السؤال #1

Which of the following procedures would MOST effectively detect the loading of illegal software packages onto a network?

A. The use of diskless workstations

B. Periodic checking of hard drives

C. The use of current antivirus software

D. Policies that result in instant dismissal if violated

عرض الإجابة

اجابة صحيحة: A

السؤال #2

During a human resources (HR) audit, an IS auditor is informed that there is a verbal agreement between the IT and HR departments as to the level of IT services expected. In this situation, what should the IS auditor do FIRST?

A. Postpone the audit until the agreement is documented

B. Report the existence of the undocumented agreement to senior management

C. Confirm the content of the agreement with both departments

D. Draft a service level agreement (SLA) for the two departments

عرض الإجابة

اجابة صحيحة: A

السؤال #3

Which of the following types of data validation editing checks is used to determine if a field contains data, and not zeros or blanks?

A. Check digit

B. Existence check

C. Completeness check

D. Reasonableness check

عرض الإجابة

اجابة صحيحة: C

السؤال #4

An existing system is being extensively enhanced by extracting and reusing design and program components. This is an example of:

A. reverse engineerin

B. prototypin

C. software reus

D. reengineerin

عرض الإجابة

اجابة صحيحة: B

السؤال #5

An IS auditor invited to a development project meeting notes that no project risks have been documented. When the IS auditor raises this issue, the project manager responds that it is too early to identify risks and that, if risks do start impactingthe project, a risk manager will be hired. The appropriate response of the IS auditor would be to:

A. stress the importance of spending time at this point in the project to consider and document risks, and to develop contingency plan

B. accept the project manager's position as the project manager is accountable for the outcome of the projec

C. offer to work with the risk manager when one is appointe

D. inform the project manager that the IS auditor will conduct a review of the risks at the completion of the requirements definition phase of the projec

عرض الإجابة

اجابة صحيحة: C

السؤال #6

In an organization, the responsibilities for IT security are clearly assigned and enforced and an IT security risk and impact analysis is consistently performed. This represents which level of ranking in the information security governance maturity model?

A. Optimized

B. Managed

C. Defined

D. Repeatable

عرض الإجابة

اجابة صحيحة: B

السؤال #7

An IS auditor is reviewing an IT security risk management program. Measures of security risk should:

A. address all of the network risk

B. be tracked over time against the IT strategic pla

C. take into account the entire IT environmen

D. result in the identification of vulnerability tolerance

عرض الإجابة

اجابة صحيحة: B

السؤال #8

Responsibility and reporting lines cannot always be established when auditing automated systems since:

A. diversified control makes ownership irrelevan

B. staff traditionally changes jobs with greater frequenc

C. ownership is difficult to establish where resources are share

D. duties change frequently in the rapid development of technolog

عرض الإجابة

اجابة صحيحة: C

السؤال #9

An IS auditor finds out-of-range data in some tables of a database. Which of the following controls should the IS auditor recommend to avoid this situation?

A. Log all table update transaction

B. implement before-and-after image reportin

C. Use tracing and taggin

D. implement integrity constraints in the databas

عرض الإجابة

اجابة صحيحة: B

السؤال #10

Topic 5If a database is restored using before-image dumps, where should the process begin following an interruption?

A. Before the last transaction

B. After the last transaction

C. As the first transaction after the latest checkpoint

D. At the last transaction before the latest checkpoint

عرض الإجابة

اجابة صحيحة: A

السؤال #11

When participating in a systems-development project, an IS auditor should focus on system controls rather than ensuring that adequate and complete documentation exists for all projects. True or false?

A. True

B. False

عرض الإجابة

اجابة صحيحة: A

السؤال #12

Which of the following is the BEST type of program for an organization to implement to aggregate, correlate and store different log and event files, and then produce weekly and monthly reports for IS auditors?

A. A security information event management (SIEM) product

B. An open-source correlation engine

C. A log management tool

D. An extract, transform, load (ETL) system

عرض الإجابة

اجابة صحيحة: A

السؤال #13

In a client-server system, which of the following control techniques is used to inspect activity from known or unknown users?

A. Diskless workstations

B. Data encryption techniques

C. Network monitoring devices

D. Authentication systems

عرض الإجابة

اجابة صحيحة: C

السؤال #14

An installed Ethernet cable run in an unshielded twisted pair (UTP) network is more than 100 meters long. Which of the following could be caused by the length of the cable?

A. Electromagnetic interference (EMI)

B. Cross-talk

C. Dispersion

D. Attenuation

عرض الإجابة

اجابة صحيحة: C

السؤال #15

An IS auditor reviews an organizational chart PRIMARILY for:

A. an understanding of workflow

B. investigating various communication channel

C. understanding the responsibilities and authority of individual

D. investigating the network connected to different employee

عرض الإجابة

اجابة صحيحة: B

السؤال #16

Which of the following network configuration options contains a direct link between any two host machines?

A. Bus

B. Ring

C. Star

D. Completely connected (mesh)

عرض الإجابة

اجابة صحيحة: D

السؤال #17

An IS auditor reviewing an accounts payable system discovers that audit logs are not being reviewed. When this issue is raised with management the response is that additional controls are not necessary because effective system access controls are inplace. The BEST response the auditor can make is to:

A. review the integrity of system access control

B. accept management's statement that effective access controls are in plac

C. stress the importance of having a system control framework in plac

D. review the background checks of the accounts payable staf

عرض الإجابة

اجابة صحيحة: D

السؤال #18

An IS auditor evaluating logical access controls should FIRST:

A. document the controls applied to the potential access paths to the syste

B. test controls over the access paths to determine if they are functiona

C. evaluate the security environment in relation to written policies and practices

D. obtain an understanding of the security risks to information processin

عرض الإجابة

اجابة صحيحة: D

السؤال #19

Topic 5In addition to the backup considerations for all systems, which of the following is an important consideration in providingbackup for online systems?

A. Maintaining system software parameters

B. Ensuring periodic dumps of transaction logs

C. Ensuring grandfather-father-son file backups

D. Maintaining important data at an offsite location

عرض الإجابة

اجابة صحيحة: B

السؤال #20

What protects an application purchaser's ability to fix or change an application in case the application vendor goes out of business?

A. Assigning copyright to the organization

B. Program back doors

C. Source code escrow

D. Internal programming expertise

عرض الإجابة

اجابة صحيحة: A

السؤال #21

A company uses a bank to process its weekly payroll. Time sheets and payroll adjustment forms (e.g., hourly rate changes, terminations) are completed and delivered to the bank, which prepares checks (cheques) and reports for distribution. To BEST ensure payroll data accuracy:

A. payroll reports should be compared to input form

B. gross payroll should be recalculated manuall

C. checks (cheques) should be compared to input form

D. checks (cheques) should be reconciled with output report

عرض الإجابة

اجابة صحيحة: D

السؤال #22

Which testing approach is MOST appropriate to ensure that internal application interface errors are identified as soon as possible?

A. Bottom up

B. Sociability testing

C. Top-down

D. System test

عرض الإجابة

اجابة صحيحة: A

السؤال #23

An organization has outsourced its help desk. Which of the following indicators would be the best to include in the SLA?

A. Overall number of users supported

B. Percentage of incidents solved in the first call

C. Number of incidents reported to the help desk

D. Number of agents answering the phones

عرض الإجابة

اجابة صحيحة: C

السؤال #24

To determine which users can gain access to the privileged supervisory state, which of the following should an IS auditor review?

A. System access log files

B. Enabled access control software parameters

C. Logs of access control violations

D. System configuration files for control options used

عرض الإجابة

اجابة صحيحة: C

السؤال #25

During the collection of forensic evidence, which of the following actions would MOST likely result in the destruction or corruption of evidence on a compromised system?

A. Dumping the memory content to a file

B. Generating disk images of the compromised system

C. Rebooting the system

D. Removing the system from the network

عرض الإجابة

اجابة صحيحة: C

السؤال #26

Topic 5Which of the following is the MOST important criterion when selecting a location for an offsite storage facility for IS backupfiles? The offsite facility must be:

A. physically separated from the data center and not subject to the same risks

B. given the same level of protection as that of the computer data center

C. outsourced to a reliable third party

D. equipped with surveillance capabilities

عرض الإجابة

اجابة صحيحة: A

السؤال #27

An integrated test facility is considered a useful audit tool because it:

A. is a cost-efficient approach to auditing application control

B. enables the financial and IS auditors to integrate their audit test

C. compares processing output with independently calculated dat

D. provides the IS auditor with a tool to analyze a large range of information

عرض الإجابة

اجابة صحيحة: C

السؤال #28

When reviewing procedures for emergency changes to programs, the IS auditor should verify that the procedures:

A. allow changes, which will be completed using after-the-fact follow-u

B. allow undocumented changes directly to the production librar

C. do not allow any emergency change

D. allow programmers permanent access to production program

عرض الإجابة

اجابة صحيحة: C

السؤال #29

Topic 5Which of the following procedures would BEST determine whether adequate recovery/restart procedures exist?

A. Reviewing program code

B. Reviewing operations documentation

C. Turning off the UPS, then the power

D. Reviewing program documentation

عرض الإجابة

اجابة صحيحة: B

السؤال #30

The MOST significant security concern when using flash memory (e.g., USB removable disk) is that the:

A. contents are highly volatil

B. data cannot be backed u

C. data can be copie

D. device may not be compatible with other peripheral

عرض الإجابة

اجابة صحيحة: B

السؤال #31

What are used as the framework for developing logical access controls?

A. Information systems security policies

B. Organizational security policies

C. Access Control Lists (ACL)

D. Organizational charts for identifying roles and responsibilities

عرض الإجابة

اجابة صحيحة: A

السؤال #32

During the audit of an acquired software package, an IS auditor learned that the software purchase was based on information obtained through the Internet, rather than from responses to a request for proposal (RFP). The IS auditor should FIRST:

A. test the software for compatibility with existing hardwar

B. perform a gap analysi

C. review the licensing polic

D. ensure that the procedure had been approve

عرض الإجابة

اجابة صحيحة: C

السؤال #33

Topic 5An IS auditor performing a review of the backup processing facilities should be MOST concerned that:

A. adequate fire insurance exists

B. regular hardware maintenance is performed

C. offsite storage of transaction and master files exists

D. backup processing facilities are fully tested

عرض الإجابة

اجابة صحيحة: C

السؤال #34

When using an integrated test facility (ITF), an IS auditor should ensure that:

A. production data are used for testin

B. test data are isolated from production dat

C. a test data generator is use

D. master files are updated with the test dat

عرض الإجابة

اجابة صحيحة: D

السؤال #35

Topic 5Which of the following would BEST support 24/7 availability?

A. Daily backup

B. offsite storage

C. Mirroring

D. Periodic testing

عرض الإجابة

اجابة صحيحة: C

السؤال #36

Topic 5When reviewing the procedures for the disposal of computers, which of the following should be the GREATEST concern forthe IS auditor?

A. Hard disks are overwritten several times at the sector level, but are not reformatted before leaving the organization

B. All files and folders on hard disks are separately deleted, and the hard disks are formatted before leaving the organization

C. Hard disks are rendered unreadable by hole-punching through the platters at specific positions before leaving the organization

D. The transport of hard disks is escorted by internal security staff to a nearby metal recycling company, where the hard disks are registered and then shredded

عرض الإجابة

اجابة صحيحة: B

السؤال #37

The BEST way to minimize the risk of communication failures in an e-commerce environment would be to use:

A. compression software to minimize transmission duratio

B. functional or message acknowledgment

C. a packet-filtering firewall to reroute message

D. leased asynchronous transfer mode line

عرض الإجابة

اجابة صحيحة: D

السؤال #38

Which of the following is widely accepted as one of the critical components in networking management?

A. Configuration management

B. Topological mappings

C. Application of monitoring tools

D. Proxy server troubleshooting

عرض الإجابة

اجابة صحيحة: C

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان

عرض الإجابات بعد التقديم

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع! احصل الان

عرض الإجابات بعد التقديم

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان