لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Which of the following do digital signatures provide?
A. Authentication and integrity of data
B. Authentication and confidentiality of data
C. Confidentiality and integrity of data
D. Authentication and availability of data
عرض الإجابة
اجابة صحيحة: B
السؤال #2
To develop a successful business continuity plan, end user involvement is critical during which of the following phases?
A. Business recovery strategy
B. Detailed plan development
C. Business impact analysis
D. Testing and maintenance
عرض الإجابة
اجابة صحيحة: D
السؤال #3
Which of the following privacy principles ensures data controllers do not use personal data unintended ways that breach protection of data subjects?
A. Data retention
B. Adequacy
C. Accuracy
D. Purpose limitation
عرض الإجابة
اجابة صحيحة: D
السؤال #4
Which of the following is MOST likely to result from a business process reengineering (BPR) project?
A. An increased number of people using technology
B. Significant cost savings, through a reduction in the complexity of information technology
C. A weaker organizational structures and less accountability
D. Increased information protection (IP) risk will increase
عرض الإجابة
اجابة صحيحة: A
السؤال #5
Which of the following is MOST likely to enable a hacker to successfully penetrate a system?
A. Lack of virus protection
B. Unpatched software
C. Decentralized dialup access
D. Lack of DoS protection
عرض الإجابة
اجابة صحيحة: A
السؤال #6
Disaster recovery planning addresses the:
A. technological aspect of business continuity planning
B. operational piece of business continuity planning
C. functional aspect of business continuity planning
D. overall coordination of business continuity planning
عرض الإجابة
اجابة صحيحة: B
السؤال #7
A data administrator is responsible for:
A. maintaining database system software
B. defining data elements, data names and their relationship
C. developing physical database structures
D. developing data dictionary system software
عرض الإجابة
اجابة صحيحة: C
السؤال #8
Naming conventions for system resources are important for access control because they:
A. ensure that resource names are not ambiguous
B. reduce the number of rules required to adequately protect resources
C. ensure that user access to resources is clearly and uniquely identified
D. ensure that internationally recognized names are used to protect resources
عرض الإجابة
اجابة صحيحة: C
السؤال #9
A disaster recovery plan (DRP) for an organization should:
A. reduce the length of the recovery time and the cost of recovery
B. increase the length of the recovery time and the cost of recovery
C. reduce the duration of the recovery time and increase the cost of recovery
D. not affect the recovery time nor the cost of recovery
عرض الإجابة
اجابة صحيحة: C
السؤال #10
The technique used to ensure security in virtual private networks (VPNs) is:
A. encapsulation
B. wrapping
C. transform
D. encryption
عرض الإجابة
اجابة صحيحة: C
السؤال #11
An IS auditor should be able to identify and evaluate various types of risks and their potential effects. Which of the following risks is associated with authorized program exits (trap doors)?
A. Inherent
B. Detection
C. Audit
D. Error
عرض الإجابة
اجابة صحيحة: A
السؤال #12
A probable advantage to an organization that has outsourced its data processing services is that:
A. needed IS expertise can be obtained from the outside
B. greater control can be exercised over processing
C. processing priorities can be established and enforced internally
D. greater user involvement is required to communicate user needs
عرض الإجابة
اجابة صحيحة: C
السؤال #13
Transmitting redundant information with each character or frame to facilitate detection and correction of errors is called:
A. feedback error control
B. block sum check
C. forward error control
D. cyclic redundancy check
عرض الإجابة
اجابة صحيحة: B
السؤال #14
Birth date and marriage date items were switched while entering data. Which of the following data validation checks could detect this?
A. Logical relationship
B. Sequence
C. Reasonableness
D. Validity
عرض الإجابة
اجابة صحيحة: C
السؤال #15
Which of the following normally would be the MOST reliable evidence for an auditor?
A. A confirmation letter received from a third party verifying an account balance
B. Assurance from line management that an application is working as designed
C. Trend data obtained from World Wide Web (Internet) sources
D. Ratio analysis developed by the IS auditor from reports supplied by line management
عرض الإجابة
اجابة صحيحة: B
السؤال #16
When reviewing a system development project at the project initiation stage, an IS auditor finds that the project team is following the organization's quality manual. To meet critical deadlines the project team proposes to fast track the validation and verification processes, commencing some elements before the previous deliverable is signed off. Under these circumstances, the IS auditor would MOST likely:
A. report this as a critical finding to senior management
B. accept that different quality processes can be adopted for each project
C. report to IS management the team's failure to follow quality procedures
D. report the risks associated with fast tracking to the project steering committee
عرض الإجابة
اجابة صحيحة: A
السؤال #17
Which of the following type of an IDS resides on important systems like database, critical servers and monitors various internal resources of an operating system?
A. Signature based IDS
B. Host based IDS
C. Network based IDS
D. Statistical based IDS
عرض الإجابة
اجابة صحيحة: D
السؤال #18
As a business process reengineering (BPR) project takes hold it is expected that:
A. business priorities will remain stable
B. information technologies will not change
C. the process will improve product, service and profitability
D. input from clients and customers will no longer be necessary
عرض الإجابة
اجابة صحيحة: A
السؤال #19
Which of the following is a control over component communication failure/errors?
A. Restricting operator access and maintaining audit trails
B. Monitoring and reviewing system engineering activity
C. Providing network redundancy
D. Establishing physical barriers to the data transmitted over the network
عرض الإجابة
اجابة صحيحة: B
السؤال #20
Which of the following functions is performed by a virtual private network (VPN)?
A. Hiding information from sniffers on the net
B. Enforcing security policies
C. Detecting misuse or mistakes
D. Regulating access
عرض الإجابة
اجابة صحيحة: D
السؤال #21
Which of the following is penetration test where the penetration tester is provided with limited or no knowledge of the target's information systems?
A. External Testing
B. Internal Testing
C. Blind Testing
D. Targeted Testing
عرض الإجابة
اجابة صحيحة: C
السؤال #22
The MAJOR concern for an IS auditor when reviewing an organization's business process reengineering (BRP) efforts is:
A. cost overrun of the project
B. employees resistance to change
C. key controls may be removed from a business process
D. lack of documentation of new processes
عرض الإجابة
اجابة صحيحة: B
السؤال #23
An independent software program that connects two otherwise separate applications sharing computing resources across heterogeneous technologies is known as:
A. middleware
B. firmware
C. application software
D. embedded systems
عرض الإجابة
اجابة صحيحة: D
السؤال #24
Batch control reconciliation is a _____________________ (fill the blank) control for mitigating risk of inadequate segregation of duties.
A. Detective
B. Corrective
C. Preventative
D. Compensatory
عرض الإجابة
اجابة صحيحة: C
السؤال #25
Which of the following sampling methods is MOST useful when testing for compliance?
A. Attribute sampling
B. Variable sampling
C. Stratified mean per unit
D. Difference estimation
عرض الإجابة
اجابة صحيحة: C
السؤال #26
An IS auditor discovers that programmers have update access to the live environment. In this situation, the IS auditor is LEAST likely to be concerned that programmers can:
A. authorize transactions
B. add transactions directly to the database
C. make modifications to programs directly
D. access data from live environment and provide faster maintenance
عرض الإجابة
اجابة صحيحة: A
السؤال #27
When an organization's network is connected to an external network in an Internet client-server model not under that organization's control, security becomes a concern. In providing adequate security in this environment, which of the following assurance levels is LEAST important?
A. Server and client authentication
B. Data integrity
C. Data recovery
D. Data confidentiality
عرض الإجابة
اجابة صحيحة: A
السؤال #28
Which of the following risks would be increased by the installation of a database system?
A. Programming errors
B. Data entry errors
C. Improper file access
D. Loss of parity
عرض الإجابة
اجابة صحيحة: D
السؤال #29
To affix a digital signature to a message, the sender must first create a message digest by applying a cryptographic hashing algorithm against:
A. the entire message and thereafter enciphering the message digest using the sender's private key
B. any arbitrary part of the message and thereafter enciphering the message digest using the sender's private key
C. the entire message and thereafter enciphering the message using the sender's private key
D. the entire message and thereafter enciphering the message along with the message digest using the sender's private key
عرض الإجابة
اجابة صحيحة: A
السؤال #30
Without causing a conflict of interest, a duty compatible with those of a security administrator would be:
A. quality assurance
B. application programming
C. systems programming
D. data entry
عرض الإجابة
اجابة صحيحة: B
السؤال #31
A proposed transaction processing application will have many data capture sources and outputs in both paper and electronic form. To ensure that transactions are not lost during processing, the IS auditor should recommend the inclusion of:
A. validation controls
B. internal credibility checks
C. clerical control procedures
D. automated systems balancing
عرض الإجابة
اجابة صحيحة: C
السؤال #32
If a database is restored using before-image dumps, where should the process be restarted following an interruption?
A. Before the last transaction
B. After the last transaction
C. The first transaction after the latest checkpoint
D. The last transaction before the latest checkpoint
عرض الإجابة
اجابة صحيحة: C
السؤال #33
The phases and deliverables of a systems development life cycle (SDLC) project should be determined:
A. during the initial planning stages of the project
B. after early planning has been completed, but before work has begun
C. through out the work stages based on risks and exposures
D. only after all risks and exposures have been identified and the IS auditor has recommended appropriate controls
عرض الإجابة
اجابة صحيحة: D
السؤال #34
Which of the following represents the GREATEST risk created by a reciprocal agreement for disaster recovery made between two companies?
A. Developments may result in hardware and software incompatibility
B. Resources may not be available when needed
C. The recovery plan cannot be tested
D. The security infrastructures in each company may be different
عرض الإجابة
اجابة صحيحة: C
السؤال #35
A data warehouse is:
A. object orientated
B. subject orientated
C. departmental specific
D. a volatile databases
عرض الإجابة
اجابة صحيحة: B
السؤال #36
Which of the following attack is MOSTLY performed by an attacker to steal the identity information of a user such as credit card number, passwords, etc?
A. Smurf attack
B. Traffic analysis
C. Harming
D. Interrupt attack
عرض الإجابة
اجابة صحيحة: B
السؤال #37
An organization establishes an internal document collaboration site. To ensure data confidentiality of each project group, it is MOST important to:
A. conduct a vulnerability assessment
B. enforce document life cycle management
C. prohibit remote access to the site
D. periodically recertify access rights
عرض الإجابة
اجابة صحيحة: C
السؤال #38
Which of the following is a feature of an intrusion detection system (IDS)?
A. Gathering evidence on attack attempts
B. Identifying weakness in the policy definition
C. Blocking access to particular sites on the Internet
D. Preventing certain users from accessing specific servers
عرض الإجابة
اجابة صحيحة: B
السؤال #39
A programmer managed to gain access to the production library, modified a program that was then used to update a sensitive table in the payroll database and restored the original program. Which of the following methods would MOST effectively detect this type of unauthorized changes?
A. Source code comparison
B. Executable code comparison
C. Integrated test facilities (ITF)
D. Review of transaction log files
عرض الإجابة
اجابة صحيحة: B
السؤال #40
The most common problem in the operation of an intrusion detection system (IDS) is:
A. the detection of false positives
B. receiving trap messages
C. reject error rates
D. denial-of-service attacks
عرض الإجابة
اجابة صحيحة: A
السؤال #41
Data edits are an example of:
A. preventive controls
B. detective controls
C. corrective controls
D. compensating controls
عرض الإجابة
اجابة صحيحة: A
السؤال #42
Which of the following technique is NOT used by a preacher against a Private Branch Exchange (PBX)?
A. Eavesdropping
B. Illegal call forwarding
C. Forwarding a user to an unused or disabled number
D. SYN Flood
عرض الإجابة
اجابة صحيحة: A
السؤال #43
Which of the following validation techniques would BEST prevent duplicate electronic vouchers?
A. Cyclic redundancy check
B. Edit check
C. Reasonableness check
D. Sequence check
عرض الإجابة
اجابة صحيحة: B
السؤال #44
Disaster recovery planning for a company's computer system usually focuses on:
A. operations turnover procedures
B. strategic long-range planning
C. the probability that a disaster will occur
D. alternative procedures to process transactions
عرض الإجابة
اجابة صحيحة: A
السؤال #45
With the help of the security officer, granting access to data is the responsibility of:
A. data owners
B. programmers
C. system analysts
D. librarians
عرض الإجابة
اجابة صحيحة: A
السؤال #46
Which of the following is the MOST likely reason why e-mail systems have become a useful source of evidence for litigation?
A. Multiple cycles of backup files remain available
B. Access controls establish accountability for e-mail activity
C. Data classification regulates what information should be communicated via email
D. Within the enterprise, a clear policy for using e-mail ensures that evidence is available
عرض الإجابة
اجابة صحيحة: D
السؤال #47
Which of the following is a management technique that enables organizations to develop strategically important systems faster while reducing development costs and maintaining quality?
A. Function point analysis
B. Critical path methodology
C. Rapid application development
D. Program evaluation review technique
عرض الإجابة
اجابة صحيحة: D
السؤال #48
An organization wants to enforce data integrity principles and achieve faster performance/execution in a database application. Which of the following design principles should be applied?
A. User (customized) triggers
B. Data validation at the front end
C. Data validation at the back end
D. Referential integrity
عرض الإجابة
اجابة صحيحة: D
السؤال #49
The interface that allows access to lower or higher level network services is called:
A. firmware
B. middleware
C. X
D. utilities
عرض الإجابة
اجابة صحيحة: A
السؤال #50
Which of the following is the MOST important criterion for the selection of a location for an offsite storage facility for IS backup files? The offsite facility must be:
A. physically separated from the data center and not subject to the same risks
B. given the same level of protection as that of the computer data center
C. outsourced to a reliable third party
D. equipped with surveillance capabilities
عرض الإجابة
اجابة صحيحة: B
السؤال #51
A large chain of shops with EFT at point-of-sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communications processor?
A. Offsite storage of daily backups
B. Alternative standby processor onsite
C. Installation of duplex communication links
D. Alternative standby processor at another network node
عرض الإجابة
اجابة صحيحة: C
السؤال #52
Which of the following is a measure of the size of an information system based on the number and complexity of a system's inputs, outputs and files?
A. Program evaluation review technique (PERT)
B. Rapid application development (RAD)
C. Function point analysis (FPA)
D. Critical path method (CPM)
عرض الإجابة
اجابة صحيحة: A
السؤال #53
To help mitigate the effects of a denial of service attack, which mechanism can an Internet service provider (ISP) use to identify Internet protocol (IP) packets from unauthorized sources?
A. Inbound traffic filtering
B. Rate limiting
C. Reverse address lookup
D. Network performance monitoring
عرض الإجابة
اجابة صحيحة: A
السؤال #54
As compared to understanding an organization's IT process from evidence directly collected, how valuable are prior audit reports as evidence?
A. The same value
B. Greater value
C. Lesser value
D. Prior audit reports are not relevant
عرض الإجابة
اجابة صحيحة: C
السؤال #55
Which of the following would be considered a business risk?
A. Former employees
B. Part-time and temporary personnel
C. Loss of competitive edge
D. Hackers
عرض الإجابة
اجابة صحيحة: D
السؤال #56
Which of the following would BEST support 24/7 availability?
A. Daily backup
B. Offsite storage
C. Mirroring
D. Periodic testing
عرض الإجابة
اجابة صحيحة: C
السؤال #57
During which phase of a system development process should an IS auditor first raise the issue of application controls?
A. Construction
B. System design
C. Acceptance testing
D. Functional specification
عرض الإجابة
اجابة صحيحة: A
السؤال #58
Which of the following independent duties is traditionally performed by the data control group?
A. Access to data
B. Authorization tables
C. Custody of assets
D. Reconciliation
عرض الإجابة
اجابة صحيحة: C
السؤال #59
An IS auditor intends to accept a management position in the data processing department within the same organization. However, the auditor is currently working on an audit of a major application and has not yet finished the report. Which of the following would be the BEST step for the IS auditor to take?
A. Start in the position and inform the application owner of the job change
B. Start in the position immediately
C. Disclose this issue to the appropriate parties
D. Complete the audit without disclosure and then start in the position
عرض الإجابة
اجابة صحيحة: C
السؤال #60
In a data warehouse, data quality is achieved by:
A. cleansing
B. restructuring
C. source data credibility
D. transformation
عرض الإجابة
اجابة صحيحة: A
السؤال #61
An organization is considering installing a LAN in a site under construction. If system availability is the main concern, which of the following topologies is MOST appropriate?
A. Ring
B. Line
C. Star
D. Bus
عرض الإجابة
اجابة صحيحة: B
السؤال #62
Which of the following statement correctly describes one way SSL authentication between a client (e.g. browser) and a server (e.g. web server)?
A. Only the server is authenticated while client remains unauthenticated
B. Only the client is authenticated while server remains authenticated
C. Client and server are authenticated
D. Client and server are unauthenticated
عرض الإجابة
اجابة صحيحة: A
السؤال #63
Which of the following is the MOST critical for the successful implementation and maintenance of a security policy?
A. Assimilation of the framework and intent of a written security policy by all appropriate parties
B. Management support and approval for the implementation and maintenance of a security policy
C. Enforcement of security rules by providing punitive actions for any violation of security rules
D. Stringent implementation, monitoring and enforcing of rules by the security officer through access control software
عرض الإجابة
اجابة صحيحة: C
السؤال #64
Which of the following is a form of an Internet attack?
A. Searching for software design errors
B. Guessing user passwords based on their personal information
C. Breaking the deadman's door to gain entry
D. Planting a trojan horse
عرض الإجابة
اجابة صحيحة: B
السؤال #65
The responsibilities of a disaster recovery relocation team include:
A. obtaining, packaging and shipping media and records to the recovery facilities, as well as establishing and overseeing an offsite storage schedule
B. locating a recovery site if one has not been predetermined and coordinating the transport of company employees to the recovery site
C. managing the relocation project and conducting a more detailed assessment of the damage to the facilities and equipment
D. coordinating the process of moving from the hot site to a new location or to the restored original location
عرض الإجابة
اجابة صحيحة: C
السؤال #66
The MAJOR advantage of the risk assessment approach over the baseline approach to information security management is that it ensures:
A. information assets are over protected
B. a basic level of protection is applied regardless of asset value
C. appropriate levels of protection are applied to information assets
D. an equal proportion of resources are devoted to protecting all information assets
عرض الإجابة
اجابة صحيحة: A
السؤال #67
Online banking transactions are being posted to the database when processing suddenly comes to a halt. The integrity of the transaction processing is best ensured by:
A. database integrity checks
B. validation checks
C. input controls
D. database commits and rollbacks
عرض الإجابة
اجابة صحيحة: A
السؤال #68
Many IT projects experience problems because the development time and/or resource requirements are underestimated. Which of the following techniques would provide the GREATEST assistance in developing an estimate of project duration?
A. Function point analysis
B. PERT chart
C. Rapid application development
D. Object-oriented system development
عرض الإجابة
اجابة صحيحة: A
السؤال #69
When a systems development life cycle (SDLC) methodology is inadequate, the MOST serious immediate risk is that the new system will:
A. be completed late
B. exceed the cost estimates
C. not meet business and user needs
D. be incompatible with existing systems
عرض الإجابة
اجابة صحيحة: C
السؤال #70
A programmer included a routine into a payroll application to search for his/her own payroll number. As a result, if this payroll number does not appear during the payroll run, a routine will generate and place random numbers onto every paycheck. This routine is known as:
A. scavenging
B. data leakage
C. piggybacking
D. a trojan horse
عرض الإجابة
اجابة صحيحة: B
السؤال #71
Which of the following is an advantage of an integrated test facility (ITF)?
A. It uses actual master files or dummies and the IS auditor does not have to review the source of the transaction
B. Periodic testing does not require separate test processes
C. It validates application systems and tests the ongoing operation of the system
D. It eliminates the need to prepare test data
عرض الإجابة
اجابة صحيحة: D
السؤال #72
Which of the following is the BEST way to identify the potential impact of a successful attack on an organization’s mission critical applications?
A. Execute regular vulnerability scans
B. Conduct penetration testing
C. Perform an application vulnerability review
D. Perform an independent code review
عرض الإجابة
اجابة صحيحة: C
السؤال #73
When performing a data classification project, an information security manager should:
A. assign information critically and sensitivity
B. identify information owners
C. identify information custodians
D. assign information access privileges
عرض الإجابة
اجابة صحيحة: C
السؤال #74
In which phase of penetration testing would host detection and domain name system (DNS) interrogation be performed?
A. Reporting
B. Attacks
C. Discovery
D. Planning
عرض الإجابة
اجابة صحيحة: D
السؤال #75
Creation of an electronic signature:
A. encrypts the message
B. verifies where the message came from
C. cannot be compromised when using a private key
D. cannot be used with e-mail systems
عرض الإجابة
اجابة صحيحة: A
السؤال #76
Which of the following activities is MOST important in determining whether a test of a disaster recovery plan has been successful?
A. Evaluating participation by key personnel
B. Testing at the backup data center
C. Analyzing whether predetermined test objectives were met
D. Testing with offsite backup files
عرض الإجابة
اجابة صحيحة: D
السؤال #77
After installing a network, an organization installed a vulnerability assessment tool or security scanner to identify possible weaknesses. Which is the MOST serious risk associated with such tools?
A. Differential reporting
B. False positive reporting
C. False negative reporting
D. Less detail reporting
عرض الإجابة
اجابة صحيحة: A
السؤال #78
Automated teller machines (ATMs) are a specialized form of a point-of-sale terminal that:
A. allows for cash withdrawal and financial deposits only
B. are usually located in populous areas to deter theft or vandalism
C. utilizes protected telecommunication lines for data transmissions
D. must include high levels of logical and physical security
عرض الإجابة
اجابة صحيحة: D
السؤال #79
Which of the following would be a compensating control to mitigate risks resulting from an inadequate segregation of duties?
A. Sequence check
B. Check digit
C. Source documentation retention
D. Batch control reconciliations
عرض الإجابة
اجابة صحيحة: C
السؤال #80
Which of the following should be the FIRST step when conducting an IT risk assessment?
A. Assess vulnerabilities
B. Identify assets to be protected
C. Evaluate controls in place
D. Identify potential threats
عرض الإجابة
اجابة صحيحة: D
السؤال #81
The responsibility for designing, implementing and maintaining a system of internal control lies with:
A. the IS auditor
B. management
C. the external auditor
D. the programming staff
عرض الإجابة
اجابة صحيحة: A
السؤال #82
An organization is experiencing a growing backlog of undeveloped applications. As part of a plan to eliminate this backlog, end-user computing with prototyping, supported by the acquisition of an interactive application generator system is being introduced. Which of the following areas is MOST critical to the ultimate success of this venture?
A. Data control
B. Systems analysis
C. Systems programming
D. Application programming
عرض الإجابة
اجابة صحيحة: B
السؤال #83
A third-party service provider has proposed a data loss prevention (DLP) solution. Which of the following MUST be in place for this solution to be relevant to the organization?
A. An adequate data testing environment
B. Senior management support
C. A business case
D. A data classification
عرض الإجابة
اجابة صحيحة: B
السؤال #84
An employee has accidentally posted confidential data to the company’s social media page. Which of the following is the BEST control to prevent this from recurring?
A. Require all updates to be made by the marketing director
B. Implement a moderator approval process
C. Perform periodic audits of social media updates
D. Establish two-factor access control for social media accounts
عرض الإجابة
اجابة صحيحة: D
السؤال #85
Corrective action has been taken by an auditee immediately after the identification of a reportable finding. The auditor should:
A. include the finding in the final report because the IS auditor is responsible for an accurate report of all findings
B. not include the finding in the final report because the audit report should include only unresolved findings
C. not include the finding in the final report because corrective action can be verified by the IS auditor during the audit
D. include the finding in the closing meeting for discussion purposes only
عرض الإجابة
اجابة صحيحة: C
السؤال #86
Which of the following types of transmission media provide the BEST security against unauthorized access?
A. Copper wire
B. Twisted pair
C. Fiber-optic cables
D. Coaxial cables
عرض الإجابة
اجابة صحيحة: B
السؤال #87
While reviewing the business continuity plan of an organization, the IS auditor observed that the organization's data and software files are backed up on a periodic basis. Which characteristic of an effective plan does this demonstrate?
A. Deterrence
B. Mitigation
C. Recovery
D. Response
عرض الإجابة
اجابة صحيحة: B
السؤال #88
E-cash is a form of electronic money that:
A. can be used over any computer network
B. utilizes reusable e-cash coins to make payments
C. does not require the use of an Internet digital bank
D. contains unique serial numbering to track the identity of the buyer
عرض الإجابة
اجابة صحيحة: B
السؤال #89
Which of the following is MOST likely to be prevented by a firewall connected to the Internet?
A. Dial-in penetration attacks
B. Disclosure of public key infrastructure (PKI) keys
C. Alteration of email message content
D. External spoofing of internal addresses
عرض الإجابة
اجابة صحيحة: C
السؤال #90
Peer reviews to detect software errors during a program development activity are called:
A. emulation techniques
B. structured walk-throughs
C. modular program techniques
D. top-down program construction
عرض الإجابة
اجابة صحيحة: A
السؤال #91
An information security manager reads a media report of a new type of malware attack. Who should be notified FIRST?
A. Security operations team
B. Data owners
C. Communications department
D. Application owners
عرض الإجابة
اجابة صحيحة: B
السؤال #92
Which of the following development methods uses a prototype that can be updated continually to meet changing user or business requirements?
A. Data-oriented development (DOD)
B. Object-oriented development (OOD)
C. Business process reengineering (BPR)
D. Rapid application development (RAD)
عرض الإجابة
اجابة صحيحة: A
السؤال #93
Which of the following is MOST relevant for an information security manager to communicate to IT operations?
A. The level of inherent risk
B. Vulnerability assessments
C. Threat assessments
D. The level of exposure
عرض الإجابة
اجابة صحيحة: A
السؤال #94
A company performs full backup of data and programs on a regular basis. The primary purpose of this practice is to:
A. maintain data integrity in the applications
B. restore application processing after a disruption
C. prevent unauthorized changes to programs and data
D. ensure recovery of data processing in case of a disaster
عرض الإجابة
اجابة صحيحة: D
السؤال #95
The method of routing traffic through split cable facilities or duplicate cable facilities is called:
A. alternative routing
B. diverse routing
C. redundancy
D. circular routing
عرض الإجابة
اجابة صحيحة: B
السؤال #96
Which of the following statement is NOT true about Voice-Over IP (VoIP)?
A. VoIP uses circuit switching technology
B. Lower cost per call or even free calls, especially for long distance call
C. Lower infrastructure cost
D. VoIP is a technology where voice traffic is carried on top of existing data infrastructure
عرض الإجابة
اجابة صحيحة: A
السؤال #97
An organization has an integrated development environment (IDE), where the program libraries reside on the server, but modification/development and testing are done from PC workstations. Which of the following would be a strength of an integrated development environment?
A. Controls the proliferation of multiple versions of programs
B. Expands the programming resources and aids available
C. Increases program and processing integrity
D. Prevents valid changes from being overwritten by other changes
عرض الإجابة
اجابة صحيحة: D
السؤال #98
Which of the following processes is the FIRST step in developing a business continuity and disaster recovery plan for an organization?
A. Alternate site selection
B. Business impact analysis
C. Test procedures and frequency
D. Information classification
عرض الإجابة
اجابة صحيحة: D
السؤال #99
What data should be used for regression testing?
A. Different data than used in the previous test
B. The most current production data
C. The data used in previous tests
D. Data produced by a test data generator
عرض الإجابة
اجابة صحيحة: A
السؤال #100
Without compensating controls, which of the following functions would represent a risk if combined with that of a system analyst?
A. Application programming
B. Data entry
C. Quality assurance
D. Database administrator
عرض الإجابة
اجابة صحيحة: B
السؤال #101
To confirm integrity for a hashed message, the receiver should use:
A. a different hashing algorithm from the sender’s to create a numerical representation of the file
B. a different hashing algorithm from the sender’s to create a binary image of the file
C. the same hashing algorithm as the sender’s to create a binary image of the file
D. the same hashing algorithm as the sender’s to create a numerical representation of the file
عرض الإجابة
اجابة صحيحة: D
السؤال #102
To make an electronic funds transfer (EFT), one employee enters the amount field and another employee reenters the same data again, before the money is transferred. The control adopted by the organization in this case is:
A. sequence check
B. key verification
C. check digit
D. completeness check
عرض الإجابة
اجابة صحيحة: A
السؤال #103
Reconfiguring which of the following firewall types will prevent inward downloading of files through the file transfer protocol (FTP)?
A. Circuit gateway
B. Application gateway
C. Packet filter
D. Screening router
عرض الإجابة
اجابة صحيحة: B
السؤال #104
The BEST defense against network eavesdropping is:
A. encryption
B. moving the defense perimeter outward
C. reducing the amplitude of the communication signal
D. masking the signal with noise
عرض الإجابة
اجابة صحيحة: B
السؤال #105
During an audit of a reciprocal disaster recovery agreement between two companies, the IS auditor would be MOST concerned with the:
A. allocation of resources during an emergency
B. maintenance of hardware and software compatibility
C. differences in IS policies and procedures
D. frequency of system testing
عرض الإجابة
اجابة صحيحة: B
السؤال #106
While designing the business continuity plan (BCP) for an airline reservation system, the MOST appropriate method of data transfer/back up at an offsite location would be:
A. shadow file processing
B. electronic vaulting
C. hard-disk mirroring
D. hot-site provisioning
عرض الإجابة
اجابة صحيحة: D
السؤال #107
Which of the following would be of the LEAST value to an IS auditor attempting to gain an understanding of an organization's IT process?
A. IT planning documents with deliverables and performance results
B. Policies and procedures relating to planning, managing, monitoring and reporting on performance
C. Prior audit reports
D. Reports of IT functional activities
عرض الإجابة
اجابة صحيحة: C
السؤال #108
Which of the following is the MOST important objective of data protection?
A. Identifying persons who need access to information
B. Ensuring the integrity of information
C. Denying or authorizing access to the IS system
D. Monitoring logical accesses
عرض الإجابة
اجابة صحيحة: D
السؤال #109
Which of the following reports is a measure of telecommunication transmissions and determines whether transmissions are completed accurately?
A. Online monitor reports
B. Downtime reports
C. Help desk reports
D. Response time reports
عرض الإجابة
اجابة صحيحة: C
السؤال #110
A single digitally signed instruction was given to a financial institution to credit a customer's account. The financial institution received the instruction three times and credited the account three times. Which of the following would be the MOST appropriate control against such multiple credits?
A. Encrypting the hash of the payment instruction with the public key of the financial institution
B. Affixing a time stamp to the instruction and using it to check for duplicate payments
C. Encrypting the hash of the payment instruction with the private key of the instructor
D. Affixing a time stamp to the hash of the instruction before being digitally signed by the instructor
عرض الإجابة
اجابة صحيحة: A
السؤال #111
The use of statistical sampling procedures helps minimize:
A. sampling risk
B. detection risk
C. inherent risk
D. control risk
عرض الإجابة
اجابة صحيحة: B
السؤال #112
While evaluating logical access control the IS auditor should follow all of the steps mentioned below EXCEPT one? 1. Obtain general understanding of security risk facing information processing, through a review of relevant documentation, inquiry and observation,etc 2. Document and evaluate controls over potential access paths into the system to assess their adequacy, efficiency and effectiveness 3. Test Control over access paths to determine whether they are functioning and effective by applying appropriate
A. 2
B. 3
C. 1
D. 6
عرض الإجابة
اجابة صحيحة: A
السؤال #113
An installed Ethernet cable run in an unshielded twisted pair (UTP) network is more than 100 meters long. Which of the following could be caused by the length of the cable?
A. Electromagnetic interference (EMI)
B. Cross talk
C. Dispersion
D. Attenuation
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.