لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Which of the following requirements in a document control standard would provide nonrepudiation to digitally signed legal documents?
A. All digital signatures must include a hashing algorithm
B. All digitally signed documents must be stored in an encrypted database
C. All documents requiring digital signatures must be signed by both the customer and a witness
D. Only secure file transfer protocol (SFTP) may be used for digitally signed documentation
عرض الإجابة
اجابة صحيحة: C
السؤال #2
An IS auditor conducting an access control review in a client-server environment discovers that all printing options are accessible by all users. In this situation, the IS auditor is MOST likely to conclude that:
A. exposure is greater, since information is available to unauthorized users
B. operating efficiency is enhanced, since anyone can print any report at any time
C. operating procedures are more effective, since information is easily available
D. user friendliness and flexibility is facilitated, since there is a smooth flow of information among users
عرض الإجابة
اجابة صحيحة: D
السؤال #3
When reviewing input controls, an IS auditor observes that, in accordance with corporate policy, procedures allow supervisory override of data validation edits. The IS auditor should:
A. not be concerned since there may be other compensating controls to mitigate the risks
B. ensure that overrides are automatically logged and subject to review
C. verify whether all such overrides are referred to senior management for approval
D. recommend that overrides not be permitted
عرض الإجابة
اجابة صحيحة: A
السؤال #4
Is it appropriate for an IS auditor from a company that is considering outsourcing its IS processing to request and review a copy of each vendor's business continuity plan?
A. Yes, because an IS auditor will evaluate the adequacy of the service bureau's plan and assist their company in implementing a complementary plan
B. Yes, because based on the plan, an IS auditor will evaluate the financial stability of the service bureau and its ability to fulfill the contract
C. No, because the backup to be provided should be specified adequately in the contract
D. No, because the service bureau's business continuity plan is proprietary information
عرض الإجابة
اجابة صحيحة: D
السؤال #5
Which of the following is the BEST way to determine if IT is delivering value to the business?
A. Distribute surveys to various end users of IT services
B. Interview key IT managers and service providers
C. Review IT service level agreement (SLA) metrics
D. Analyze downtime frequency and duration
عرض الإجابة
اجابة صحيحة: C
السؤال #6
An IS auditor is reviewing the physical security measures of an organization. Regarding the access card system, the IS auditor should be MOST concerned that:
A. nonpersonalized access cards are given to the cleaning staff, who use a sign-in sheet but show no proof of identity
B. access cards are not labeled with the organization's name and address to facilitate easy return of a lost card
C. card issuance and rights administration for the cards are done by different departments, causing unnecessary lead time for new cards
D. the computer system used for programming the cards can only be replaced after three weeks in the event of a system failure
عرض الإجابة
اجابة صحيحة: D
السؤال #7
When performing an audit of a client relationship management (CRM) system migration project, which of the following should be of GREATEST concern to an IS auditor?
A. The technical migration is planned for a Friday preceding a long weekend, and the time window is too short for completing all tasks
B. Employees pilot-testing the system are concerned that the data representation in the new system is completely different from the old system
C. A single implementation is planned, immediately decommissioning the legacy system
D. Five weeks prior to the target date, there are still numerous defects in the printing functionality of the new system’s software
عرض الإجابة
اجابة صحيحة: B
السؤال #8
What is the MOST effective method of preventing unauthorized use of data files?
A. Automated file entry
B. Tape librarian
C. Access control software
D. Locked library
عرض الإجابة
اجابة صحيحة: A
السؤال #9
Which of the following BEST supports the prioritization of new IT projects?
A. Internal control self-assessment (CSA)
B. Information systems audit
C. Investment portfolio analysis
D. Business risk assessment
عرض الإجابة
اجابة صحيحة: A
السؤال #10
Squid is an example of: E.
A. IDS
B. caching proxy
C. security proxy
D. connection proxy dialer
F. None of the choices
عرض الإجابة
اجابة صحيحة: F
السؤال #11
When a new system is to be implemented within a short time frame, it is MOST important to:
A. finish writing user manuals
B. perform user acceptance testing
C. add last-minute enhancements to functionalities
D. ensure that the code has been documented and reviewed
عرض الإجابة
اجابة صحيحة: C
السؤال #12
Which of the following refers to a primary component of corporate risk management with the goal of minimizing the risk of prosecution for software piracy due to use of unlicensed software?
A. Software audit
B. System audit
C. Application System audit
D. Test audit
E. Mainframe audit
F. None of the choices
عرض الإجابة
اجابة صحيحة: A
السؤال #13
Which of the following types of attack makes use of common consumer devices that can be used to transfer data surreptitiously?
A. Direct access attacks
B. Indirect access attacks
C. Port attack
D. Window attack
E. Social attack
F. None of the choices
عرض الإجابة
اجابة صحيحة: A
السؤال #14
Data flow diagrams are used by IS auditors to:
A. order data hierarchically
B. highlight high-level data definitions
C. graphically summarize data paths and storage
D. portray step-by-step details of data generation
عرض الإجابة
اجابة صحيحة: D
السؤال #15
When evaluating the controls of an EDI application, an IS auditor should PRIMARILY be concerned with the risk of:
A. excessive transaction turnaround time
B. application interface failure
C. improper transaction authorization
D. no validated batch totals
عرض الإجابة
اجابة صحيحة: D
السؤال #16
The information security policy that states 'each individual must have their badge read at every controlled door' addresses which of the following attack methods?
A. Piggybacking
B. Shoulder surfing
C. Dumpster diving
D. Impersonation
عرض الإجابة
اجابة صحيحة: A
السؤال #17
Which of the following is BEST suited for secure communications within a small group?
A. Key distribution center
B. Certification authority
C. Web of trust
D. Kerberos Authentication System
عرض الإجابة
اجابة صحيحة: A
السؤال #18
During an audit of a financial application, it was determined that many terminated users’ accounts were not disabled. Which of the following should be the IS auditor’s NEXT step?
A. Perform a review of terminated users’ account activity
B. Conclude that IT general controls are ineffective
C. Communicate risks to the application owner
D. Perform substantive testing of terminated users’ access rights
عرض الإجابة
اجابة صحيحة: D
السؤال #19
Which of the following is a MAJOR benefit of using a wireless network?
A. Faster network speed
B. Stronger authentication
C. Protection against eavesdropping
D. Lower installation cost
عرض الإجابة
اجابة صحيحة: A
السؤال #20
Which of the following controls would BEST detect intrusion?
A. User IDs and user privileges are granted through authorized procedures
B. Automatic logoff is used when a workstation is inactive for a particular period of time
C. Automatic logoff of the system occurs after a specified number of unsuccessful attempts
D. Unsuccessful logon attempts are monitored by the security administrator
عرض الإجابة
اجابة صحيحة: A
السؤال #21
IS audits should be selected through a risk analysis process to concentrate on:
A. those areas of greatest risk and opportunity for improvements
B. those areas of least risk and opportunity for improvements
C. those areas of the greatest financial value
D. areas led by the key people of the organization
E. random events
F. irregular events
عرض الإجابة
اجابة صحيحة: A
السؤال #22
The PRIMARY goal of a web site certificate is:
A. authentication of the web site that will be surfed
B. authentication of the user who surfs through that site
C. preventing surfing of the web site by hackers
D. the same purpose as that of a digital certificate
عرض الإجابة
اجابة صحيحة: A
السؤال #23
The ability of the internal IS audit function to achieve desired objectives depends largely on:
A. the training of audit personnel
B. the background of audit personnel
C. the independence of audit personnel
D. the performance of audit personnel
E. None of the choices
عرض الإجابة
اجابة صحيحة: ABCD
السؤال #24
Which of the following would be the MOST cost-effective recommendation for reducing the number of defects encountered during software development projects?
A. increase the time allocated for system testing
B. implement formal software inspections
C. increase the development staff
D. Require the sign-off of all project deliverables
عرض الإجابة
اجابة صحيحة: B
السؤال #25
An existing system is being extensively enhanced by extracting and reusing design and program components. This is an example of:
A. reverse engineering
B. prototyping
C. software reuse
D. reengineering
عرض الإجابة
اجابة صحيحة: A
السؤال #26
A financial services organization is developing and documenting business continuity measures. In which of the following cases would an IS auditor MOST likely raise an issue?
A. The organization uses good practice guidelines instead of industry standards and relies on external advisors to ensure the adequacy of the methodology
B. The business continuity capabilities are planned around a carefully selected set of scenarios which describe events that might happen with a reasonable probability
C. The recovery time objectives (RTOs) do not take IT disaster recovery constraints into account, such as personnel or system dependencies during the recovery phase
D. The organization plans to rent a shared alternate site with emergency workplaces which has only enough room for half of the normal staff
عرض الإجابة
اجابة صحيحة: A
السؤال #27
During the evaluation of a firm’s newly established whistleblower system, an auditor notes several findings. Which of the following should be the auditor’s GREATEST concern?
A. New employees have not been informed of the whistleblower policy
B. The whistleblower’s privacy is not protected
C. The whistleblower system does not track the time and date of submission
D. The whistleblower system is only available during business hours
عرض الإجابة
اجابة صحيحة: C
السؤال #28
The PRIMARY objective of implementing corporate governance by an organization's management is to:
A. provide strategic direction
B. control business operations
C. align IT with business
D. implement best practices
عرض الإجابة
اجابة صحيحة: B
السؤال #29
Which of the following is the MOST reliable form of single factor personal identification?
A. Smart card
B. Password
C. Photo identification
D. iris scan
عرض الإجابة
اجابة صحيحة: A
السؤال #30
Cisco IOS based routers perform basic traffic filtering via which of the following mechanisms?
A. datagram scanning
B. access lists
C. stateful inspection
D. state checking
E. link progressing
F. None of the choices
عرض الإجابة
اجابة صحيحة: B
السؤال #31
In an online banking application, which of the following would BEST protect against identity theft?
A. Encryption of personal password
B. Restricting the user to a specific terminal
C. Two-factor authentication
D. Periodic review of access logs
عرض الإجابة
اجابة صحيحة: B
السؤال #32
The extent to which data will be collected during an IS audit should be determined based on the:
A. availability of critical and required information
B. auditor's familiarity with the circumstances
C. auditee's ability to find relevant evidence
D. purpose and scope of the audit being done
عرض الإجابة
اجابة صحيحة: C
السؤال #33
In order to coordinate the activity of many infected computers, attackers have used coordinating systems known as:
A. wormnets
B. trojannets
C. spynets
D. botnets
E. rootnets
F. backdoor
عرض الإجابة
اجابة صحيحة: A
السؤال #34
Effective IT governance requires organizational structures and processes to ensure that:
A. the organization's strategies and objectives extend the IT strategy
B. the business strategy is derived from an IT strategy
C. IT governance is separate and distinct from the overall governance
D. the IT strategy extends the organization's strategies and objectives
عرض الإجابة
اجابة صحيحة: D
السؤال #35
An IS auditor seeks assurance that a new process for purging transactions does not have a detrimental impact on the integrity of a database. This could be achieved BEST by analyzing the:
A. database structure
B. design of triggers
C. results of the process in a test environment
D. entity relationship diagram of the database
عرض الإجابة
اجابة صحيحة: C
السؤال #36
A computer program used by multiple departments has data quality issues. There is no agreement as to who should be responsible for corrective action. Which of the following is an IS auditor’s BEST course of action?
A. Recommend the IT department be assigned data cleansing responsibility
B. Modify the program to automatically cleanse the data and close the issue
C. Assign responsibility to the primary department using the program
D. Note the disagreement and recommend establishing data governance
عرض الإجابة
اجابة صحيحة: B
السؤال #37
IS management recently replaced its existing wired local area network (LAN) with a wireless infrastructure to accommodate the increased use of mobile devices within the organization. This will increase the risk of which of the following attacks?
A. Port scanning
B. Back door
C. Man-in-the-middle
D. War driving
عرض الإجابة
اجابة صحيحة: D
السؤال #38
An IS auditor reviewing digital rights management (DRM) applications should expect to find an extensive use for which of the following technologies?
A. Digitalized signatures
B. Hashing
C. Parsing
D. Steganography
عرض الإجابة
اجابة صحيحة: D
السؤال #39
When performing a database review, an IS auditor notices that some tables in the database are not normalized. The IS auditor should next:
A. recommend that the database be normalized
B. review the conceptual data model
C. review the stored procedures
عرض الإجابة
اجابة صحيحة: A
السؤال #40
Which of the following would an IS auditor consider a weakness when performing an audit of an organization that uses a public key infrastructure with digital certificates for its business-to- consumer transactions via the internet?
A. Customers are widely dispersed geographically, but the certificate authorities are not
B. Customers can make their transactions from any computer or mobile device
C. The certificate authority has several data processing subcenters to administer certificates
D. The organization is the owner of the certificate authority
عرض الإجابة
اجابة صحيحة: D
السؤال #41
Which of the following tasks should be performed FIRST when preparing a disaster recovery plan?
A. Develop a recovery strategy
B. Perform a business impact analysis
C. Map software systems, hardware and network components
D. Appoint recovery teams with defined personnel, roles and hierarchy
عرض الإجابة
اجابة صحيحة: C
السؤال #42
During an audit, the IS auditor finds that in many cases excessive rights were not removed from a system. Which of the following would be the auditor’s BEST recommendation?
A. IT security should regularly revoke excessive system rights
B. System administrators should ensure consistency of assigned rights
C. Line management should regularly review and request modification of access rights
D. Human resources should delete access rights of terminated employees
عرض الإجابة
اجابة صحيحة: C
السؤال #43
An IS auditor is assigned to audit a software development project which is more than 80 percent complete, but has already overrun time by 10 percent and costs by 25 percent. Which of the following actions should the IS auditor take?
A. Report that the organization does not have effective project management
B. Recommend the project manager be changed
C. Review the IT governance structure
D. Review the conduct of the project and the business case
عرض الإجابة
اجابة صحيحة: D
السؤال #44
Doing which of the following during peak production hours could result in unexpected downtime?
A. Performing data migration or tape backup
B. Performing preventive maintenance on electrical systems
C. Promoting applications from development to the staging environment
D. Replacing a failed power supply in the core router of the data center
عرض الإجابة
اجابة صحيحة: B
السؤال #45
An IS auditor is reviewing a software-based configuration. Which of the following represents the GREATEST vulnerability? The firewall software:
A. is configured with an implicit deny rule as the last rule in the rule base
B. is installed on an operating system with default settings
C. has been configured with rules permitting or denying access to systems or networks
D. is configured as a virtual private network (VPN) endpoint
عرض الإجابة
اجابة صحيحة: A
السؤال #46
Which of the following is a prevalent risk in the development of end-user computing (EUC) applications?
A. Applications may not be subject to testing and IT general controls
B. increased development and maintenance costs
C. increased application development time
D. Decision-making may be impaired due to diminished responsiveness to requests for information
عرض الإجابة
اجابة صحيحة: D
السؤال #47
The FIRST step in a successful attack to a system would be:
A. gathering information
B. gaining access
C. denying services
D. evading detection
عرض الإجابة
اجابة صحيحة: A
السؤال #48
During a follow-up audit, an IS auditor finds that the auditee has updated virus scanner definitions without adopting the original audit recommendation to increase the frequency of using the scanner. The MOST appropriate action for the auditor is to:
A. prepare a follow-up audit report reiterating the recommendation
B. escalate the issue to senior management
C. modify the audit opinion based on the new information available
D. conclude that the residual risk is beyond tolerable levels of risk
عرض الإجابة
اجابة صحيحة: D
السؤال #49
An IS auditor should ensure that an application’s audit trail:
A. has adequate security
B. does not impact operational efficiency
C. is accessible online
D. logs all database records
عرض الإجابة
اجابة صحيحة: A
السؤال #50
While copying files from a floppy disk, a user introduced a virus into the network. Which of the following would MOST effectively detect the existence of the virus?
A. A scan of all floppy disks before use
B. A virus monitor on the network file server
C. Scheduled daily scans of all network drives
D. A virus monitor on the user's personal computer
عرض الإجابة
اجابة صحيحة: C
السؤال #51
Which of the following is the BEST way to satisfy a two-factor user authentication?
A. A smart card requiring the user's PIN
B. User ID along with password
C. Iris scanning plus fingerprint scanning
D. A magnetic card requiring the user's PIN Explanation Explanation/Reference: Explanation:
عرض الإجابة
اجابة صحيحة: D
السؤال #52
The computer security incident response team (CSIRT) of an organization disseminates detailed descriptions of recent threats. An IS auditor's GREATEST concern should be that the users might:
A. use this information to launch attacks
B. forward the security alert
C. implement individual solutions
D. fail to understand the threat
عرض الإجابة
اجابة صحيحة: D
السؤال #53
The risks associated with electronic evidence gathering would MOST likely be reduced by an e- mail:
A. destruction policy
B. security policy
C. archive policy
D. audit policy
عرض الإجابة
اجابة صحيحة: C
السؤال #54
Which of the following should be the GREATEST concern to an IS auditor reviewing the information security framework of an organization?
A. The information security policy has not been updated in the last two years
B. A list of critical information assets was not included in the information security policy
C. Senior management was not involved in the development of the information security policy
D. The information security policy is not aligned with regulatory requirements
عرض الإجابة
اجابة صحيحة: B
السؤال #55
A Trojan horse's payload would almost always take damaging effect immediately.
A. True
B. False
عرض الإجابة
اجابة صحيحة: A
السؤال #56
Which of the following can be thought of as the simplest and almost cheapest type of firewall?
A. stateful firewall
B. hardware firewall
C. PIX firewall
D. packet filter
E. None of the choices
عرض الإجابة
اجابة صحيحة: E
السؤال #57
As part of a post-implementation review, the BEST way to assess the realization of outcomes is by:
A. obtaining feedback from the user community
B. performing a comprehensive risk analysis
C. evaluating the actual performance of the system
D. comparing the business case benefits to the archived benefits
عرض الإجابة
اجابة صحيحة: D
السؤال #58
An integrated test facility is considered a useful audit tool because it:
A. is a cost-efficient approach to auditing application controls
B. enables the financial and IS auditors to integrate their audit tests
C. compares processing output with independently calculated data
D. provides the IS auditor with a tool to analyze a large range of information
عرض الإجابة
اجابة صحيحة: D
السؤال #59
An organization has outsourced its wide area network (WAN) to a third-party service provider. Under these circumstances, which of the following is the PRIMARY task the IS auditor should perform during an audit of business continuity (BCP) and disaster recovery planning (DRP)?
A. Review whether the service provider's BCP process is aligned with the organization's BCP and contractual obligations
B. Review whether the service level agreement (SLA) contains a penalty clause in case of failure to meet the level of service in case of a disaster
C. Review the methodology adopted by the organization in choosing the service provider
D. Review the accreditation of the third-party service provider's staff
عرض الإجابة
اجابة صحيحة: C
السؤال #60
Which of the following controls can BEST detect accidental corruption during transmission of data across a network?
A. Sequence checking
B. Parity checking
C. Symmetric encryption
D. Check digit verification
عرض الإجابة
اجابة صحيحة: B
السؤال #61
An IS auditor is conducting a follow-up internal IS audit and determines that several recommendations from the prior year have not been implemented. Which of the following should be the auditor’s FIRST course of action?
A. Evaluate the recommendations in context of the current IT environment
B. Continue the audit and disregard prior audit recommendations
C. Request management implement recommendations from the prior year
D. Add unimplemented recommendations as findings for the new audit
عرض الإجابة
اجابة صحيحة: D
السؤال #62
When conducting a follow-up of previous audit findings, an IS auditor is told by management that a recommendation to make security changes to an application has not been implemented. The IS auditor should FIRST determine whether:
A. additional time to implement changes is needed
B. the associated risk is still relevant
C. the recommendation should be re-issued
D. the issue should be escalated
عرض الإجابة
اجابة صحيحة: A
السؤال #63
D. An IS auditor analyzing the audit log of a database management system (DBMS) finds that some transactions were partially executed as a result of an error, and are not rolled back. Which of the following transaction processing features has been violated?
A. Consistency
B. Isolation
C. Durability Atomicity
عرض الإجابة
اجابة صحيحة: B
السؤال #64
During an ERP post-implementation review, it was noted that operating costs have been significantly higher than anticipated. Which of the following should the organization have done to detect this issue?
A. Updated the project charter as major changes occurred
B. Conducted periodic user satisfaction surveys
C. Performed an analysis of system usage
D. Monitored financial key performance indicators
عرض الإجابة
اجابة صحيحة: C
السؤال #65
Which of the following is the BEST type of program for an organization to implement to aggregate, correlate and store different log and event files, and then produce weekly and monthly reports for IS auditors?
A. A security information event management (SIEM) product
B. An open-source correlation engine
C. A log management tool
D. An extract, transform, load (ETL) system
عرض الإجابة
اجابة صحيحة: C
السؤال #66
E-mail traffic from the Internet is routed via firewall-1 to the mail gateway. Mail is routed from the mail gateway, via firewall-2, to the mail recipients in the internal network. Other traffic is not allowed. For example, the firewalls do not allow direct traffic from the Internet to the internal network. The intrusion detection system (IDS) detects traffic for the internal network that did not originate from the mail gateway. The FIRST action triggered by the IDS should be to:
A. alert the appropriate staff
B. create an entry in the log
C. close firewall-2
D. close firewall-1
عرض الإجابة
اجابة صحيحة: A
السؤال #67
An organization has recently installed a security patch, which crashed the production server. To minimize the probability of this occurring again, an IS auditor should:
A. apply the patch according to the patch's release notes
B. ensure that a good change management process is in place
C. thoroughly test the patch before sending it to production
D. approve the patch after doing a risk assessment
عرض الإجابة
اجابة صحيحة: D
السؤال #68
After the merger of two organizations, multiple self-developed legacy applications from both companies are to be replaced by a new common platform. Which of the following would be the GREATEST risk?
A. Project management and progress reporting is combined in a project management office which is driven by external consultants
B. The replacement effort consists of several independent projects without integrating the resource allocation in a portfolio management approach
C. The resources of each of the organizations are inefficiently allocated while they are being familiarized with the other company's legacy systems
D. The new platform will force the business areas of both organizations to change their work processes, which will result in extensive training needs
عرض الإجابة
اجابة صحيحة: B
السؤال #69
Which of the following would normally be the MOST reliable evidence for an auditor?
A. A confirmation letter received from a third party verifying an account balance
B. Assurance from line management that an application is working as designed
C. Trend data obtained from World Wide Web (Internet) sources
D. Ratio analysts developed by the IS auditor from reports supplied by line management
عرض الإجابة
اجابة صحيحة: B
السؤال #70
Which of the following access rights in the production environment should be granted to a developer to maintain segregation of duties?
A. Database administration
B. Emergency support
C. IT operations
D. System administration
عرض الإجابة
اجابة صحيحة: D
السؤال #71
An organization has begun using social media to communicate with current and potential clients. Which of the following should be of PRIMARY concern to the auditor?
A. Using a third-party provider to host and manage content
B. Lack of guidance on appropriate social media usage and monitoring
C. Negative posts by customers affecting the organization’s image
D. Reduced productivity of stuff using social media
عرض الإجابة
اجابة صحيحة: C
السؤال #72
Which of the following is the PRIMARY objective of an IT performance measurement process?
A. Minimize errors
B. Gather performance data
C. Establish performance baselines
D. Optimize performance
عرض الإجابة
اجابة صحيحة: C
السؤال #73
A technical lead who was working on a major project has left the organization. The project manager reports suspicious system activities on one of the servers that is accessible to the whole team. What would be of GREATEST concern if discovered during a forensic investigation?
A. Audit logs are not enabled for the system
B. A logon ID for the technical lead still exists
C. Spyware is installed on the system
D. A Trojan is installed on the system
عرض الإجابة
اجابة صحيحة: A
السؤال #74
The Secure Sockets Layer (SSL) protocol addresses the confidentiality of a message through:
A. symmetric encryption
B. message authentication code
D. digital signature certificates
عرض الإجابة
اجابة صحيحة: A
السؤال #75
The MOST significant security concerns when using flash memory (e.g., USB removable disk) is that the:
A. contents are highly volatile
B. data cannot be backed up
C. data can be copied
D. device may not be compatible with other peripherals
عرض الإجابة
اجابة صحيحة: C
السؤال #76
What is the recommended minimum length of a good password?
A. 6 characters
B. 8 characters
C. 12 characters
D. 18 characters
E. 22 characters
F. None of the choices
عرض الإجابة
اجابة صحيحة: A
السؤال #77
The technique of rummaging through commercial trash to collect useful business information is known as:
A. Information diving
B. Intelligence diving
C. Identity diving
D. System diving
E. Program diving
F. None of the choices
عرض الإجابة
اجابة صحيحة: B
السؤال #78
Following an IS audit recommendation, all Telnet and File Transfer Protocol (FTP) connections have been replaced by Secure Socket Shell (SSH) and Secure File Transfer Protocol (SFTP). Which risk treatment approach has the organization adopted?
A. Acceptance
B. Mitigation
C. Avoidance
D. Transfer
عرض الإجابة
اجابة صحيحة: C
السؤال #79
After discovering a security vulnerability in a third-party application that interfaces with several external systems, a patch is applied to a significant number of modules. Which of the following tests should an IS auditor recommend?
A. Stress
B. Black box
C. InterfaceD
عرض الإجابة
اجابة صحيحة: B
السؤال #80
During a follow-up audit, an IS auditor discovers that a recommendation has not been implemented. However, the auditee has implemented a manual workaround that addresses the identified risk, through far less efficiency than the recommended action would. Which of the following would be the auditor’s BEST course of action?
A. Notify management that the risk has been addressed and take no further action
B. Escalate the remaining issue for further discussion and resolution
C. Note that the risk has been addressed and notify management of the inefficiency
D. Insist to management that the original recommendation be implemented
عرض الإجابة
اجابة صحيحة: D
السؤال #81
Over the long term, which of the following has the greatest potential to improve the security incident response process?
A. A walkthrough review of incident response procedures
B. Postevent reviews by the incident response team
C. Ongoing security training for users
D. Documenting responses to an incident
عرض الإجابة
اجابة صحيحة: C
السؤال #82
Which testing approach is MOST appropriate to ensure that internal application interface errors are identified as soon as possible?
A. Bottom up
B. Sociability testing
C. Top-down
D. System test
عرض الإجابة
اجابة صحيحة: C
السؤال #83
Which of the following is the most important element in the design of a data warehouse?
A. Quality of the metadata
B. Speed of the transactions
C. Volatility of the data
D. Vulnerability of the system
عرض الإجابة
اجابة صحيحة: A
السؤال #84
An IS auditor observes a weakness in the tape management system at a data center in that some parameters are set to bypass or ignore tape header records. Which of the following is the MOST effective compensating control for this weakness?
A. Staging and job set up
B. Supervisory review of logs
C. Regular back-up of tapes
D. Offsite storage of tapes
عرض الإجابة
اجابة صحيحة: A
السؤال #85
An organization with many desktop PCs is considering moving to a thin client architecture. Which of the following is the MAJOR advantage?
A. Administrative security can be provided for the client
B. System administration can be better managed
C. The security of the desktop PC is enhanced
D. Desktop application software will never have to be upgraded
عرض الإجابة
اجابة صحيحة: C
السؤال #86
An IS auditor who has discovered unauthorized transactions during a review of EDI transactions is likely to recommend improving the:
A. EDI trading partner agreements
B. physical controls for terminals
C. authentication techniques for sending and receiving messages
D. program change control procedures
عرض الإجابة
اجابة صحيحة: C
السؤال #87
With respect to the outsourcing of IT services, which of the following conditions should be of GREATEST concern to an IS auditor?
A. Outsourced activities are core and provide a differentiated advantage to the organization
B. Periodic renegotiation is specified in the outsourcing contract
C. The outsourcing contract fails to cover every action required by the arrangement
D. Similar activities are outsourced to more than one vendor
عرض الإجابة
اجابة صحيحة: D
السؤال #88
When planning an audit of a network setup, an IS auditor should give highest priority to obtaining which of the following network documentation?
A. Wiring and schematic diagram
B. Users' lists and responsibilities
C. Application lists and their details
D. Backup and recovery procedures
عرض الإجابة
اجابة صحيحة: A
السؤال #89
A company has decided to implement an electronic signature scheme based on public key infrastructure. The user's private key will be stored on the computer's hard drive and protected by a password. The MOST significant risk of this approach is:
A. use of the user's electronic signature by another person if the password is compromised
B. forgery by using another user's private key to sign a message with an electronic signature
C. impersonation of a user by substitution of the user's public key with another person's public key
D. forgery by substitution of another person's private key on the computer
عرض الإجابة
اجابة صحيحة: B
السؤال #90
Which of the following is the PRIMARY reason an IS auditor should discuss observations with management before delivering a final report?
A. Identify business risks associated with the observations
B. Assist the management with control enhancements
C. Record the proposed course of corrective action
D. Validate the audit observations
عرض الإجابة
اجابة صحيحة: A
السؤال #91
B. Which of the following is a concern when data are transmitted through Secure Sockets Layer (SSL) encryption, implemented on a trading partner's server?
A. The organization does not have control over encryption
C. Data might not reach the intended recipient
D. The communication may not be secure
عرض الإجابة
اجابة صحيحة: A
السؤال #92
Which of the following is MOST critical for the successful implementation and maintenance of a security policy?
A. Assimilation of the framework and intent of a written security policy by all appropriate parties
B. Management support and approval for the implementation and maintenance of a security policy
C. Enforcement of security rules by providing punitive actions for any violation of security rules
D. Stringent implementation, monitoring and enforcing of rules by the security officer through access control software
عرض الإجابة
اجابة صحيحة: D

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.