لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Digital signatures require the sender to "sign" the data by encrypting the data with the sender's public key, to then be decrypted by the recipient using the recipient's private key. True or false?
A. False
B. True
عرض الإجابة
اجابة صحيحة: A
السؤال #2
What control detects transmission errors by appending calculated bits onto the end of each segment of data?
A. Reasonableness check
B. Parity check
C. Redundancy check
D. Check digits
عرض الإجابة
اجابة صحيحة: A
السؤال #3
When performing an IS strategy audit, an IS auditor should review both short-term (one-year) and long-term (three-to five-year) IS strategies, interview appropriate corporate management personnel, and ensure that the external environment has been considered. The auditor should especially focus on procedures in an audit of IS strategy. True or false?
A. True
B. False
عرض الإجابة
اجابة صحيحة: A
السؤال #4
Which of the following should an IS auditor review to understand project progress in terms of time, budget and deliverables for early detection of possible overruns and for projecting estimates at completion (EACs)?
A. Function point analysis
B. Earned value analysis
C. Cost budget
D. Program Evaluation and Review Technique
عرض الإجابة
اجابة صحيحة: C
السؤال #5
Whenever business processes have been re-engineered, the IS auditor attempts to identify and quantify the impact of any controls that might have been removed, or controls that might not work as effectively after business process changes. True or false?
A. True
B. False
عرض الإجابة
اجابة صحيحة: C
السؤال #6
What must an IS auditor understand before performing an application audit? Choose the BEST answer.
A. The potential business impact of application risk
B. Application risks must first be identifie
C. Relative business processe
D. Relevant application risk
عرض الإجابة
اجابة صحيحة: A
السؤال #7
Which of the following is a feature of Wi-Fi Protected Access (WPA) in wireless networks?
A. Session keys are dynamic
B. Private symmetric keys are used
C. Keys are static and shared
D. Source addresses are not encrypted or authenticated
عرض الإجابة
اجابة صحيحة: A
السؤال #8
When preparing an audit report the IS auditor should ensure that the results are supported by:
A. statements from IS managemen
B. workpapers of other auditor
C. an organizational control self-assessmen
D. sufficient and appropriate audit evidenc
عرض الإجابة
اجابة صحيحة: A
السؤال #9
Failure in which of the following testing stages would have the GREATEST impact on the implementation of new application software?
A. System testing
B. Acceptance testing
C. Integration testing
D. Unit testing
عرض الإجابة
اجابة صحيحة: C
السؤال #10
An IS auditor finds that not all employees are aware of the enterprise's information security policy. The IS auditor should conclude that:
A. this lack of knowledge may lead to unintentional disclosure of sensitive informatio
B. information security is not critical to all function
C. IS audit should provide security training to the employee
D. the audit finding will cause management to provide continuous training to staf
عرض الإجابة
اجابة صحيحة: C
السؤال #11
An IS auditor is evaluating a corporate network for a possible penetration by employees. Which of the following findings should give the IS auditor the GREATEST concern?
A. There are a number of external modems connected to the networ
B. Users can install software on their desktop
C. Network monitoring is very limite
D. Many user IDs have identical password
عرض الإجابة
اجابة صحيحة: C
السؤال #12
An organization is migrating from a legacy system to an enterprise resource planning (ERP) system. While reviewing the data migration activity, the MOST important concern for the IS auditor is to determine that there is a:
A. correlation of semantic characteristics of the data migrated between the two system
B. correlation of arithmetic characteristics of the data migrated between the two system
C. correlation of functional characteristics of the processes between the two system
D. relative efficiency of the processes between the two system
عرض الإجابة
اجابة صحيحة: B
السؤال #13
An IS auditor discovers that developers have operator access to the command line of a production environment operating system. Which of the following controls wou Id BEST mitigate the risk of undetected and unauthorized program changes to the production environment?
A. Commands typed on the command line are logged
B. Hash keys are calculated periodically for programs and matched against hash keys calculated for the most recent authorized versions of the programs
C. Access to the operating system command line is granted through an access restriction tool with preapproved rights
D. Software development tools and compilers have been removed from the production environment
عرض الإجابة
اجابة صحيحة: A
السؤال #14
Above almost all other concerns, what often results in the greatest negative impact on the implementation of new application software?
A. Failing to perform user acceptance testing
B. Lack of user training for the new system
C. Lack of software documentation and run manuals
D. Insufficient unit, module, and systems testing
عرض الإجابة
اجابة صحيحة: B
السؤال #15
Which of the following can degrade network performance? Choose the BEST answer.
A. Superfluous use of redundant load-sharing gateways
B. Increasing traffic collisions due to host congestion by creating new collision domains
C. Inefficient and superfluous use of network devices such as switches
D. Inefficient and superfluous use of network devices such as hubs
عرض الإجابة
اجابة صحيحة: A
السؤال #16
What type of approach to the development of organizational policies is often driven by risk assessment?
A. Bottom-up
B. Top-down
C. Comprehensive
D. Integrated
عرض الإجابة
اجابة صحيحة: B
السؤال #17
Database snapshots can provide an excellent audit trail for an IS auditor. True or false?
A. True
B. False
عرض الإجابة
اجابة صحيحة: A
السؤال #18
Which of the following is an advantage of the top-down approach to software testing?
A. Interface errors are identified early
B. Testing can be started before all programs are complete
C. it is more effective than other testing approaches
D. Errors in critical modules are detected sooner
عرض الإجابة
اجابة صحيحة: B
السؤال #19
Why is a clause for requiring source code escrow in an application vendor agreement important?
A. To segregate systems development and live environments
B. To protect the organization from copyright disputes
C. To ensure that sufficient code is available when needed
D. To ensure that the source code remains available even if the application vendor goes out of business
عرض الإجابة
اجابة صحيحة: A
السؤال #20
The traditional role of an IS auditor in a control self-assessment (CSA) should be that of a(n):
A. Implementor
B. Facilitator
C. Developer
D. Sponsor
عرض الإجابة
اجابة صحيحة: A
السؤال #21
An IS auditor performing a review of an application's controls would evaluate the:
A. efficiency of the application in meeting the business processe
B. impact of any exposures discovere
C. business processes served by the applicatio
D. application's optimizatio
عرض الإجابة
اجابة صحيحة: C
السؤال #22
An organization has outsourced its help desk activities. An IS auditor's GREATEST concern when reviewing the contract and associated service level agreement (SLA) between the organization and vendor should be the provisions for:
A. documentation of staff background check
B. independent audit reports or full audit acces
C. reporting the year-to-year incremental cost reduction
D. reporting staff turnover, development or trainin
عرض الإجابة
اجابة صحيحة: B
السؤال #23
During an implementation review of a multiuser distributed application, an IS auditor finds minor weaknesses in three areas-the initial setting of parameters is improperly installed, weak passwords are being used and some vital reports are not beingchecked properly. While preparing the audit report, the IS auditor should:
A. record the observations separately with the impact of each of them marked against each respective findin
B. advise the manager of probable risks without recording the observations, as the control weaknesses are minor one
C. record the observations and the risk arising from the collective weaknesse
D. apprise the departmental heads concerned with each observation and properly document it in the repor
عرض الإجابة
اجابة صحيحة: D
السؤال #24
When should application controls be considered within the system-development process?
A. After application unit testing
B. After application module testing
C. After applications systems testing
D. As early as possible, even in the development of the project's functional specifications
عرض الإجابة
اجابة صحيحة: A
السؤال #25
With the objective of mitigating the risk and impact of a major business interruption, a disasterrecovery plan should endeavor to reduce the length of recovery time necessary, as well as costs associated with recovery. Although DRP results in an increase of pre-and post-incident operational costs, the extra costs are more than offset by reduced recovery and business impact costs. True or false?
A. True
B. False
عرض الإجابة
اجابة صحيحة: B
السؤال #26
During a security audit of IT processes, an IS auditor found that there were no documented security procedures. The IS auditor should:
A. create the procedures documen
B. terminate the audi
C. conduct compliance testin
D. identify and evaluate existing practice
عرض الإجابة
اجابة صحيحة: A
السؤال #27
What are trojan horse programs? Choose the BEST answer.
A. A common form of internal attack
B. Malicious programs that require the aid of a carrier program such as email
C. Malicious programs that can run independently and can propagate without the aid of a carrier program such as email
D. A common form of Internet attack
عرض الإجابة
اجابة صحيحة: C
السؤال #28
How is the time required for transaction processing review usually affected by properly implemented Electronic Data Interface (EDI)?
A. EDI usually decreases the time necessary for revie
B. EDI usually increases the time necessary for revie
C. Cannot be determine
D. EDI does not affect the time necessary for revie
عرض الإجابة
اجابة صحيحة: A
السؤال #29
An IS auditor reviewing the risk assessment process of an organization should FIRST:
A. identify the reasonable threats to the information asset
B. analyze the technical and organizational vulnerabilitie
C. identify and rank the information asset
D. evaluate the effect of a potential security breac
عرض الإجابة
اجابة صحيحة: B
السؤال #30
What is used to develop strategically important systems faster, reduce development costs, and still maintain high quality? Choose the BEST answer.
A. Rapid application development (RAD)
B. GANTT
C. PERT
D. Decision trees
عرض الإجابة
اجابة صحيحة: A
السؤال #31
Which of the following is the BEST performance criterion for evaluating the adequacy of an organization's security awareness training?
A. Senior management is aware of critical information assets and demonstrates an adequate concern for their protectio
B. Job descriptions contain clear statements of accountability for information securit
C. In accordance with the degree of risk and business impact, there is adequate funding for security effort
D. No actual incidents have occurred that have caused a loss or a public embarrassmen
عرض الإجابة
اجابة صحيحة: A
السؤال #32
Effective IT governance requires organizational structures and processes to ensure that:
A. the organization's strategies and objectives extend the IT strateg
B. the business strategy is derived from an IT strateg
C. IT governance is separate and distinct from the overall governanc
D. the IT strategy extends the organization's strategies and objective
عرض الإجابة
اجابة صحيحة: B
السؤال #33
The information security policy that states 'each individual must have their badge read at every controlled door' addresses which of the following attack methods?
A. Piggybacking
B. Shoulder surfing
C. Dumpster diving
D. Impersonation
عرض الإجابة
اجابة صحيحة: D
السؤال #34
What is used to provide authentication of the website and can also be used to successfully authenticate keys used for data encryption?
A. An organizational certificate
B. A user certificate
C. A website certificate
D. Authenticode
عرض الإجابة
اجابة صحيحة: B
السؤال #35
A primary benefit derived from an organization employing control self-assessment (CSA) techniques is that it can:
A. Identify high-risk areas that might need a detailed review later
B. Reduce audit costs
C. Reduce audit time
D. Increase audit accuracy
عرض الإجابة
اجابة صحيحة: B
السؤال #36
Which of the following is MOST directly affected by network performance monitoring tools?
A. Integrity
B. Availability
C. Completeness
D. Confidentiality
عرض الإجابة
اجابة صحيحة: C
السؤال #37
The initial step in establishing an information security program is the:
A. development and implementation of an information security standards manua
B. performance of a comprehensive security control review by the IS audito
C. adoption of a corporate information security policy statemen
D. purchase of security access control softwar
عرض الإجابة
اجابة صحيحة: C
السؤال #38
Who is ultimately responsible for providing requirement specifications to the software-development team?
A. The project sponsor
B. The project members
C. The project leader
D. The project steering committee
عرض الإجابة
اجابة صحيحة: C
السؤال #39
A long-term IS employee with a strong technical background and broad managerial experience has applied for a vacant position in the IS audit department. Determining whether to hire this individual for this position should be based on the individual'sexperience and:
A. length of service, since this will help ensure technical competenc
B. age, as training in audit techniques may be impractica
C. IS knowledge, since this will bring enhanced credibility to the audit functio
D. ability, as an IS auditor, to be independent of existing IS relationship
عرض الإجابة
اجابة صحيحة: D
السؤال #40
What is the primary security concern for EDI environments? Choose the BEST answer.
A. Transaction authentication
B. Transaction completeness
C. Transaction accuracy
D. Transaction authorization
عرض الإجابة
اجابة صحيحة: B
السؤال #41
The management of an organization has decided to establish a security awareness program. Which of the following would MOST likely be a part of the program?
A. Utilization of an intrusion detection system to report incidents
B. Mandating the use of passwords to access all software
C. Installing an efficient user log system to track the actions of each user
D. Training provided on a regular basis to all current and new employees
عرض الإجابة
اجابة صحيحة: B
السؤال #42
Network environments often add to the complexity of program-to-program communication, making the implementation and maintenance of application systems more difficult. True or false?
A. True
B. False
عرض الإجابة
اجابة صحيحة: C
السؤال #43
The use of statistical sampling procedures helps minimize:
A. Detection risk
B. Business risk
C. Controls risk
D. Compliance risk
عرض الإجابة
اجابة صحيحة: B
السؤال #44
In an organization where an IT security baseline has been defined, an IS auditor should FIRST ensure:
A. implementatio
B. complianc
C. documentatio
D. sufficienc
عرض الإجابة
اجابة صحيحة: A
السؤال #45
An information security policy stating that 'the display of passwords must be masked or suppressed' addresses which of the following attack methods?
A. Piggybacking
B. Dumpster diving
C. Shoulder surfing
D. Impersonation
عرض الإجابة
اجابة صحيحة: A
السؤال #46
When assessing the design of network monitoring controls, an IS auditor should FIRST review network:
A. topology diagram
B. bandwidth usag
C. traffic analysis report
D. bottleneck location
عرض الإجابة
اجابة صحيحة: A
السؤال #47
Atomicity enforces data integrity by ensuring that a transaction is either completed in its entirely or not at all. Atomicity is part of the ACID test reference for transaction processing. True or false?
A. True
B. False
عرض الإجابة
اجابة صحيحة: A
السؤال #48
An organization having a number of offices across a wide geographical area has developed a disaster recovery plan (DRP). Using actual resources, which of the following is the MOST costeffective test of the DRP?
A. Full operational test
B. Preparedness test
C. Paper test
D. Regression test
عرض الإجابة
اجابة صحيحة: D
السؤال #49
How does the SSL network protocol provide confidentiality?
A. Through symmetric encryption such as RSA
B. Through asymmetric encryption such as Data Encryption Standard, or DES
C. Through asymmetric encryption such as Advanced Encryption Standard, or AES
D. Through symmetric encryption such as Data Encryption Standard, or DES
عرض الإجابة
اجابة صحيحة: C
السؤال #50
The MAJOR consideration for an IS auditor reviewing an organization's IT project portfolio is the:
A. IT budge
B. existing IT environmen
C. business pla
D. investment pla
عرض الإجابة
اجابة صحيحة: B
السؤال #51
A retail outlet has introduced radio frequency identification (RFID) tags to create unique serial numbers for all products. Which of the following is the PRIMARY concern associated with this initiative?
A. Issues of privacy
B. Wavelength can be absorbed by the human body
C. RFID tags may not be removable
D. RFID eliminates line-of-sight reading
عرض الإجابة
اجابة صحيحة: D
السؤال #52
Which of the following functions should be performed by the application owners to ensure an adequate segregation of duties between IS and end users?
A. System analysis
B. Authorization of access to data
C. Application programming
D. Data administration
عرض الإجابة
اجابة صحيحة: D
السؤال #53
Test and development environments should be separated. True or false?
A. True
B. False
عرض الإجابة
اجابة صحيحة: A
السؤال #54
A substantive test to verify that tape library inventory records are accurate is:
A. determining whether bar code readers are installe
B. determining whether the movement of tapes is authorize
C. conducting a physical count of the tape inventor
D. checking if receipts and issues of tapes are accurately recorde
عرض الإجابة
اجابة صحيحة: A
السؤال #55
During the development of an application, the quality assurance testing and user acceptance testing were combined. The MAJOR concern for an IS auditor reviewing the project is that there will be:
A. increased maintenanc
B. improper documentation of testin
C. inadequate functional testin
D. delays in problem resolutio
عرض الإجابة
اجابة صحيحة: B
السؤال #56
During the review of a web-based software development project, an IS auditor realizes that coding standards are not enforced and code reviews are rarely carried out. This will MOST likely increase the likelihood of a successful:
A. buffer overflo
B. brute force attac
C. distributed denial-of-service attac
D. war dialing attac
عرض الإجابة
اجابة صحيحة: B
السؤال #57
A local area network (LAN) administrator normally would be restricted from:
A. having end-user responsibilitie
B. reporting to the end-user manage
C. having programming responsibilitie
D. being responsible for LAN security administratio
عرض الإجابة
اجابة صحيحة: C
السؤال #58
The PRIMARY advantage of a continuous audit approach is that it:
A. does not require an IS auditor to collect evidence on system reliability while processing is taking plac
B. requires the IS auditor to review and follow up immediately on all information collecte
C. can improve system security when used in time-sharing environments that process a large number of transaction
D. does not depend on the complexity of an organization's computer system
عرض الإجابة
اجابة صحيحة: A
السؤال #59
Input/output controls should be implemented for which applications in an integrated systems environment?
A. The receiving application
B. The sending application
C. Both the sending and receiving applications
D. Output on the sending application and input on the receiving application
عرض الإجابة
اجابة صحيحة: A
السؤال #60
Structured programming is BEST described as a technique that:
A. provides knowledge of program functions to other programmers via peer review
B. reduces the maintenance time of programs by the use of small-scale program module
C. makes the readable coding reflect as closely as possible the dynamic execution of the progra
D. controls the coding and testing of the high-level functions of the program in the development proces
عرض الإجابة
اجابة صحيحة: B
السؤال #61
Which of the following hardware devices relieves the central computer from performing network control, format conversion and message handling tasks?
A. Spool
B. Cluster controller
C. Protocol converter
D. Front end processor
عرض الإجابة
اجابة صحيحة: C
السؤال #62
What benefit does using capacity-monitoring software to monitor usage patterns and trends provide to management? Choose the BEST answer.
A. The software can dynamically readjust network traffic capabilities based upon current usag
B. The software produces nice reports that really impress managemen
C. It allows users to properly allocate resources and ensure continuous efficiency of operation
D. It allows management to properly allocate resources and ensure continuous efficiency of operation
عرض الإجابة
اجابة صحيحة: C
السؤال #63
While planning an audit, an assessment of risk should be made to provide:
A. reasonable assurance that the audit will cover material item
B. definite assurance that material items will be covered during the audit wor
C. reasonable assurance that all items will be covered by the audi
D. sufficient assurance that all items will be covered during the audit wor
عرض الإجابة
اجابة صحيحة: A
السؤال #64
The PRIMARY reason an IS auditor performs a functional walkthrough during the preliminary phase of an audit assignment is to:
A. understand the business proces
B. comply with auditing standard
C. identify control weaknes
D. plan substantive testin
عرض الإجابة
اجابة صحيحة: C
السؤال #65
When developing a risk management program, what is the FIRST activity to be performed?
A. Threat assessment
B. Classification of data
C. Inventory of assets
D. Criticality analysis
عرض الإجابة
اجابة صحيحة: C
السؤال #66
During which of the following phases in system development would user acceptance test plans normally be prepared?
A. Feasibility study
B. Requirements definition
C. implementation planning
D. Postimplementation review
عرض الإجابة
اجابة صحيحة: C
السؤال #67
What is an effective control for granting temporary access to vendors and external support personnel? Choose the BEST answer.
A. Creating user accounts that automatically expire by a predetermined date
B. Creating permanent guest accounts for temporary use
C. Creating user accounts that restrict logon access to certain hours of the day
D. Creating a single shared vendor administrator account on the basis of least-privileged access
عرض الإجابة
اجابة صحيحة: C
السؤال #68
The MOST significant level of effort for business continuity planning (BCP) generally is required during the:
A. testing stag
B. evaluation stag
C. maintenance stag
D. early stages of plannin
عرض الإجابة
اجابة صحيحة: D
السؤال #69
Obtaining user approval of program changes is very effective for controlling application changes and maintenance. True or false?
A. True
B. False
عرض الإجابة
اجابة صحيحة: A
السؤال #70
The editing/validation of data entered at a remote site would be performed MOST effectively at the:
A. central processing site after running the application syste
B. central processing site during the running of the application syste
C. remote processing site after transmission of the data to the central processing sit
D. remote processing site prior to transmission of the data to the central processing sit
عرض الإجابة
اجابة صحيحة: B
السؤال #71
________________ (fill in the blank) is/are are ultimately accountable for the functionality, reliability, and security within IT governance. Choose the BEST answer.
A. Data custodians
B. The board of directors and executive officers
C. IT security administration
D. Business unit managers
عرض الإجابة
اجابة صحيحة: A
السؤال #72
Which of the following is a substantive test?
A. Checking a list of exception reports
B. Ensuring approval for parameter changes
C. Using a statistical sample to inventory the tape library
D. Reviewing password history reports
عرض الإجابة
اجابة صحيحة: A
السؤال #73
The purpose of code signing is to provide assurance that:
A. the software has not been subsequently modifie
B. the application can safely interface with another signed applicatio
C. the signer of the application is truste
D. the private key of the signer has not been compromise
عرض الإجابة
اجابة صحيحة: A
السؤال #74
What process allows IS management to determine whether the activities of the organization differ from the planned or expected levels? Choose the BEST answer.
A. Business impact assessment
B. Risk assessment
C. IS assessment methods
D. Key performance indicators (KPIs)
عرض الإجابة
اجابة صحيحة: A
السؤال #75
To determine if unauthorized changes have been made to production code the BEST audit procedure is to:
A. examine the change control system records and trace them forward to object code file
B. review access control permissions operating within the production program librarie
C. examine object code to find instances of changes and trace them back to change control record
D. review change approved designations established within the change control syste
عرض الإجابة
اجابة صحيحة: D
السؤال #76
Which of the following controls will MOST effectively detect the presence of bursts of errors in network transmissions?
A. Parity check
B. Echo check
C. Block sum check
D. Cyclic redundancy check
عرض الإجابة
اجابة صحيحة: C
السؤال #77
What uses questionnaires to lead the user through a series of choices to reach a conclusion? Choose the BEST answer.
A. Logic trees
B. Decision trees
C. Decision algorithms
D. Logic algorithms
عرض الإجابة
اجابة صحيحة: A
السؤال #78
A team conducting a risk analysis is having difficulty projecting the financial losses that could result from a risk. To evaluate the potential losses, the team should:
A. compute the amortization of the related asset
B. calculate a return on investment (ROI)
C. apply a qualitative approac
D. spend the time needed to define exactly the loss amoun
عرض الإجابة
اجابة صحيحة: D
السؤال #79
Which of the following are effective controls for detecting duplicate transactions such as payments made or received?
A. Concurrency controls
B. Reasonableness checks
C. Time stamps
D. Referential integrity controls
عرض الإجابة
اجابة صحيحة: C
السؤال #80
An IS auditor analyzing the audit log of a database management system (DBMS) finds that some transactions were partially executed as a result of an error, and are not rolled back. Which of the following transaction processing features has been violated?
A. Consistency
B. Isolation
C. Durability
D. Atomicity
عرض الإجابة
اجابة صحيحة: A
السؤال #81
Which of the following would be the BEST population to take a sample from when testing program changes?
A. Test library listings
B. Source program listings
C. Program change requests
D. Production library listings
عرض الإجابة
اجابة صحيحة: B
السؤال #82
Java applets and ActiveX controls are distributed executable programs that execute in the background of a web browser client. This practice is considered reasonable when:
A. a firewall exist
B. a secure web connection is use
C. the source of the executable file is certai
D. the host web site is part of the organizatio
عرض الإجابة
اجابة صحيحة: D
السؤال #83
A malicious code that changes itself with each file it infects is called a:
A. logic bom
B. stealth viru
C. trojan hors
D. polymorphic viru
عرض الإجابة
اجابة صحيحة: D
السؤال #84
The database administrator (DBA) suggests that DB efficiency can be improved by denormalizing some tables. This would result in:
A. loss of confidentialit
B. increased redundanc
C. unauthorized accesse
D. application malfunction
عرض الإجابة
اجابة صحيحة: A
السؤال #85
An IS auditor is reviewing a project that is using an Agile software development approach. Which of the following should the IS auditor expect to find?
A. Use of a process-based maturity model such as the capability maturity model (CMM)
B. Regular monitoring of task-level progress against schedule
C. Extensive use of software development tools to maximize team productivity
D. Postiteration reviews that identify lessons learned for future use in the project
عرض الإجابة
اجابة صحيحة: B
السؤال #86
Before implementing controls, management should FIRST ensure that the controls:
A. satisfy a requirement in addressing a risk issu
B. do not reduce productivit
C. are based on a cost-benefit analysi
D. are detective or correctiv
عرض الإجابة
اجابة صحيحة: D
السؤال #87
What is an edit check to determine whether a field contains valid data?
A. Completeness check
B. Accuracy check
C. Redundancy check
D. Reasonableness check
عرض الإجابة
اجابة صحيحة: B
السؤال #88
After initial investigation, an IS auditor has reasons to believe that fraud may be present. The IS auditor should:
A. expand activities to determine whether an investigation is warrante
B. report the matter to the audit committe
C. report the possibility of fraud to top management and ask how they would like to procee
D. consult with external legal counsel to determine the course of action to be take
عرض الإجابة
اجابة صحيحة: D
السؤال #89
What type of fire-suppression system suppresses fire via water that is released from a main valve to be delivered via a system of dry pipes installed throughout the facilities?
A. A dry-pipe sprinkler system
B. A deluge sprinkler system
C. A wet-pipe system
D. A halon sprinkler system
عرض الإجابة
اجابة صحيحة: B
السؤال #90
The advantage of a bottom-up approach to the development of organizational policies is that the policies:
A. are developed for the organization as a whol
B. are more likely to be derived as a result of a risk assessmen
C. will not conflict with overall corporate polic
D. ensure consistency across the organizatio
عرض الإجابة
اجابة صحيحة: A
السؤال #91
What is a common vulnerability, allowing denial-of-service attacks?
A. Assigning access to users according to the principle of least privilege
B. Lack of employee awareness of organizational security policies
C. Improperly configured routers and router access lists
D. Configuring firewall access rules
عرض الإجابة
اجابة صحيحة: A
السؤال #92
A hardware control that helps to detect errors when data are communicated from one computer to another is known as a:
A. duplicate chec
B. table looku
C. validity chec
D. parity chec
عرض الإجابة
اجابة صحيحة: A
السؤال #93
What is the primary objective of a control self-assessment (CSA) program?
A. Enhancement of the audit responsibility
B. Elimination of the audit responsibility
C. Replacement of the audit responsibility
D. Integrity of the audit responsibility
عرض الإجابة
اجابة صحيحة: A
السؤال #94
In an IS audit of several critical servers, the IS auditor wants to analyze audit trails to discover potential anomalies in user or system behavior. Which of the following tools are MOST suitable for performing that task?
A. CASE tools
B. Embedded data collection tools
C. Heuristic scanning tools
D. Trend/variance detection tools
عرض الإجابة
اجابة صحيحة: C
السؤال #95
The purpose of a checksum on an amount field in an electronic data interchange (EDI) communication of financial transactions is to ensure:
A. integrit
B. authenticit
C. authorizatio
D. nonrepudiatio
عرض الإجابة
اجابة صحيحة: C
السؤال #96
Overall business risk for a particular threat can be expressed as:
A. a product of the probability and magnitude of the impact if a threat successfully exploits a vulnerabilit
B. the magnitude of the impact should a threat source successfully exploit the vulnerabilit
C. the likelihood of a given threat source exploiting a given vulnerabilit
D. the collective judgment of the risk assessment tea
عرض الإجابة
اجابة صحيحة: B

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.