لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
What uses questionnaires to lead the user through a series of choices to reach a conclusion?
A. Logic trees
B. Decision trees
C. Decision algorithms
D. Logic algorithms
عرض الإجابة
اجابة صحيحة: B
السؤال #2
Which of the following is often used as a detection and deterrent control against Internet attacks?
A. Honeypots
B. CCTV
C. VPN
D. VLAN
عرض الإجابة
اجابة صحيحة: B
السؤال #3
What is a callback system?
A. It is a remote-access system whereby the remote-access server immediately calls the user back at a predetermined number if the dial-in connection fails
B. It is a remote-access system whereby the user's application automatically redials the remote access server if the initial connection attempt fails
C. It is a remote-access control whereby the user initially connects to the network systems via dial-up access, only to have the initial connection terminated by the server, which then subsequently dials the user back at a predetermined number stored in the server's configuration database
D. It is a remote-access control whereby the user initially connects to the network systems via dial-up access, only to have the initial connection terminated by the server, which then subsequently allows the user to call back at an approved number for a limited period of time
عرض الإجابة
اجابة صحيحة: B
السؤال #4
While planning an audit, an assessment of risk should be made to provide:
A. reasonable assurance that the audit will cover material items
B. definite assurance that material items will be covered during the audit work
C. reasonable assurance that all items will be covered by the audit
D. sufficient assurance that all items will be covered during the audit work
عرض الإجابة
اجابة صحيحة: B
السؤال #5
A database administrator is responsible for:
A. defining data ownership
B. establishing operational standards for the data dictionary
C. creating the logical and physical database
D. establishing ground rules for ensuring data integrity and security
عرض الإجابة
اجابة صحيحة: A
السؤال #6
Which of the following is the INCORRECT “layer - protocol" mapping within the TCP/IP model?
A. Application layer – NFS
B. Transport layer – TCP
C. Network layer – UDP
D. LAN or WAN interface layer – point-to-point protocol
عرض الإجابة
اجابة صحيحة: B
السؤال #7
Which of the following is the initial step in creating a firewall policy?
A. A cost-benefit analysis of methods for securing the applications
B. Identification of network applications to be externally accessed
C. Identification of vulnerabilities associated with network applications to be externally accessed
D. Creation of an applications traffic matrix showing protection methods
عرض الإجابة
اجابة صحيحة: D
السؤال #8
Which of the following term in business continuity determines the maximum tolerable amount of time needed to bring all critical systems back online after disaster occurs?
A. RPO
B. RTO
C. WRT
D. MTD
عرض الإجابة
اجابة صحيحة: A
السؤال #9
Responsibility for the governance of IT should rest with the:
A. IT strategy committee
B. chief information officer (CIO)
C. audit committee
D. board of directors
عرض الإجابة
اجابة صحيحة: A
السؤال #10
Which of the following cryptography is based on practical application of the characteristics of the smallest “grains” of light, the photon, the physical laws governing their generation and propagation and detection?
A. Quantum Cryptography
B. Elliptical Curve Cryptography (ECC)
C. Symmetric Key Cryptography
D. Asymmetric Key Cryptography
عرض الإجابة
اجابة صحيحة: A
السؤال #11
When performing a review of the structure of an electronic funds transfer (EFT) system, an IS auditor observes that the technological infrastructure is based on a centralized processing scheme that has been outsourced to a provider in another country. Based on this information, which of the following conclusions should be the main concern of the IS auditor?
A. There could be a question regarding the legal jurisdiction
B. Having a provider abroad will cause excessive costs in future audits
C. The auditing process will be difficult because of the distance
D. There could be different auditing norms
عرض الإجابة
اجابة صحيحة: D
السؤال #12
The quality of the metadata produced from a data warehouse is ________________ in the warehouse’s design.
A. Often hard to determine because the data is derived from a heterogeneous data environment
B. The most important consideration
C. Independent of the quality of the warehoused databases
D. Of secondary importance to data warehouse content
عرض الإجابة
اجابة صحيحة: D
السؤال #13
Which of the following best characterizes “worms”?
A. Malicious programs that can run independently and can propagate without the aid of a carrier program such as email
B. Programming code errors that cause a program to repeatedly dump data
C. Malicious programs that require the aid of a carrier program such as email
D. Malicious programs that masquerade as common applications such as screensavers or macro- enabled Word documents
عرض الإجابة
اجابة صحيحة: A
السؤال #14
An IS auditor finds that, in accordance with IS policy, IDs of terminated users are deactivated within 90 days of termination. The IS auditor should:
A. report that the control is operating effectively since deactivation happens within the time frame stated in the IS policy
B. verify that user access rights have been granted on a need-to-have basis
C. recommend changes to the IS policy to ensure deactivation of user IDs upon termination
D. recommend that activity logs of terminated users be reviewed on a regular basis
عرض الإجابة
اجابة صحيحة: A
السؤال #15
Whenever business processes have been re-engineered, the IS auditor attempts to identify and quantify the impact of any controls that might have been removed, or controls that might not work as effectively after business process changes. True or false?
A. True
B. False
عرض الإجابة
اجابة صحيحة: C
السؤال #16
After initial investigation, an IS auditor has reasons to believe that fraud may be present. The IS auditor should:
A. expand activities to determine whether an investigation is warranted
B. report the matter to the audit committee
C. report the possibility of fraud to top management and ask how they would like to be proceed
D. consult with external legal counsel to determine the course of action to be taken
عرض الإجابة
اجابة صحيحة: C
السؤال #17
Which of the following is an attribute of the control self-assessment (CSA) approach?
A. Broad stakeholder involvement
B. Auditors are the primary control analysts
C. Limited employee participation
D. Policy driven
عرض الإجابة
اجابة صحيحة: B
السؤال #18
Library control software restricts source code to:
A. Read-only access
B. Write-only access
C. Full access
D. Read-write access
عرض الإجابة
اجابة صحيحة: C
السؤال #19
What kind of protocols does the OSI Transport Layer of the TCP/IP protocol suite provide to ensure reliable communication?
A. Nonconnection-oriented protocols
B. Connection-oriented protocols
C. Session-oriented protocols
D. Nonsession-oriented protocols
عرض الإجابة
اجابة صحيحة: A
السؤال #20
Which of the following PBX feature supports shared extensions among several devices, ensuring that only one device at a time can use an extension?
A. Call forwarding
B. Privacy release
C. Tenanting
D. Voice mail
عرض الإجابة
اجابة صحيحة: B
السؤال #21
Who is ultimately responsible for providing requirement specifications to the software- development team?
A. The project sponsor
B. The project members
C. The project leader
D. The project steering committee
عرض الإجابة
اجابة صحيحة: C
السؤال #22
Which of the following statement correctly describes the differences between tunnel mode and transport mode of the IPSec protocol?
A. In transport mode the ESP is encrypted where as in tunnel mode the ESP and its header's are encrypted
B. In tunnel mode the ESP is encrypted where as in transport mode the ESP and its header's are encrypted
C. In both modes (tunnel and transport mode) the ESP and its header's are encrypted
D. There is no encryption provided when using ESP or AH
عرض الإجابة
اجابة صحيحة: A
السؤال #23
Why is a clause for requiring source code escrow in an application vendor agreement important?
A. To segregate systems development and live environments
B. To protect the organization from copyright disputes
C. To ensure that sufficient code is available when needed
D. To ensure that the source code remains available even if the application vendor goes out of business
عرض الإجابة
اجابة صحيحة: A
السؤال #24
Why is the WAP gateway a component warranting critical concern and review for the IS auditor when auditing and testing controls enforcing message confidentiality?
A. WAP is often configured by default settings and is thus insecure
B. WAP provides weak encryption for wireless traffic
C. WAP functions as a protocol-conversion gateway for wireless TLS to Internet SSL
D. WAP often interfaces critical IT systems
عرض الإجابة
اجابة صحيحة: A
السؤال #25
What is an acceptable mechanism for extremely time-sensitive transaction processing?
A. Off-site remote journaling
B. Electronic vaulting
C. Shadow file processing
D. Storage area network
عرض الإجابة
اجابة صحيحة: B
السؤال #26
An IS auditor usually places more reliance on evidence directly collected. What is an example of such evidence?
A. Evidence collected through personal observation
B. Evidence collected through systems logs provided by the organization's security administration
C. Evidence collected through surveys collected from internal staff
D. Evidence collected through transaction reports provided by the organization's IT administration
عرض الإجابة
اجابة صحيحة: B
السؤال #27
Why does an IS auditor review an organization chart?
A. To optimize the responsibilities and authority of individuals
B. To control the responsibilities and authority of individuals
C. To better understand the responsibilities and authority of individuals
D. To identify project sponsors
عرض الإجابة
اجابة صحيحة: A
السؤال #28
The management of an organization has decided to establish a security awareness program. Which of the following would MOST likely be a part of the program?
A. Utilization of an intrusion detection system to report incidents
B. Mandating the use of passwords to access all software
C. Installing an efficient user log system to track the actions of each user
D. Training provided on a regular basis to all current and new employees
عرض الإجابة
اجابة صحيحة: C
السؤال #29
Proper segregation of duties prohibits a system analyst from performing quality-assurance functions. True or false?
A. True
B. False
عرض الإجابة
اجابة صحيحة: A
السؤال #30
A transaction journal provides the information necessary for detecting unauthorized ___________ (fill in the blank) from a terminal.
A. Deletion
B. Input
C. Access
D. Duplication
عرض الإجابة
اجابة صحيحة: A
السؤال #31
What benefit does using capacity-monitoring software to monitor usage patterns and trends provide to management?
A. The software can dynamically readjust network traffic capabilities based upon current usage
B. The software produces nice reports that really impress management
C. It allows users to properly allocate resources and ensure continuous efficiency of operations
D. It allows management to properly allocate resources and ensure continuous efficiency of operations
عرض الإجابة
اجابة صحيحة: D
السؤال #32
An IS auditor evaluates the test results of a modification to a system that deals with payment computation. The auditor finds that 50 percent of the calculations do not match predetermined totals. Which of the following would MOST likely be the next step in the audit?
A. Design further tests of the calculations that are in error
B. Identify variables that may have caused the test results to be inaccurate
C. Examine some of the test cases to confirm the results
D. Document the results and prepare a report of findings, conclusions and recommendations
عرض الإجابة
اجابة صحيحة: B
السؤال #33
Which of the following is a sophisticated computer based switch that can be thought of as essentially a small in-house phone company for the organization?
A. Private Branch Exchange
B. Virtual Local Area Network
C. Voice over IP
D. Dial-up connection
عرض الإجابة
اجابة صحيحة: B
السؤال #34
Which of the following can help detect transmission errors by appending specially calculated bits onto the end of each segment of data?
A. Redundancy check
B. Completeness check
C. Accuracy check
D. Parity check
عرض الإجابة
اجابة صحيحة: B
السؤال #35
An IS auditor should carefully review the functional requirements in a system-development project to ensure that the project is designed to:
A. Meet business objectives
B. Enforce data security
C. Be culturally feasible
D. Be financially feasible
عرض الإجابة
اجابة صحيحة: A
السؤال #36
Which of the following PBX feature allows a PBX to be configured so that incoming calls are distributed to the next available agent or placed on-hold until one become available?
A. Automatic Call distribution
B. Call forwarding
C. Tenanting
D. Voice mail
عرض الإجابة
اجابة صحيحة: C
السؤال #37
Who is responsible for providing adequate physical and logical security for IS program, data and equipment?
A. Data Owner
B. Data User
C. Data Custodian
D. Security Administrator
عرض الإجابة
اجابة صحيحة: A
السؤال #38
Who is responsible for restricting and monitoring access of a data user?
A. Data Owner
B. Data User
C. Data Custodian
D. Security Administrator
عرض الإجابة
اجابة صحيحة: D
السؤال #39
With the objective of mitigating the risk and impact of a major business interruption, a disaster recovery plan should endeavor to reduce the length of recovery time necessary, as well as costs associated with recovery. Although DRP results in an increase of pre-and post-incident operational costs, the extra costs are more than offset by reduced recovery and business impact costs. True or false?
A. True
B. False
عرض الإجابة
اجابة صحيحة: A
السؤال #40
Which of the following is normally a responsibility of the chief security officer (CSO)?
A. Periodically reviewing and evaluating the security policy
B. Executing user application and software testing and evaluation
C. Granting and revoking user access to IT resources
D. Approving access to data and applications
عرض الإجابة
اجابة صحيحة: A
السؤال #41
Which of the following is BEST characterized by unauthorized modification of data before or during systems data entry?
A. Data diddling
B. Skimming
C. Data corruption
D. Salami attack
عرض الإجابة
اجابة صحيحة: A
السؤال #42
An IS auditor is performing an audit of a network operating system. Which of the following is a user feature the IS auditor should review?
A. Availability of online network documentation
B. Support of terminal access to remote hosts
C. Handling file transfer between hosts and interuser communications
D. Performance management, audit and control
عرض الإجابة
اجابة صحيحة: A
السؤال #43
An IS auditor performing a review of an application's controls would evaluate the:
A. efficiency of the application in meeting the business processes
B. impact of any exposures discovered
C. business processes served by the application
D. application's optimization
عرض الإجابة
اجابة صحيحة: D
السؤال #44
Which of the following term related to network performance refers to the variation in the time of arrival of packets on the receiver of the information?
A. Bandwidth
B. Throughput
C. Latency
D. Jitter
عرض الإجابة
اجابة صحيحة: C
السؤال #45
Data edits are implemented before processing and are considered which of the following?
A. Deterrent integrity controls
B. Detective integrity controls
C. Corrective integrity controls
D. Preventative integrity controls
عرض الإجابة
اجابة صحيحة: B
السؤال #46
Why does the IS auditor often review the system logs?
A. To get evidence of password spoofing
B. To get evidence of data copy activities
C. To determine the existence of unauthorized access to data by a user or program
D. To get evidence of password sharing
عرض الإجابة
اجابة صحيحة: D
السؤال #47
An IS auditor identifies that reports on product profitability produced by an organization's finance and marketing departments give different results. Further investigation reveals that the product definition being used by the two departments is different. What should the IS auditor recommend?
A. User acceptance testing (UAT) occur for all reports before release into production
B. Organizational data governance practices be put in place
C. Standard software tools be used for report development
D. Management sign-off on requirements for new reports
عرض الإجابة
اجابة صحيحة: C
السؤال #48
When developing a risk-based audit strategy, an IS auditor conduct a risk assessment to ensure that:
A. controls needed to mitigate risks are in place
B. vulnerabilities and threats are identified
C. audit risks are considered
D. a gap analysis is appropriate
عرض الإجابة
اجابة صحيحة: A
السؤال #49
Who assumes ownership of a systems-development project and the resulting system?
A. User management
B. Project steering committee
C. IT management
D. Systems developers
عرض الإجابة
اجابة صحيحة: B
السؤال #50
The MAJOR consideration for an IS auditor reviewing an organization's IT project portfolio is the:
A. IT budget
B. existing IT environment
C. business plan
D. investment plan
عرض الإجابة
اجابة صحيحة: B
السؤال #51
Which of the following are effective in detecting fraud because they have the capability to consider a large number of variables when trying to resolve a problem?
A. Expert systems
B. Neural networks
C. Integrated synchronized systems
D. Multitasking applications
عرض الإجابة
اجابة صحيحة: A
السؤال #52
What increases encryption overhead and cost the most?
A. A long symmetric encryption key
B. A long asymmetric encryption key
C. A long Advance Encryption Standard (AES) key
D. A long Data Encryption Standard (DES) key
عرض الإجابة
اجابة صحيحة: C
السؤال #53
Which of the following is of greatest concern to the IS auditor?
A. Failure to report a successful attack on the network
B. Failure to prevent a successful attack on the network
C. Failure to recover from a successful attack on the network
D. Failure to detect a successful attack on the network
عرض الإجابة
اجابة صحيحة: A
السؤال #54
When should plans for testing for user acceptance be prepared?
A. In the requirements definition phase of the systems-development project
B. In the feasibility phase of the systems-development project
C. In the design phase of the systems-development project
D. In the development phase of the systems-development project
عرض الإجابة
اجابة صحيحة: A
السؤال #55
Who is responsible for implementing cost-effective controls in an automated system?
A. Security policy administrators
B. Business unit management
C. Senior management
D. Board of directors
عرض الإجابة
اجابة صحيحة: A
السؤال #56
In the course of performing a risk analysis, an IS auditor has identified threats and potential impacts. Next, the IS auditor should:
A. identify and assess the risk assessment process used by management
B. identify information assets and the underlying systems
C. disclose the threats and impacts to management
D. identify and evaluate the existing controls
عرض الإجابة
اجابة صحيحة: A
السؤال #57
Which of the following malware technical fool’s malware by appending section of themselves to files – somewhat in the same way that file malware append themselves?
A. Scanners
B. Active Monitors
C. Immunizer
D. Behavior blocker
عرض الإجابة
اجابة صحيحة: B
السؤال #58
What type of fire-suppression system suppresses fire via water that is released from a main valve to be delivered via a system of dry pipes installed throughout the facilities?
A. A dry-pipe sprinkler system
B. A deluge sprinkler system
C. A wet-pipe system
D. A halon sprinkler system
عرض الإجابة
اجابة صحيحة: D
السؤال #59
How can minimizing single points of failure or vulnerabilities of a common disaster best be controlled?
A. By implementing redundant systems and applications onsite
B. By geographically dispersing resources
C. By retaining onsite data backup in fireproof vaults
D. By preparing BCP and DRP documents for commonly identified disasters
عرض الإجابة
اجابة صحيحة: B
السؤال #60
An IS auditor should use statistical sampling and not judgment (nonstatistical) sampling, when:
A. the probability of error must be objectively quantified
B. the auditor wishes to avoid sampling risk
C. generalized audit software is unavailable
D. the tolerable error rate cannot be determined
عرض الإجابة
اجابة صحيحة: C
السؤال #61
During a security audit of IT processes, an IS auditor found that there were no documented security procedures. The IS auditor should:
A. create the procedures document
B. terminate the audit
C. conduct compliance testing
D. identify and evaluate existing practices
عرض الإجابة
اجابة صحيحة: A
السؤال #62
Which of the following protocol is used for electronic mail service?
A. DNS
B. FTP
C. SSH
D. SMTP
عرض الإجابة
اجابة صحيحة: D
السؤال #63
Which of the following would an IS auditor consider the MOST relevant to short-term planning for an IS department?
A. Allocating resources
B. Keeping current with technology advances
C. Conducting control self-assessment
D. Evaluating hardware needs
عرض الإجابة
اجابة صحيحة: B
السؤال #64
An IS auditor is reviewing access to an application to determine whether the 10 most recent “new user” forms were correctly authorized. This is an example of:
A. variable sampling
B. substantive testing
C. compliance testing
D. stop-or-go sampling
عرض الإجابة
اجابة صحيحة: B
السؤال #65
Which of the following type of lock uses a magnetic or embedded chip based plastic card key or token entered into a sensor/reader to gain access?
A. Bolting door locks
B. Combination door lock
C. Electronic door lock
D. Biometric door lock
عرض الإجابة
اجابة صحيحة: A
السؤال #66
Who is accountable for maintaining appropriate security measures over information assets?
A. Data and systems owners
B. Data and systems users
C. Data and systems custodians
D. Data and systems auditors
عرض الإجابة
اجابة صحيحة: B
السؤال #67
The decisions and actions of an IS auditor are MOST likely to affect which of the following risks?
A. Inherent
B. Detection
C. Control
D. Business
عرض الإجابة
اجابة صحيحة: B
السؤال #68
In an IS audit of several critical servers, the IS auditor wants to analyze audit trails to discover potential anomalies in user or system behavior. Which of the following tools are MOST suitable for performing that task?
A. CASE tools
B. Embedded data collection tools
C. Heuristic scanning tools
D. Trend/variance detection tools
عرض الإجابة
اجابة صحيحة: C
السؤال #69
An IS auditor is evaluating a corporate network for a possible penetration by employees. Which of the following findings should give the IS auditor the GREATEST concern?
A. There are a number of external modems connected to the network
B. Users can install software on their desktops
C. Network monitoring is very limited
D. Many user IDs have identical passwords
عرض الإجابة
اجابة صحيحة: D
السؤال #70
________ (fill in the blank) is/are are ultimately accountable for the functionality, reliability, and security within IT governance.
A. Data custodians
B. The board of directors and executive officers
C. IT security administration
D. Business unit managers
عرض الإجابة
اجابة صحيحة: A
السؤال #71
The PRIMARY purpose of an IT forensic audit is:
A. to participate in investigations related to corporate fraud
B. the systematic collection of evidence after a system irregularity
C. to assess the correctness of an organization's financial statements
D. to determine that there has been criminal activity
عرض الإجابة
اجابة صحيحة: B
السؤال #72
Which of the following statement INCORRECTLY describes anti-malware?
A. 2
B. 3
C. 2 and 3
D. None of the choices listed
عرض الإجابة
اجابة صحيحة: A
السؤال #73
Which of the following sampling methods is MOST useful when testing for compliance?
A. Attribute sampling
B. Variable sampling
C. Stratified mean per unit
D. Difference estimation
عرض الإجابة
اجابة صحيحة: C

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.