لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
What are often the primary safeguards for systems software and data?
A. Administrative access controls
B. Logical access controls
C. Physical access controls
D. Detective access controls
عرض الإجابة
اجابة صحيحة: A
السؤال #2
Which of the following protocol does NOT work at the Application layer of the TCP/IP Models?
A. HTTP
B. FTP
C. NTP
D. TCP
عرض الإجابة
اجابة صحيحة: B
السؤال #3
During a post-implementation review of an enterprise resource management system, an IS auditor would MOST likely:
A. review access control configuration
B. evaluate interface testing
C. review detailed design documentation
D. evaluate system testing
عرض الإجابة
اجابة صحيحة: A
السؤال #4
Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization's change control procedures?
A. Review software migration records and verify approvals
B. Identify changes that have occurred and verify approvals
C. Review change control documentation and verify approvals
D. Ensure that only appropriate staff can migrate changes into production
عرض الإجابة
اجابة صحيحة: D
السؤال #5
Which of the following exposures associated with the spooling of sensitive reports for offline printing would an IS auditor consider to be the MOST serious?
A. Sensitive data can be read by operators
B. Data can be amended without authorization
C. Unauthorized report copies can be printed
D. Output can be lost in the event of system failure
عرض الإجابة
اجابة صحيحة: C
السؤال #6
To prevent unauthorized entry to the data maintained in a dial-up fast response system, an IS auditor should recommend:
A. online terminals be placed in restricted areas
B. online terminals be equipped with key locks
C. ID cards be required to gain access to online terminals
D. online access be terminated after three unsuccessful attempts
عرض الإجابة
اجابة صحيحة: D
السؤال #7
Which of the following is a software application that pretend to be a server on the Internet and is not set up purposely to actively protect against break-ins?
A. Bastion host
B. Honey pot
C. Dual Homed
D. Demilitarize Zone (DMZ)
عرض الإجابة
اجابة صحيحة: C
السؤال #8
An IS auditor's primary concern when application developers wish to use a copy of yesterday's production transaction file for volume tests is that:
A. users may prefer to use contrived data for testing
B. unauthorized access to sensitive data may result
C. error handling and credibility checks may not be fully proven
D. full functionality of the new process is not necessarily tested
عرض الإجابة
اجابة صحيحة: B
السؤال #9
Which of the following attack occurs when a malicious action is performed by invoking the operating system to execute a particular system call?
A. Eavesdropping
B. Traffic analysis
C. Masquerading
D. Interrupt attack
عرض الإجابة
اجابة صحيحة: A
السؤال #10
Utility programs that assemble software modules needed to execute a machine instruction application program version are:
A. text editors
B. program library managers
C. linkage editors and loaders
D. debuggers and development aids
عرض الإجابة
اجابة صحيحة: B
السؤال #11
An organization developed a comprehensive three-year IT strategic plan. Halfway into the plan, a major legislative change impacting the organization is enacted. Which of the following should be management’s NEXT course of action?
A. Develop specific procedural documentation related to the changed legislation
B. Assess the legislation to determine whether are required to the strategic IT plan
C. Perform a risk management of the legislative changes
D. Develop a new IT strategic plan that encompasses the new legislation
عرض الإجابة
اجابة صحيحة: D
السؤال #12
Which of the following statement correctly describes the difference between symmetric key encryption and asymmetric key encryption?
A. In symmetric key encryption the same key is used for encryption and decryption where as asymmetric key uses private key for encryption and decryption
B. In symmetric key encryption the public key is used for encryption and the symmetric key for decryption
C. In symmetric key encryption the same key is used for encryption and decryption where as in asymmetric key encryption the public key is used for encryption and private key is used for decryption
D. Both uses private key for encryption and the decryption process can be done using public key
عرض الإجابة
اجابة صحيحة: B
السؤال #13
When an information security policy has been designed, it is MOST important that the information security policy be:
A. stored offsite
B. written by IS management
C. circulated to users
D. updated frequently
عرض الإجابة
اجابة صحيحة: A
السؤال #14
Which of the following is a control over database administration activities?
A. A database checkpoint to restart processing after a system failure
B. Database compression to reduce unused space
C. Supervisory review of access logs
D. Backup and recovery procedures to ensure database availability
عرض الإجابة
اجابة صحيحة: C
السؤال #15
Which of the following is a control to compensate for a programmer having access to accounts payable production data?
A. Processing controls such as range checks and logic edits
B. Reviewing accounts payable output reports by data entry
C. Reviewing system-produced reports for checks (cheques) over a stated amount
D. Having the accounts payable supervisor match all checks (cheques) to approved invoices
عرض الإجابة
اجابة صحيحة: D
السؤال #16
When assessing the portability of a database application, the IS auditor should verify that:
A. a structured query language (SQL) is used
B. information import and export procedures with other systems exist
C. indexes are used
D. all entities have a significant name and identified primary and foreign keys
عرض الإجابة
اجابة صحيحة: D
السؤال #17
From a risk management perspective, which of the following is MOST important to be tracked in continuous monitoring?
A. Number of prevented attacks
B. Changes in the threat environment
C. Changes in user privileges
D. Number of failed logins
عرض الإجابة
اجابة صحيحة: B
السؤال #18
Which of the following are effective controls for detecting duplicate transactions such as payments made or received?
A. Concurrency controls
B. Reasonableness checks
C. Time stamps
D. Referential integrity controls
عرض الإجابة
اجابة صحيحة: B
السؤال #19
Senior management has allocated funding to each of the organization’s divisions to address information security vulnerabilities. The funding is based on each division’s technology budget from the previous fiscal year. Which of the following should be of GREATEST concern to the information security manager?
A. Redundant controls may be implemented across divisions
B. Information security governance could be decentralized by divisions
C. Areas of highest risk may not be adequately prioritized for treatment
D. Return on investment may be inconsistently reported to senior management
عرض الإجابة
اجابة صحيحة: D
السؤال #20
Which of the following is an objective of a control self-assessment (CSA) program?
A. Concentration on areas of high risk
B. Replacement of audit responsibilities
C. Completion of control questionnaires
D. Collaborative facilitative workshops
عرض الإجابة
اجابة صحيحة: A
السؤال #21
What is the key distinction between encryption and hashing algorithms?
A. Hashing algorithms ensure data confidentiality
B. Hashing algorithms are irreversible
C. Encryption algorithms ensure data integrity
D. Encryption algorithms are not irreversible
عرض الإجابة
اجابة صحيحة: D
السؤال #22
Which of the following answer specifies the correct sequence of levels within the Capability Maturity Model (CMM)?
A. Initial, Managed, Defined, Quantitatively managed, optimized
B. Initial, Managed, Defined, optimized, Quantitatively managed
C. Initial, Defined, Managed, Quantitatively managed, optimized
D. Initial, Managed, Quantitatively managed, Defined, optimized
عرض الإجابة
اجابة صحيحة: B
السؤال #23
A month after a company purchased and implemented system and performance monitoring software, reports were too large and therefore were not reviewed or acted upon. The MOST effective plan of action would be to:
A. use analytical tools to produce exception reports from the system and performance monitoring software
B. re-install the system and performance monitoring software
C. evaluate replacement systems and performance monitoring software
D. restrict functionality of system monitoring software to security-related events
عرض الإجابة
اجابة صحيحة: A
السؤال #24
A tax calculation program maintains several hundred tax rates. The BEST control to ensure that tax rates entered into the program are accurate is:
A. an independent review of the transaction listing
B. a programmed edit check to prevent entry of invalid data
C. programmed reasonableness checks with 20 percent data entry range
D. a visual verification of data entered by the processing department
عرض الإجابة
اجابة صحيحة: B
السؤال #25
When an organization and its IT-hosting service provider are establishing a contract with each other, it is MOST important that the contract includes:
A. each party’s security responsibilities
B. details of expected security metrics
C. penalties for noncompliance with security policy
D. recovery time objectives (RTOs)
عرض الإجابة
اجابة صحيحة: C
السؤال #26
Reevaluation of risk is MOST critical when there is:
A. resistance to the implementation of mitigating controls
B. a change in security policy
C. a management request for updated security reports
D. a change in the threat landscape
عرض الإجابة
اجابة صحيحة: A
السؤال #27
Which of the following is the MOST important aspect relating to employee termination?
A. The details of employee have been removed from active payroll files
B. Company property provided to the employee has been returned
C. User ID and passwords of the employee have been deleted
D. The appropriate company staff are notified about the termination
عرض الإجابة
اجابة صحيحة: B
السؤال #28
Section: The process of Auditing Information System Explanation Explanation/Reference: Which of the following should an IS auditor review FIRST when planning a customer data privacy audit?
A. Legal and compliance requirements
B. Customer agreements
C. Organizational policies and procedures
D. Data classification
عرض الإجابة
اجابة صحيحة: A
السؤال #29
Which of the following is a guiding best practice for implementing logical access controls?
A. Implementing the Biba Integrity Model
B. Access is granted on a least-privilege basis, per the organization's data owners
C. Implementing the Take-Grant access control model
D. Classifying data according to the subject’s requirements
عرض الإجابة
اجابة صحيحة: A
السؤال #30
What type of transmission requires modems?
A. Encrypted
B. Digital
C. Analog
D. Modulated
عرض الإجابة
اجابة صحيحة: C
السؤال #31
Which of the following could lead to an unintentional loss of confidentiality?
A. Lack of employee awareness of a company's information security policy
B. Failure to comply with a company's information security policy
C. A momentary lapse of reason
D. Lack of security policy enforcement procedures
عرض الإجابة
اجابة صحيحة: D
السؤال #32
An IS auditor performing an application maintenance audit would review the log of program changes for the:
A. authorization for program changes
B. creation date of a current object module
C. number of program changes actually made
D. creation date of a current source program
عرض الإجابة
اجابة صحيحة: A
السؤال #33
Business continuity/disaster recovery is PRIMARILY the responsibility of:
A. IS management
B. business unit managers
C. the security administrator
D. the board of directors
عرض الإجابة
اجابة صحيحة: D
السؤال #34
When performing a general controls review, an IS auditor checks the relative location of the computer room inside the building. What potential threat is the IS auditor trying to identify?
A. Social engineering
B. Windstorm
C. Earthquake
D. Flooding
عرض الإجابة
اجابة صحيحة: B
السؤال #35
A key element in a risk analysis is/are:
A. audit planning
B. controls
C. vulnerabilities
D. liabilities
عرض الإجابة
اجابة صحيحة: B
السؤال #36
An organization is introducing a single sign-on (SSO) system. Under the SSO system, users will be required to enter only one user ID and password for access to all application systems. Under the SSO system, unauthorized access:
A. is less likely
B. is more likely
C. will have a greater impact
D. will have a smaller impact
عرض الإجابة
اجابة صحيحة: A
السؤال #37
Regarding digital signature implementation, which of the following answers is correct?
A. A digital signature is created by the sender to prove message integrity by encrypting the message with the sender's private key
B. A digital signature is created by the sender to prove message integrity by encrypting the message with the recipient's public key
C. A digital signature is created by the sender to prove message integrity by initially using a hashing algorithm to produce a hash value or message digest from the entire message contents
D. A digital signature is created by the sender to prove message integrity by encrypting the message with the sender's public key
عرض الإجابة
اجابة صحيحة: B
السؤال #38
Which of the following is the PRIMARY benefit of using an integrated audit approach?
A. Higher acceptance of the findings from the audited business areas
B. The avoidance of duplicated work and redundant recommendations
C. Enhanced allocation of resources and reduced audit costs
D. A holistic perspective of overall risk and a better understanding of controls
عرض الإجابة
اجابة صحيحة: A
السؤال #39
An organization has implemented an automated match between purchase orders, good receipts, and invoices. Which of the following risks will this control BEST mitigate?
A. Customer discounts not being applied
B. A legitimate transaction being paid multiple times
C. Invalid payments being processed by the system
D. Delay of purchase orders
عرض الإجابة
اجابة صحيحة: A
السؤال #40
Which of the following is the BEST way to increase the effectiveness of security incident detection?
A. Educating end users on identifying suspicious activity
B. Establishing service level agreements (SLAs) with appropriate forensic service providers
C. Determining containment activities based on the type of incident
D. Documenting root cause analysis procedures
عرض الإجابة
اجابة صحيحة: C
السؤال #41
If senior management is not committed to strategic planning, how likely is it that a company's implementation of IT will be successful?
A. IT cannot be implemented if senior management is not committed to strategic planning
B. More likely
C. Less likely
D. Strategic planning does not affect the success of a company's implementation of IT
عرض الإجابة
اجابة صحيحة: C
السؤال #42
An IS auditor has found that a vendor has gone out of business and the escrow has an older version of the source code. What is the auditor’s BEST recommendation for the organization?
A. Continue using the existing application since it meets the current requirements
B. Prepare a maintenance plan that will support the application using the existing code
C. Bring the escrow version up to date
D. Undertake an analysis to determine the business risk
عرض الإجابة
اجابة صحيحة: S
السؤال #43
Which of the following ACID property ensures that transaction will bring the database from one valid state to another?
A. Atomicity
B. Consistency
C. Isolation
D. Durability
عرض الإجابة
اجابة صحيحة: B
السؤال #44
Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?
A. A substantive test of program library controls
B. A compliance test of program library controls
C. A compliance test of the program compiler controls
D. A substantive test of the program compiler controls
عرض الإجابة
اجابة صحيحة: D
السؤال #45
Which of the following transmission media is LEAST vulnerable to cross talk?
A. Copper cable
B. Fiber Optics
C. Satellite Radio Link
D. Coaxial cable
عرض الإجابة
اجابة صحيحة: A
السؤال #46
Which of the following attack could be avoided by creating more security awareness in the organization and provide adequate security knowledge to all employees?
A. surf attack
B. Traffic analysis
C. Phishing
D. Interrupt attack
عرض الإجابة
اجابة صحيحة: C
السؤال #47
Which of the following data validation edits is effective in detecting transposition and transcription errors?
A. Range check
B. Check digit
C. Validity check
D. Duplicate check
عرض الإجابة
اجابة صحيحة: A
السؤال #48
Which of the following is MOST is critical during the business impact assessment phase of business continuity planning?
A. End-user involvement
B. Senior management involvement
C. Security administration involvement
D. IS auditing involvement
عرض الإجابة
اجابة صحيحة: B
السؤال #49
What is the PRIMARY objective of performing a vulnerability assessment following a business system update?
A. Update the threat landscape
B. Review the effectiveness of controlsC
D. Improve the change control process
عرض الإجابة
اجابة صحيحة: B
السؤال #50
For an online transaction processing system, transactions per second is a measure of:
A. throughput
B. response time
C. turnaround time
D. uptime
عرض الإجابة
اجابة صحيحة: B
السؤال #51
In which of the following network configurations would problem resolution be the easiest?
A. Bus
B. Ring
C. Star
D. Mesh
عرض الإجابة
اجابة صحيحة: B
السؤال #52
Facilitating telecommunications continuity by providing redundant combinations of local carrier T-1 lines, microwaves and/or coaxial cables to access the local communication loop is:
A. last mile circuit protection
B. long haul network diversity
C. diverse routing
D. alternative routing
عرض الإجابة
اجابة صحيحة: A
السؤال #53
In regard to moving an application program from the test environment to the production environment, the BEST control would be provided by having the:
A. application programmer copy the source program and compiled object module to the production libraries
B. as paul says,
C. production control group compile the object module to the production libraries using the source program in the test environment
D. production control group copy the source program to the production libraries and then compile the program
عرض الإجابة
اجابة صحيحة: D
السؤال #54
What type of BCP test uses actual resources to simulate a system crash and validate the plan's effectiveness?
A. Paper
B. Preparedness
C. Walk-through
D. Parallel
عرض الإجابة
اجابة صحيحة: C
السؤال #55
Which of the following is a passive attack on a network?
A. Message service interruption
B. Message modification
C. Traffic analysis
D. Sequence analysis
عرض الإجابة
اجابة صحيحة: B
السؤال #56
Which of the following would be best suited to oversee the development of an information security policy?
A. System Administrators
B. End User
C. Security Officers
D. Security administrators
عرض الإجابة
اجابة صحيحة: A
السؤال #57
Which of the following is a technique that could be used to capture network user passwords?
A. Encryption
B. Sniffing
C. Spoofing
D. A signed document cannot be altered
عرض الإجابة
اجابة صحيحة: C
السؤال #58
Which of the following attack redirects outgoing message from the client back onto the client, preventing outside access as well as flooding the client with the sent packets?
A. Banana attack
B. Brute force attack
C. Buffer overflow
D. Pulsing Zombie
عرض الإجابة
اجابة صحيحة: B
السؤال #59
The MAIN purpose of documenting information security guidelines for use within a large, international organization is to:
A. ensure that all business units have the same strategic security goals
B. provide evidence for auditors that security practices are adequate
C. explain the organization’s preferred practices for security
D. ensure that all business units implement identical security procedures
عرض الإجابة
اجابة صحيحة: D
السؤال #60
Management has decided to include a compliance manager in the approval process for a new business that may require changes to the IT infrastructure. Which of the following is the GREATEST benefit of this approach?
A. Security breach incidents can be identified in early stages
B. Regulatory risk exposures can be identified before they materialize
C. Fewer reviews are needed when updating the IT compliance process
D. Process accountabilities to external stakeholders are improved
عرض الإجابة
اجابة صحيحة: D
السؤال #61
Which of the following types of controls would be MOST important to implement when digitizing human resource (HR) records?
A. Change management controls
B. Software development controls
C. Project management controls
D. Access management controls
عرض الإجابة
اجابة صحيحة: C
السؤال #62
When choosing the best controls to mitigate risk to acceptable levels, the information security manager’s decision should be MAINLY driven by:
A. cost-benefit analysis
B. regulatory requirements
C. best practices
D. control framework
عرض الإجابة
اجابة صحيحة: A
السؤال #63
An advantage in using a bottom-up versus a top-down approach to software testing is that:
A. interface errors are detected earlier
B. confidence in the system is achieved earlier
C. errors in critical modules are detected earlier
D. major functions and processing are tested earlier
عرض الإجابة
اجابة صحيحة: B
السؤال #64
During an IS audit, one of your auditor has observed that some of the critical servers in your organization can be accessed ONLY by using shared/common user name and password. What should be the auditor's PRIMARY concern be with this approach?
A. Password sharing
B. Accountability
C. Shared account management
D. Difficulty in auditing shared account
عرض الإجابة
اجابة صحيحة: C
السؤال #65
A client/server configuration will:
A. optimize system performance by having a server on a front-end and clients on a host
B. enhance system performance through the separation of front-end and back-end processes
C. keep track of all the clients using the IS facilities of a service organization
D. limit the clients and servers’ relationship by limiting the IS facilities to a single hardware system
عرض الإجابة
اجابة صحيحة: A
السؤال #66
Adding security requirements late in the software development life cycle would MOST likely result in:
A. cost savings
B. clearer understanding of requirements
C. operational efficiency
D. compensating controls
عرض الإجابة
اجابة صحيحة: D
السؤال #67
When implementing continuous monitoring systems an IS auditor's first step is to identify:
A. reasonable target thresholds
B. high-risk areas within the organization
C. the location and format of output files
D. applications that provide the highest potential payback
عرض الإجابة
اجابة صحيحة: A
السؤال #68
An IS auditor finds that a company is using a payroll provider hosted in a foreign country. Of the following, the MOST important audit consideration is whether the provider’s operations:
A. meet industry best practice and standards
B. comply with applicable laws and regulations
C. are shared with other companies using the provider
D. are aligned with the company’s culture
عرض الإجابة
اجابة صحيحة: A
السؤال #69
Which of the following BEST contributes to the successful management of security incidents?
A. Tested controls
B. Established procedures
C. Established policies
D. Current technologies
عرض الإجابة
اجابة صحيحة: B
السؤال #70
Which of the following would an IS auditor consider to be the MOST important to review when conducting a business continuity audit?
A. A hot site is contracted for and available as needed
B. A business continuity manual is available and current
C. Insurance coverage is adequate and premiums are current
D. Media backups are performed on a timely basis and stored offsite
عرض الإجابة
اجابة صحيحة: D
السؤال #71
Which of the following is a concern when data is transmitted through secure socket layer (SSL) encryption implemented on a trading partner's server?
A. Organization does not have control over encryption
B. Messages are subjected to wire tapping
C. Data might not reach the intended recipient
D. The communication may not be secure
عرض الإجابة
اجابة صحيحة: A
السؤال #72
Which of the following technique is used for speeding up network traffic flow and making it easier to manage?
A. Point-to-point protocol
B. X
C. MPLS
D. ISDN
عرض الإجابة
اجابة صحيحة: A
السؤال #73
Which of the following provides the BEST assurance that security policies are applied across business operations?
A. Organizational standards are required to be formally accepted
B. Organizational standards are enforced by technical controls
C. Organizational standards are included in awareness training
D. Organizational standards are documented in operational procedures
عرض الإجابة
اجابة صحيحة: B
السؤال #74
During a review of a customer master file an IS auditor discovered numerous customer name duplications arising from variations in customer first names. To determine the extent of the duplication the IS auditor would use:
A. test data to validate data input
B. test data to determine system sort capabilities
C. generalized audit software to search for address field duplications
D. generalized audit software to search for account field duplications
عرض الإجابة
اجابة صحيحة: B
السؤال #75
To prevent an organization's computer systems from becoming part of a distributed denial-of-service attack, IP packets containing addresses that are listed as unroutable can be isolated by:
A. establishing outbound traffic filtering
B. enabling broadcast blocking
C. limiting allowable services
D. network performance monitoring
عرض الإجابة
اجابة صحيحة: C
السؤال #76
Which of the following layer of an enterprise data flow architecture is responsible for data copying, transformation in Data Warehouse (DW) format and quality control?
A. Data Staging and quality layer
B. Desktop Access Layer
C. Data Mart layer
D. Data access layer
عرض الإجابة
اجابة صحيحة: C
السؤال #77
The effectiveness of an incident response team will be GREATEST when:
A. the incident response process is updated based on lessons learned
B. incidents are identified using a security information and event monitoring (SIEM) system
C. the incident response team members are trained security personnel
D. the incident response team meets on a regular basis to review log files
عرض الإجابة
اجابة صحيحة: B
السؤال #78
Which of the following audit procedures would an IS auditor normally perform FIRST when reviewing an organization's systems development methodology?
A. Determine procedural adequacy
B. Analyze procedural effectiveness
C. Evaluate level of compliance with procedures
D. Compare established standards to observed procedures
عرض الإجابة
اجابة صحيحة: C
السؤال #79
When logging on to an online system, which of the following processes would the system perform FIRST?
A. Initiation
B. Verification
C. Authorization
D. Authentication
عرض الإجابة
اجابة صحيحة: C
السؤال #80
Following a reorganization of a company's legacy database, it was discovered that records were accidentally deleted. Which of the following controls would have MOST effectively detected this occurrence?
A. Range check
B. Table lookups
C. Run-to-run totals
D. One-for-one checking
عرض الإجابة
اجابة صحيحة: C
السؤال #81
Sales orders are automatically numbered sequentially at each of a retailer's multiple outlets. Small orders are processed directly at the outlets, with large orders sent to a central production facility. The MOST appropriate control to ensure that all orders transmitted to production are received and processed would be to:
A. send and reconcile transaction counts and totals
B. have data transmitted back to the local site for comparison
C. compare data communications protocols with parity checking
D. track and account for the numerical sequence of sales orders at the production facility
عرض الإجابة
اجابة صحيحة: C
السؤال #82
Which of the following procedures would MOST effectively detect the loading of illegal software packages onto a network?
A. The use of diskless workstations
B. Periodic checking of hard drives
C. The use of current antivirus software
D. Policies that result in instant dismissal if violated
عرض الإجابة
اجابة صحيحة: C
السؤال #83
Which of the following BEST describes a common risk in implementing a new application software package?
A. Parameter settings are incorrect
B. Transaction volume is excessive
C. Sensitivity of transactions is high
D. The application lacks audit trails
عرض الإجابة
اجابة صحيحة: C
السؤال #84
Which of the following manages the digital certificate life cycle to ensure adequate security and controls exist in digital signature applications related to e-commerce?
A. Registration authority
B. Certification authority
C. Certification relocation list
D. Certification practice statement
عرض الإجابة
اجابة صحيحة: A
السؤال #85
Which of the following is the MOST important role of the information security manager when the organization is in the process of adopting emerging technologies?
A. Understanding the impact on existing resources
B. Assessing how peer organizations using the same technologies have been impacted
C. Developing training for end users to familiarize them with the new technology
D. Reviewing vendor documentation and service levels agreements
عرض الإجابة
اجابة صحيحة: C
السؤال #86
Who is ultimately responsible and accountable for reviewing user access to systems?
A. Systems security administrators
B. Data custodians
C. Data owners
D. Information systems auditors
عرض الإجابة
اجابة صحيحة: B
السؤال #87
The management of an organization has decided to establish a security awareness program. Which of the following would MOST likely be a part of the program?
A. Utilization of an intrusion detection system to report incidents
B. Mandating the use of passwords to access all software
C. Installing an efficient user log system to track the actions of each user
D. Provide training on a regular basis to all current and new employees
عرض الإجابة
اجابة صحيحة: C
السؤال #88
Which of the following cloud deployment model is formed by the composition of two or more cloud deployment mode?
A. Private Cloud
B. Community Cloud
C. Public Cloud
D. Hybrid Cloud
عرض الإجابة
اجابة صحيحة: A
السؤال #89
Which of the following is the MOST important outcome of testing incident response plans?
A. Internal procedures are improved
B. An action plan is available for senior management
C. Staff is educated about current threats
D. Areas requiring investment are identified
عرض الإجابة
اجابة صحيحة: C
السؤال #90
With reference to the risk management process, which of the following statements is correct?
A. Vulnerabilities can be exploited by a threat
B. Vulnerabilities are events with the potential to cause harm to IS resources
C. Vulnerability exists because of threats associated with use of information resources
D. Lack of user knowledge is an example of a threat
عرض الإجابة
اجابة صحيحة: C
السؤال #91
During an implementation review of a multiuser distributed application, the IS auditor finds minor weaknesses in three areas-the initial setting of parameters is improperly installed, weak passwords are being used and some vital reports are not being checked properly. While preparing the audit report, the IS auditor should:
A. record the observations separately with the impact of each of them marked against each respective finding
B. advise the manager of probable risks without recording the observations, as the control weaknesses are minor ones
C. record the observations and the risk arising from the collective weaknesses
D. apprise the departmental heads concerned with each observation and properly document it in the report
عرض الإجابة
اجابة صحيحة: B
السؤال #92
In a data center audit, an IS auditor finds that the humidity level is very low. The IS auditor would be MOST concerned because of an expected increase in:
A. employee discomfort
B. risk of fire
C. static electricity problems
D. backup tape failures
عرض الإجابة
اجابة صحيحة: C
السؤال #93
An internal control audit has revealed a control deficiency related to a legacy system where the compensating controls no longer appear to be effective. Which of the following would BEST help the information security manager determine the security requirements to resolve the control deficiency?
عرض الإجابة
اجابة صحيحة: D
السؤال #94
Which of the following findings would be of GREATEST concern to an IS auditor performing an information security audit of critical server log management activities?
A. Log records can be overwritten before being reviewed
B. Logging procedures are insufficiently documented
C. Log records are dynamically into different servers
D. Logs are monitored using manual processes
عرض الإجابة
اجابة صحيحة: B
السؤال #95
The PRIMARY objective of an IS audit function is to:
A. determine whether everyone uses IS resources according to their job description
B. determine whether information systems safeguard assets, and maintain data integrity
C. examine books of accounts and relative documentary evidence for the computerized system
D. determine the ability of the organization to detect fraud
عرض الإجابة
اجابة صحيحة: C
السؤال #96
Which of the following is the MOST secure and economical method for connecting a private network over the Internet in a small- to medium-sized organization?
A. Virtual private network
B. Dedicated line
C. Leased line
D. Integrated services digital network
عرض الإجابة
اجابة صحيحة: C

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.