لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
To properly evaluate the collective effect of preventative, detective, or corrective controls within a process, an IS auditor should be aware of which of the following?
A. The business objectives of the organization
B. The effect of segregation of duties on internal controls
C. The point at which controls are exercised as data flows through the system
D. Organizational control policies
عرض الإجابة
اجابة صحيحة: B
السؤال #2
Authentication techniques for sending and receiving data between EDI systems is crucial to prevent which of the following?
A. Unsynchronized transactions
B. Unauthorized transactions
C. Inaccurate transactions
D. Incomplete transactions
عرض الإجابة
اجابة صحيحة: A
السؤال #3
An organization has created a policy that defines the types of web sites that users are forbidden to access. What is the MOST effective technology to enforce this policy?
A. Stateful inspection firewall
B. Web content filter
C. Web cache server
D. Proxy server
عرض الإجابة
اجابة صحيحة: B
السؤال #4
What can be implemented to provide the highest level of protection from external attack?
A. Layering perimeter network protection by configuring the firewall as a screened host in a screened subnet behind the bastion host
B. Configuring the firewall as a screened host behind a router
C. Configuring the firewall as the protecting bastion host
D. Configuring two load-sharing firewalls facilitating VPN access from external hosts to internal hosts
عرض الإجابة
اجابة صحيحة: D
السؤال #5
What must an IS auditor understand before performing an application audit?
A. The potential business impact of application risks
B. Application risks must first be identified
C. Relative business processes
D. Relevant application risks
عرض الإجابة
اجابة صحيحة: A
السؤال #6
What should be the GREATEST concern to an IS auditor when employees use portable media (MP3 players, flash drives)?
A. The copying of sensitive data on them
B. The copying of songs and videos on them
C. The cost of these devices multiplied by all the employees could be high
D. They facilitate the spread of malicious code through the corporate network
عرض الإجابة
اجابة صحيحة: C
السؤال #7
An IS auditor who is reviewing incident reports discovers that, in one instance, an important document left on an employee's desk was removed and put in the garbage by the outsourced cleaning staff. Which of the following should the IS auditor recommend to management?
A. Stricter controls should be implemented by both the organization and the cleaning agency
B. No action is required since such incidents have not occurred in the past
C. A clear desk policy should be implemented and strictly enforced in the organization
D. A sound backup policy for all important office documents should be implemented
عرض الإجابة
اجابة صحيحة: C
السؤال #8
A manager of a project was not able to implement all audit recommendations by the target date. The IS auditor should:
A. recommend that the project be halted until the issues are resolved
B. recommend that compensating controls be implemented
C. evaluate risks associated with the unresolved issues
D. recommend that the project manager reallocate test resources to resolve the issues
عرض الإجابة
اجابة صحيحة: C
السؤال #9
Which of the following is the GREATEST advantage of elliptic curve encryption over RSA encryption?
A. Computation speed
B. Ability to support digital signatures
C. Simpler key distribution
D. Greater strength for a given key length
عرض الإجابة
اجابة صحيحة: A
السؤال #10
An off-site processing facility should be easily identifiable externally because easy identification helps ensure smoother recovery. True or false?
A. True
B. False
عرض الإجابة
اجابة صحيحة: A
السؤال #11
Off-site data storage should be kept synchronized when preparing for recovery of time- sensitive data such as that resulting from which of the following?
A. Financial reporting
B. Sales reporting
C. Inventory reporting
D. Transaction processing
عرض الإجابة
اجابة صحيحة: B
السؤال #12
An installed Ethernet cable run in an unshielded twisted pair (UTP) network is more than 100 meters long. Which of the following could be caused by the length of the cable?
A. Electromagnetic interference (EMI)
B. Cross-talk
C. Dispersion
D. Attenuation
عرض الإجابة
اجابة صحيحة: B
السؤال #13
Input/output controls should be implemented for which applications in an integrated systems environment?
A. The receiving application
B. The sending application
C. Both the sending and receiving applications
D. Output on the sending application and input on the receiving application
عرض الإجابة
اجابة صحيحة: D
السؤال #14
Before implementing an IT balanced scorecard, an organization must:
A. deliver effective and efficient services
B. define key performance indicators
C. provide business value to IT projects
D. control IT expenses
عرض الإجابة
اجابة صحيحة: A
السؤال #15
Which of the following BEST describes the concept of ""defense in depth""?
A. more than one subsystem needs to be compromised to compromise the security of the system and the information it holds
B. multiple firewalls are implemented
C. multiple firewalls and multiple network OS are implemented
D. intrusion detection and firewall filtering are required
E. None of the choices
عرض الإجابة
اجابة صحيحة: D
السؤال #16
At a hospital, medical personal carry handheld computers which contain patient health data. These handheld computers are synchronized with PCs which transfer data from a hospital database. Which of the following would be of the most importance?
A. The handheld computers are properly protected to prevent loss of data confidentiality, in case of theft or loss
B. The employee who deletes temporary files from the local PC, after usage, is authorized to maintain PCs
C. Timely synchronization is ensured by policies and procedures
D. The usage of the handheld computers is allowed by the hospital policy
عرض الإجابة
اجابة صحيحة: B
السؤال #17
What is the most common reason for information systems to fail to meet the needs of users?
A. Lack of funding
B. Inadequate user participation during system requirements definition
C. Inadequate senior management participation during system requirements definition
D. Poor IT strategic planning
عرض الإجابة
اجابة صحيحة: A
السؤال #18
Reverse proxy technology for web servers should be deployed if:
A. http servers' addresses must be hidden
B. accelerated access to all published pages is required
C. caching is needed for fault tolerance
D. bandwidth to the user is limited
عرض الإجابة
اجابة صحيحة: B
السؤال #19
Which of the following should be the MOST important consideration when deciding areas of priority for IT governance implementation?
A. Process maturity
B. Performance indicators
C. Business risk
D. Assurance reports
عرض الإجابة
اجابة صحيحة: C
السؤال #20
An IS auditor reviewing the risk assessment process of an organization should FIRST:
A. identify the reasonable threats to the information assets
B. analyze the technical and organizational vulnerabilities
C. identify and rank the information assets
D. evaluate the effect of a potential security breach
عرض الإجابة
اجابة صحيحة: B
السؤال #21
To address the risk of operations staff's failure to perform the daily backup, management requires that the systems administrator sign off on the daily backup. This is an example of risk:
A. avoidance
B. transference
C. mitigation
D. acceptance
عرض الإجابة
اجابة صحيحة: A
السؤال #22
Which of the following network components is PRIMARILY set up to serve as a security measure by preventing unauthorized traffic between different segments of the network?
A. Firewalls
B. Routers
C. Layer 2 switches
D. VLANs
عرض الإجابة
اجابة صحيحة: C
السؤال #23
An integrated test facility is not considered a useful audit tool because it cannot compare processing output with independently calculated data. True or false?
A. True
B. False
عرض الإجابة
اجابة صحيحة: B
السؤال #24
During the review of a biometrics system operation, an IS auditor should FIRST review the stage of:
A. enrollment
B. identification
C. verification
D. storage
عرض الإجابة
اجابة صحيحة: A
السؤال #25
Which of the following procedures would BEST determine whether adequate recovery/restart procedures exist?
A. Reviewing program code
B. Reviewing operations documentation
C. Turning off the UPS, then the power
D. Reviewing program documentation
عرض الإجابة
اجابة صحيحة: A
السؤال #26
Which of the following provides the BEST evidence of an organization's disaster recovery readiness?
A. A disaster recovery plan
B. Customer references for the alternate site provider
C. Processes for maintaining the disaster recovery plan
D. Results of tests and drills
عرض الإجابة
اجابة صحيحة: D
السؤال #27
A comprehensive and effective e-mail policy should address the issues of e-mail structure, policy enforcement, monitoring and:
A. recovery
B. retention
C. rebuilding
D. reuse
عرض الإجابة
اجابة صحيحة: A
السؤال #28
The reason for establishing a stop or freezing point on the design of a new system is to:
A. prevent further changes to a project in process
B. indicate the point at which the design is to be completed
C. require that changes after that point be evaluated for cost-effectiveness
D. provide the project management team with more control over the project design
عرض الإجابة
اجابة صحيحة: A
السؤال #29
When planning to add personnel to tasks imposing time constraints on the duration of a project, which of the following should be revalidated FIRST?
A. The project budget
B. The critical path for the project
C. The length of the remaining tasks
D. The personnel assigned to other tasks
عرض الإجابة
اجابة صحيحة: A
السؤال #30
To aid management in achieving IT and business alignment, an IS auditor should recommend the use of:
A. control self-assessments
B. a business impact analysis
C. an IT balanced scorecard
D. business process reengineering
عرض الإجابة
اجابة صحيحة: B
السؤال #31
Which of the following issues should be the GREATEST concern to the IS auditor when reviewing an IT disaster recovery test?
A. Due to the limited test time window, only the most essential systems were tested
B. During the test it was noticed that some of the backup systems were defective or not working, causing the test of these systems to fail
C. The procedures to shut down and secure the original production site before starting the backup site required far more time than planned
D. Every year, the same employees perform the test
عرض الإجابة
اجابة صحيحة: A
السؤال #32
Which of the following is by far the most common prevention system from a network security perspective?
A. Firewall
B. IDS
C. IPS
D. Hardened OS
E. Tripwire
F. None of the choices
عرض الإجابة
اجابة صحيحة: A
السؤال #33
To determine who has been given permission to use a particular system resource, an IS auditor should review:
A. activity lists
B. access control lists
C. logon ID lists
D. password lists
عرض الإجابة
اجابة صحيحة: A
السؤال #34
Which of the following should be of MOST concern to an IS auditor reviewing the BCP?
A. The disaster levels are based on scopes of damaged functions, but not on duration
B. The difference between low-level disaster and software incidents is not clear
C. The overall BCP is documented, but detailed recovery steps are not specified
D. The responsibility for declaring a disaster is not identified
عرض الإجابة
اجابة صحيحة: D
السؤال #35
Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)?
A. A user from within could send a file to an unauthorized person
B. FTP services could allow a user to download files from unauthorized sources
C. A hacker may be able to use the FTP service to bypass the firewall
D. FTP could significantly reduce the performance of a DMZ server
عرض الإجابة
اجابة صحيحة: C
السؤال #36
The responsibility for authorizing access to a business application system belongs to the:
A. data owner
B. security administrator
C. IT security manager
D. requestor's immediate supervisor
عرض الإجابة
اجابة صحيحة: A
السؤال #37
What is the first step in a business process re-engineering project?
A. Identifying current business processes
B. Forming a BPR steering committee
C. Defining the scope of areas to be reviewedD
عرض الإجابة
اجابة صحيحة: A
السؤال #38
Which of the following would be MOST important for an IS auditor to verify when conducting a business continuity audit?
A. Data backups are performed on a timely basis
B. A recovery site is contracted for and available as needed
C. Human safety procedures are in place
D. insurance coverage is adequate and premiums are current
عرض الإجابة
اجابة صحيحة: C
السؤال #39
Ensuring that security and control policies support business and IT objectives is a primary objective of:
A. An IT security policies audit
B. A processing audit
C. A software audit
D. A vulnerability assessment
عرض الإجابة
اجابة صحيحة: B
السؤال #40
Which of the following is a characteristic of timebox management?
A. Not suitable for prototyping or rapid application development (RAD)
B. Eliminates the need for a quality process
C. Prevents cost overruns and delivery delays
D. Separates system and user acceptance testing
عرض الإجابة
اجابة صحيحة: D
السؤال #41
How do modems (modulation/demodulation) function to facilitate analog transmissions to enter a digital network?
A. Modems convert analog transmissions to digital, and digital transmission to analog
B. Modems encapsulate analog transmissions within digital, and digital transmissions within analog
C. Modems convert digital transmissions to analog, and analog transmissions to digital
D. Modems encapsulate digital transmissions within analog, and analog transmissions within digital
عرض الإجابة
اجابة صحيحة: A
السؤال #42
Which of the following would be the BEST access control procedure?
A. The data owner formally authorizes access and an administrator implements the user authorization tables
B. Authorized staff implements the user authorization tables and the data owner sanctions them
C. The data owner and an IS manager jointly create and update the user authorization tables
D. The data owner creates and updates the user authorization tables
عرض الإجابة
اجابة صحيحة: A
السؤال #43
Of the following alternatives, the FIRST approach to developing a disaster recovery strategy would be to assess whether:
A. all threats can be completely removed
B. a cost-effective, built-in resilience can be implemented
C. the recovery time objective can be optimized
D. the cost of recovery can be minimized
عرض الإجابة
اجابة صحيحة: D
السؤال #44
What is used to develop strategically important systems faster, reduce development costs, and still maintain high quality?
A. Rapid application development (RAD)
B. GANTT
C. PERT
D. Decision trees
عرض الإجابة
اجابة صحيحة: D
السؤال #45
When segregation of duties concerns exists between IT support staff and end users, what would be suitable compensating control?
A. Restricting physical access to computing equipment
B. Reviewing transaction and application logs
C. Performing background checks prior to hiring IT staff
D. Locking user sessions after a specified period of inactivity
عرض الإجابة
اجابة صحيحة: B
السؤال #46
To assist an organization in planning for IT investments, an IS auditor should recommend the use of:
A. project management tools
B. an object-oriented architecture
C. tactical planning
D. enterprise architecture (EA)
عرض الإجابة
اجابة صحيحة: D
السؤال #47
As a driver of IT governance, transparency of IT's cost, value and risks is primarily achieved through:
A. performance measurement
B. strategic alignment
C. value delivery
D. resource management
عرض الإجابة
اجابة صحيحة: C
السؤال #48
Which of the following refers to the proving of mathematical theorems by a computer program?
A. Analytical theorem proving
B. Automated technology proving
C. Automated theorem processing
D. Automated theorem proving
E. None of the choices
عرض الإجابة
اجابة صحيحة: A
السؤال #49
While observing a full simulation of the business continuity plan, an IS auditor notices that the notification systems within the organizational facilities could be severely impacted by infra structural damage. The BEST recommendation the IS auditor can provide to the organization is to ensure:
A. the salvage team is trained to use the notification system
B. the notification system provides for the recovery of the backup
C. redundancies are built into the notification system
D. the notification systems are stored in a vault
عرض الإجابة
اجابة صحيحة: A
السؤال #50
Which of the following acts as a decoy to detect active internet attacks?
A. Honeypots
B. Firewalls
C. Trapdoors
D. Traffic analysis
عرض الإجابة
اجابة صحيحة: A
السؤال #51
An IS auditor reviewing an organization that uses cross-training practices should assess the risk of:
A. dependency on a single person
B. inadequate succession planning
C. one person knowing all parts of a system
D. a disruption of operations
عرض الإجابة
اجابة صحيحة: A
السؤال #52
What should IS auditors always check when auditing password files?
A. That deleting password files is protected
B. That password files are encrypted
C. That password files are not accessible over the network
D. That password files are archived
عرض الإجابة
اجابة صحيحة: A
السؤال #53
Which of the following kinds of function are particularly vulnerable to format string attacks?
A. C functions that perform output formatting
B. C functions that perform integer computation
C. C functions that perform real number subtraction
D. VB functions that perform integer conversion
E. SQL functions that perform string conversion
F. SQL functions that perform text conversion
عرض الإجابة
اجابة صحيحة: A
السؤال #54
Which of the following concerns associated with the World Wide Web would be addressed by a firewall?
A. Unauthorized access from outside the organization
B. Unauthorized access from within the organization
C. A delay in Internet connectivity
D. A delay in downloading using File Transfer Protocol (FTP)
عرض الإجابة
اجابة صحيحة: D
السؤال #55
Using the OSI reference model, what layer(s) is/are used to encrypt data?
A. transport layer
B. Session layer
C. Session and transport layers
D. Data link layer
عرض الإجابة
اجابة صحيحة: B
السؤال #56
Mitigating the risk and impact of a disaster or business interruption usually takes priority over transference of risk to a third party such as an insurer. True or false?
A. True
B. False
عرض الإجابة
اجابة صحيحة: D
السؤال #57
Which of the following are designed to detect network attacks in progress and assist in post- attack forensics?
A. Intrusion Detection Systems
B. Audit trails
C. System logs
D. Tripwire
E. None of the choices
عرض الإجابة
اجابة صحيحة: A
السؤال #58
Which of the following situations would increase the likelihood of fraud?
A. Application programmers are implementing changes to production programs
B. Application programmers are implementing changes to test programs
C. Operations support staff are implementing changes to batch schedules
D. Database administrators are implementing changes to data structures
عرض الإجابة
اجابة صحيحة: B
السؤال #59
An organization has an integrated development environment (IDE) on which the program libraries reside on the server, but modification/development and testing are done from PC workstations. Which of the following would be a strength of an IDE?
A. Controls the proliferation of multiple versions of programs
B. Expands the programming resources and aids available
C. Increases program and processing integrity
D. Prevents valid changes from being overwritten by other changes
عرض الإجابة
اجابة صحيحة: A
السؤال #60
Which of the following types of attack makes use of unfiltered user input as the format string parameter in the print () function of the C language?
A. buffer overflows
B. format string vulnerabilities
C. integer overflow
D. code injection
E. command injection
F. None of the choices
عرض الإجابة
اجابة صحيحة: D
السؤال #61
An intentional or unintentional disclosure of a password is likely to be evident within control logs. True or false?
A. True
B. False
عرض الإجابة
اجابة صحيحة: A
السؤال #62
When reviewing an organization's logical access security, which of the following should be of MOST concern to an IS auditor?
A. Passwords are not shared
B. Password files are not encrypted
C. Redundant logon IDs are deleted
D. The allocation of logon IDs is controlled
عرض الإجابة
اجابة صحيحة: A
السؤال #63
Which of the following would prevent unauthorized changes to information stored in a server's log?
A. Write-protecting the directory containing the system log
B. Writing a duplicate log to another server
C. Daily printing of the system log
D. Storing the system log in write-once media
عرض الإجابة
اجابة صحيحة: D
السؤال #64
After the merger of two organizations, multiple self-developed legacy applications from both companies are to be replaced by a new common platform. Which of the following would be the GREATEST risk?
A. Project management and progress reporting is combined in a project management office which is driven by external consultants
B. The replacement effort consists of several independent projects without integrating the resource allocation in a portfolio management approach
C. The resources of each of the organizations are inefficiently allocated while they are being familiarized with the other company's legacy systems
D. The new platform will force the business areas of both organizations to change their work processes, which will result in extensive training needs
عرض الإجابة
اجابة صحيحة: A
السؤال #65
The PRIMARY reason for using digital signatures is to ensure data:
A. confidentiality
B. integrity
C. availability
D. timeliness
عرض الإجابة
اجابة صحيحة: B
السؤال #66
The information security policy that states 'each individual must have their badge read at every controlled door' addresses which of the following attack methods?
A. Piggybacking
B. Shoulder surfing
C. Dumpster diving
D. Impersonation
عرض الإجابة
اجابة صحيحة: B
السؤال #67
An organization has implemented a disaster recovery plan. Which of the following steps should be carried out next?
A. Obtain senior management sponsorship
B. Identify business needs
C. Conduct a paper test
D. Perform a system restore test
عرض الإجابة
اجابة صحيحة: B
السؤال #68
When should systems administrators first assess the impact of applications or systems patches?
A. Within five business days following installation
B. Prior to installation
C. No sooner than five business days following installation
D. Immediately following installation
عرض الإجابة
اجابة صحيحة: A
السؤال #69
Which of the following controls would an IS auditor look for in an environment where duties cannot be appropriately segregated?
A. Overlapping controls
B. Boundary controls
C. Access controls
D. Compensating controls
عرض الإجابة
اجابة صحيحة: D
السؤال #70
For a discretionary access control to be effective, it must:
A. operate within the context of mandatory access controls
B. operate independently of mandatory access controls
C. enable users to override mandatory access controls when necessary
D. be specifically permitted by the security policy
عرض الإجابة
اجابة صحيحة: D
السؤال #71
Which of the following measures can protect systems files and data, respectively?
A. User account access controls and cryptography
B. User account access controls and firewall
C. User account access controls and IPS
D. IDS and cryptography
E. Firewall and cryptography
F. None of the choices
عرض الإجابة
اجابة صحيحة: D
السؤال #72
Which of the following would BEST provide assurance of the integrity of new staff?
A. background screening
B. References
C. Bonding
D. Qualifications listed on a resume
عرض الإجابة
اجابة صحيحة: A
السؤال #73
Which of the following refers to an anomalous condition where a process attempts to store data beyond the boundaries of a fixed length buffer?
A. buffer overflow
B. format string vulnerabilities
C. integer misappropriation
D. code injection
E. None of the choices
عرض الإجابة
اجابة صحيحة: D
السؤال #74
Which of the following is a general operating system access control function?
A. Creating database profiles
B. Verifying user authorization at a field level
C. Creating individual accountability
D. Logging database access activities for monitoring access violation
عرض الإجابة
اجابة صحيحة: B
السؤال #75
During an audit of an enterprise that is dedicated to e-commerce, the IS manager states that digital signatures are used when receiving communications from customers. To substantiate this, an IS auditor must prove that which of the following is used?
A. A biometric, digitalized and encrypted parameter with the customer's public key
B. A hash of the data that is transmitted and encrypted with the customer's private key
C. A hash of the data that is transmitted and encrypted with the customer's public key
D. The customer's scanned signature encrypted with the customer's public key
عرض الإجابة
اجابة صحيحة: A
السؤال #76
Which of the following is a risk of cross-training?
A. Increases the dependence on one employee
B. Does not assist in succession planning
C. One employee may know all parts of a system
D. Does not help in achieving a continuity of operations
عرض الإجابة
اجابة صحيحة: C
السؤال #77
From a control perspective, the PRIMARY objective of classifying information assets is to:
A. establish guidelines for the level of access controls that should be assigned
B. ensure access controls are assigned to all information assets
C. assist management and auditors in risk assessment
D. identify which assets need to be insured against losses
عرض الإجابة
اجابة صحيحة: A
السؤال #78
The technique used to ensure security in virtual private networks (VPNs) is:
A. encapsulation
B. wrapping
C. transform
D. encryption
عرض الإجابة
اجابة صحيحة: A
السؤال #79
Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and systems?
A. User management coordination does not exist
B. Specific user accountability cannot be established
C. Unauthorized users may have access to originate, modify or delete data
D. Audit recommendations may not be implemented
عرض الإجابة
اجابة صحيحة: A
السؤال #80
A hacker could obtain passwords without the use of computer tools or programs through the technique of:
A. social engineering
B. sniffers
C. back doors
D. Trojan horses
عرض الإجابة
اجابة صحيحة: B
السؤال #81
During an audit, an IS auditor notices that the IT department of a medium-sized organization has no separate risk management function, and the organization's operational risk documentation only contains a few broadly described IT risks. What is the MOST appropriate recommendation in this situation?
A. Create an IT risk management department and establish an IT risk framework with the aid of external risk management experts
B. Use common industry standard aids to divide the existing risk documentation into several individual risks which will be easier to handle
C. No recommendation is necessary since the current approach is appropriate for a medium-sized organization
D. Establish regular IT risk management meetings to identify and assess risks, and create a mitigation plan as input to the organization's risk management
عرض الإجابة
اجابة صحيحة: C
السؤال #82
When developing a risk management program, what is the FIRST activity to be performed?
A. Threat assessment
B. Classification of data
C. Inventory of assets
D. Criticality analysis
عرض الإجابة
اجابة صحيحة: A
السؤال #83
The reliability of an application system's audit trail may be questionable if:
A. user IDs are recorded in the audit trail
B. the security administrator has read-only rights to the audit file
C. date and time stamps are recorded when an action occurs
D. users can amend audit trail records when correcting system errors
عرض الإجابة
اجابة صحيحة: D
السؤال #84
An information security policy stating that 'the display of passwords must be masked or suppressed' addresses which of the following attack methods?
A. Piggybacking
B. Dumpster diving
C. Shoulder surfing
D. Impersonation
عرض الإجابة
اجابة صحيحة: D
السؤال #85
In an online banking application, which of the following would BEST protect against identity theft?
A. Encryption of personal password
B. Restricting the user to a specific terminal
C. Two-factor authentication
D. Periodic review of access logs
عرض الإجابة
اجابة صحيحة: C
السؤال #86
Sign-on procedures include the creation of a unique user ID and password. However, an IS auditor discovers that in many cases the username and password are the same. The BEST control to mitigate this risk is to:
A. change the company's security policy
B. educate users about the risk of weak passwords
C. build in validations to prevent this during user creation and password change
D. require a periodic review of matching user ID and passwords for detection and correction
عرض الإجابة
اجابة صحيحة: A
السؤال #87
Which of the following would be the MOST significant audit finding when reviewing a point-of-sale (POS) system?
A. invoices recorded on the POS system are manually entered into an accounting application
B. An optical scanner is not used to read bar codes for the generation of sales invoices
C. Frequent power outages occur, resulting in the manual preparation of invoices
D. Customer credit card information is stored unencrypted on the local POS system
عرض الإجابة
اجابة صحيحة: D
السؤال #88
Which of the following does a lack of adequate security controls represent?
A. Threat
B. Asset
C. Impact
D. Vulnerability
عرض الإجابة
اجابة صحيحة: A
السؤال #89
When auditing the proposed acquisition of a new computer system, an IS auditor should FIRST establish that:
A. a clear business case has been approved by management
B. corporate security standards will be met
C. users will be involved in the implementation plan
D. the new system will meet all required user functionality
عرض الإجابة
اجابة صحيحة: C

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.