لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Which of the following is the BEST evidence of the maturity of an organization’s information security program?
A. The number of reported incidents has increased
B. The information security department actively monitors security operations
C. The number of reported incidents has decreased
D. IT security staff implements strict technical security controls
عرض الإجابة
اجابة صحيحة: B
السؤال #2
A hub is a device that connects:
A. two LANs using different protocols
B. a LAN with a WAN
C. a LAN with a metropolitan area network (MAN)
D. two segments of a single LAN
عرض الإجابة
اجابة صحيحة: A
السؤال #3
Which of the following applet intrusion issues poses the GREATEST risk of disruption to an organization?
A. A program that deposits a virus on a client machine
B. Applets recording keystrokes and, therefore, passwords
C. Downloaded code that reads files on a client's hard drive
D. Applets opening connections from the client machine
عرض الإجابة
اجابة صحيحة: B
السؤال #4
Functional acknowledgements are used:
A. as an audit trail for EDI transactions
B. to functionally describe the IS department
C. to document user roles and responsibilities
D. as a functional description of application software
عرض الإجابة
اجابة صحيحة: C
السؤال #5
Which of the following uses a prototype that can be updated continually to meet changing user or business requirements?
A. PERT
B. Rapid application development (RAD)
C. Function point analysis (FPA)
D. GANTT
عرض الإجابة
اجابة صحيحة: D
السؤال #6
Which of the following term in business continuity defines the total amount of time that a business process can be disrupted without causing any unacceptable consequences?
A. RPO
B. RTO
C. WRT
D. MTD
عرض الإجابة
اجابة صحيحة: B
السؤال #7
During which of the following phases in system development would user acceptance test plans normally be prepared?
A. Feasibility study
B. Requirements definition
C. implementation planning
D. Postimplementation review
عرض الإجابة
اجابة صحيحة: B
السؤال #8
An IS auditor has identified the lack of an authorization process for users of an application. The IS auditor's main concern should be that:
A. more than one individual can claim to be a specific user
B. there is no way to limit the functions assigned to users
C. user accounts can be shared
D. users have a need-to-know privilege
عرض الإجابة
اجابة صحيحة: B
السؤال #9
An IS auditor is told by IS management that the organization has recently reached the highest level of the software capability maturity model (CMM). The software quality process MOST recently added by the organization is:
A. continuous improvement
B. quantitative quality goals
C. a documented process
D. a process tailored to specific projects
عرض الإجابة
اجابة صحيحة: C
السؤال #10
A. An IS auditor observes that routine backups of operational databases are taking longer than before. Which of the following would MOST effectively help to reduce backup and recovery times for operational databases? Utilizing database technologies to achieve efficiencies
B. Using solid storage device (SSD) media
C. Requiring a combination of weekly full backups and daily differential backups
D. Archiving historical data in accordance with the data retention policy
عرض الإجابة
اجابة صحيحة: A
السؤال #11
When responding to an ongoing denial of service (DoS) attack, an organization’s FIRST course of action should be to:
A. restore service
B. minimize impact
C. analyze the attack path
D. investigate damage
عرض الإجابة
اجابة صحيحة: D
السؤال #12
The MAJOR advantage of a component-based development approach is the:
A. ability to manage an unrestricted variety of data types
B. provision for modeling complex relationships
C. capacity to meet the demands of a changing environment
D. support of multiple development environments
عرض الإجابة
اجابة صحيحة: A
السؤال #13
During the audit of a database server, which of the following would be considered the GREATEST exposure?
A. The password does not expire on the administrator account
B. Default global security settings for the database remain unchanged
C. Old data have not been purged
D. Database activity is not fully logged
عرض الإجابة
اجابة صحيحة: C
السؤال #14
A decision support system (DSS):
A. is aimed at solving highly structured problems
B. combines the use of models with nontraditional data access and retrieval functions
C. emphasizes flexibility in the decision making approach of users
D. supports only structured decision making tasks
عرض الإجابة
اجابة صحيحة: A
السؤال #15
What type of risk results when an IS auditor uses an inadequate test procedure and concludes that material errors do not exist when errors actually exist?
A. Business risk
B. Detection risk
C. Residual risk
D. Inherent risk
عرض الإجابة
اجابة صحيحة: A
السؤال #16
An IS auditor finds that, at certain times of the day, the data warehouse query performance decreases significantly. Which of the following controls would it be relevant for the IS auditor to review?
A. Permanent table-space allocation
B. Commitment and rollback controls
C. User spool and database limit controls
D. Read/write access log controls
عرض الإجابة
اجابة صحيحة: B
السؤال #17
The GREATEST advantage of rapid application development (RAD) over the traditional system development life cycle (SDLC) is that it:
A. facilitates user involvement
B. allows early testing of technical features
C. facilitates conversion to the new system
D. shortens the development time frame
عرض الإجابة
اجابة صحيحة: A
السؤال #18
An IS auditor invited to a development project meeting notes that no project risks have been documented. When the IS auditor raises this issue, the project manager responds that it is too early to identify risks and that, if risks do start impacting the project, a risk manager will be hired. The appropriate response of the IS auditor would be to: stress the importance of spending time at this point in the project to consider and document risks, and to develop contingency plans.
B. accept the project manager's position as the project manager is accountable for the outcome of the project
C. offer to work with the risk manager when one is appointed
D. inform the project manager that the IS auditor will conduct a review of the risks at the completion of the requirements definition phase of the project
عرض الإجابة
اجابة صحيحة: B
السؤال #19
What can be used to gather evidence of network attacks?
A. Access control lists (ACL)
B. Intrusion-detection systems (IDS)
C. Syslog reporting
D. Antivirus programs
عرض الإجابة
اجابة صحيحة: D
السؤال #20
A business unit cannot achieve desired segregation of duties between operations and programming due to size constraints. Which of the following is MOST important for the IS auditor to identify?
A. Unauthorized user controls
B. Compensating controls
C. Controls over operational effectiveness
D. Additional control weaknesses
عرض الإجابة
اجابة صحيحة: A
السؤال #21
When auditing third-party service providers, an IS auditor should be concerned with which of the following?
A. Ownership of the programs and files
B. A statement of due care and confidentiality, and the capability for continued service of the service provider in the event of a disaster
C. A statement of due care
D. Ownership of programs and files, a statement of due care and confidentiality, and the capability for continued service of the service provider in the event of a disaster
عرض الإجابة
اجابة صحيحة: A
السؤال #22
Which of the following database controls would ensure that the integrity of transactions is maintained in an online transaction processing system's database?
A. Authentication controls
B. Data normalization controls
C. Read/write access log controls
D. Commitment and rollback controls
عرض الإجابة
اجابة صحيحة: B
السؤال #23
A check digit is an effective edit check to:
A. Detect data-transcription errors
B. Detect data-transposition and transcription errors
C. Detect data-transposition, transcription, and substitution errors
D. Detect data-transposition errors
عرض الإجابة
اجابة صحيحة: C
السؤال #24
Which of the following BEST limits the impact of server failures in a distributed environment?
A. Redundant pathways
B. Clustering
C. Dial backup lines
D. Standby power
عرض الإجابة
اجابة صحيحة: B
السؤال #25
isk analysis is not always possible because the IS auditor is attempting to calculate risk using nonquantifiable threats and potential losses. In this event, a _________________ risk assessment is more appropriate. Fill in the blanks.
A. Quantitative; qualitative
B. Qualitative; quantitative
C. Residual; subjective
D. Quantitative; subjective
عرض الإجابة
اجابة صحيحة: C
السؤال #26
Several remote users have been unable to communicate with a secured network news transfer protocol (NNTP) server. Of the following, the MOST likely cause is:
A. the use of a password cracker
B. a hacker impersonating the server
C. a hacker using a sniffer
D. a replay attack by an eavesdropper
عرض الإجابة
اجابة صحيحة: C
السؤال #27
Which of the following will BEST ensure the successful offshore development of business applications?
A. Stringent contract management practices
B. Detailed and correctly applied specifications
C. Awareness of cultural and political differences
D. Post implementation reviews
عرض الإجابة
اجابة صحيحة: D
السؤال #28
An advantage of installing a thin client architecture in a local area network (LAN) is that this would:
A. stabilize network bandwidth requirements
B. facilitate the updating of software versions
C. ensure application availability when the server s down
D. reduce the risk of a single point of failure
عرض الإجابة
اجابة صحيحة: A
السؤال #29
To minimize the cost of a software project, quality management techniques should be applied: as close to their writing (i.e., point of origination) as possible.
B. primarily at project start-up to ensure that the project is established in accordance with organizational governance standards
C. continuously throughout the project with an emphasis on finding and fixing defects primarily during testing to maximize the defect detection rate
D. mainly at project close-down to capture lessons learned that can be applied to future projects
عرض الإجابة
اجابة صحيحة: B
السؤال #30
When should application controls be considered within the system-development process?
A. After application unit testing
B. After application module testing
C. After applications systems testing
D. As early as possible, even in the development of the project's functional specifications
عرض الإجابة
اجابة صحيحة: D
السؤال #31
The traditional role of an IS auditor in a control self-assessment (CSA) should be that of a(n):
A. Implementor
B. Facilitator
C. Developer
D. Sponsor
عرض الإجابة
اجابة صحيحة: A
السؤال #32
Which of the following system and data conversion strategies provides the GREATEST redundancy?
A. Direct cutover
B. Pilot study
C. Phased approach
D. Parallel run
عرض الإجابة
اجابة صحيحة: C
السؤال #33
An off-site processing facility should be easily identifiable externally because easy identification helps ensure smoother recovery. True or false?
A. True
B. False
عرض الإجابة
اجابة صحيحة: A
السؤال #34
Which of the following cryptography options would increase overhead/cost?
A. The encryption is symmetric rather than asymmetric
B. A long asymmetric encryption key is used
C. The hash is encrypted rather than the message
عرض الإجابة
اجابة صحيحة: A
السؤال #35
Which of the following systems-based approaches would a financial processing company employ to monitor spending patterns to identify abnormal patterns and report them?
A. A neural network
B. Database management software
C. Management information systems
D. Computer assisted audit techniques
عرض الإجابة
اجابة صحيحة: B
السؤال #36
In a client-server system, which of the following control techniques is used to inspect activity from known or unknown users?
A. Diskless workstations
B. Data encryption techniques
C. Network monitoring devices
D. Authentication systems
عرض الإجابة
اجابة صحيحة: A
السؤال #37
Allowing application programmers to directly patch or change code in production programs increases risk of fraud. True or false?
A. True
B. False
عرض الإجابة
اجابة صحيحة: B
السؤال #38
What are intrusion-detection systems (IDS) primarily used for?
A. To identify AND prevent intrusion attempts to a network
B. To prevent intrusion attempts to a network
C. Forensic incident response
D. To identify intrusion attempts to a network
عرض الإجابة
اجابة صحيحة: A
السؤال #39
What can be used to help identify and investigate unauthorized transactions?
A. Postmortem review
B. Reasonableness checks
C. Data-mining techniques
D. Expert systems
عرض الإجابة
اجابة صحيحة: A
السؤال #40
Which of the following should an IS auditor review to determine user permissions that have been granted for a particular resource?
A. Systems logs
B. Access control lists (ACL)
C. Application logs
D. Error logs
عرض الإجابة
اجابة صحيحة: A
السؤال #41
The MAIN reason for requiring that all computer clocks across an organization be synchronized is to:
A. prevent omission or duplication of transactions
B. ensure smooth data transition from client machines to servers
C. ensure that e-mail messages have accurate time stamps
D. support the incident investigation process
عرض الإجابة
اجابة صحيحة: A
السؤال #42
An IS auditor finds that client requests were processed multiple times when received from different independent departmental databases, which are synchronized weekly. What would be the BEST recommendation?
A. increase the frequency for data replication between the different department systems to ensure timely updates
B. Centralize all request processing in one department to avoid parallel processing of the same request
C. Change the application architecture so that common data is held in just one shared database for all departments
D. implement reconciliation controls to detect duplicates before orders are processed in the systems
عرض الإجابة
اجابة صحيحة: D
السؤال #43
Which of the following is the GREATEST security threat when an organization allows remote access to a virtual private network (VPN)?
A. Client logins are subject to replay attack
B. VPN traffic could be sniffed and captured
C. Compromised VPN clients could impact the network
D. Attackers could compromise the VPN gateway
عرض الإجابة
اجابة صحيحة: D
السؤال #44
An IS auditor is assigned to audit a software development project which is more than 80 percent complete, but has already overrun time by 10 percent and costs by 25 percent. Which of the following actions should the IS auditor take?
A. Report that the organization does not have effective project management
B. Recommend the project manager be changed
C. Review the IT governance structure
D. Review the conduct of the project and the business case
عرض الإجابة
اجابة صحيحة: C
السؤال #45
A sequence of bits appended to a digital document that is used to secure an e-mail sent through the Internet is called a:
A. digest signature
B. electronic signature
C. digital signature
D. hash signature
عرض الإجابة
اجابة صحيحة: D
السؤال #46
Electromagnetic emissions from a terminal represent an exposure because they:
A. affect noise pollution
B. disrupt processor functions
C. produce dangerous levels of electric current
D. can be detected and displayed
عرض الإجابة
اجابة صحيحة: A
السؤال #47
Run-to-run totals can verify data through which stage(s) of application processing?
A. Initial
B. Various
C. Final
D. Output
عرض الإجابة
اجابة صحيحة: B
السؤال #48
Which of the following is a detective control?
A. Procedures for authorizing transactions
B. Echo checks in telecommunications
C. A router rule restricting a service
D. Programmed edit checks
عرض الإجابة
اجابة صحيحة: D
السؤال #49
An IS auditor reviewing a database application discovers that the current configuration does not match the originally designed structure. Which of the following should be the IS auditor's next action?
A. Analyze the need for the structural change
B. Recommend restoration to the originally designed structure
C. Recommend the implementation of a change control process
D. Determine if the modifications were properly approved
عرض الإجابة
اجابة صحيحة: D
السؤال #50
Which of the following MOST effectively provides assurance of ongoing service delivery by a vendor?
A. Regular status reporting provided by the vendor
B. Short incident response time by the vendor
C. Pre-defined service and operational level agreements
D. Regular monitoring by service management team
عرض الإجابة
اجابة صحيحة: B
السؤال #51
A project manager of a project that is scheduled to take 18 months to complete announces that the project is in a healthy financial position because, after 6 months, only one-sixth of the budget has been spent. The IS auditor should FIRST determine:
A. what amount of progress against schedule has been achieved
B. if the project budget can be reduced
C. if the project could be brought in ahead of schedule
D. if the budget savings can be applied to increase the project scope
عرض الإجابة
اجابة صحيحة: A
السؤال #52
An employee uses a personal mobile device to access corporate data and email, but also allows friends to use it as a mobile hotspot for Internet access when not at work. The information security manager is concerned this situation may expose confidential data. The manager’s FIRST step should be to:
A. update the mobile device usage standards to address the issue and communicate to all employees
B. activate the incident response plan to mitigate the impact and stop the compromise
C. review the associated risks to determine if additional controls are needed
D. implement additional security controls that will mitigate the situation and then reassess risks
عرض الإجابة
اجابة صحيحة: C
السؤال #53
During an external assessment of network vulnerability, which of the following activities should be performed FIRST?
A. Collect network information
B. Implement an intrusion detection system (IDS)
C. Monitor the network
D. Review policies
عرض الإجابة
اجابة صحيحة: A
السؤال #54
A data breach has occurred at a third-party vendor used by an organization to outsource the processing of its customer data. What should be management’s FIRST course of action?
A. Activate the disaster recovery plan
B. Notify the insurance company of the potential claim
C. Activate the incident management process
D. Take legal action against the service provider for reputation damage
عرض الإجابة
اجابة صحيحة: D
السؤال #55
Which of the following should an IS auditor review to understand project progress in terms of time, budget and deliverables for early detection of possible overruns and for projecting estimates at completion (EACs)? Function point analysis
B. Earned value analysis
C. Cost budget
D. Program Evaluation and Review Technique
عرض الإجابة
اجابة صحيحة: B
السؤال #56
Which of the following intrusion detection systems (IDSs) monitors the general patterns of activity and traffic on a network and creates a database?
A. Signature-based
B. Neural networks-based
C. Statistical-based Host-based
عرض الإجابة
اجابة صحيحة: B
السؤال #57
Which of the following is the GREATEST risk of single sign-on?
A. Password carelessness by one user may render the entire infrastructure vulnerable
B. Integration of single sign-on with the rest of the infrastructure is complicated
C. It is a single point of failure for an enterprise access control process
D. One administrator maintains the single sign-on solution without segregation of duty
عرض الإجابة
اجابة صحيحة: D
السؤال #58
Reconciliations have identified data discrepancies between an enterprise data warehouse and a revenue system for key financial reports. What is the GREATEST risk to the organization in this situation?
A. The key financial reports may no longer be produced
B. Financial reports may be delayed
C. Undetected fraud may occur
D. Decisions may be made based on incorrect information
عرض الإجابة
اجابة صحيحة: B
السؤال #59
Which of the following is the GREATEST security risk associated with data migration from a legacy HR system to a cloud-based system?
A. System performance may be impacted by the migration
B. Records past their retention period may not be migrated to the new system
C. Data from the source and target system may have different data formats
D. Data from the source and target system may be intercepted
عرض الإجابة
اجابة صحيحة: C

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.