لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Which of the following types of firewalls would BEST protect a network from an internet attack?
A. Screened subnet firewall
B. Application filtering gateway
C. Packet filtering router
D. Circuit-level gateway
عرض الإجابة
اجابة صحيحة: A
السؤال #2
Which of the following statement is NOT true about smoke detector?
A. The Smoke detectors should be above and below the ceiling tiles throughout the facilities and below the raised in the computer room floor
B. The smoke detector should produce an audible alarm when activated and be linked to a monitored station
C. The location of the smoke detector should be marked on the tiling for easy identification and access
D. Smoke detector should replace fire suppression system
عرض الإجابة
اجابة صحيحة: B
السؤال #3
What type of approach to the development of organizational policies is often driven by risk assessment?
A. Bottom-up
B. Top-down
C. Comprehensive
D. Integrated
عرض الإجابة
اجابة صحيحة: B
السؤال #4
To determine who has been given permission to use a particular system resource, an IS auditor should review:
A. activity lists
B. access control lists
C. logon ID lists
D. password lists
عرض الإجابة
اجابة صحيحة: A
السؤال #5
The reason a certification and accreditation process is performed on critical systems is to ensure that:
A. security compliance has been technically evaluated
B. data have been encrypted and are ready to be stored
C. the systems have been tested to run on different platforms
D. the systems have followed the phases of a waterfall model
عرض الإجابة
اجابة صحيحة: A
السؤال #6
Which of the following is an example of the defense in-depth security principle?
A. Using two firewalls of different vendors to consecutively check the incoming network traffic
B. Using a firewall as well as logical access controls on the hosts to control incoming network traffic
C. Having no physical signs on the outside of a computer center building
D. Using two firewalls in parallel to check different types of incoming traffic
عرض الإجابة
اجابة صحيحة: A
السؤال #7
In what way is a common gateway interface (CGI) MOST often used on a webserver?
A. Consistent way for transferring data to the application program and back to the user
B. Computer graphics imaging method for movies and TV
C. Graphic user interface for web design
D. interface to access the private gateway domain
عرض الإجابة
اجابة صحيحة: C
السؤال #8
The implementation of access controls FIRST requires:
A. a classification of IS resources
B. the labeling of IS resources
C. the creation of an access control list
D. an inventory of IS resources
عرض الإجابة
اجابة صحيحة: C
السؤال #9
After installing a network, an organization installed a vulnerability assessment tool or security scanner to identify possible weaknesses. Which is the MOST serious risk associated with such tools?
A. Differential reporting
B. False-positive reporting
C. False-negative reporting
D. Less-detail reporting
عرض الإجابة
اجابة صحيحة: A
السؤال #10
Web and e-mail filtering tools are PRIMARILY valuable to an organization because they:
A. protect the organization from viruses and nonbusiness materials
B. maximize employee performance
C. safeguard the organization's image
D. assist the organization in preventing legal issues
عرض الإجابة
اجابة صحيحة: D
السؤال #11
A core tenant of an IS strategy is that it must:
A. Be inexpensive
B. Be protected as sensitive confidential information
C. Protect information confidentiality, integrity, and availability
D. Support the business objectives of the organization
عرض الإجابة
اجابة صحيحة: B
السؤال #12
Which of the following functionality is NOT supported by SSL protocol?
A. Confidentiality
B. Integrity
C. Authentication
D. Availability
عرض الإجابة
اجابة صحيحة: A
السؤال #13
Which of the following cryptography demands less computational power and offers more security per bit?
A. Quantum cryptography
B. Elliptic Curve Cryptography (ECC)
C. Symmetric Key Cryptography
D. Asymmetric Key Cryptography
عرض الإجابة
اجابة صحيحة: B
السؤال #14
When reviewing the implementation of a LAN, an IS auditor should FIRST review the:
A. node list
B. acceptance test report
C. network diagram
D. user's list
عرض الإجابة
اجابة صحيحة: A
السؤال #15
Which of the following would MOST effectively enhance the security of a challenge- response based authentication system?
A. Selecting a more robust algorithm to generate challenge strings
B. implementing measures to prevent session hijacking attacks
C. increasing the frequency of associated password changes
D. increasing the length of authentication strings
عرض الإجابة
اجابة صحيحة: A
السؤال #16
An organization is using an enterprise resource management (ERP) application. Which of the following would be an effective access control?
A. User-level permissions
B. Role-based
C. Fine-grained
D. Discretionary
عرض الإجابة
اجابة صحيحة: C
السؤال #17
The PRIMARY objective of an audit of IT security policies is to ensure that:
A. they are distributed and available to all staff
B. security and control policies support business and IT objectives
C. there is a published organizational chart with functional descriptions
D. duties are appropriately segregated
عرض الإجابة
اجابة صحيحة: B
السؤال #18
During an IS audit, auditor has observed that authentication and authorization steps are split into two functions and there is a possibility to force the authorization step to be completed before the authentication step. Which of the following technique an attacker could user to force authorization step before authentication?
A. Eavesdropping
B. Traffic analysis
C. Masquerading
D. Race Condition
عرض الإجابة
اجابة صحيحة: D
السؤال #19
Which of the following is a feature of Wi-Fi Protected Access (WPA) in wireless networks? Session keys are dynamic
B. Private symmetric keys are used
C. Keys are static and shared
D. Source addresses are not encrypted or authenticated
عرض الإجابة
اجابة صحيحة: C
السؤال #20
Corrective action has been taken by an auditee immediately after the identification of a reportable finding. The auditor should:
A. include the finding in the final report, because the IS auditor is responsible for an accurate report of all findings
B. not include the finding in the final report, because the audit report should include only unresolved findings
C. not include the finding in the final report, because corrective action can be verified by the IS auditor during the audit
D. include the finding in the closing meeting for discussion purposes only
عرض الإجابة
اجابة صحيحة: C
السؤال #21
Which of the following would an IS auditor use to determine if unauthorized modifications were made to production programs?
A. System log analysis
B. Compliance testing
C. Forensic analysis
D. Analytical review
عرض الإجابة
اجابة صحيحة: A
السؤال #22
Diskless workstation is an example of:
A. Handheld devices
B. Thin client computer
C. Personal computer
D. Midrange server
عرض الإجابة
اجابة صحيحة: B
السؤال #23
After reviewing its business processes, a large organization is deploying a new web application based on a VoIP technology. Which of the following is the MOST appropriate approach for implementing access control that will facilitate security management of the VoIP web application?
A. Fine-grained access control
B. Role-based access control (RBAC)
C. Access control lists
D. Network/service access control
عرض الإجابة
اجابة صحيحة: A
السؤال #24
An auditor needs to be aware of technical controls which are used to protect computer from malware. Which of the following technical control interrupts DoS and ROM BIOS call and look for malware like action?
A. Scanners
B. Active Monitors
C. Immunizer
D. Behavior blocker
عرض الإجابة
اجابة صحيحة: D
السؤال #25
Which of the following would be the BEST access control procedure?
A. The data owner formally authorizes access and an administrator implements the user authorization tables
B. Authorized staff implements the user authorization tables and the data owner sanctions them
C. The data owner and an IS manager jointly create and update the user authorization tables
D. The data owner creates and updates the user authorization tables
عرض الإجابة
اجابة صحيحة: B
السؤال #26
An IS auditor performing an independent classification of systems should consider a situation where functions could be performed manually at a tolerable cost for an extended period of time as:
A. critical
B. vital
C. sensitive
D. noncritical
عرض الإجابة
اجابة صحيحة: B
السؤال #27
The final decision to include a material finding in an audit report should be made by the:
A. audit committee
B. auditee's manager
C. IS auditor
D. CEO of the organization
عرض الإجابة
اجابة صحيحة: D
السؤال #28
Which of the following is a function of an IS steering committee?
A. Monitoring vendor-controlled change control and testing
B. Ensuring a separation of duties within the information's processing environment
C. Approving and monitoring major projects, the status of IS plans and budgets
D. Liaising between the IS department and the end users
عرض الإجابة
اجابة صحيحة: B
السؤال #29
The database administrator (DBA) suggests that DB efficiency can be improved by denormalizing some tables. This would result in:
A. loss of confidentiality
B. increased redundancy
C. unauthorized accesses
D. application malfunctions
عرض الإجابة
اجابة صحيحة: C
السؤال #30
A company has recently upgraded its purchase system to incorporate EDI transmissions. Which of the following controls should be implemented in the EDI interface to provide for efficient data mapping?
A. Key verification
B. One-for-one checking
C. Manual recalculations
D. Functional acknowledgements
عرض الإجابة
اجابة صحيحة: D
السؤال #31
The GREATEST advantage of using web services for the exchange of information between two systems is:
A. secure communications
B. improved performance
C. efficient interfacing
D. enhanced documentation
عرض الإجابة
اجابة صحيحة: C
السؤال #32
Which of the following is the MOST critical and contributes the greatest to the quality of data in a data warehouse?
A. Accuracy of the source data
B. Credibility of the data source
C. Accuracy of the extraction process
D. Accuracy of the data transformation
عرض الإجابة
اجابة صحيحة: A
السؤال #33
Which of the following statement INCORRECTLY describes anti-malware? A .....................................................................................................................................................................................................................................................2 B ................................................................................................................................................................................................
C. 2 andD
عرض الإجابة
اجابة صحيحة: A
السؤال #34
Which of the following is protocol data unit (PDU) of transport layer in TCP/IP model?
A. Data
B. Segment
C. Packet
D. Frame
عرض الإجابة
اجابة صحيحة: C
السؤال #35
Which of the following provides the framework for designing and developing logical access controls?
A. Information systems security policy
B. Access control lists
C. Password management
D. System configuration files
عرض الإجابة
اجابة صحيحة: B
السؤال #36
Which of the following is the BEST type of program for an organization to implement to aggregate, correlate and store different log and event files, and then produce weekly and monthly reports for IS auditors?
A. A security information event management (SIEM) product
B. An open-source correlation engine
C. A log management tool
D. An extract, transform, load (ETL) system
عرض الإجابة
اجابة صحيحة: B
السؤال #37
Who is primarily responsible for storing and safeguarding the data?
A. Data Owner
B. Data User
C. Data Steward
D. Security Administrator
عرض الإجابة
اجابة صحيحة: D
السؤال #38
When reviewing an intrusion detection system (IDS), an IS auditor should be MOST concerned about which of the following?
A. Number of nonthreatening events identified as threatening
B. Attacks not being identified by the system
C. Reports/logs being produced by an automated tool
D. Legitimate traffic being blocked by the system
عرض الإجابة
اجابة صحيحة: D
السؤال #39
Which of the following is the MOST important element for the successful implementation of IT governance?
A. Implementing an IT scorecard
B. Identifying organizational strategies
C. Performing a risk assessment
D. Creating a formal security policy
عرض الإجابة
اجابة صحيحة: C
السؤال #40
Which of the following term related to network performance refers to the actual rate that information is transferred over a network?
A. Bandwidth
B. Throughput
C. Latency
D. Jitter
عرض الإجابة
اجابة صحيحة: C
السؤال #41
An IT steering committee should review information systems PRIMARILY to assess:
A. whether IT processes support business requirements
B. if proposed system functionality is adequate
C. the stability of existing software
D. the complexity of installed technology
عرض الإجابة
اجابة صحيحة: B
السؤال #42
When transmitting a payment instruction, which of the following will help verify that the instruction was not duplicated?
A. Use of a cryptographic hashing algorithm
B. Enciphering the message digest
C. Deciphering the message digest
D. A sequence number and time stamp
عرض الإجابة
اجابة صحيحة: A
السؤال #43
In a public key infrastructure, a registration authority:
A. verifies information supplied by the subject requesting a certificate
B. issues the certificate after the required attributes are verified and the keys are generated
C. digitally signs a message to achieve nonrepudiation of the signed message
D. registers signed messages to protect them from future repudiation
عرض الإجابة
اجابة صحيحة: A
السؤال #44
To gain an understanding of the effectiveness of an organization's planning and management of investments in IT assets, an IS auditor should review the:
A. enterprise data model
B. IT balanced scorecard (BSC)
C. IT organizational structure
D. historical financial statements
عرض الإجابة
اجابة صحيحة: A
السؤال #45
Which of the following network components is PRIMARILY set up to serve as a security measure by preventing unauthorized traffic between different segments of the network?
A. Firewalls
B. Routers
C. Layer 2 switches
D. VLANs
عرض الإجابة
اجابة صحيحة: B
السؤال #46
What can be very helpful to an IS auditor when determining the efficacy of a systems maintenance program?
A. Network-monitoring software
B. A system downtime log
C. Administration activity reports
D. Help-desk utilization trend reports
عرض الإجابة
اجابة صحيحة: B
السؤال #47
Which of the following PBX feature provides the possibility to break into a busy line to inform another user of an important message?
A. Account Codes
B. Access Codes
C. Override
D. Tenanting
عرض الإجابة
اجابة صحيحة: B
السؤال #48
Which of the following attack includes social engineering, link manipulation or web site forgery techniques?
A. surf attack
B. Traffic analysisC
D. Interrupt attack
عرض الإجابة
اجابة صحيحة: B
السؤال #49
Which of the following activities performed by a database administrator (DBA) should be performed by a different person?
A. Deleting database activity logs
B. Implementing database optimization tools
C. Monitoring database usage
D. Defining backup and recovery procedures
عرض الإجابة
اجابة صحيحة: A
السؤال #50
Once an organization has finished the business process reengineering (BPR) of all its critical operations, an IS auditor would MOST likely focus on a review of:
A. pre-BPR process flowcharts
B. post-BPR process flowcharts
C. BPR project plans
D. continuous improvement and monitoring plans
عرض الإجابة
اجابة صحيحة: C
السؤال #51
Which of the following controls would an IS auditor look for in an environment where duties cannot be appropriately segregated?
A. Overlapping controls
B. Boundary controls Access controls
D. Compensating controls
عرض الإجابة
اجابة صحيحة: B
السؤال #52
Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)?
A. A user from within could send a file to an unauthorized person
B. FTP services could allow a user to download files from unauthorized sources
C. A hacker may be able to use the FTP service to bypass the firewall
D. FTP could significantly reduce the performance of a DMZ server
عرض الإجابة
اجابة صحيحة: D
السؤال #53
Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly?
A. Field checks
B. Control totals
C. Reasonableness checks
D. A before-and-after maintenance report
عرض الإجابة
اجابة صحيحة: C
السؤال #54
A clerk changed the interest rate for a loan on a master file. The rate entered is outside the normal range for such a loan. Which of the following controls is MOST effective in providing reasonable assurance that the change was authorized?
A. The system will not process the change until the clerk's manager confirms the change by entering an approval code
B. The system generates a weekly report listing all rate exceptions and the report is reviewed by the clerk's manager
C. The system requires the clerk to enter an approval code
D. The system displays a warning message to the clerk
عرض الإجابة
اجابة صحيحة: C
السؤال #55
IT operations for a large organization have been outsourced. An IS auditor reviewing the outsourced operation should be MOST concerned about which of the following findings?
A. The outsourcing contract does not cover disaster recovery for the outsourced IT operations
B. The service provider does not have incident handling procedures
C. Recently a corrupted database could not be recovered because of library management problems
D. incident logs are not being reviewed
عرض الإجابة
اجابة صحيحة: D
السؤال #56
Which of the following is MOST critical for the successful implementation and maintenance of a security policy?
A. Assimilation of the framework and intent of a written security policy by all appropriate parties
B. Management support and approval for the implementation and maintenance of a security policy
C. Enforcement of security rules by providing punitive actions for any violation of security rules
D. Stringent implementation, monitoring and enforcing of rules by the security officer through access control software
عرض الإجابة
اجابة صحيحة: B
السؤال #57
An IS auditor reviewing an accounts payable system discovers that audit logs are not being reviewed. When this issue is raised with management the response is that additional controls are not necessary because effective system access controls are in place. The BEST response the auditor can make is to:
A. review the integrity of system access controls
B. accept management's statement that effective access controls are in place
C. stress the importance of having a system control framework in place
D. review the background checks of the accounts payable staff
عرض الإجابة
اجابة صحيحة: B
السؤال #58
In transport mode, the use of the Encapsulating Security Payload (ESP) protocol is advantageous over the Authentication Header (AH) protocol because it provides:
A. connectionless integrity
B. data origin authentication
C. antireplay service
D. confidentiality
عرض الإجابة
اجابة صحيحة: A
السؤال #59
During Involuntary termination of an employee, which of the following is the MOST important step to be considered?
A. Get a written NDA agreement from an employee
B. Terminate all physical and logical access
C. Provide compensation in lieu of notice period
D. Do not communicate to the respective employee about the termination
عرض الإجابة
اجابة صحيحة: C
السؤال #60
As an outcome of information security governance, strategic alignment provides:
A. security requirements driven by enterprise requirements
B. baseline security following best practices
C. institutionalized and commoditized solutions
D. an understanding of risk exposure
عرض الإجابة
اجابة صحيحة: C
السؤال #61
Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?
A. A substantive test of program library controls
B. A compliance test of program library controls
C. A compliance test of the program compiler controls
D. A substantive test of the program compiler controls
عرض الإجابة
اجابة صحيحة: A
السؤال #62
IT best practices for the availability and continuity of IT services should:
A. minimize costs associated with disaster-resilient components
B. provide for sufficient capacity to meet the agreed upon demands of the business
C. provide reasonable assurance that agreed upon obligations to customers can be met
D. produce timely performance metric reports
عرض الإجابة
اجابة صحيحة: D
السؤال #63
During an audit of the logical access control of an ERP financial system an IS auditor found some user accounts shared by multiple individuals. The user IDs were based on roles rather than individual identities. These accounts allow access to financial transactions on the ERP. What should the IS auditor do next?
A. Look for compensating controls
B. Review financial transactions logs
C. Review the scope of the audit
D. Ask the administrator to disable these accounts
عرض الإجابة
اجابة صحيحة: D
السؤال #64
What is the lowest level of the IT governance maturity model where an IT balanced scorecard exists?
A. Repeatable but Intuitive
B. Defined
C. Managed and Measurable
D. Optimized
عرض الإجابة
اجابة صحيحة: A
السؤال #65
Which of the following should be of PRIMARY concern to an IS auditor reviewing the management of external IT service providers?
A. Minimizing costs for the services provided
B. Prohibiting the provider from subcontracting services
C. Evaluating the process for transferring knowledge to the IT department
D. Determining if the services were provided as contracted
عرض الإجابة
اجابة صحيحة: A
السؤال #66
An IS auditor finds that a DBA has read and write access to production data. The IS auditor should:
A. accept the DBA access as a common practice
B. assess the controls relevant to the DBA function
C. recommend the immediate revocation of the DBA access to production data
D. review user access authorizations approved by the DBA
عرض الإجابة
اجابة صحيحة: C
السؤال #67
Naming conventions for system resources are important for access control because they:
A. ensure that resource names are not ambiguous
B. reduce the number of rules required to adequately protect resources
C. ensure that user access to resources is clearly and uniquely identified
D. ensure that internationally recognized names are used to protect resources
عرض الإجابة
اجابة صحيحة: A
السؤال #68
An IS auditor performing an application maintenance audit would review the log of program changes for the:
A. authorization of program changes
B. creation date of a current object module
C. number of program changes actually made
D. creation date of a current source program
عرض الإجابة
اجابة صحيحة: C
السؤال #69
Which are the two primary types of scanner used for protecting against Malware? Malware mask/signatures and Heuristic Scanner Active and passive Scanner Behavioral Blockers and immunizer Scanner None of the above
A. Malware mask/signatures and Heuristic Scanner
B. Active and passive Scanner
C. Behavioral Blockers and immunizer Scanner
D. None of the above
عرض الإجابة
اجابة صحيحة: A
السؤال #70
Which of the following will prevent dangling tuples in a database?
A. Cyclic integrity
B. Domain integrity
C. Relational integrity
D. Referential integrity
عرض الإجابة
اجابة صحيحة: C
السؤال #71
Which of the following statement correctly describes the difference between IPSec and SSH protocols?
A. IPSec works at the transport layer where as SSH works at the network layer of an OSI Model
B. IPSec works at the network layer where as SSH works at the application layer of an OSI Model
C. IPSec works at the network layer and SSH works at the transport layer of an OSI Model
D. IPSec works at the transport layer and SSH works at the network layer of an OSI Model
عرض الإجابة
اجابة صحيحة: C
السؤال #72
Which of the following is protocol data unit (PDU) of network interface layer in TCP/IP model?
A. Data
B. Segment
C. Packet
D. Frame
عرض الإجابة
اجابة صحيحة: B
السؤال #73
When performing a database review, an IS auditor notices that some tables in the database are not normalized. The IS auditor should next:
A. recommend that the database be normalized
B. review the conceptual data model
C. review the stored procedures
D. review the justification
عرض الإجابة
اجابة صحيحة: C
السؤال #74
Which of the following controls would be MOST effective in ensuring that production source code and object code are synchronized?
A. Release-to-release source and object comparison reports
B. Library control software restricting changes to source code
C. Restricted access to source code and object code
D. Date and time-stamp reviews of source and object code
عرض الإجابة
اجابة صحيحة: D

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.