure that the:
A. hardware is protected against power surges
B. integrity is maintained if the main power is interrupted
C. immediate power will be available if the main power is lost
D. hardware is protected against long-term power fluctuations
عرض الإجابة
اجابة صحيحة: A
السؤال #156
Which of the following E-commerce model covers all the transactions between companies and government organization?
A. B-to-C relationships
B. B-to-B relationships
C. B-to-E relationships
D. B-to-G relationships
عرض الإجابة
اجابة صحيحة: B
السؤال #157
Which of the following is MOST critical when creating data for testing the logic in a new or modified application system?
A. A sufficient quantity of data for each test case
B. Data representing conditions that are expected in actual processing
C. Completing the test on schedule
D. A random sample of actual data
عرض الإجابة
اجابة صحيحة: B
السؤال #158
One of the purposes of library control software is to allow:
A. programmers access to production source and object libraries
B. batch program updating
C. operators to update the control library with the production version before testing is completed
D. read-only access to source code
عرض الإجابة
اجابة صحيحة: D
السؤال #159
Which of the following types of firewalls would BEST protect a network from an Internet attack?
A. Screened subnet firewall
B. Application filtering gateway
C. Packet filtering router
D. Circuit-level gateway
عرض الإجابة
اجابة صحيحة: B
السؤال #160
Which of the following is the MOST important reason for an IS auditor to be involved in a system development project?
A. Evaluate the efficiency of resource utilization
B. Develop audit programs for subsequent audits of the system
C. Evaluate the selection of hardware to be used by the system
D. Ensure that adequate controls are built into the system during development
عرض الإجابة
اجابة صحيحة: A
السؤال #161
Which of the following types of data validation editing checks is used to determine if a field contains data, and not zeros or blanks?
A. Check digit
B. Existence check
C. Completeness check
D. Reasonableness check
عرض الإجابة
اجابة صحيحة: D
السؤال #162
An IS auditor performing a review of an application's controls would evaluate the:
A. efficiency of the application in meeting the business processes
B. impact of any exposures discovered
C. business processes served by the application
D. the application's optimization
عرض الإجابة
اجابة صحيحة: A
السؤال #163
Online banking transactions are being posted to the database when processing suddenly comes to a halt. The integrity of the transaction processing is BEST ensured by:
A. database integrity checks
B. validation checks
C. input controls
D. database commits and rollbacks
عرض الإجابة
اجابة صحيحة: A
السؤال #164
An organization has created a policy that defines the types of web sites that users are forbidden to access. What is the MOST effective technology to enforce this policy?
A. Stateful inspection firewall
B. Web content filter
C. Web cache server
D. Section: Protection of Information Assets Proxy server
عرض الإجابة
اجابة صحيحة: A
السؤال #165
A computer system is no more secure than the human systems responsible for its operation. Malicious individuals have regularly penetrated well-designed, secure computer systems by taking advantage of the carelessness of trusted individuals, or by deliberately deceiving them. zombie computers are being HEAVILY relied upon on by which of the following types of attack?
A. Eavedropping
B. DoS
C. DDoS
D. ATP
E. Social Engineering
F. None of the choices
عرض الإجابة
اجابة صحيحة: B
السؤال #166
Gimmes often work through:
A. SMS
B. IRC chat
C. email attachment
D. news file download
F. None of the choices
عرض الإجابة
اجابة صحيحة: ABC
السؤال #167
As an IS auditor it is very important to understand software release management process. Which of the following software release normally contains small enhancements and fixes?
A. Major software Release
B. Minor software Release
C. Emergency software release
D. General software Release
عرض الإجابة
اجابة صحيحة: A
السؤال #168
Network Data Management Protocol (NDMP) technology should be used for backup if:
A. a network attached storage (NAS) appliance is required
B. the use of TCP/I P must be avoided
C. file permissions that can not be handled by legacy backup systems must be backed up
D. backup consistency over several related data volumes must be ensured
عرض الإجابة
اجابة صحيحة: C
السؤال #169
Which of the following statement INCORRECTLY describes the traditional audit approach in comparison to the Control self-assessment approach?
A. In traditional approach, Staffs at all level, in all functions, are the primary control analyst
B. Traditional approach assigns duties/supervises staff
C. Traditional approach is a policy driven approach
D. Traditional approach requires limited employee participations
عرض الإجابة
اجابة صحيحة: A
السؤال #170
Which of the following insurance types provide for a loss arising from fraudulent acts by employees?
A. Business interruption
B. Fidelity coverage
C. Errors and omissions
D. Extra expense
عرض الإجابة
اجابة صحيحة: C
السؤال #171
What is wrong with a Black Box type of intrusion detection system?
A. you cannot patch it
B. you cannot test it
C. you cannot examine its internal workings from outside
D. you cannot tune it
E. None of the choices
عرض الإجابة
اجابة صحيحة: B
السؤال #172
Which of the following control is intended to discourage a potential attacker?
A. Deterrent
B. Preventive
C. Corrective
D. Recovery
عرض الإجابة
اجابة صحيحة: A
السؤال #173
What kind of testing should programmers perform following any changes to an application or system?
A. Unit, module, and full regression testing
B. Module testing
C. Unit testing
D. Regression testing
عرض الإجابة
اجابة صحيحة: C
السؤال #174
A small startup organization does not have the resources to implement segregation of duties. Which of the following would be the MOST effective compensating control?
A. Rotation of log monitoring and analysis responsibilities
B. Additional management reviews and reconciliations
C. Third-party assessments
D. Mandatory vacations
عرض الإجابة
اجابة صحيحة: C
السؤال #175
Well-written risk assessment guidelines for IS auditing should specify which of the following elements at the least (Choose four.)
A. A maximum length for audit cycles
B. The timing of risk assessments
C. Documentation requirements
D. Guidelines for handling special cases
E. None of the choices
عرض الإجابة
اجابة صحيحة: A
السؤال #176
Which of the following physical access controls would provide the highest degree of security over unauthorized access?
A. Bolting door lock
B. Cipher lock
C. Electronic door lock
D. Fingerprint scanner
عرض الإجابة
اجابة صحيحة: A
السؤال #177
Which of the following data validation edits is effective in detecting transposition and transcription errors?
A. Range check
B. Check digit
C. Validity check
D. Duplicate check
عرض الإجابة
اجابة صحيحة: A
السؤال #178
ISO 9126 is a standard to assist in evaluating the quality of a product. Which of the following is defined as a set of attributes that bear on the existence of a set of functions and their specified properties?
A. Reliability
B. Usability
C. Functionality
D. Maintainability
عرض الإجابة
اجابة صحيحة: B
السؤال #179
During what process should router access control lists be reviewed?
A. Environmental review
B. Network security review
C. Business continuity review
D. Data integrity review
عرض الإجابة
اجابة صحيحة: C
السؤال #180
IS management has decided to rewrite a legacy customer relations system using fourth-generation languages (4GLs). Which of the following risks is MOST often associated with system development using 4GLs?
A. Inadequate screen/report design facilities
B. Complex programming language subsets
C. Lack of portability across operating systems
D. Inability to perform data intensive operations
عرض الإجابة
اجابة صحيحة: D
السؤال #181
Which of the following function in traditional EDI translate data between the standard format and trading partner's propriety format?
A. Communication handler
B. Application Interface
C. Application System
D. EDI Translator
عرض الإجابة
اجابة صحيحة: B
السؤال #182
A hard disk containing confidential data was damaged beyond repair. What should be done to the hard disk to prevent access to the data residing on it?
A. Rewrite the hard disk with random Os and Is
B. Low-level format the hard disk
C. Demagnetize the hard disk
D. Physically destroy the hard disk
عرض الإجابة
اجابة صحيحة: C
السؤال #183
Sam is the security Manager of a financial institute. Senior management has requested he performs a risk analysis on all critical vulnerabilities reported by an IS auditor. After completing the risk analysis, Sam has observed that for a few of the risks, the cost benefit analysis shows that risk mitigation cost (countermeasures, controls, or safeguard) is more than the potential lost that could be incurred. What kind of a strategy should Sam recommend to the senior management to treat these risks?
A. Risk Mitigation
B. Risk Acceptance
C. Risk Avoidance
D. Risk transfer
عرض الإجابة
اجابة صحيحة: B
السؤال #184
A major portion of what is required to address nonrepudiation is accomplished through the use of:
A. strong methods for authentication and ensuring data validity
B. strong methods for authentication and ensuring data integrity
C. strong methods for authorization and ensuring data integrity
D. strong methods for authentication and ensuring data reliability
عرض الإجابة
اجابة صحيحة: A
السؤال #185
Java applets and ActiveX controls are distributed executable programs that execute in the background of a web browser client. This practice is considered reasonable when:
A. a firewall exists
B. a secure web connection is used
C. the source of the executable is certain
D. the host website is part of your organization
عرض الإجابة
اجابة صحيحة: A
السؤال #186
An IS auditor has been asked to audit a complex system with computerized and manual elements. Which of the following should be identified FIRST?
A. Manual controls
B. System risks
C. Programmed controls
D. Input validation
عرض الإجابة
اجابة صحيحة: B

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.